diff --git a/.github/workflows/continuous-integration-workflow.yml b/.github/workflows/continuous-integration-workflow.yml
index f10dcdde5d6..7442161f9b6 100644
--- a/.github/workflows/continuous-integration-workflow.yml
+++ b/.github/workflows/continuous-integration-workflow.yml
@@ -28,8 +28,8 @@ jobs:
         name: Determine if should continue
         if: env.RUN_JOBS == 'true'
         run: echo "::set-output name=runjobs::true"
-  build_jdk_11:
-    name: Build JDK 11
+  build_jdk_17:
+    name: Build JDK 17
     needs: [prerequisites]
     strategy:
       matrix:
@@ -38,10 +38,10 @@ jobs:
     if: needs.prerequisites.outputs.runjobs
     steps:
       - uses: actions/checkout@v2
-      - name: Set up JDK 11
+      - name: Set up JDK 17
         uses: actions/setup-java@v1
         with:
-          java-version: '11'
+          java-version: '17'
       - name: Setup gradle user name
         run: |
           mkdir -p ~/.gradle
@@ -67,7 +67,7 @@ jobs:
       - name: Set up JDK
         uses: actions/setup-java@v1
         with:
-          java-version: '11'
+          java-version: '17'
       - name: Setup gradle user name
         run: |
           mkdir -p ~/.gradle
@@ -88,7 +88,7 @@ jobs:
       - name: Set up JDK
         uses: actions/setup-java@v1
         with:
-          java-version: '11'
+          java-version: '17'
       - name: Setup gradle user name
         run: |
           mkdir -p ~/.gradle
@@ -109,7 +109,7 @@ jobs:
       - name: Set up JDK
         uses: actions/setup-java@v1
         with:
-          java-version: '11'
+          java-version: '17'
       - name: Setup gradle user name
         run: |
           mkdir -p ~/.gradle
@@ -122,14 +122,14 @@ jobs:
           ./gradlew check s101 --stacktrace
   deploy_artifacts:
     name: Deploy Artifacts
-    needs: [build_jdk_11, snapshot_tests, check_samples, check_tangles]
+    needs: [build_jdk_17, snapshot_tests, check_samples, check_tangles]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
       - name: Set up JDK
         uses: actions/setup-java@v1
         with:
-          java-version: '11'
+          java-version: '17'
       - name: Setup gradle user name
         run: |
           mkdir -p ~/.gradle
@@ -149,14 +149,14 @@ jobs:
           ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
   deploy_docs:
     name: Deploy Docs
-    needs: [build_jdk_11, snapshot_tests, check_samples, check_tangles]
+    needs: [build_jdk_17, snapshot_tests, check_samples, check_tangles]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
       - name: Set up JDK
         uses: actions/setup-java@v1
         with:
-          java-version: '11'
+          java-version: '17'
       - name: Setup gradle user name
         run: |
           mkdir -p ~/.gradle
@@ -173,14 +173,14 @@ jobs:
           DOCS_HOST: ${{ secrets.DOCS_HOST }}
   deploy_schema:
     name: Deploy Schema
-    needs: [build_jdk_11, snapshot_tests, check_samples, check_tangles]
+    needs: [build_jdk_17, snapshot_tests, check_samples, check_tangles]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
       - name: Set up JDK
         uses: actions/setup-java@v1
         with:
-          java-version: '11'
+          java-version: '17'
       - name: Setup gradle user name
         run: |
           mkdir -p ~/.gradle
@@ -197,7 +197,7 @@ jobs:
           DOCS_HOST: ${{ secrets.DOCS_HOST }}
   notify_result:
     name: Check for failures
-    needs: [build_jdk_11, snapshot_tests, check_samples, check_tangles, deploy_artifacts, deploy_docs, deploy_schema]
+    needs: [build_jdk_17, snapshot_tests, check_samples, check_tangles, deploy_artifacts, deploy_docs, deploy_schema]
     if: failure()
     runs-on: ubuntu-latest
     steps:
diff --git a/.github/workflows/pr-build-workflow.yml b/.github/workflows/pr-build-workflow.yml
index 0e7d5e7fdf0..d9a5c571343 100644
--- a/.github/workflows/pr-build-workflow.yml
+++ b/.github/workflows/pr-build-workflow.yml
@@ -16,7 +16,7 @@ jobs:
         if: env.RUN_JOBS == 'true'
         uses: actions/setup-java@v1
         with:
-          java-version: '11'
+          java-version: '17'
       - name: Cache Gradle packages
         if: env.RUN_JOBS == 'true'
         uses: actions/cache@v2
diff --git a/README.adoc b/README.adoc
index 80d2f102e55..272b99ff6d0 100644
--- a/README.adoc
+++ b/README.adoc
@@ -6,8 +6,8 @@ image:https://img.shields.io/badge/Revved%20up%20by-Gradle%20Enterprise-06A0CE?l
 
 = Spring Security
 
-Spring Security provides security services for the https://docs.spring.io[Spring IO Platform]. Spring Security 5.0 requires Spring 5.0 as
-a minimum and also requires Java 8.
+Spring Security provides security services for the https://docs.spring.io[Spring IO Platform]. Spring Security 6.0 requires Spring 6.0 as
+a minimum and also requires Java 17.
 
 For a detailed list of features and access to the latest release, please visit https://spring.io/projects[Spring projects].
 
@@ -30,9 +30,9 @@ In the instructions below, https://vimeo.com/34436402[`./gradlew`] is invoked fr
 a cross-platform, self-contained bootstrap mechanism for the build.
 
 === Prerequisites
-https://help.github.com/set-up-git-redirect[Git] and the https://www.oracle.com/technetwork/java/javase/downloads[JDK11 build].
+https://help.github.com/set-up-git-redirect[Git] and the https://www.oracle.com/technetwork/java/javase/downloads[JDK17 build].
 
-Be sure that your `JAVA_HOME` environment variable points to the `jdk-11` folder extracted from the JDK download.
+Be sure that your `JAVA_HOME` environment variable points to the `jdk-17` folder extracted from the JDK download.
 
 === Check out sources
 [indent=0]
diff --git a/acl/spring-security-acl.gradle b/acl/spring-security-acl.gradle
index 8de65558b88..976d8d42dbc 100644
--- a/acl/spring-security-acl.gradle
+++ b/acl/spring-security-acl.gradle
@@ -9,8 +9,6 @@ dependencies {
 	api 'org.springframework:spring-jdbc'
 	api 'org.springframework:spring-tx'
 
-	optional 'net.sf.ehcache:ehcache'
-
 	testImplementation "org.assertj:assertj-core"
 	testImplementation "org.junit.jupiter:junit-jupiter-api"
 	testImplementation "org.junit.jupiter:junit-jupiter-params"
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java b/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java
deleted file mode 100644
index 9ad106d7afe..00000000000
--- a/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java
+++ /dev/null
@@ -1,141 +0,0 @@
-/*
- * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.acls.domain;
-
-import java.io.Serializable;
-
-import net.sf.ehcache.CacheException;
-import net.sf.ehcache.Ehcache;
-import net.sf.ehcache.Element;
-
-import org.springframework.security.acls.model.AclCache;
-import org.springframework.security.acls.model.MutableAcl;
-import org.springframework.security.acls.model.ObjectIdentity;
-import org.springframework.security.acls.model.PermissionGrantingStrategy;
-import org.springframework.security.util.FieldUtils;
-import org.springframework.util.Assert;
-
-/**
- * Simple implementation of {@link AclCache} that delegates to EH-CACHE.
- * <p>
- * Designed to handle the transient fields in {@link AclImpl}. Note that this
- * implementation assumes all {@link AclImpl} instances share the same
- * {@link PermissionGrantingStrategy} and {@link AclAuthorizationStrategy} instances.
- *
- * @author Ben Alex
- * @deprecated since 5.6. In favor of JCache based implementations
- */
-@Deprecated
-public class EhCacheBasedAclCache implements AclCache {
-
-	private final Ehcache cache;
-
-	private PermissionGrantingStrategy permissionGrantingStrategy;
-
-	private AclAuthorizationStrategy aclAuthorizationStrategy;
-
-	public EhCacheBasedAclCache(Ehcache cache, PermissionGrantingStrategy permissionGrantingStrategy,
-			AclAuthorizationStrategy aclAuthorizationStrategy) {
-		Assert.notNull(cache, "Cache required");
-		Assert.notNull(permissionGrantingStrategy, "PermissionGrantingStrategy required");
-		Assert.notNull(aclAuthorizationStrategy, "AclAuthorizationStrategy required");
-		this.cache = cache;
-		this.permissionGrantingStrategy = permissionGrantingStrategy;
-		this.aclAuthorizationStrategy = aclAuthorizationStrategy;
-	}
-
-	@Override
-	public void evictFromCache(Serializable pk) {
-		Assert.notNull(pk, "Primary key (identifier) required");
-		MutableAcl acl = getFromCache(pk);
-		if (acl != null) {
-			this.cache.remove(acl.getId());
-			this.cache.remove(acl.getObjectIdentity());
-		}
-	}
-
-	@Override
-	public void evictFromCache(ObjectIdentity objectIdentity) {
-		Assert.notNull(objectIdentity, "ObjectIdentity required");
-		MutableAcl acl = getFromCache(objectIdentity);
-		if (acl != null) {
-			this.cache.remove(acl.getId());
-			this.cache.remove(acl.getObjectIdentity());
-		}
-	}
-
-	@Override
-	public MutableAcl getFromCache(ObjectIdentity objectIdentity) {
-		Assert.notNull(objectIdentity, "ObjectIdentity required");
-		try {
-			Element element = this.cache.get(objectIdentity);
-			return (element != null) ? initializeTransientFields((MutableAcl) element.getValue()) : null;
-		}
-		catch (CacheException ex) {
-			return null;
-		}
-	}
-
-	@Override
-	public MutableAcl getFromCache(Serializable pk) {
-		Assert.notNull(pk, "Primary key (identifier) required");
-		try {
-			Element element = this.cache.get(pk);
-			return (element != null) ? initializeTransientFields((MutableAcl) element.getValue()) : null;
-		}
-		catch (CacheException ex) {
-			return null;
-		}
-	}
-
-	@Override
-	public void putInCache(MutableAcl acl) {
-		Assert.notNull(acl, "Acl required");
-		Assert.notNull(acl.getObjectIdentity(), "ObjectIdentity required");
-		Assert.notNull(acl.getId(), "ID required");
-		if (this.aclAuthorizationStrategy == null) {
-			if (acl instanceof AclImpl) {
-				this.aclAuthorizationStrategy = (AclAuthorizationStrategy) FieldUtils
-						.getProtectedFieldValue("aclAuthorizationStrategy", acl);
-				this.permissionGrantingStrategy = (PermissionGrantingStrategy) FieldUtils
-						.getProtectedFieldValue("permissionGrantingStrategy", acl);
-			}
-		}
-		if ((acl.getParentAcl() != null) && (acl.getParentAcl() instanceof MutableAcl)) {
-			putInCache((MutableAcl) acl.getParentAcl());
-		}
-		this.cache.put(new Element(acl.getObjectIdentity(), acl));
-		this.cache.put(new Element(acl.getId(), acl));
-	}
-
-	private MutableAcl initializeTransientFields(MutableAcl value) {
-		if (value instanceof AclImpl) {
-			FieldUtils.setProtectedFieldValue("aclAuthorizationStrategy", value, this.aclAuthorizationStrategy);
-			FieldUtils.setProtectedFieldValue("permissionGrantingStrategy", value, this.permissionGrantingStrategy);
-		}
-		if (value.getParentAcl() != null) {
-			initializeTransientFields((MutableAcl) value.getParentAcl());
-		}
-		return value;
-	}
-
-	@Override
-	public void clearCache() {
-		this.cache.removeAll();
-	}
-
-}
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java
index 4a6b1d695f6..9f3f8418ca6 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java
@@ -16,6 +16,7 @@
 
 package org.springframework.security.acls.jdbc;
 
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 import java.util.Map;
@@ -23,15 +24,15 @@
 
 import javax.sql.DataSource;
 
-import net.sf.ehcache.Cache;
-import net.sf.ehcache.CacheManager;
-import net.sf.ehcache.Ehcache;
 import org.junit.jupiter.api.AfterAll;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 
+import org.springframework.cache.Cache;
+import org.springframework.cache.CacheManager;
+import org.springframework.cache.concurrent.ConcurrentMapCache;
 import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.security.acls.TargetObject;
 import org.springframework.security.acls.TargetObjectWithUUID;
@@ -41,10 +42,10 @@
 import org.springframework.security.acls.domain.ConsoleAuditLogger;
 import org.springframework.security.acls.domain.DefaultPermissionFactory;
 import org.springframework.security.acls.domain.DefaultPermissionGrantingStrategy;
-import org.springframework.security.acls.domain.EhCacheBasedAclCache;
 import org.springframework.security.acls.domain.GrantedAuthoritySid;
 import org.springframework.security.acls.domain.ObjectIdentityImpl;
 import org.springframework.security.acls.domain.PrincipalSid;
+import org.springframework.security.acls.domain.SpringCacheBasedAclCache;
 import org.springframework.security.acls.model.Acl;
 import org.springframework.security.acls.model.AuditableAccessControlEntry;
 import org.springframework.security.acls.model.MutableAcl;
@@ -55,6 +56,8 @@
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.Mockito.mock;
 
 /**
  * Tests {@link BasicLookupStrategy}
@@ -75,7 +78,7 @@ public abstract class AbstractBasicLookupStrategyTests {
 
 	private BasicLookupStrategy strategy;
 
-	private static CacheManager cacheManager;
+	private static CacheManagerMock cacheManager;
 
 	public abstract JdbcTemplate getJdbcTemplate();
 
@@ -83,14 +86,13 @@ public abstract class AbstractBasicLookupStrategyTests {
 
 	@BeforeAll
 	public static void initCacheManaer() {
-		cacheManager = CacheManager.create();
-		cacheManager.addCache(new Cache("basiclookuptestcache", 500, false, false, 30, 30));
+		cacheManager = new CacheManagerMock();
+		cacheManager.addCache("basiclookuptestcache");
 	}
 
 	@AfterAll
 	public static void shutdownCacheManager() {
-		cacheManager.removalAll();
-		cacheManager.shutdown();
+		cacheManager.clear();
 	}
 
 	@BeforeEach
@@ -118,11 +120,17 @@ protected AclAuthorizationStrategy aclAuthStrategy() {
 		return new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_ADMINISTRATOR"));
 	}
 
-	protected EhCacheBasedAclCache aclCache() {
-		return new EhCacheBasedAclCache(getCache(), new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()),
+	protected SpringCacheBasedAclCache aclCache() {
+		return new SpringCacheBasedAclCache(getCache(), new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()),
 				new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_USER")));
 	}
 
+	protected Cache getCache() {
+		Cache cache = cacheManager.getCacheManager().getCache("basiclookuptestcache");
+		cache.clear();
+		return cache;
+	}
+
 	@AfterEach
 	public void emptyDatabase() {
 		String query = "DELETE FROM acl_entry;" + "DELETE FROM acl_object_identity WHERE ID = 9;"
@@ -134,12 +142,6 @@ public void emptyDatabase() {
 		getJdbcTemplate().execute(query);
 	}
 
-	protected Ehcache getCache() {
-		Ehcache cache = cacheManager.getCache("basiclookuptestcache");
-		cache.removeAll();
-		return cache;
-	}
-
 	@Test
 	public void testAclsRetrievalWithDefaultBatchSize() throws Exception {
 		ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, 100L);
@@ -318,4 +320,32 @@ public void testCreateGrantedAuthority() {
 		assertThat(((GrantedAuthoritySid) result).getGrantedAuthority()).isEqualTo("sid");
 	}
 
+	private static final class CacheManagerMock {
+
+		private final List<String> cacheNames;
+
+		private final CacheManager cacheManager;
+
+		private CacheManagerMock() {
+			this.cacheNames = new ArrayList<>();
+			this.cacheManager = mock(CacheManager.class);
+			given(this.cacheManager.getCacheNames()).willReturn(this.cacheNames);
+		}
+
+		private CacheManager getCacheManager() {
+			return this.cacheManager;
+		}
+
+		private void addCache(String name) {
+			this.cacheNames.add(name);
+			Cache cache = new ConcurrentMapCache(name);
+			given(this.cacheManager.getCache(name)).willReturn(cache);
+		}
+
+		private void clear() {
+			this.cacheNames.clear();
+		}
+
+	}
+
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java
deleted file mode 100644
index 35545abae26..00000000000
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java
+++ /dev/null
@@ -1,223 +0,0 @@
-/*
- * Copyright 2002-2016 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.acls.jdbc;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.ObjectInputStream;
-import java.io.ObjectOutputStream;
-import java.io.Serializable;
-import java.util.List;
-
-import net.sf.ehcache.Ehcache;
-import net.sf.ehcache.Element;
-import org.junit.jupiter.api.AfterEach;
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.ExtendWith;
-import org.mockito.ArgumentCaptor;
-import org.mockito.Captor;
-import org.mockito.Mock;
-import org.mockito.junit.jupiter.MockitoExtension;
-
-import org.springframework.security.acls.domain.AclAuthorizationStrategy;
-import org.springframework.security.acls.domain.AclAuthorizationStrategyImpl;
-import org.springframework.security.acls.domain.AclImpl;
-import org.springframework.security.acls.domain.ConsoleAuditLogger;
-import org.springframework.security.acls.domain.DefaultPermissionGrantingStrategy;
-import org.springframework.security.acls.domain.EhCacheBasedAclCache;
-import org.springframework.security.acls.domain.ObjectIdentityImpl;
-import org.springframework.security.acls.model.MutableAcl;
-import org.springframework.security.acls.model.ObjectIdentity;
-import org.springframework.security.authentication.TestingAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.util.FieldUtils;
-import org.springframework.test.util.ReflectionTestUtils;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
-import static org.mockito.BDDMockito.given;
-import static org.mockito.Mockito.times;
-import static org.mockito.Mockito.verify;
-
-/**
- * Tests {@link EhCacheBasedAclCache}
- *
- * @author Andrei Stefan
- */
-@ExtendWith(MockitoExtension.class)
-public class EhCacheBasedAclCacheTests {
-
-	private static final String TARGET_CLASS = "org.springframework.security.acls.TargetObject";
-
-	@Mock
-	private Ehcache cache;
-
-	@Captor
-	private ArgumentCaptor<Element> element;
-
-	private EhCacheBasedAclCache myCache;
-
-	private MutableAcl acl;
-
-	@BeforeEach
-	public void setup() {
-		this.myCache = new EhCacheBasedAclCache(this.cache,
-				new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()),
-				new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_USER")));
-		ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100L);
-		AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(
-				new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"),
-				new SimpleGrantedAuthority("ROLE_GENERAL"));
-		this.acl = new AclImpl(identity, 1L, aclAuthorizationStrategy, new ConsoleAuditLogger());
-	}
-
-	@AfterEach
-	public void cleanup() {
-		SecurityContextHolder.clearContext();
-	}
-
-	@Test
-	public void constructorRejectsNullParameters() {
-		assertThatIllegalArgumentException().isThrownBy(
-				() -> new EhCacheBasedAclCache(null, new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()),
-						new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_USER"))));
-	}
-
-	@Test
-	public void methodsRejectNullParameters() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.myCache.evictFromCache((Serializable) null));
-		assertThatIllegalArgumentException().isThrownBy(() -> this.myCache.evictFromCache((ObjectIdentity) null));
-		assertThatIllegalArgumentException().isThrownBy(() -> this.myCache.getFromCache((Serializable) null));
-		assertThatIllegalArgumentException().isThrownBy(() -> this.myCache.getFromCache((ObjectIdentity) null));
-		assertThatIllegalArgumentException().isThrownBy(() -> this.myCache.putInCache(null));
-	}
-
-	// SEC-527
-	@Test
-	public void testDiskSerializationOfMutableAclObjectInstance() throws Exception {
-		// Serialization test
-		File file = File.createTempFile("SEC_TEST", ".object");
-		FileOutputStream fos = new FileOutputStream(file);
-		ObjectOutputStream oos = new ObjectOutputStream(fos);
-		oos.writeObject(this.acl);
-		oos.close();
-		FileInputStream fis = new FileInputStream(file);
-		ObjectInputStream ois = new ObjectInputStream(fis);
-		MutableAcl retrieved = (MutableAcl) ois.readObject();
-		ois.close();
-		assertThat(retrieved).isEqualTo(this.acl);
-		Object retrieved1 = FieldUtils.getProtectedFieldValue("aclAuthorizationStrategy", retrieved);
-		assertThat(retrieved1).isNull();
-		Object retrieved2 = FieldUtils.getProtectedFieldValue("permissionGrantingStrategy", retrieved);
-		assertThat(retrieved2).isNull();
-	}
-
-	@Test
-	public void clearCache() {
-		this.myCache.clearCache();
-		verify(this.cache).removeAll();
-	}
-
-	@Test
-	public void putInCache() {
-		this.myCache.putInCache(this.acl);
-		verify(this.cache, times(2)).put(this.element.capture());
-		assertThat(this.element.getValue().getKey()).isEqualTo(this.acl.getId());
-		assertThat(this.element.getValue().getObjectValue()).isEqualTo(this.acl);
-		assertThat(this.element.getAllValues().get(0).getKey()).isEqualTo(this.acl.getObjectIdentity());
-		assertThat(this.element.getAllValues().get(0).getObjectValue()).isEqualTo(this.acl);
-	}
-
-	@Test
-	public void putInCacheAclWithParent() {
-		Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_GENERAL");
-		auth.setAuthenticated(true);
-		SecurityContextHolder.getContext().setAuthentication(auth);
-		ObjectIdentity identityParent = new ObjectIdentityImpl(TARGET_CLASS, 2L);
-		AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(
-				new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"),
-				new SimpleGrantedAuthority("ROLE_GENERAL"));
-		MutableAcl parentAcl = new AclImpl(identityParent, 2L, aclAuthorizationStrategy, new ConsoleAuditLogger());
-		this.acl.setParent(parentAcl);
-		this.myCache.putInCache(this.acl);
-		verify(this.cache, times(4)).put(this.element.capture());
-		List<Element> allValues = this.element.getAllValues();
-		assertThat(allValues.get(0).getKey()).isEqualTo(parentAcl.getObjectIdentity());
-		assertThat(allValues.get(0).getObjectValue()).isEqualTo(parentAcl);
-		assertThat(allValues.get(1).getKey()).isEqualTo(parentAcl.getId());
-		assertThat(allValues.get(1).getObjectValue()).isEqualTo(parentAcl);
-		assertThat(allValues.get(2).getKey()).isEqualTo(this.acl.getObjectIdentity());
-		assertThat(allValues.get(2).getObjectValue()).isEqualTo(this.acl);
-		assertThat(allValues.get(3).getKey()).isEqualTo(this.acl.getId());
-		assertThat(allValues.get(3).getObjectValue()).isEqualTo(this.acl);
-	}
-
-	@Test
-	public void getFromCacheSerializable() {
-		given(this.cache.get(this.acl.getId())).willReturn(new Element(this.acl.getId(), this.acl));
-		assertThat(this.myCache.getFromCache(this.acl.getId())).isEqualTo(this.acl);
-	}
-
-	@Test
-	public void getFromCacheSerializablePopulatesTransient() {
-		given(this.cache.get(this.acl.getId())).willReturn(new Element(this.acl.getId(), this.acl));
-		this.myCache.putInCache(this.acl);
-		ReflectionTestUtils.setField(this.acl, "permissionGrantingStrategy", null);
-		ReflectionTestUtils.setField(this.acl, "aclAuthorizationStrategy", null);
-		MutableAcl fromCache = this.myCache.getFromCache(this.acl.getId());
-		assertThat(ReflectionTestUtils.getField(fromCache, "aclAuthorizationStrategy")).isNotNull();
-		assertThat(ReflectionTestUtils.getField(fromCache, "permissionGrantingStrategy")).isNotNull();
-	}
-
-	@Test
-	public void getFromCacheObjectIdentity() {
-		given(this.cache.get(this.acl.getId())).willReturn(new Element(this.acl.getId(), this.acl));
-		assertThat(this.myCache.getFromCache(this.acl.getId())).isEqualTo(this.acl);
-	}
-
-	@Test
-	public void getFromCacheObjectIdentityPopulatesTransient() {
-		given(this.cache.get(this.acl.getObjectIdentity())).willReturn(new Element(this.acl.getId(), this.acl));
-		this.myCache.putInCache(this.acl);
-		ReflectionTestUtils.setField(this.acl, "permissionGrantingStrategy", null);
-		ReflectionTestUtils.setField(this.acl, "aclAuthorizationStrategy", null);
-		MutableAcl fromCache = this.myCache.getFromCache(this.acl.getObjectIdentity());
-		assertThat(ReflectionTestUtils.getField(fromCache, "aclAuthorizationStrategy")).isNotNull();
-		assertThat(ReflectionTestUtils.getField(fromCache, "permissionGrantingStrategy")).isNotNull();
-	}
-
-	@Test
-	public void evictCacheSerializable() {
-		given(this.cache.get(this.acl.getObjectIdentity())).willReturn(new Element(this.acl.getId(), this.acl));
-		this.myCache.evictFromCache(this.acl.getObjectIdentity());
-		verify(this.cache).remove(this.acl.getId());
-		verify(this.cache).remove(this.acl.getObjectIdentity());
-	}
-
-	@Test
-	public void evictCacheObjectIdentity() {
-		given(this.cache.get(this.acl.getId())).willReturn(new Element(this.acl.getId(), this.acl));
-		this.myCache.evictFromCache(this.acl.getId());
-		verify(this.cache).remove(this.acl.getId());
-		verify(this.cache).remove(this.acl.getObjectIdentity());
-	}
-
-}
diff --git a/acl/src/test/resources/jdbcMutableAclServiceTests-context.xml b/acl/src/test/resources/jdbcMutableAclServiceTests-context.xml
index 457c183d569..d23a727141c 100644
--- a/acl/src/test/resources/jdbcMutableAclServiceTests-context.xml
+++ b/acl/src/test/resources/jdbcMutableAclServiceTests-context.xml
@@ -13,16 +13,10 @@
 		<property name="dataSource" ref="dataSource"/>
 	</bean>
 
-	<bean id="aclCache" class="org.springframework.security.acls.domain.EhCacheBasedAclCache">
+	<bean id="aclCache" class="org.springframework.security.acls.domain.SpringCacheBasedAclCache">
 		<constructor-arg>
-		   <bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
-			  <property name="cacheManager">
-					<bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
-						<!-- This context is used in two tests so accept existing cache manager as the context will be reused -->
-						<property name="acceptExisting" value="true"/>
-					</bean>
-			  </property>
-			  <property name="cacheName" value="aclCache"/>
+		   <bean class="org.springframework.cache.concurrent.ConcurrentMapCacheFactoryBean">
+			  <property name="name" value="aclCache"/>
 		   </bean>
 		</constructor-arg>
 		<constructor-arg>
diff --git a/aspects/spring-security-aspects.gradle b/aspects/spring-security-aspects.gradle
index 3a58595619f..c22feb711b1 100644
--- a/aspects/spring-security-aspects.gradle
+++ b/aspects/spring-security-aspects.gradle
@@ -1,6 +1,15 @@
 apply plugin: 'io.spring.convention.spring-module'
 apply plugin: 'io.freefair.aspectj'
 
+compileAspectj {
+	sourceCompatibility "17"
+	targetCompatibility "17"
+}
+compileTestAspectj {
+	sourceCompatibility "17"
+	targetCompatibility "17"
+}
+
 dependencies {
 	management platform(project(":spring-security-dependencies"))
 	api "org.aspectj:aspectjrt"
diff --git a/build.gradle b/build.gradle
index 85a179290fe..7ac6e5f27dd 100644
--- a/build.gradle
+++ b/build.gradle
@@ -2,7 +2,7 @@ buildscript {
 	dependencies {
 		classpath "io.spring.javaformat:spring-javaformat-gradle-plugin:$springJavaformatVersion"
 		classpath 'io.spring.nohttp:nohttp-gradle:0.0.10'
-		classpath "io.freefair.gradle:aspectj-plugin:5.3.3.3"
+		classpath "io.freefair.gradle:aspectj-plugin:6.2.0"
 		classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlinVersion"
 		classpath "com.netflix.nebula:nebula-project-plugin:8.2.0"
 	}
@@ -100,7 +100,7 @@ updateDependenciesSettings {
 
 subprojects {
 	plugins.withType(JavaPlugin) {
-		project.sourceCompatibility='1.8'
+		project.sourceCompatibility=JavaVersion.VERSION_17
 	}
 	tasks.withType(JavaCompile) {
 		options.encoding = "UTF-8"
diff --git a/buildSrc/build.gradle b/buildSrc/build.gradle
index 18001d9e6a3..576ff6cce4e 100644
--- a/buildSrc/build.gradle
+++ b/buildSrc/build.gradle
@@ -5,8 +5,7 @@ plugins {
 	id 'com.apollographql.apollo' version '2.4.5'
 }
 
-
-sourceCompatibility = 1.8
+sourceCompatibility = JavaVersion.VERSION_11
 
 repositories {
 	jcenter()
diff --git a/buildSrc/src/main/groovy/io/spring/gradle/convention/JacocoPlugin.groovy b/buildSrc/src/main/groovy/io/spring/gradle/convention/JacocoPlugin.groovy
index 900cf9f1442..8f558eabbe3 100644
--- a/buildSrc/src/main/groovy/io/spring/gradle/convention/JacocoPlugin.groovy
+++ b/buildSrc/src/main/groovy/io/spring/gradle/convention/JacocoPlugin.groovy
@@ -34,7 +34,7 @@ class JacocoPlugin implements Plugin<Project> {
 			project.tasks.check.dependsOn project.tasks.jacocoTestReport
 
 			project.jacoco {
-				toolVersion = '0.8.2'
+				toolVersion = '0.8.7'
 			}
 		}
 	}
diff --git a/buildSrc/src/main/java/s101/S101Configurer.java b/buildSrc/src/main/java/s101/S101Configurer.java
index c508c6153b9..7696e0f8b43 100644
--- a/buildSrc/src/main/java/s101/S101Configurer.java
+++ b/buildSrc/src/main/java/s101/S101Configurer.java
@@ -125,7 +125,7 @@ private boolean deleteDirectory(File directoryToBeDeleted) {
 	}
 
 	private String installBuildTool(File installationDirectory, File configurationDirectory) {
-		String source = "https://structure101.com/binaries/v6";
+		String source = "https://structure101.com/binaries/19159";
 		try (final WebClient webClient = new WebClient()) {
 			HtmlPage page = webClient.getPage(source);
 			for (HtmlAnchor anchor : page.getAnchors()) {
diff --git a/buildSrc/src/test/java/io/spring/gradle/convention/JavadocApiPluginITest.java b/buildSrc/src/test/java/io/spring/gradle/convention/JavadocApiPluginITest.java
index 681d5c49831..e77f341786a 100644
--- a/buildSrc/src/test/java/io/spring/gradle/convention/JavadocApiPluginITest.java
+++ b/buildSrc/src/test/java/io/spring/gradle/convention/JavadocApiPluginITest.java
@@ -5,6 +5,7 @@
 import org.gradle.testkit.runner.BuildResult;
 import org.gradle.testkit.runner.TaskOutcome;
 import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Disabled;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.io.TempDir;
 
@@ -28,7 +29,7 @@ public void multiModuleApi() throws Exception {
 				.build();
 		assertThat(result.task(":api").getOutcome()).isEqualTo(TaskOutcome.SUCCESS);
         File allClasses = new File(testKit.getRootDir(), "build/api/allclasses-noframe.html");
-		File index = new File(testKit.getRootDir(), "build/api/allclasses.html");
+		File index = new File(testKit.getRootDir(), "build/api/allclasses-index.html");
 		File listing = allClasses.exists() ? allClasses : index;
 		String listingText = FileUtils.readFileToString(listing);
 		assertThat(listingText).contains("sample/Api.html");
diff --git a/buildSrc/src/test/resources/samples/integrationtest/withpropdeps/build.gradle b/buildSrc/src/test/resources/samples/integrationtest/withpropdeps/build.gradle
index 732278d03b5..48a9859419e 100644
--- a/buildSrc/src/test/resources/samples/integrationtest/withpropdeps/build.gradle
+++ b/buildSrc/src/test/resources/samples/integrationtest/withpropdeps/build.gradle
@@ -9,6 +9,6 @@ repositories {
 }
 
 dependencies {
-	optional 'javax.servlet:javax.servlet-api:3.1.0'
+	optional 'jakarta.servlet:jakarta.servlet-api:5.0.0'
 	testCompile 'junit:junit:4.12'
 }
\ No newline at end of file
diff --git a/buildSrc/src/test/resources/samples/integrationtest/withpropdeps/src/integration-test/java/sample/TheTest.java b/buildSrc/src/test/resources/samples/integrationtest/withpropdeps/src/integration-test/java/sample/TheTest.java
index de492ca0e67..8bd9ea43927 100644
--- a/buildSrc/src/test/resources/samples/integrationtest/withpropdeps/src/integration-test/java/sample/TheTest.java
+++ b/buildSrc/src/test/resources/samples/integrationtest/withpropdeps/src/integration-test/java/sample/TheTest.java
@@ -1,7 +1,7 @@
 package sample;
 
 import org.junit.Test;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 public class TheTest {
 	@Test
diff --git a/cas/spring-security-cas.gradle b/cas/spring-security-cas.gradle
index 8b3d4630f75..f340ec7dda0 100644
--- a/cas/spring-security-cas.gradle
+++ b/cas/spring-security-cas.gradle
@@ -11,9 +11,8 @@ dependencies {
 	api 'org.springframework:spring-web'
 
 	optional 'com.fasterxml.jackson.core:jackson-databind'
-	optional 'net.sf.ehcache:ehcache'
 
-	provided 'javax.servlet:javax.servlet-api'
+	provided 'jakarta.servlet:jakarta.servlet-api'
 
 	testImplementation "org.assertj:assertj-core"
 	testImplementation "org.junit.jupiter:junit-jupiter-api"
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java b/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java
deleted file mode 100644
index 595c0d23f2e..00000000000
--- a/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.cas.authentication;
-
-import net.sf.ehcache.Ehcache;
-import net.sf.ehcache.Element;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import org.springframework.beans.factory.InitializingBean;
-import org.springframework.core.log.LogMessage;
-import org.springframework.util.Assert;
-
-/**
- * Caches tickets using a Spring IoC defined
- * <a href="https://www.ehcache.org/">EHCACHE</a>.
- *
- * @author Ben Alex
- * @deprecated since 5.6. In favor of JCache based implementations
- */
-@Deprecated
-public class EhCacheBasedTicketCache implements StatelessTicketCache, InitializingBean {
-
-	private static final Log logger = LogFactory.getLog(EhCacheBasedTicketCache.class);
-
-	private Ehcache cache;
-
-	@Override
-	public void afterPropertiesSet() {
-		Assert.notNull(this.cache, "cache mandatory");
-	}
-
-	@Override
-	public CasAuthenticationToken getByTicketId(final String serviceTicket) {
-		final Element element = this.cache.get(serviceTicket);
-		logger.debug(LogMessage.of(() -> "Cache hit: " + (element != null) + "; service ticket: " + serviceTicket));
-		return (element != null) ? (CasAuthenticationToken) element.getValue() : null;
-	}
-
-	public Ehcache getCache() {
-		return this.cache;
-	}
-
-	@Override
-	public void putTicketInCache(final CasAuthenticationToken token) {
-		final Element element = new Element(token.getCredentials().toString(), token);
-		logger.debug(LogMessage.of(() -> "Cache put: " + element.getKey()));
-		this.cache.put(element);
-	}
-
-	@Override
-	public void removeTicketFromCache(final CasAuthenticationToken token) {
-		logger.debug(LogMessage.of(() -> "Cache remove: " + token.getCredentials().toString()));
-		this.removeTicketFromCache(token.getCredentials().toString());
-	}
-
-	@Override
-	public void removeTicketFromCache(final String serviceTicket) {
-		this.cache.remove(serviceTicket);
-	}
-
-	public void setCache(final Ehcache cache) {
-		this.cache = cache;
-	}
-
-}
diff --git a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java
index 25221addf8c..9bed4a0788f 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java
@@ -18,10 +18,8 @@
 
 import java.io.IOException;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.jasig.cas.client.util.CommonUtils;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.cas.ServiceProperties;
@@ -96,7 +94,7 @@ protected String createServiceUrl(HttpServletRequest request, HttpServletRespons
 	 */
 	protected String createRedirectUrl(String serviceUrl) {
 		return CommonUtils.constructRedirectUrl(this.loginUrl, this.serviceProperties.getServiceParameter(), serviceUrl,
-				this.serviceProperties.isSendRenew(), false);
+				this.serviceProperties.isSendRenew(), false, null);
 	}
 
 	/**
diff --git a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
index 2352887b1f7..1943834686c 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
@@ -18,13 +18,12 @@
 
 import java.io.IOException;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.jasig.cas.client.proxy.ProxyGrantingTicketStorage;
-import org.jasig.cas.client.util.CommonUtils;
 import org.jasig.cas.client.validation.TicketValidator;
 
 import org.springframework.core.log.LogMessage;
diff --git a/cas/src/main/java/org/springframework/security/cas/web/CommonUtils.java b/cas/src/main/java/org/springframework/security/cas/web/CommonUtils.java
new file mode 100644
index 00000000000..8376b3f6174
--- /dev/null
+++ b/cas/src/main/java/org/springframework/security/cas/web/CommonUtils.java
@@ -0,0 +1,177 @@
+/*
+ * Licensed to Apereo under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work
+ * for additional information regarding copyright ownership.
+ * Apereo licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License.  You may obtain a
+ * copy of the License at the following location:
+ *
+ *   https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.springframework.security.cas.web;
+
+import java.io.IOException;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+import org.jasig.cas.client.Protocol;
+import org.jasig.cas.client.proxy.ProxyGrantingTicketStorage;
+import org.jasig.cas.client.util.URIBuilder;
+
+import org.springframework.util.StringUtils;
+
+final class CommonUtils {
+
+	private static final String PARAM_PROXY_GRANTING_TICKET_IOU = "pgtIou";
+
+	/**
+	 * Constant representing the ProxyGrantingTicket Request Parameter.
+	 */
+	private static final String PARAM_PROXY_GRANTING_TICKET = "pgtId";
+
+	private static final String SERVICE_PARAMETER_NAMES;
+
+	private CommonUtils() {
+
+	}
+
+	static {
+		final Set<String> serviceParameterSet = new HashSet<String>(4);
+		for (final Protocol protocol : Protocol.values()) {
+			serviceParameterSet.add(protocol.getServiceParameterName());
+		}
+		SERVICE_PARAMETER_NAMES = serviceParameterSet.toString().replaceAll("\\[|\\]", "").replaceAll("\\s", "");
+	}
+
+	static String constructServiceUrl(final HttpServletRequest request, final HttpServletResponse response,
+			final String service, final String serverNames, final String artifactParameterName, final boolean encode) {
+		if (StringUtils.hasText(service)) {
+			return encode ? response.encodeURL(service) : service;
+		}
+
+		final String serverName = findMatchingServerName(request, serverNames);
+		final URIBuilder originalRequestUrl = new URIBuilder(request.getRequestURL().toString(), encode);
+		originalRequestUrl.setParameters(request.getQueryString());
+
+		final URIBuilder builder;
+		if (!serverName.startsWith("https://") && !serverName.startsWith("http://")) {
+			final String scheme = request.isSecure() ? "https://" : "http://";
+			builder = new URIBuilder(scheme + serverName, encode);
+		}
+		else {
+			builder = new URIBuilder(serverName, encode);
+		}
+
+		if (builder.getPort() == -1 && !requestIsOnStandardPort(request)) {
+			builder.setPort(request.getServerPort());
+		}
+
+		builder.setEncodedPath(builder.getEncodedPath() + request.getRequestURI());
+
+		final List<String> serviceParameterNames = Arrays.asList(SERVICE_PARAMETER_NAMES.split(","));
+		if (!serviceParameterNames.isEmpty() && !originalRequestUrl.getQueryParams().isEmpty()) {
+			for (final URIBuilder.BasicNameValuePair pair : originalRequestUrl.getQueryParams()) {
+				final String name = pair.getName();
+				if (!name.equals(artifactParameterName) && !serviceParameterNames.contains(name)) {
+					if (name.contains("&") || name.contains("=")) {
+						final URIBuilder encodedParamBuilder = new URIBuilder();
+						encodedParamBuilder.setParameters(name);
+						for (final URIBuilder.BasicNameValuePair pair2 : encodedParamBuilder.getQueryParams()) {
+							final String name2 = pair2.getName();
+							if (!name2.equals(artifactParameterName) && !serviceParameterNames.contains(name2)) {
+								builder.addParameter(name2, pair2.getValue());
+							}
+						}
+					}
+					else {
+						builder.addParameter(name, pair.getValue());
+					}
+				}
+			}
+		}
+
+		final String result = builder.toString();
+		final String returnValue = encode ? response.encodeURL(result) : result;
+		return returnValue;
+	}
+
+	static String constructRedirectUrl(final String casServerLoginUrl, final String serviceParameterName,
+			final String serviceUrl, final boolean renew, final boolean gateway, final String method) {
+		return casServerLoginUrl + (casServerLoginUrl.contains("?") ? "&" : "?") + serviceParameterName + "="
+				+ urlEncode(serviceUrl) + (renew ? "&renew=true" : "") + (gateway ? "&gateway=true" : "")
+				+ ((method != null) ? "&method=" + method : "");
+	}
+
+	static String urlEncode(final String value) {
+		return URLEncoder.encode(value, StandardCharsets.UTF_8);
+	}
+
+	static void readAndRespondToProxyReceptorRequest(final HttpServletRequest request,
+			final HttpServletResponse response, final ProxyGrantingTicketStorage proxyGrantingTicketStorage)
+			throws IOException {
+		final String proxyGrantingTicketIou = request.getParameter(PARAM_PROXY_GRANTING_TICKET_IOU);
+
+		final String proxyGrantingTicket = request.getParameter(PARAM_PROXY_GRANTING_TICKET);
+
+		if (org.jasig.cas.client.util.CommonUtils.isBlank(proxyGrantingTicket)
+				|| org.jasig.cas.client.util.CommonUtils.isBlank(proxyGrantingTicketIou)) {
+			response.getWriter().write("");
+			return;
+		}
+
+		proxyGrantingTicketStorage.save(proxyGrantingTicketIou, proxyGrantingTicket);
+
+		response.getWriter().write("<?xml version=\"1.0\"?>");
+		response.getWriter().write("<casClient:proxySuccess xmlns:casClient=\"https://www.yale.edu/tp/casClient\" />");
+	}
+
+	private static String findMatchingServerName(final HttpServletRequest request, final String serverName) {
+		final String[] serverNames = serverName.split(" ");
+
+		if (serverNames.length == 0 || serverNames.length == 1) {
+			return serverName;
+		}
+
+		final String host = request.getHeader("Host");
+		final String xHost = request.getHeader("X-Forwarded-Host");
+
+		final String comparisonHost;
+		comparisonHost = (xHost != null) ? xHost : host;
+
+		if (comparisonHost == null) {
+			return serverName;
+		}
+
+		for (final String server : serverNames) {
+			final String lowerCaseServer = server.toLowerCase();
+
+			if (lowerCaseServer.contains(comparisonHost)) {
+				return server;
+			}
+		}
+
+		return serverNames[0];
+	}
+
+	private static boolean requestIsOnStandardPort(final HttpServletRequest request) {
+		final int serverPort = request.getServerPort();
+		return serverPort == 80 || serverPort == 443;
+	}
+
+}
diff --git a/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java b/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java
index 2171df6cfcb..c550e984ea0 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java
@@ -20,7 +20,7 @@
 import java.net.URL;
 import java.util.regex.Pattern;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.security.web.authentication.WebAuthenticationDetails;
 import org.springframework.security.web.util.UrlUtils;
diff --git a/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java b/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java
index 375952373f5..b8515892dc9 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/authentication/ServiceAuthenticationDetailsSource.java
@@ -19,7 +19,7 @@
 import java.net.MalformedURLException;
 import java.util.regex.Pattern;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.cas.ServiceProperties;
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCacheTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCacheTests.java
deleted file mode 100644
index c824eef4bc6..00000000000
--- a/cas/src/test/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCacheTests.java
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.cas.authentication;
-
-import net.sf.ehcache.Cache;
-import net.sf.ehcache.CacheManager;
-import net.sf.ehcache.Ehcache;
-import org.junit.jupiter.api.AfterAll;
-import org.junit.jupiter.api.BeforeAll;
-import org.junit.jupiter.api.Test;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
-
-/**
- * Tests {@link EhCacheBasedTicketCache}.
- *
- * @author Ben Alex
- */
-public class EhCacheBasedTicketCacheTests extends AbstractStatelessTicketCacheTests {
-
-	private static CacheManager cacheManager;
-
-	@BeforeAll
-	public static void initCacheManaer() {
-		cacheManager = CacheManager.create();
-		cacheManager.addCache(new Cache("castickets", 500, false, false, 30, 30));
-	}
-
-	@AfterAll
-	public static void shutdownCacheManager() {
-		cacheManager.removalAll();
-		cacheManager.shutdown();
-	}
-
-	@Test
-	public void testCacheOperation() throws Exception {
-		EhCacheBasedTicketCache cache = new EhCacheBasedTicketCache();
-		cache.setCache(cacheManager.getCache("castickets"));
-		cache.afterPropertiesSet();
-		final CasAuthenticationToken token = getToken();
-		// Check it gets stored in the cache
-		cache.putTicketInCache(token);
-		assertThat(cache.getByTicketId("ST-0-ER94xMJmn6pha35CQRoZ")).isEqualTo(token);
-		// Check it gets removed from the cache
-		cache.removeTicketFromCache(getToken());
-		assertThat(cache.getByTicketId("ST-0-ER94xMJmn6pha35CQRoZ")).isNull();
-		// Check it doesn't return values for null or unknown service tickets
-		assertThat(cache.getByTicketId(null)).isNull();
-		assertThat(cache.getByTicketId("UNKNOWN_SERVICE_TICKET")).isNull();
-	}
-
-	@Test
-	public void testStartupDetectsMissingCache() throws Exception {
-		EhCacheBasedTicketCache cache = new EhCacheBasedTicketCache();
-		assertThatIllegalArgumentException().isThrownBy(cache::afterPropertiesSet);
-		Ehcache myCache = cacheManager.getCache("castickets");
-		cache.setCache(myCache);
-		assertThat(cache.getCache()).isEqualTo(myCache);
-	}
-
-}
diff --git a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java
index fab4d2ed1d9..f19222baf2e 100644
--- a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.cas.web;
 
-import javax.servlet.FilterChain;
+import jakarta.servlet.FilterChain;
 
 import org.jasig.cas.client.proxy.ProxyGrantingTicketStorage;
 import org.junit.jupiter.api.AfterEach;
diff --git a/config/spring-security-config.gradle b/config/spring-security-config.gradle
index a54edbd15c8..afd02853c1e 100644
--- a/config/spring-security-config.gradle
+++ b/config/spring-security-config.gradle
@@ -37,9 +37,9 @@ dependencies {
 	optional'org.springframework:spring-websocket'
 	optional 'org.jetbrains.kotlin:kotlin-reflect'
 	optional 'org.jetbrains.kotlin:kotlin-stdlib-jdk8'
-	optional 'javax.annotation:jsr250-api'
+	optional 'jakarta.annotation:jakarta.annotation-api'
 
-	provided 'javax.servlet:javax.servlet-api'
+	provided 'jakarta.servlet:jakarta.servlet-api'
 
 	testImplementation project(':spring-security-aspects')
 	testImplementation project(':spring-security-cas')
@@ -62,8 +62,8 @@ dependencies {
 	testImplementation 'ch.qos.logback:logback-classic'
 	testImplementation 'io.projectreactor.netty:reactor-netty'
 	testImplementation 'io.rsocket:rsocket-transport-netty'
-	testImplementation 'javax.annotation:jsr250-api:1.0'
-	testImplementation 'javax.xml.bind:jaxb-api'
+	testImplementation 'jakarta.annotation:jakarta.annotation-api'
+	testImplementation 'jakarta.xml.bind:jakarta.xml.bind-api'
 	testImplementation 'ldapsdk:ldapsdk:4.1'
 	testImplementation('net.sourceforge.htmlunit:htmlunit') {
 		exclude group: 'commons-logging', module: 'commons-logging'
@@ -74,8 +74,8 @@ dependencies {
 	testImplementation "org.apache.directory.server:apacheds-protocol-ldap"
 	testImplementation "org.apache.directory.server:apacheds-server-jndi"
 	testImplementation 'org.apache.directory.shared:shared-ldap'
-	testImplementation 'org.eclipse.persistence:javax.persistence'
-	testImplementation 'org.hibernate:hibernate-entitymanager'
+	testImplementation 'jakarta.persistence:jakarta.persistence-api'
+	testImplementation 'org.hibernate:hibernate-core-jakarta'
 	testImplementation 'org.hsqldb:hsqldb'
 	testImplementation 'org.mockito:mockito-core'
 	testImplementation "org.mockito:mockito-inline"
@@ -117,7 +117,7 @@ tasks.withType(KotlinCompile).configureEach {
 		languageVersion = "1.3"
 		apiVersion = "1.3"
 		freeCompilerArgs = ["-Xjsr305=strict", "-Xsuppress-version-warnings"]
-		jvmTarget = "1.8"
+		jvmTarget = "11"
 	}
 }
 
diff --git a/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java b/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
index d3dd04a7d9c..9e56d238fe5 100644
--- a/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
+++ b/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
@@ -94,7 +94,7 @@ public BeanDefinition parse(Element element, ParserContext pc) {
 		if (!namespaceMatchesVersion(element)) {
 			pc.getReaderContext().fatal("You cannot use a spring-security-2.0.xsd or spring-security-3.0.xsd or "
 					+ "spring-security-3.1.xsd schema or spring-security-3.2.xsd schema or spring-security-4.0.xsd schema "
-					+ "with Spring Security 5.6. Please update your schema declarations to the 5.6 schema.", element);
+					+ "with Spring Security 6.0. Please update your schema declarations to the 6.0 schema.", element);
 		}
 		String name = pc.getDelegate().getLocalName(element);
 		BeanDefinitionParser parser = this.parsers.get(name);
@@ -215,7 +215,7 @@ private boolean namespaceMatchesVersion(Element element) {
 
 	private boolean matchesVersionInternal(Element element) {
 		String schemaLocation = element.getAttributeNS("http://www.w3.org/2001/XMLSchema-instance", "schemaLocation");
-		return schemaLocation.matches("(?m).*spring-security-5\\.6.*.xsd.*")
+		return schemaLocation.matches("(?m).*spring-security-6\\.0.*.xsd.*")
 				|| schemaLocation.matches("(?m).*spring-security.xsd.*")
 				|| !schemaLocation.matches("(?m).*spring-security.*");
 	}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java b/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java
index 4f2135a3468..67c7b4f9b4c 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java
@@ -20,7 +20,7 @@
 import java.util.Arrays;
 import java.util.List;
 
-import javax.servlet.DispatcherType;
+import jakarta.servlet.DispatcherType;
 
 import org.springframework.beans.factory.NoSuchBeanDefinitionException;
 import org.springframework.context.ApplicationContext;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/HttpSecurityBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/web/HttpSecurityBuilder.java
index 475f2de2f50..c3da8890e37 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/HttpSecurityBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/HttpSecurityBuilder.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.config.annotation.web;
 
-import javax.servlet.Filter;
+import jakarta.servlet.Filter;
 
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.config.annotation.SecurityBuilder;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/WebSecurityConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/WebSecurityConfigurer.java
index c7bc0578d5f..981fdd3742f 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/WebSecurityConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/WebSecurityConfigurer.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.config.annotation.web;
 
-import javax.servlet.Filter;
+import jakarta.servlet.Filter;
 
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.SecurityBuilder;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterOrderRegistration.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterOrderRegistration.java
index 13248b7e679..2026e7d8557 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterOrderRegistration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterOrderRegistration.java
@@ -20,7 +20,7 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import javax.servlet.Filter;
+import jakarta.servlet.Filter;
 
 import org.springframework.security.web.access.ExceptionTranslationFilter;
 import org.springframework.security.web.access.channel.ChannelProcessingFilter;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
index b4d35729fbd..8b2aca39e0f 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
@@ -21,12 +21,12 @@
 import java.util.List;
 import java.util.Map;
 
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.context.ApplicationContext;
 import org.springframework.core.OrderComparator;
@@ -1048,7 +1048,7 @@ public HttpSecurity x509(Customizer<X509Configurer<HttpSecurity>> x509Customizer
 	 * The following configuration demonstrates how to allow token based remember me
 	 * authentication. Upon authenticating if the HTTP parameter named "remember-me"
 	 * exists, then the user will be remembered even after their
-	 * {@link javax.servlet.http.HttpSession} expires.
+	 * {@link jakarta.servlet.http.HttpSession} expires.
 	 *
 	 * <pre>
 	 * &#064;Configuration
@@ -1084,7 +1084,7 @@ public RememberMeConfigurer<HttpSecurity> rememberMe() throws Exception {
 	 * The following configuration demonstrates how to allow token based remember me
 	 * authentication. Upon authenticating if the HTTP parameter named "remember-me"
 	 * exists, then the user will be remembered even after their
-	 * {@link javax.servlet.http.HttpSession} expires.
+	 * {@link jakarta.servlet.http.HttpSession} expires.
 	 *
 	 * <pre>
 	 * &#064;Configuration
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
index f0395b840ea..953d8f57758 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
@@ -19,8 +19,8 @@
 import java.util.ArrayList;
 import java.util.List;
 
-import javax.servlet.Filter;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.Filter;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/AutowiredWebSecurityConfigurersIgnoreParents.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/AutowiredWebSecurityConfigurersIgnoreParents.java
index dec674d3054..5ac1033e911 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/AutowiredWebSecurityConfigurersIgnoreParents.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/AutowiredWebSecurityConfigurersIgnoreParents.java
@@ -21,7 +21,7 @@
 import java.util.Map;
 import java.util.Map.Entry;
 
-import javax.servlet.Filter;
+import jakarta.servlet.Filter;
 
 import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
 import org.springframework.context.ApplicationContext;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java
index 2783cb358bc..a9ee42415c7 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java
@@ -21,8 +21,8 @@
 import java.util.Map;
 import java.util.function.Function;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.reactivestreams.Publisher;
 import org.reactivestreams.Subscription;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
index 45bf5e5f1e7..2a9c6af9ccf 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
@@ -20,7 +20,7 @@
 import java.util.List;
 import java.util.Map;
 
-import javax.servlet.Filter;
+import jakarta.servlet.Filter;
 
 import org.springframework.beans.factory.BeanClassLoaderAware;
 import org.springframework.beans.factory.annotation.Autowired;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java
index 0837de2a7f8..f38ca4c76c5 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java
@@ -19,7 +19,7 @@
 import java.util.Arrays;
 import java.util.Collections;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.http.MediaType;
 import org.springframework.security.authentication.AuthenticationDetailsSource;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java
index 44d2416cd58..d8357f38fd8 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java
@@ -18,7 +18,7 @@
 
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.context.ApplicationContext;
 import org.springframework.http.HttpMethod;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
index c0a3cd62ee6..65fb4012e89 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
@@ -20,7 +20,7 @@
 import java.util.LinkedHashMap;
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.context.ApplicationContext;
 import org.springframework.http.HttpMethod;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java
index 95bea02fcf5..557fd1ee398 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java
@@ -19,7 +19,7 @@
 import java.util.Collections;
 import java.util.Map;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
index 3eec2bf59e6..bf75481c564 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
@@ -21,7 +21,7 @@
 import java.util.List;
 import java.util.Map;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurer.java
index e45bb31a060..6fbf4cafec8 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurer.java
@@ -20,7 +20,7 @@
 import java.util.Collections;
 import java.util.LinkedHashMap;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java
index bbd91f045c2..6a16498975e 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java
@@ -19,7 +19,7 @@
 import java.util.HashSet;
 import java.util.Set;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java
index be651793021..1c1be56203e 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java
@@ -20,7 +20,7 @@
 import java.util.LinkedHashMap;
 import java.util.List;
 
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpSession;
 
 import org.springframework.security.config.annotation.SecurityConfigurer;
 import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java
index 3af0eba1720..bb6bd63f60c 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.config.annotation.web.configurers;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurer.java
index 5959d9d08e8..e41d3230423 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurer.java
@@ -18,7 +18,7 @@
 
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.context.ApplicationContext;
 import org.springframework.security.authentication.AuthenticationManager;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
index 86b9cc0275a..7ad3262563a 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
@@ -20,8 +20,8 @@
 import java.util.Arrays;
 import java.util.List;
 
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.springframework.beans.factory.NoSuchBeanDefinitionException;
 import org.springframework.context.ApplicationContext;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java
index 93e1b092506..8691b614200 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.config.annotation.web.configurers;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.authentication.AuthenticationManager;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
index 02a99fdb2a4..60bd289bbfa 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
@@ -20,7 +20,7 @@
 import java.util.Collections;
 import java.util.function.Supplier;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.context.ApplicationContext;
 import org.springframework.core.convert.converter.Converter;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java
index 0d618ce01e8..db042047798 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java
@@ -21,7 +21,7 @@
 import java.util.List;
 import java.util.Map;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.openid4java.consumer.ConsumerException;
 import org.openid4java.consumer.ConsumerManager;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
index aa1ddb29af6..d6cf80068dc 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
@@ -19,7 +19,7 @@
 import java.util.LinkedHashMap;
 import java.util.Map;
 
-import javax.servlet.Filter;
+import jakarta.servlet.Filter;
 
 import org.opensaml.core.Version;
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java
index 45bd549c01c..cd9aca8d168 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java
@@ -21,8 +21,8 @@
 import java.util.Objects;
 import java.util.function.Predicate;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.opensaml.core.Version;
 
diff --git a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
index d3c0ce32f4b..7b1d57076fa 100644
--- a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
@@ -23,7 +23,7 @@
 import java.util.Map;
 import java.util.function.Function;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java
index 58dcd468a80..0e21437183d 100644
--- a/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java
@@ -20,7 +20,7 @@
 import java.util.HashSet;
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.w3c.dom.Element;
 
diff --git a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
index 423ae18de64..932d647fd6b 100644
--- a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
+++ b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
@@ -21,7 +21,7 @@
 import java.util.Iterator;
 import java.util.List;
 
-import javax.servlet.Filter;
+import jakarta.servlet.Filter;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
index e3339b3b136..88e8d3001d1 100644
--- a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
@@ -19,7 +19,7 @@
 import java.util.ArrayList;
 import java.util.List;
 
-import javax.servlet.ServletRequest;
+import jakarta.servlet.ServletRequest;
 
 import org.w3c.dom.Element;
 
diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java
index 2be6d13796c..ec959feb2ad 100644
--- a/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java
@@ -19,7 +19,7 @@
 import java.util.List;
 import java.util.Map;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.w3c.dom.Element;
 
diff --git a/config/src/main/java/org/springframework/security/config/http/SessionCreationPolicy.java b/config/src/main/java/org/springframework/security/config/http/SessionCreationPolicy.java
index 74beef711d6..d4ee52926cc 100644
--- a/config/src/main/java/org/springframework/security/config/http/SessionCreationPolicy.java
+++ b/config/src/main/java/org/springframework/security/config/http/SessionCreationPolicy.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.config.http;
 
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpSession;
 
 import org.springframework.security.core.context.SecurityContext;
 
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/AbstractRequestMatcherDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/AbstractRequestMatcherDsl.kt
similarity index 96%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/AbstractRequestMatcherDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/AbstractRequestMatcherDsl.kt
index 9e35287b5f5..7e700e0fb8f 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/AbstractRequestMatcherDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/AbstractRequestMatcherDsl.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import org.springframework.http.HttpMethod
 import org.springframework.security.web.util.matcher.AnyRequestMatcher
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/AnonymousDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/AnonymousDsl.kt
similarity index 94%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/AnonymousDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/AnonymousDsl.kt
index 89055ed025a..7da7f28ad53 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/AnonymousDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/AnonymousDsl.kt
@@ -14,11 +14,10 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import org.springframework.security.authentication.AuthenticationProvider
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
-import org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
 import org.springframework.security.core.Authentication
 import org.springframework.security.core.GrantedAuthority
 import org.springframework.security.web.authentication.AnonymousAuthenticationFilter
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/AuthorizeRequestsDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsDsl.kt
similarity index 98%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/AuthorizeRequestsDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsDsl.kt
index 663287a1184..bb67f7d9ecf 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/AuthorizeRequestsDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsDsl.kt
@@ -14,11 +14,10 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import org.springframework.http.HttpMethod
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
-import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer
 import org.springframework.security.web.util.matcher.AnyRequestMatcher
 import org.springframework.security.web.util.matcher.RequestMatcher
 import org.springframework.util.ClassUtils
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/CorsDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/CorsDsl.kt
similarity index 91%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/CorsDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/CorsDsl.kt
index a4b0d0ba68a..1c7844a4754 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/CorsDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/CorsDsl.kt
@@ -14,10 +14,9 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
-import org.springframework.security.config.annotation.web.configurers.CorsConfigurer
 import org.springframework.web.cors.CorsConfigurationSource
 
 /**
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/CsrfDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/CsrfDsl.kt
similarity index 94%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/CsrfDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/CsrfDsl.kt
index f0120e369dc..85bd1b76a32 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/CsrfDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/CsrfDsl.kt
@@ -14,14 +14,13 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
-import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer
 import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy
 import org.springframework.security.web.csrf.CsrfTokenRepository
 import org.springframework.security.web.util.matcher.RequestMatcher
-import javax.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletRequest
 
 /**
  * A Kotlin DSL to configure [HttpSecurity] CSRF protection
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/ExceptionHandlingDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingDsl.kt
similarity index 95%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/ExceptionHandlingDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingDsl.kt
index cba38265c76..fa28a1fb1aa 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/ExceptionHandlingDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingDsl.kt
@@ -14,14 +14,12 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
-import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
 import org.springframework.security.web.AuthenticationEntryPoint
 import org.springframework.security.web.access.AccessDeniedHandler
 import org.springframework.security.web.util.matcher.RequestMatcher
-import java.util.*
 
 /**
  * A Kotlin DSL to configure [HttpSecurity] exception handling using idiomatic Kotlin
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/FormLoginDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/FormLoginDsl.kt
similarity index 95%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/FormLoginDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/FormLoginDsl.kt
index afa40f2281b..35b991cccb3 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/FormLoginDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/FormLoginDsl.kt
@@ -14,15 +14,14 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import org.springframework.security.authentication.AuthenticationDetailsSource
 import org.springframework.security.config.annotation.web.HttpSecurityBuilder
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
-import org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer
 import org.springframework.security.web.authentication.AuthenticationFailureHandler
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler
-import javax.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletRequest
 
 /**
  * A Kotlin DSL to configure [HttpSecurity] form login using idiomatic Kotlin code.
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/HeadersDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/HeadersDsl.kt
similarity index 98%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/HeadersDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/HeadersDsl.kt
index 3079dd11ff3..10a98afd29f 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/HeadersDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/HeadersDsl.kt
@@ -14,11 +14,10 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
-import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-import org.springframework.security.config.web.servlet.headers.*
+import org.springframework.security.config.annotation.web.configurers.headers.*
 import org.springframework.security.web.header.HeaderWriter
 import org.springframework.security.web.header.writers.*
 import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/HttpBasicDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/HttpBasicDsl.kt
similarity index 92%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/HttpBasicDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/HttpBasicDsl.kt
index 7a1a1155dd6..79b458c4e23 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/HttpBasicDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/HttpBasicDsl.kt
@@ -14,14 +14,13 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import org.springframework.security.authentication.AuthenticationDetailsSource
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
-import org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer
 import org.springframework.security.web.AuthenticationEntryPoint
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter
-import javax.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletRequest
 
 /**
  * A Kotlin DSL to configure [HttpSecurity] basic authentication using idiomatic Kotlin code.
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/HttpSecurityDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/HttpSecurityDsl.kt
similarity index 99%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/HttpSecurityDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/HttpSecurityDsl.kt
index d7a17f72af6..92b8d70b996 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/HttpSecurityDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/HttpSecurityDsl.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import org.springframework.context.ApplicationContext
 import org.springframework.security.authentication.AuthenticationManager
@@ -23,8 +23,8 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository
 import org.springframework.security.web.util.matcher.RequestMatcher
 import org.springframework.util.ClassUtils
-import javax.servlet.Filter
-import javax.servlet.http.HttpServletRequest
+import jakarta.servlet.Filter
+import jakarta.servlet.http.HttpServletRequest
 
 /**
  * Configures [HttpSecurity] using a [HttpSecurity Kotlin DSL][HttpSecurityDsl].
@@ -831,7 +831,7 @@ class HttpSecurityDsl(private val http: HttpSecurity, private val init: HttpSecu
      * @param beforeFilter the location of another [Filter] that is already registered
      * (i.e. known) with Spring Security.
      */
-    @Deprecated("Use 'addFilterBefore<T>(filter)' instead.")
+    @Suppress("DEPRECATION")
     fun addFilterBefore(filter: Filter, beforeFilter: Class<out Filter>) {
         this.http.addFilterBefore(filter, beforeFilter)
     }
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/LogoutDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/LogoutDsl.kt
similarity index 96%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/LogoutDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/LogoutDsl.kt
index 133e45955ac..4124f945480 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/LogoutDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/LogoutDsl.kt
@@ -14,10 +14,9 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
-import org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
 import org.springframework.security.core.Authentication
 import org.springframework.security.web.access.AccessDeniedHandler
 import org.springframework.security.web.authentication.logout.LogoutHandler
@@ -25,7 +24,7 @@ import org.springframework.security.web.authentication.logout.LogoutSuccessHandl
 import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
 import org.springframework.security.web.util.matcher.RequestMatcher
 import java.util.*
-import javax.servlet.http.HttpSession
+import jakarta.servlet.http.HttpSession
 
 /**
  * A Kotlin DSL to configure [HttpSecurity] logout support
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/OAuth2ClientDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/OAuth2ClientDsl.kt
similarity index 93%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/OAuth2ClientDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/OAuth2ClientDsl.kt
index 2681ed4e192..b4f9661bee4 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/OAuth2ClientDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/OAuth2ClientDsl.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 /*
  * Copyright 2002-2020 the original author or authors.
@@ -33,9 +33,9 @@ package org.springframework.security.config.web.servlet
  */
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
-import org.springframework.security.config.web.servlet.oauth2.client.AuthorizationCodeGrantDsl
-import org.springframework.security.config.web.servlet.oauth2.login.AuthorizationEndpointDsl
 import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
+import org.springframework.security.config.annotation.web.configurers.oauth2.client.AuthorizationCodeGrantDsl
+import org.springframework.security.config.annotation.web.configurers.oauth2.login.AuthorizationEndpointDsl
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/OAuth2LoginDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/OAuth2LoginDsl.kt
similarity index 94%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/OAuth2LoginDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/OAuth2LoginDsl.kt
index 09668dcaa20..02e6d187fee 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/OAuth2LoginDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/OAuth2LoginDsl.kt
@@ -14,22 +14,22 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import org.springframework.security.authentication.AuthenticationDetailsSource
 import org.springframework.security.config.annotation.web.HttpSecurityBuilder
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
-import org.springframework.security.config.web.servlet.oauth2.login.AuthorizationEndpointDsl
-import org.springframework.security.config.web.servlet.oauth2.login.RedirectionEndpointDsl
-import org.springframework.security.config.web.servlet.oauth2.login.TokenEndpointDsl
-import org.springframework.security.config.web.servlet.oauth2.login.UserInfoEndpointDsl
 import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
+import org.springframework.security.config.annotation.web.configurers.oauth2.login.TokenEndpointDsl
+import org.springframework.security.config.annotation.web.configurers.oauth2.login.AuthorizationEndpointDsl
+import org.springframework.security.config.annotation.web.configurers.oauth2.login.RedirectionEndpointDsl
+import org.springframework.security.config.annotation.web.configurers.oauth2.login.UserInfoEndpointDsl
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository
 import org.springframework.security.web.authentication.AuthenticationFailureHandler
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler
-import javax.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletRequest
 
 /**
  * A Kotlin DSL to configure [HttpSecurity] OAuth 2.0 login using idiomatic Kotlin code.
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/OAuth2ResourceServerDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/OAuth2ResourceServerDsl.kt
similarity index 93%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/OAuth2ResourceServerDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/OAuth2ResourceServerDsl.kt
index d881c27f14b..d12ca77c5ed 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/OAuth2ResourceServerDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/OAuth2ResourceServerDsl.kt
@@ -14,17 +14,17 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import org.springframework.security.authentication.AuthenticationManagerResolver
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
-import org.springframework.security.config.web.servlet.oauth2.resourceserver.JwtDsl
-import org.springframework.security.config.web.servlet.oauth2.resourceserver.OpaqueTokenDsl
 import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
+import org.springframework.security.config.annotation.web.configurers.oauth2.resourceserver.JwtDsl
+import org.springframework.security.config.annotation.web.configurers.oauth2.resourceserver.OpaqueTokenDsl
 import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver
 import org.springframework.security.web.AuthenticationEntryPoint
 import org.springframework.security.web.access.AccessDeniedHandler
-import javax.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletRequest
 
 /**
  * A Kotlin DSL to configure [HttpSecurity] OAuth 2.0 resource server support using
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/PasswordManagementDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/PasswordManagementDsl.kt
similarity index 88%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/PasswordManagementDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/PasswordManagementDsl.kt
index 474dca8704d..b17a5e9a8ac 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/PasswordManagementDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/PasswordManagementDsl.kt
@@ -14,10 +14,9 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
-import org.springframework.security.config.annotation.web.configurers.PasswordManagementConfigurer
 
 /**
  * A Kotlin DSL to configure [HttpSecurity] password management
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/PortMapperDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/PortMapperDsl.kt
similarity index 92%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/PortMapperDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/PortMapperDsl.kt
index d23f584fe06..839e4b18b8d 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/PortMapperDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/PortMapperDsl.kt
@@ -14,10 +14,9 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
-import org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer
 import org.springframework.security.web.PortMapper
 
 /**
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/RememberMeDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/RememberMeDsl.kt
similarity index 96%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/RememberMeDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/RememberMeDsl.kt
index db69d5d4f69..34f6a4878a8 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/RememberMeDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/RememberMeDsl.kt
@@ -14,10 +14,9 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
-import org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
 import org.springframework.security.core.userdetails.UserDetailsService
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler
 import org.springframework.security.web.authentication.RememberMeServices
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/RequestCacheDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/RequestCacheDsl.kt
similarity index 89%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/RequestCacheDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/RequestCacheDsl.kt
index b57f017538f..f0c144cf9df 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/RequestCacheDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/RequestCacheDsl.kt
@@ -14,10 +14,9 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
-import org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer
 import org.springframework.security.web.savedrequest.RequestCache
 
 /**
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/RequiresChannelDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/RequiresChannelDsl.kt
similarity index 97%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/RequiresChannelDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/RequiresChannelDsl.kt
index a7149014c2e..3441b831d8f 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/RequiresChannelDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/RequiresChannelDsl.kt
@@ -14,10 +14,9 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
-import org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer
 import org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
 import org.springframework.security.web.access.channel.ChannelProcessor
 import org.springframework.security.web.util.matcher.AnyRequestMatcher
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/Saml2Dsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/Saml2Dsl.kt
similarity index 98%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/Saml2Dsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/Saml2Dsl.kt
index 3c658e2397a..860d17fd60c 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/Saml2Dsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/Saml2Dsl.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import org.springframework.security.authentication.AuthenticationManager
 import org.springframework.security.config.annotation.web.HttpSecurityBuilder
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/SecurityMarker.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/SecurityMarker.kt
similarity index 91%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/SecurityMarker.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/SecurityMarker.kt
index d86554668e0..c1ce5e71076 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/SecurityMarker.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/SecurityMarker.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 /**
  * Marker annotation indicating that the annotated class is part of the security DSL.
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/SessionManagementDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/SessionManagementDsl.kt
similarity index 94%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/SessionManagementDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/SessionManagementDsl.kt
index c0405ff4f86..2a2e50fcd4a 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/SessionManagementDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/SessionManagementDsl.kt
@@ -14,13 +14,12 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
-import org.springframework.security.config.web.servlet.session.SessionConcurrencyDsl
-import org.springframework.security.config.web.servlet.session.SessionFixationDsl
-import org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
 import org.springframework.security.config.http.SessionCreationPolicy
+import org.springframework.security.config.annotation.web.configurers.session.SessionConcurrencyDsl
+import org.springframework.security.config.annotation.web.configurers.session.SessionFixationDsl
 import org.springframework.security.web.authentication.AuthenticationFailureHandler
 import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy
 import org.springframework.security.web.session.InvalidSessionStrategy
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/X509Dsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/X509Dsl.kt
similarity index 94%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/X509Dsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/X509Dsl.kt
index 5abcb3a5185..aa36bbd015c 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/X509Dsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/X509Dsl.kt
@@ -14,11 +14,10 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import org.springframework.security.authentication.AuthenticationDetailsSource
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
-import org.springframework.security.config.annotation.web.configurers.X509Configurer
 import org.springframework.security.core.userdetails.AuthenticationUserDetailsService
 import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper
 import org.springframework.security.core.userdetails.UserDetailsService
@@ -26,7 +25,7 @@ import org.springframework.security.web.authentication.preauth.PreAuthenticatedA
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails
 import org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter
 import org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor
-import javax.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletRequest
 
 /**
  * A Kotlin DSL to configure [HttpSecurity] X509 based pre authentication
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/CacheControlDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/headers/CacheControlDsl.kt
similarity index 94%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/CacheControlDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/headers/CacheControlDsl.kt
index 316015b0160..b493a9058af 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/CacheControlDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/headers/CacheControlDsl.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.headers
+package org.springframework.security.config.annotation.web.configurers.headers
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/ContentSecurityPolicyDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/headers/ContentSecurityPolicyDsl.kt
similarity index 95%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/ContentSecurityPolicyDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/headers/ContentSecurityPolicyDsl.kt
index 270b1d14b4d..32eede7e3d8 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/ContentSecurityPolicyDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/headers/ContentSecurityPolicyDsl.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.headers
+package org.springframework.security.config.annotation.web.configurers.headers
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/ContentTypeOptionsDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/headers/ContentTypeOptionsDsl.kt
similarity index 94%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/ContentTypeOptionsDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/headers/ContentTypeOptionsDsl.kt
index 92014ae4063..589daeb2422 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/ContentTypeOptionsDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/headers/ContentTypeOptionsDsl.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.headers
+package org.springframework.security.config.annotation.web.configurers.headers
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/FrameOptionsDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/headers/FrameOptionsDsl.kt
similarity index 95%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/FrameOptionsDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/headers/FrameOptionsDsl.kt
index 3bf766ca98a..63426031980 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/FrameOptionsDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/headers/FrameOptionsDsl.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.headers
+package org.springframework.security.config.annotation.web.configurers.headers
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/HeadersSecurityMarker.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/headers/HeadersSecurityMarker.kt
similarity index 91%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/HeadersSecurityMarker.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/headers/HeadersSecurityMarker.kt
index 67a97f56c05..b9faf29aebb 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/HeadersSecurityMarker.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/headers/HeadersSecurityMarker.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.headers
+package org.springframework.security.config.annotation.web.configurers.headers
 
 /**
  * Marker annotation indicating that the annotated class is part of the headers security DSL.
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/HttpPublicKeyPinningDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/headers/HttpPublicKeyPinningDsl.kt
similarity index 96%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/HttpPublicKeyPinningDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/headers/HttpPublicKeyPinningDsl.kt
index 74fbb6272a7..b0718bb1a4b 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/HttpPublicKeyPinningDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/headers/HttpPublicKeyPinningDsl.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.headers
+package org.springframework.security.config.annotation.web.configurers.headers
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/HttpStrictTransportSecurityDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/headers/HttpStrictTransportSecurityDsl.kt
similarity index 96%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/HttpStrictTransportSecurityDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/headers/HttpStrictTransportSecurityDsl.kt
index e23e6d36b85..77f05fbc686 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/HttpStrictTransportSecurityDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/headers/HttpStrictTransportSecurityDsl.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.headers
+package org.springframework.security.config.annotation.web.configurers.headers
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/PermissionsPolicyDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/headers/PermissionsPolicyDsl.kt
similarity index 94%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/PermissionsPolicyDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/headers/PermissionsPolicyDsl.kt
index e668931bcd6..8c82faebcb3 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/PermissionsPolicyDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/headers/PermissionsPolicyDsl.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.headers
+package org.springframework.security.config.annotation.web.configurers.headers
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/ReferrerPolicyDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/headers/ReferrerPolicyDsl.kt
similarity index 94%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/ReferrerPolicyDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/headers/ReferrerPolicyDsl.kt
index 1ac54d94c02..ffbc14b3417 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/ReferrerPolicyDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/headers/ReferrerPolicyDsl.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.headers
+package org.springframework.security.config.annotation.web.configurers.headers
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/XssProtectionConfigDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/headers/XssProtectionConfigDsl.kt
similarity index 95%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/XssProtectionConfigDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/headers/XssProtectionConfigDsl.kt
index a48a30af10a..accf8351cc4 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/XssProtectionConfigDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/headers/XssProtectionConfigDsl.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.headers
+package org.springframework.security.config.annotation.web.configurers.headers
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/client/AuthorizationCodeGrantDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeGrantDsl.kt
similarity index 96%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/client/AuthorizationCodeGrantDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeGrantDsl.kt
index b1ab6eca61f..14158d3eac1 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/client/AuthorizationCodeGrantDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeGrantDsl.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.oauth2.client
+package org.springframework.security.config.annotation.web.configurers.oauth2.client
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/client/OAuth2ClientSecurityMarker.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientSecurityMarker.kt
similarity index 90%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/client/OAuth2ClientSecurityMarker.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientSecurityMarker.kt
index 3b6722a2590..b2063974b58 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/client/OAuth2ClientSecurityMarker.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientSecurityMarker.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.oauth2.client
+package org.springframework.security.config.annotation.web.configurers.oauth2.client
 
 /**
  * Marker annotation indicating that the annotated class is part of the OAuth 2.0 client security DSL.
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/AuthorizationEndpointDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/login/AuthorizationEndpointDsl.kt
similarity index 96%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/AuthorizationEndpointDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/login/AuthorizationEndpointDsl.kt
index 27c7982c6db..491e38ad2a1 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/AuthorizationEndpointDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/login/AuthorizationEndpointDsl.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.oauth2.login
+package org.springframework.security.config.annotation.web.configurers.oauth2.login
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/OAuth2LoginSecurityMarker.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/login/OAuth2LoginSecurityMarker.kt
similarity index 90%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/OAuth2LoginSecurityMarker.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/login/OAuth2LoginSecurityMarker.kt
index 24ab0807d9d..9e04dae4740 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/OAuth2LoginSecurityMarker.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/login/OAuth2LoginSecurityMarker.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.oauth2.login
+package org.springframework.security.config.annotation.web.configurers.oauth2.login
 
 /**
  * Marker annotation indicating that the annotated class is part of the OAuth 2.0 login security DSL.
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/RedirectionEndpointDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/login/RedirectionEndpointDsl.kt
similarity index 94%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/RedirectionEndpointDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/login/RedirectionEndpointDsl.kt
index ac63d88c9c1..dbdbe89e33f 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/RedirectionEndpointDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/login/RedirectionEndpointDsl.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.oauth2.login
+package org.springframework.security.config.annotation.web.configurers.oauth2.login
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/TokenEndpointDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/login/TokenEndpointDsl.kt
similarity index 89%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/TokenEndpointDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/login/TokenEndpointDsl.kt
index ddba776d551..942cdef7c94 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/TokenEndpointDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/login/TokenEndpointDsl.kt
@@ -14,10 +14,11 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.oauth2.login
+package org.springframework.security.config.annotation.web.configurers.oauth2.login
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
+import org.springframework.security.config.annotation.web.configurers.oauth2.login.OAuth2LoginSecurityMarker
 import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient
 import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest
 
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/UserInfoEndpointDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/login/UserInfoEndpointDsl.kt
similarity index 97%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/UserInfoEndpointDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/login/UserInfoEndpointDsl.kt
index 0a5073fc9a9..76170f82266 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/UserInfoEndpointDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/login/UserInfoEndpointDsl.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.oauth2.login
+package org.springframework.security.config.annotation.web.configurers.oauth2.login
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/resourceserver/JwtDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/resourceserver/JwtDsl.kt
similarity index 96%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/resourceserver/JwtDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/resourceserver/JwtDsl.kt
index a3b5cbc71a2..a578d50a684 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/resourceserver/JwtDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/resourceserver/JwtDsl.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.oauth2.resourceserver
+package org.springframework.security.config.annotation.web.configurers.oauth2.resourceserver
 
 import org.springframework.core.convert.converter.Converter
 import org.springframework.security.authentication.AbstractAuthenticationToken
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/resourceserver/OAuth2ResourceServerSecurityMarker.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/resourceserver/OAuth2ResourceServerSecurityMarker.kt
similarity index 90%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/resourceserver/OAuth2ResourceServerSecurityMarker.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/resourceserver/OAuth2ResourceServerSecurityMarker.kt
index c561531ae97..f3bccb0091d 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/resourceserver/OAuth2ResourceServerSecurityMarker.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/resourceserver/OAuth2ResourceServerSecurityMarker.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.oauth2.resourceserver
+package org.springframework.security.config.annotation.web.configurers.oauth2.resourceserver
 
 /**
  * Marker annotation indicating that the annotated class is part of the OAuth 2.0 resource server security DSL.
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/resourceserver/OpaqueTokenDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/resourceserver/OpaqueTokenDsl.kt
similarity index 97%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/resourceserver/OpaqueTokenDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/resourceserver/OpaqueTokenDsl.kt
index 5c8ab0c3f53..1884aa4734c 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/resourceserver/OpaqueTokenDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/resourceserver/OpaqueTokenDsl.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.oauth2.resourceserver
+package org.springframework.security.config.annotation.web.configurers.oauth2.resourceserver
 
 import org.springframework.security.authentication.AuthenticationManager
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/session/SessionConcurrencyDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/session/SessionConcurrencyDsl.kt
similarity index 97%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/session/SessionConcurrencyDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/session/SessionConcurrencyDsl.kt
index e0af442a9c0..17710cddb3b 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/session/SessionConcurrencyDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/session/SessionConcurrencyDsl.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.session
+package org.springframework.security.config.annotation.web.configurers.session
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/session/SessionFixationDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/session/SessionFixationDsl.kt
similarity index 94%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/session/SessionFixationDsl.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/session/SessionFixationDsl.kt
index b02a7d52746..e7c13129140 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/session/SessionFixationDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/session/SessionFixationDsl.kt
@@ -14,12 +14,12 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.session
+package org.springframework.security.config.annotation.web.configurers.session
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
-import javax.servlet.http.HttpServletRequest
-import javax.servlet.http.HttpSession
+import jakarta.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpSession
 
 /**
  * A Kotlin DSL to configure session fixation protection using idiomatic
diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/session/SessionSecurityMarker.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/session/SessionSecurityMarker.kt
similarity index 91%
rename from config/src/main/kotlin/org/springframework/security/config/web/servlet/session/SessionSecurityMarker.kt
rename to config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/session/SessionSecurityMarker.kt
index 6e5ef671b7a..00852079e78 100644
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/session/SessionSecurityMarker.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/configurers/session/SessionSecurityMarker.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.session
+package org.springframework.security.config.annotation.web.configurers.session
 
 /**
  * Marker annotation indicating that the annotated class is part of the session security DSL.
diff --git a/config/src/main/resources/META-INF/spring.schemas b/config/src/main/resources/META-INF/spring.schemas
index a67252965d7..4098d6b8c16 100644
--- a/config/src/main/resources/META-INF/spring.schemas
+++ b/config/src/main/resources/META-INF/spring.schemas
@@ -1,4 +1,5 @@
-http\://www.springframework.org/schema/security/spring-security.xsd=org/springframework/security/config/spring-security-5.6.xsd
+http\://www.springframework.org/schema/security/spring-security.xsd=org/springframework/security/config/spring-security-6.0.xsd
+http\://www.springframework.org/schema/security/spring-security-6.0.xsd=org/springframework/security/config/spring-security-6.0.xsd
 http\://www.springframework.org/schema/security/spring-security-5.6.xsd=org/springframework/security/config/spring-security-5.6.xsd
 http\://www.springframework.org/schema/security/spring-security-5.5.xsd=org/springframework/security/config/spring-security-5.5.xsd
 http\://www.springframework.org/schema/security/spring-security-5.4.xsd=org/springframework/security/config/spring-security-5.4.xsd
@@ -17,7 +18,8 @@ http\://www.springframework.org/schema/security/spring-security-2.0.xsd=org/spri
 http\://www.springframework.org/schema/security/spring-security-2.0.1.xsd=org/springframework/security/config/spring-security-2.0.1.xsd
 http\://www.springframework.org/schema/security/spring-security-2.0.2.xsd=org/springframework/security/config/spring-security-2.0.2.xsd
 http\://www.springframework.org/schema/security/spring-security-2.0.4.xsd=org/springframework/security/config/spring-security-2.0.4.xsd
-https\://www.springframework.org/schema/security/spring-security.xsd=org/springframework/security/config/spring-security-5.6.xsd
+https\://www.springframework.org/schema/security/spring-security.xsd=org/springframework/security/config/spring-security-6.0.xsd
+https\://www.springframework.org/schema/security/spring-security-6.0.xsd=org/springframework/security/config/spring-security-6.0.xsd
 https\://www.springframework.org/schema/security/spring-security-5.6.xsd=org/springframework/security/config/spring-security-5.6.xsd
 https\://www.springframework.org/schema/security/spring-security-5.5.xsd=org/springframework/security/config/spring-security-5.5.xsd
 https\://www.springframework.org/schema/security/spring-security-5.4.xsd=org/springframework/security/config/spring-security-5.4.xsd
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-6.0.rnc b/config/src/main/resources/org/springframework/security/config/spring-security-6.0.rnc
new file mode 100644
index 00000000000..f8c3f8ab133
--- /dev/null
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-6.0.rnc
@@ -0,0 +1,1130 @@
+namespace a = "https://relaxng.org/ns/compatibility/annotations/1.0"
+datatypes xsd = "http://www.w3.org/2001/XMLSchema-datatypes"
+
+default namespace = "http://www.springframework.org/schema/security"
+
+start = http | ldap-server | authentication-provider | ldap-authentication-provider | any-user-service | ldap-server | ldap-authentication-provider
+
+hash =
+	## Defines the hashing algorithm used on user passwords. Bcrypt is recommended.
+	attribute hash {"bcrypt"}
+base64 =
+	## Whether a string should be base64 encoded
+	attribute base64 {xsd:boolean}
+request-matcher =
+	## Defines the strategy use for matching incoming requests. Currently the options are 'mvc' (for Spring MVC matcher), 'ant' (for ant path patterns), 'regex' for regular expressions and 'ciRegex' for case-insensitive regular expressions.
+	attribute request-matcher {"mvc" | "ant" | "regex" | "ciRegex"}
+port =
+	## Specifies an IP port number. Used to configure an embedded LDAP server, for example.
+	attribute port { xsd:nonNegativeInteger }
+url =
+	## Specifies a URL.
+	attribute url { xsd:token }
+id =
+	## A bean identifier, used for referring to the bean elsewhere in the context.
+	attribute id {xsd:token}
+name =
+	## A bean identifier, used for referring to the bean elsewhere in the context.
+	attribute name {xsd:token}
+ref =
+	## Defines a reference to a Spring bean Id.
+	attribute ref {xsd:token}
+
+cache-ref =
+	## Defines a reference to a cache for use with a UserDetailsService.
+	attribute cache-ref {xsd:token}
+
+user-service-ref =
+	## A reference to a user-service (or UserDetailsService bean) Id
+	attribute user-service-ref {xsd:token}
+
+authentication-manager-ref =
+	## A reference to an AuthenticationManager bean
+	attribute authentication-manager-ref {xsd:token}
+
+data-source-ref =
+	## A reference to a DataSource bean
+	attribute data-source-ref {xsd:token}
+
+
+
+debug =
+	## Enables Spring Security debugging infrastructure. This will provide human-readable (multi-line) debugging information to monitor requests coming into the security filters. This may include sensitive information, such as request parameters or headers, and should only be used in a development environment.
+	element debug {empty}
+
+password-encoder =
+	## element which defines a password encoding strategy. Used by an authentication provider to convert submitted passwords to hashed versions, for example.
+	element password-encoder {password-encoder.attlist}
+password-encoder.attlist &=
+	ref | (hash)
+
+role-prefix =
+	## A non-empty string prefix that will be added to role strings loaded from persistent storage (e.g. "ROLE_"). Use the value "none" for no prefix in cases where the default is non-empty.
+	attribute role-prefix {xsd:token}
+
+use-expressions =
+	## Enables the use of expressions in the 'access' attributes in <intercept-url> elements rather than the traditional list of configuration attributes. Defaults to 'true'. If enabled, each attribute should contain a single boolean expression. If the expression evaluates to 'true', access will be granted.
+	attribute use-expressions {xsd:boolean}
+
+ldap-server =
+	## Defines an LDAP server location or starts an embedded server. The url indicates the location of a remote server. If no url is given, an embedded server will be started, listening on the supplied port number. The port is optional and defaults to 33389. A Spring LDAP ContextSource bean will be registered for the server with the id supplied.
+	element ldap-server {ldap-server.attlist}
+ldap-server.attlist &= id?
+ldap-server.attlist &= (url | port)?
+ldap-server.attlist &=
+	## Username (DN) of the "manager" user identity which will be used to authenticate to a (non-embedded) LDAP server. If omitted, anonymous access will be used.
+	attribute manager-dn {xsd:string}?
+ldap-server.attlist &=
+	## The password for the manager DN. This is required if the manager-dn is specified.
+	attribute manager-password {xsd:string}?
+ldap-server.attlist &=
+	## Explicitly specifies an ldif file resource to load into an embedded LDAP server. The default is classpath*:*.ldiff
+	attribute ldif { xsd:string }?
+ldap-server.attlist &=
+	## Optional root suffix for the embedded LDAP server. Default is "dc=springframework,dc=org"
+	attribute root { xsd:string }?
+ldap-server.attlist &=
+	## Explicitly specifies which embedded ldap server should use. Values are 'apacheds' and 'unboundid'. By default, it will depends if the library is available in the classpath.
+	attribute mode { "apacheds" | "unboundid" }?
+
+ldap-server-ref-attribute =
+	## The optional server to use. If omitted, and a default LDAP server is registered (using <ldap-server> with no Id), that server will be used.
+	attribute server-ref {xsd:token}
+
+
+group-search-filter-attribute =
+	## Group search filter. Defaults to (uniqueMember={0}). The substituted parameter is the DN of the user.
+	attribute group-search-filter {xsd:token}
+group-search-base-attribute =
+	## Search base for group membership searches. Defaults to "" (searching from the root).
+	attribute group-search-base {xsd:token}
+user-search-filter-attribute =
+	## The LDAP filter used to search for users (optional). For example "(uid={0})". The substituted parameter is the user's login name.
+	attribute user-search-filter {xsd:token}
+user-search-base-attribute =
+	## Search base for user searches. Defaults to "". Only used with a 'user-search-filter'.
+	attribute user-search-base {xsd:token}
+group-role-attribute-attribute =
+	## The LDAP attribute name which contains the role name which will be used within Spring Security. Defaults to "cn".
+	attribute group-role-attribute {xsd:token}
+user-details-class-attribute =
+	## Allows the objectClass of the user entry to be specified. If set, the framework will attempt to load standard attributes for the defined class into the returned UserDetails object
+	attribute user-details-class {"person" | "inetOrgPerson"}
+user-context-mapper-attribute =
+	## Allows explicit customization of the loaded user object by specifying a UserDetailsContextMapper bean which will be called with the context information from the user's directory entry
+	attribute user-context-mapper-ref {xsd:token}
+
+
+ldap-user-service =
+	## This element configures a LdapUserDetailsService which is a combination of a FilterBasedLdapUserSearch and a DefaultLdapAuthoritiesPopulator.
+	element ldap-user-service {ldap-us.attlist}
+ldap-us.attlist &= id?
+ldap-us.attlist &=
+	ldap-server-ref-attribute?
+ldap-us.attlist &=
+	user-search-filter-attribute?
+ldap-us.attlist &=
+	user-search-base-attribute?
+ldap-us.attlist &=
+	group-search-filter-attribute?
+ldap-us.attlist &=
+	group-search-base-attribute?
+ldap-us.attlist &=
+	group-role-attribute-attribute?
+ldap-us.attlist &=
+	cache-ref?
+ldap-us.attlist &=
+	role-prefix?
+ldap-us.attlist &=
+	(user-details-class-attribute | user-context-mapper-attribute)?
+
+ldap-authentication-provider =
+	## Sets up an ldap authentication provider
+	element ldap-authentication-provider {ldap-ap.attlist, password-compare-element?}
+ldap-ap.attlist &=
+	ldap-server-ref-attribute?
+ldap-ap.attlist &=
+	user-search-base-attribute?
+ldap-ap.attlist &=
+	user-search-filter-attribute?
+ldap-ap.attlist &=
+	group-search-base-attribute?
+ldap-ap.attlist &=
+	group-search-filter-attribute?
+ldap-ap.attlist &=
+	group-role-attribute-attribute?
+ldap-ap.attlist &=
+	## A specific pattern used to build the user's DN, for example "uid={0},ou=people". The key "{0}" must be present and will be substituted with the username.
+	attribute user-dn-pattern {xsd:token}?
+ldap-ap.attlist &=
+	role-prefix?
+ldap-ap.attlist &=
+	(user-details-class-attribute | user-context-mapper-attribute)?
+
+password-compare-element =
+	## Specifies that an LDAP provider should use an LDAP compare operation of the user's password to authenticate the user
+	element password-compare {password-compare.attlist, password-encoder?}
+
+password-compare.attlist &=
+	## The attribute in the directory which contains the user password. Defaults to "userPassword".
+	attribute password-attribute {xsd:token}?
+password-compare.attlist &=
+	hash?
+
+intercept-methods =
+	## Can be used inside a bean definition to add a security interceptor to the bean and set up access configuration attributes for the bean's methods
+	element intercept-methods {intercept-methods.attlist, protect+}
+intercept-methods.attlist &=
+	## Optional AccessDecisionManager bean ID to be used by the created method security interceptor.
+	attribute access-decision-manager-ref {xsd:token}?
+
+
+protect =
+	## Defines a protected method and the access control configuration attributes that apply to it. We strongly advise you NOT to mix "protect" declarations with any services provided "global-method-security".
+	element protect {protect.attlist, empty}
+protect.attlist &=
+	## A method name
+	attribute method {xsd:token}
+protect.attlist &=
+	## Access configuration attributes list that applies to the method, e.g. "ROLE_A,ROLE_B".
+	attribute access {xsd:token}
+
+method-security-metadata-source =
+	## Creates a MethodSecurityMetadataSource instance
+	element method-security-metadata-source {msmds.attlist, protect+}
+msmds.attlist &= id?
+
+msmds.attlist &= use-expressions?
+
+method-security =
+	## Provides method security for all beans registered in the Spring application context. Specifically, beans will be scanned for matches with Spring Security annotations. Where there is a match, the beans will automatically be proxied and security authorization applied to the methods accordingly. Interceptors are invoked in the order specified in AuthorizationInterceptorsOrder. Use can create your own interceptors using Spring AOP.
+	element method-security {method-security.attlist, expression-handler?}
+method-security.attlist &=
+	## Specifies whether the use of Spring Security's pre and post invocation annotations (@PreFilter, @PreAuthorize, @PostFilter, @PostAuthorize) should be enabled for this application context. Defaults to "true".
+	attribute pre-post-enabled {xsd:boolean}?
+method-security.attlist &=
+	## Specifies whether the use of Spring Security's @Secured annotations should be enabled for this application context. Defaults to "false".
+	attribute secured-enabled {xsd:boolean}?
+method-security.attlist &=
+	## Specifies whether JSR-250 style attributes are to be used (for example "RolesAllowed"). This will require the javax.annotation.security classes on the classpath. Defaults to "false".
+	attribute jsr250-enabled {xsd:boolean}?
+method-security.attlist &=
+	## If true, class-based proxying will be used instead of interface-based proxying.
+	attribute proxy-target-class {xsd:boolean}?
+
+global-method-security =
+	## Provides method security for all beans registered in the Spring application context. Specifically, beans will be scanned for matches with the ordered list of "protect-pointcut" sub-elements, Spring Security annotations and/or. Where there is a match, the beans will automatically be proxied and security authorization applied to the methods accordingly. If you use and enable all four sources of method security metadata (ie "protect-pointcut" declarations, expression annotations, @Secured and also JSR250 security annotations), the metadata sources will be queried in that order. In practical terms, this enables you to use XML to override method security metadata expressed in annotations. If using annotations, the order of precedence is EL-based (@PreAuthorize etc.), @Secured and finally JSR-250.
+	element global-method-security {global-method-security.attlist, (pre-post-annotation-handling | expression-handler)?, protect-pointcut*, after-invocation-provider*}
+global-method-security.attlist &=
+	## Specifies whether the use of Spring Security's pre and post invocation annotations (@PreFilter, @PreAuthorize, @PostFilter, @PostAuthorize) should be enabled for this application context. Defaults to "disabled".
+	attribute pre-post-annotations {"disabled" | "enabled" }?
+global-method-security.attlist &=
+	## Specifies whether the use of Spring Security's @Secured annotations should be enabled for this application context. Defaults to "disabled".
+	attribute secured-annotations {"disabled" | "enabled" }?
+global-method-security.attlist &=
+	## Specifies whether JSR-250 style attributes are to be used (for example "RolesAllowed"). This will require the javax.annotation.security classes on the classpath. Defaults to "disabled".
+	attribute jsr250-annotations {"disabled" | "enabled" }?
+global-method-security.attlist &=
+	## Optional AccessDecisionManager bean ID to override the default used for method security.
+	attribute access-decision-manager-ref {xsd:token}?
+global-method-security.attlist &=
+	## Optional RunAsmanager implementation which will be used by the configured MethodSecurityInterceptor
+	attribute run-as-manager-ref {xsd:token}?
+global-method-security.attlist &=
+	## Allows the advice "order" to be set for the method security interceptor.
+	attribute order {xsd:token}?
+global-method-security.attlist &=
+	## If true, class based proxying will be used instead of interface based proxying.
+	attribute proxy-target-class {xsd:boolean}?
+global-method-security.attlist &=
+	## Can be used to specify that AspectJ should be used instead of the default Spring AOP. If set, secured classes must be woven with the AnnotationSecurityAspect from the spring-security-aspects module.
+	attribute mode {"aspectj"}?
+global-method-security.attlist &=
+	## An external MethodSecurityMetadataSource instance can be supplied which will take priority over other sources (such as the default annotations).
+	attribute metadata-source-ref {xsd:token}?
+global-method-security.attlist &=
+	authentication-manager-ref?
+
+
+after-invocation-provider =
+	## Allows addition of extra AfterInvocationProvider beans which should be called by the MethodSecurityInterceptor created by global-method-security.
+	element after-invocation-provider {ref}
+
+pre-post-annotation-handling =
+	## Allows the default expression-based mechanism for handling Spring Security's pre and post invocation annotations (@PreFilter, @PreAuthorize, @PostFilter, @PostAuthorize) to be replace entirely. Only applies if these annotations are enabled.
+	element pre-post-annotation-handling {invocation-attribute-factory, pre-invocation-advice, post-invocation-advice}
+
+invocation-attribute-factory =
+	## Defines the PrePostInvocationAttributeFactory instance which is used to generate pre and post invocation metadata from the annotated methods.
+	element invocation-attribute-factory {ref}
+
+pre-invocation-advice =
+	## Customizes the PreInvocationAuthorizationAdviceVoter with the ref as the PreInvocationAuthorizationAdviceVoter for the <pre-post-annotation-handling> element.
+	element pre-invocation-advice {ref}
+
+post-invocation-advice =
+	## Customizes the PostInvocationAdviceProvider with the ref as the PostInvocationAuthorizationAdvice for the <pre-post-annotation-handling> element.
+	element post-invocation-advice {ref}
+
+
+expression-handler =
+	## Defines the SecurityExpressionHandler instance which will be used if expression-based access-control is enabled. A default implementation (with no ACL support) will be used if not supplied.
+	element expression-handler {ref}
+
+protect-pointcut =
+	## Defines a protected pointcut and the access control configuration attributes that apply to it. Every bean registered in the Spring application context that provides a method that matches the pointcut will receive security authorization.
+	element protect-pointcut {protect-pointcut.attlist, empty}
+protect-pointcut.attlist &=
+	## An AspectJ expression, including the 'execution' keyword. For example, 'execution(int com.foo.TargetObject.countLength(String))' (without the quotes).
+	attribute expression {xsd:string}
+protect-pointcut.attlist &=
+	## Access configuration attributes list that applies to all methods matching the pointcut, e.g. "ROLE_A,ROLE_B"
+	attribute access {xsd:token}
+
+websocket-message-broker =
+	## Allows securing a Message Broker. There are two modes. If no id is specified: ensures that any SimpAnnotationMethodMessageHandler has the AuthenticationPrincipalArgumentResolver registered as a custom argument resolver; ensures that the SecurityContextChannelInterceptor is automatically registered for the clientInboundChannel; and that a ChannelSecurityInterceptor is registered with the clientInboundChannel. If the id is specified, creates a ChannelSecurityInterceptor that can be manually registered with the clientInboundChannel.
+	element websocket-message-broker { websocket-message-broker.attrlist, (intercept-message* & expression-handler?) }
+
+websocket-message-broker.attrlist &=
+	## A bean identifier, used for referring to the bean elsewhere in the context. If specified, explicit configuration within clientInboundChannel is required. If not specified, ensures that any SimpAnnotationMethodMessageHandler has the AuthenticationPrincipalArgumentResolver registered as a custom argument resolver; ensures that the SecurityContextChannelInterceptor is automatically registered for the clientInboundChannel; and that a ChannelSecurityInterceptor is registered with the clientInboundChannel.
+	attribute id {xsd:token}?
+websocket-message-broker.attrlist &=
+	## Disables the requirement for CSRF token to be present in the Stomp headers (default false). Changing the default is useful if it is necessary to allow other origins to make SockJS connections.
+	attribute same-origin-disabled {xsd:boolean}?
+
+intercept-message =
+	## Creates an authorization rule for a websocket message.
+	element intercept-message {intercept-message.attrlist}
+
+intercept-message.attrlist &=
+	## The destination ant pattern which will be mapped to the access attribute. For example, /** matches any message with a destination, /admin/** matches any message that has a destination that starts with admin.
+	attribute pattern {xsd:token}?
+intercept-message.attrlist &=
+	## The access configuration attributes that apply for the configured message. For example, permitAll grants access to anyone, hasRole('ROLE_ADMIN') requires the user have the role 'ROLE_ADMIN'.
+	attribute access {xsd:token}?
+intercept-message.attrlist &=
+	## The type of message to match on. Valid values are defined in SimpMessageType (i.e. CONNECT, CONNECT_ACK, HEARTBEAT, MESSAGE, SUBSCRIBE, UNSUBSCRIBE, DISCONNECT, DISCONNECT_ACK, OTHER).
+	attribute type {"CONNECT" | "CONNECT_ACK" | "HEARTBEAT" | "MESSAGE" | "SUBSCRIBE"| "UNSUBSCRIBE" | "DISCONNECT" | "DISCONNECT_ACK" | "OTHER"}?
+
+http-firewall =
+	## Allows a custom instance of HttpFirewall to be injected into the FilterChainProxy created by the namespace.
+	element http-firewall {ref}
+
+http =
+	## Container element for HTTP security configuration. Multiple elements can now be defined, each with a specific pattern to which the enclosed security configuration applies. A pattern can also be configured to bypass Spring Security's filters completely by setting the "security" attribute to "none".
+	element http {http.attlist, (intercept-url* & access-denied-handler? & form-login? & oauth2-login? & oauth2-client? & oauth2-resource-server? & openid-login? & x509? & jee? & http-basic? & logout? & password-management? & session-management & remember-me? & anonymous? & port-mappings & custom-filter* & request-cache? & expression-handler? & headers? & csrf? & cors?) }
+http.attlist &=
+	## The request URL pattern which will be mapped to the filter chain created by this <http> element. If omitted, the filter chain will match all requests.
+	attribute pattern {xsd:token}?
+http.attlist &=
+	## When set to 'none', requests matching the pattern attribute will be ignored by Spring Security. No security filters will be applied and no SecurityContext will be available. If set, the <http> element must be empty, with no children.
+	attribute security {"none"}?
+http.attlist &=
+	## Allows a RequestMatcher instance to be used, as an alternative to pattern-matching.
+	attribute request-matcher-ref { xsd:token }?
+http.attlist &=
+	## A legacy attribute which automatically registers a login form, BASIC authentication and a logout URL and logout services. If unspecified, defaults to "false". We'd recommend you avoid using this and instead explicitly configure the services you require.
+	attribute auto-config {xsd:boolean}?
+http.attlist &=
+	use-expressions?
+http.attlist &=
+	## Controls the eagerness with which an HTTP session is created by Spring Security classes. If not set, defaults to "ifRequired". If "stateless" is used, this implies that the application guarantees that it will not create a session. This differs from the use of "never" which means that Spring Security will not create a session, but will make use of one if the application does.
+	attribute create-session {"ifRequired" | "always" | "never" | "stateless"}?
+http.attlist &=
+	## A reference to a SecurityContextRepository bean. This can be used to customize how the SecurityContext is stored between requests.
+	attribute security-context-repository-ref {xsd:token}?
+http.attlist &=
+	request-matcher?
+http.attlist &=
+	## Provides versions of HttpServletRequest security methods such as isUserInRole() and getPrincipal() which are implemented by accessing the Spring SecurityContext. Defaults to "true".
+	attribute servlet-api-provision {xsd:boolean}?
+http.attlist &=
+	## If available, runs the request as the Subject acquired from the JaasAuthenticationToken. Defaults to "false".
+	attribute jaas-api-provision {xsd:boolean}?
+http.attlist &=
+	## Optional attribute specifying the ID of the AccessDecisionManager implementation which should be used for authorizing HTTP requests.
+	attribute access-decision-manager-ref {xsd:token}?
+http.attlist &=
+	## Optional attribute specifying the realm name that will be used for all authentication features that require a realm name (eg BASIC and Digest authentication). If unspecified, defaults to "Spring Security Application".
+	attribute realm {xsd:token}?
+http.attlist &=
+	## Allows a customized AuthenticationEntryPoint to be set on the ExceptionTranslationFilter.
+	attribute entry-point-ref {xsd:token}?
+http.attlist &=
+	## Corresponds to the observeOncePerRequest property of FilterSecurityInterceptor. Defaults to "true"
+	attribute once-per-request {xsd:boolean}?
+http.attlist &=
+	## Prevents the jsessionid parameter from being added to rendered URLs. Defaults to "true" (rewriting is disabled).
+	attribute disable-url-rewriting {xsd:boolean}?
+http.attlist &=
+	## Exposes the list of filters defined by this configuration under this bean name in the application context.
+	name?
+http.attlist &=
+	authentication-manager-ref?
+
+access-denied-handler =
+	## Defines the access-denied strategy that should be used. An access denied page can be defined or a reference to an AccessDeniedHandler instance.
+	element access-denied-handler {access-denied-handler.attlist, empty}
+access-denied-handler.attlist &= (ref | access-denied-handler-page)
+
+access-denied-handler-page =
+	## The access denied page that an authenticated user will be redirected to if they request a page which they don't have the authority to access.
+	attribute error-page {xsd:token}
+
+intercept-url =
+	## Specifies the access attributes and/or filter list for a particular set of URLs.
+	element intercept-url {intercept-url.attlist, empty}
+intercept-url.attlist &=
+	(pattern | request-matcher-ref)
+intercept-url.attlist &=
+	## The access configuration attributes that apply for the configured path.
+	attribute access {xsd:token}?
+intercept-url.attlist &=
+	## The HTTP Method for which the access configuration attributes should apply. If not specified, the attributes will apply to any method.
+	attribute method {"GET" | "DELETE" | "HEAD" | "OPTIONS" | "POST" | "PUT" | "PATCH" | "TRACE"}?
+
+intercept-url.attlist &=
+	## Used to specify that a URL must be accessed over http or https, or that there is no preference. The value should be "http", "https" or "any", respectively.
+	attribute requires-channel {xsd:token}?
+intercept-url.attlist &=
+	## The path to the servlet. This attribute is only applicable when 'request-matcher' is 'mvc'. In addition, the value is only required in the following 2 use cases: 1) There are 2 or more HttpServlet's registered in the ServletContext that have mappings starting with '/' and are different; 2) The pattern starts with the same value of a registered HttpServlet path, excluding the default (root) HttpServlet '/'.
+	attribute servlet-path {xsd:token}?
+
+logout =
+	## Incorporates a logout processing filter. Most web applications require a logout filter, although you may not require one if you write a controller to provider similar logic.
+	element logout {logout.attlist, empty}
+logout.attlist &=
+	## Specifies the URL that will cause a logout. Spring Security will initialize a filter that responds to this particular URL. Defaults to /logout if unspecified.
+	attribute logout-url {xsd:token}?
+logout.attlist &=
+	## Specifies the URL to display once the user has logged out. If not specified, defaults to <form-login-login-page>/?logout (i.e. /login?logout).
+	attribute logout-success-url {xsd:token}?
+logout.attlist &=
+	## Specifies whether a logout also causes HttpSession invalidation, which is generally desirable. If unspecified, defaults to true.
+	attribute invalidate-session {xsd:boolean}?
+logout.attlist &=
+	## A reference to a LogoutSuccessHandler implementation which will be used to determine the destination to which the user is taken after logging out.
+	attribute success-handler-ref {xsd:token}?
+logout.attlist &=
+	## A comma-separated list of the names of cookies which should be deleted when the user logs out
+	attribute delete-cookies {xsd:token}?
+
+request-cache =
+	## Allow the RequestCache used for saving requests during the login process to be set
+	element request-cache {ref}
+
+form-login =
+	## Sets up a form login configuration for authentication with a username and password
+	element form-login {form-login.attlist, empty}
+form-login.attlist &=
+	## The URL that the login form is posted to. If unspecified, it defaults to /login.
+	attribute login-processing-url {xsd:token}?
+form-login.attlist &=
+	## The name of the request parameter which contains the username. Defaults to 'username'.
+	attribute username-parameter {xsd:token}?
+form-login.attlist &=
+	## The name of the request parameter which contains the password. Defaults to 'password'.
+	attribute password-parameter {xsd:token}?
+form-login.attlist &=
+	## The URL that will be redirected to after successful authentication, if the user's previous action could not be resumed. This generally happens if the user visits a login page without having first requested a secured operation that triggers authentication. If unspecified, defaults to the root of the application.
+	attribute default-target-url {xsd:token}?
+form-login.attlist &=
+	## Whether the user should always be redirected to the default-target-url after login.
+	attribute always-use-default-target {xsd:boolean}?
+form-login.attlist &=
+	## The URL for the login page. If no login URL is specified, Spring Security will automatically create a login URL at GET /login and a corresponding filter to render that login URL when requested.
+	attribute login-page {xsd:token}?
+form-login.attlist &=
+	## The URL for the login failure page. If no login failure URL is specified, Spring Security will automatically create a failure login URL at /login?error and a corresponding filter to render that login failure URL when requested.
+	attribute authentication-failure-url {xsd:token}?
+form-login.attlist &=
+	## Reference to an AuthenticationSuccessHandler bean which should be used to handle a successful authentication request. Should not be used in combination with default-target-url (or always-use-default-target-url) as the implementation should always deal with navigation to the subsequent destination
+	attribute authentication-success-handler-ref {xsd:token}?
+form-login.attlist &=
+	## Reference to an AuthenticationFailureHandler bean which should be used to handle a failed authentication request. Should not be used in combination with authentication-failure-url as the implementation should always deal with navigation to the subsequent destination
+	attribute authentication-failure-handler-ref {xsd:token}?
+form-login.attlist &=
+	## Reference to an AuthenticationDetailsSource which will be used by the authentication filter
+	attribute authentication-details-source-ref {xsd:token}?
+form-login.attlist &=
+	## The URL for the ForwardAuthenticationFailureHandler
+	attribute authentication-failure-forward-url {xsd:token}?
+form-login.attlist &=
+	## The URL for the ForwardAuthenticationSuccessHandler
+	attribute authentication-success-forward-url {xsd:token}?
+
+oauth2-login =
+	## Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0 Provider.
+	element oauth2-login {oauth2-login.attlist}
+oauth2-login.attlist &=
+	## Reference to the ClientRegistrationRepository
+	attribute client-registration-repository-ref {xsd:token}?
+oauth2-login.attlist &=
+	## Reference to the OAuth2AuthorizedClientRepository
+	attribute authorized-client-repository-ref {xsd:token}?
+oauth2-login.attlist &=
+	## Reference to the OAuth2AuthorizedClientService
+	attribute authorized-client-service-ref {xsd:token}?
+oauth2-login.attlist &=
+	## Reference to the AuthorizationRequestRepository
+	attribute authorization-request-repository-ref {xsd:token}?
+oauth2-login.attlist &=
+	## Reference to the OAuth2AuthorizationRequestResolver
+	attribute authorization-request-resolver-ref {xsd:token}?
+oauth2-login.attlist &=
+	## Reference to the OAuth2AccessTokenResponseClient
+	attribute access-token-response-client-ref {xsd:token}?
+oauth2-login.attlist &=
+	## Reference to the GrantedAuthoritiesMapper
+	attribute user-authorities-mapper-ref {xsd:token}?
+oauth2-login.attlist &=
+	## Reference to the OAuth2UserService
+	attribute user-service-ref {xsd:token}?
+oauth2-login.attlist &=
+	## Reference to the OpenID Connect OAuth2UserService
+	attribute oidc-user-service-ref {xsd:token}?
+oauth2-login.attlist &=
+	## The URI where the filter processes authentication requests
+	attribute login-processing-url {xsd:token}?
+oauth2-login.attlist &=
+	## The URI to send users to login
+	attribute login-page {xsd:token}?
+oauth2-login.attlist &=
+	## Reference to the AuthenticationSuccessHandler
+	attribute authentication-success-handler-ref {xsd:token}?
+oauth2-login.attlist &=
+	## Reference to the AuthenticationFailureHandler
+	attribute authentication-failure-handler-ref {xsd:token}?
+oauth2-login.attlist &=
+	## Reference to the JwtDecoderFactory used by OidcAuthorizationCodeAuthenticationProvider
+	attribute jwt-decoder-factory-ref {xsd:token}?
+
+oauth2-client =
+	## Configures OAuth 2.0 Client support.
+	element oauth2-client {oauth2-client.attlist, (authorization-code-grant?) }
+oauth2-client.attlist &=
+	## Reference to the ClientRegistrationRepository
+	attribute client-registration-repository-ref {xsd:token}?
+oauth2-client.attlist &=
+	## Reference to the OAuth2AuthorizedClientRepository
+	attribute authorized-client-repository-ref {xsd:token}?
+oauth2-client.attlist &=
+	## Reference to the OAuth2AuthorizedClientService
+	attribute authorized-client-service-ref {xsd:token}?
+
+authorization-code-grant =
+	## Configures OAuth 2.0 Authorization Code Grant.
+	element authorization-code-grant {authorization-code-grant.attlist, empty}
+authorization-code-grant.attlist &=
+	## Reference to the AuthorizationRequestRepository
+	attribute authorization-request-repository-ref {xsd:token}?
+authorization-code-grant.attlist &=
+	## Reference to the OAuth2AuthorizationRequestResolver
+	attribute authorization-request-resolver-ref {xsd:token}?
+authorization-code-grant.attlist &=
+	## Reference to the OAuth2AccessTokenResponseClient
+	attribute access-token-response-client-ref {xsd:token}?
+
+client-registrations =
+	## Container element for client(s) registered with an OAuth 2.0 or OpenID Connect 1.0 Provider.
+	element client-registrations {client-registration+, provider*}
+
+client-registration =
+	## Represents a client registered with an OAuth 2.0 or OpenID Connect 1.0 Provider.
+	element client-registration {client-registration.attlist}
+client-registration.attlist &=
+	## The ID that uniquely identifies the client registration.
+	attribute registration-id {xsd:token}
+client-registration.attlist &=
+	## The client identifier.
+	attribute client-id {xsd:token}
+client-registration.attlist &=
+	## The client secret.
+	attribute client-secret {xsd:token}?
+client-registration.attlist &=
+	## The method used to authenticate the client with the provider. The supported values are client_secret_basic, client_secret_post and none (public clients).
+	attribute client-authentication-method {"client_secret_basic" | "basic" | "client_secret_post" | "post" | "none"}?
+client-registration.attlist &=
+	## The OAuth 2.0 Authorization Framework defines four Authorization Grant types. The supported values are authorization_code, client_credentials, password and implicit.
+	attribute authorization-grant-type {"authorization_code" | "client_credentials" | "password" | "implicit"}?
+client-registration.attlist &=
+	## The client’s registered redirect URI that the Authorization Server redirects the end-user’s user-agent to after the end-user has authenticated and authorized access to the client.
+	attribute redirect-uri {xsd:token}?
+client-registration.attlist &=
+	## A comma-separated list of scope(s) requested by the client during the Authorization Request flow, such as openid, email, or profile.
+	attribute scope {xsd:token}?
+client-registration.attlist &=
+	## A descriptive name used for the client. The name may be used in certain scenarios, such as when displaying the name of the client in the auto-generated login page.
+	attribute client-name {xsd:token}?
+client-registration.attlist &=
+	## A reference to the associated provider. May reference a 'provider' element or use one of the common providers (google, github, facebook, okta).
+	attribute provider-id {xsd:token}
+
+provider =
+	## The configuration information for an OAuth 2.0 or OpenID Connect 1.0 Provider.
+	element provider {provider.attlist}
+provider.attlist &=
+	## The ID that uniquely identifies the provider.
+	attribute provider-id {xsd:token}
+provider.attlist &=
+	## The Authorization Endpoint URI for the Authorization Server.
+	attribute authorization-uri {xsd:token}?
+provider.attlist &=
+	## The Token Endpoint URI for the Authorization Server.
+	attribute token-uri {xsd:token}?
+provider.attlist &=
+	## The UserInfo Endpoint URI used to access the claims/attributes of the authenticated end-user.
+	attribute user-info-uri {xsd:token}?
+provider.attlist &=
+	## The authentication method used when sending the access token to the UserInfo Endpoint. The supported values are header, form and query.
+	attribute user-info-authentication-method {"header" | "form" | "query"}?
+provider.attlist &=
+	## The name of the attribute returned in the UserInfo Response that references the Name or Identifier of the end-user.
+	attribute user-info-user-name-attribute {xsd:token}?
+provider.attlist &=
+	## The URI used to retrieve the JSON Web Key (JWK) Set from the Authorization Server, which contains the cryptographic key(s) used to verify the JSON Web Signature (JWS) of the ID Token and optionally the UserInfo Response.
+	attribute jwk-set-uri {xsd:token}?
+provider.attlist &=
+	## The URI used to discover the configuration information for an OAuth 2.0 or OpenID Connect 1.0 Provider.
+	attribute issuer-uri {xsd:token}?
+
+oauth2-resource-server =
+	## Configures authentication support as an OAuth 2.0 Resource Server.
+	element oauth2-resource-server {oauth2-resource-server.attlist, (jwt? & opaque-token?)}
+oauth2-resource-server.attlist &=
+	## Reference to an AuthenticationManagerResolver
+	attribute authentication-manager-resolver-ref {xsd:token}?
+oauth2-resource-server.attlist &=
+	## Reference to a BearerTokenResolver
+	attribute bearer-token-resolver-ref {xsd:token}?
+oauth2-resource-server.attlist &=
+	## Reference to a AuthenticationEntryPoint
+	attribute entry-point-ref {xsd:token}?
+
+jwt =
+    ## Configures JWT authentication
+    element jwt {jwt.attlist}
+jwt.attlist &=
+    ## The URI to use to collect the JWK Set for verifying JWTs
+    attribute jwk-set-uri {xsd:token}?
+jwt.attlist &=
+    ## Reference to a JwtDecoder
+    attribute decoder-ref {xsd:token}?
+jwt.attlist &=
+    ## Reference to a Converter<Jwt, AbstractAuthenticationToken>
+    attribute jwt-authentication-converter-ref {xsd:token}?
+
+opaque-token =
+    ## Configuration Opaque Token authentication
+    element opaque-token {opaque-token.attlist}
+opaque-token.attlist &=
+    ## The URI to use to introspect opaque token attributes
+    attribute introspection-uri {xsd:token}?
+opaque-token.attlist &=
+    ## The Client ID to use to authenticate the introspection request
+    attribute client-id {xsd:token}?
+opaque-token.attlist &=
+    ## The Client secret to use to authenticate the introspection request
+    attribute client-secret {xsd:token}?
+opaque-token.attlist &=
+    ## Reference to an OpaqueTokenIntrospector
+    attribute introspector-ref {xsd:token}?
+
+openid-login =
+	## Sets up form login for authentication with an Open ID identity. NOTE: The OpenID 1.0 and 2.0 protocols have been deprecated and users are <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
+	element openid-login {form-login.attlist, user-service-ref?, attribute-exchange*}
+
+attribute-exchange =
+	## Sets up an attribute exchange configuration to request specified attributes from the OpenID identity provider. When multiple elements are used, each must have an identifier-attribute attribute. Each configuration will be matched in turn against the supplied login identifier until a match is found.
+	element attribute-exchange {attribute-exchange.attlist, openid-attribute+}
+
+attribute-exchange.attlist &=
+	## A regular expression which will be compared against the claimed identity, when deciding which attribute-exchange configuration to use during authentication.
+	attribute identifier-match {xsd:token}?
+
+openid-attribute =
+	## Attributes used when making an OpenID AX Fetch Request. NOTE: The OpenID 1.0 and 2.0 protocols have been deprecated and users are <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
+	element openid-attribute {openid-attribute.attlist}
+
+openid-attribute.attlist &=
+	## Specifies the name of the attribute that you wish to get back. For example, email.
+	attribute name {xsd:token}
+openid-attribute.attlist &=
+	## Specifies the attribute type. For example, https://axschema.org/contact/email. See your OP's documentation for valid attribute types.
+	attribute type {xsd:token}
+openid-attribute.attlist &=
+	## Specifies if this attribute is required to the OP, but does not error out if the OP does not return the attribute. Default is false.
+	attribute required {xsd:boolean}?
+openid-attribute.attlist &=
+	## Specifies the number of attributes that you wish to get back. For example, return 3 emails. The default value is 1.
+	attribute count {xsd:int}?
+
+
+filter-chain-map =
+	## Used to explicitly configure a FilterChainProxy instance with a FilterChainMap
+	element filter-chain-map {filter-chain-map.attlist, filter-chain+}
+filter-chain-map.attlist &=
+	request-matcher?
+
+filter-chain =
+	## Used within to define a specific URL pattern and the list of filters which apply to the URLs matching that pattern. When multiple filter-chain elements are assembled in a list in order to configure a FilterChainProxy, the most specific patterns must be placed at the top of the list, with  most general ones at the bottom.
+	element filter-chain {filter-chain.attlist, empty}
+filter-chain.attlist &=
+	(pattern | request-matcher-ref)
+filter-chain.attlist &=
+	## A comma separated list of bean names that implement Filter that should be processed for this FilterChain. If the value is none, then no Filters will be used for this FilterChain.
+	attribute filters {xsd:token}
+
+pattern =
+	## The request URL pattern which will be mapped to the FilterChain.
+	attribute pattern {xsd:token}
+request-matcher-ref =
+	## Allows a RequestMatcher instance to be used, as an alternative to pattern-matching.
+	attribute request-matcher-ref {xsd:token}
+
+filter-security-metadata-source =
+	## Used to explicitly configure a FilterSecurityMetadataSource bean for use with a FilterSecurityInterceptor. Usually only needed if you are configuring a FilterChainProxy explicitly, rather than using the <http> element. The intercept-url elements used should only contain pattern, method and access attributes. Any others will result in a configuration error.
+	element filter-security-metadata-source {fsmds.attlist, intercept-url+}
+fsmds.attlist &=
+	use-expressions?
+fsmds.attlist &=
+	id?
+fsmds.attlist &=
+	request-matcher?
+
+http-basic =
+	## Adds support for basic authentication
+	element http-basic {http-basic.attlist, empty}
+
+http-basic.attlist &=
+	## Sets the AuthenticationEntryPoint which is used by the BasicAuthenticationFilter.
+	attribute entry-point-ref {xsd:token}?
+http-basic.attlist &=
+	## Reference to an AuthenticationDetailsSource which will be used by the authentication filter
+	attribute authentication-details-source-ref {xsd:token}?
+
+password-management =
+    ## Adds support for the password management.
+    element password-management {password-management.attlist, empty}
+
+password-management.attlist &=
+    ## The change password page. Defaults to "/change-password".
+    attribute change-password-page {xsd:string}?
+
+session-management =
+	## Session-management related functionality is implemented by the addition of a SessionManagementFilter to the filter stack.
+	element session-management {session-management.attlist, concurrency-control?}
+
+session-management.attlist &=
+	## Indicates how session fixation protection will be applied when a user authenticates. If set to "none", no protection will be applied. "newSession" will create a new empty session, with only Spring Security-related attributes migrated. "migrateSession" will create a new session and copy all session attributes to the new session. In Servlet 3.1 (Java EE 7) and newer containers, specifying "changeSessionId" will keep the existing session and use the container-supplied session fixation protection (HttpServletRequest#changeSessionId()). Defaults to "changeSessionId" in Servlet 3.1 and newer containers, "migrateSession" in older containers. Throws an exception if "changeSessionId" is used in older containers.
+	attribute session-fixation-protection {"none" | "newSession" | "migrateSession" | "changeSessionId" }?
+session-management.attlist &=
+	## The URL to which a user will be redirected if they submit an invalid session indentifier. Typically used to detect session timeouts.
+	attribute invalid-session-url {xsd:token}?
+session-management.attlist &=
+	## Allows injection of the InvalidSessionStrategy instance used by the SessionManagementFilter
+	attribute invalid-session-strategy-ref {xsd:token}?
+session-management.attlist &=
+	## Allows injection of the SessionAuthenticationStrategy instance used by the SessionManagementFilter
+	attribute session-authentication-strategy-ref {xsd:token}?
+session-management.attlist &=
+	## Defines the URL of the error page which should be shown when the SessionAuthenticationStrategy raises an exception. If not set, an unauthorized (401) error code will be returned to the client. Note that this attribute doesn't apply if the error occurs during a form-based login, where the URL for authentication failure will take precedence.
+	attribute session-authentication-error-url {xsd:token}?
+
+
+concurrency-control =
+	## Enables concurrent session control, limiting the number of authenticated sessions a user may have at the same time.
+	element concurrency-control {concurrency-control.attlist, empty}
+
+concurrency-control.attlist &=
+	## The maximum number of sessions a single authenticated user can have open at the same time. Defaults to "1". A negative value denotes unlimited sessions.
+	attribute max-sessions {xsd:token}?
+concurrency-control.attlist &=
+	## The URL a user will be redirected to if they attempt to use a session which has been "expired" because they have logged in again.
+	attribute expired-url {xsd:token}?
+concurrency-control.attlist &=
+	## Allows injection of the SessionInformationExpiredStrategy instance used by the ConcurrentSessionFilter
+	attribute expired-session-strategy-ref {xsd:token}?
+concurrency-control.attlist &=
+	## Specifies that an unauthorized error should be reported when a user attempts to login when they already have the maximum configured sessions open. The default behaviour is to expire the original session. If the session-authentication-error-url attribute is set on the session-management URL, the user will be redirected to this URL.
+	attribute error-if-maximum-exceeded {xsd:boolean}?
+concurrency-control.attlist &=
+	## Allows you to define an alias for the SessionRegistry bean in order to access it in your own configuration.
+	attribute session-registry-alias {xsd:token}?
+concurrency-control.attlist &=
+	## Allows you to define an external SessionRegistry bean to be used by the concurrency control setup.
+	attribute session-registry-ref {xsd:token}?
+
+
+remember-me =
+	## Sets up remember-me authentication. If used with the "key" attribute (or no attributes) the cookie-only implementation will be used. Specifying "token-repository-ref" or "remember-me-data-source-ref" will use the more secure, persisten token approach.
+	element remember-me {remember-me.attlist}
+remember-me.attlist &=
+	## The "key" used to identify cookies from a specific token-based remember-me application. You should set this to a unique value for your application. If unset, it will default to a random value generated by SecureRandom.
+	attribute key {xsd:token}?
+
+remember-me.attlist &=
+	(token-repository-ref | remember-me-data-source-ref | remember-me-services-ref)
+
+remember-me.attlist &=
+	user-service-ref?
+
+remember-me.attlist &=
+	## Exports the internally defined RememberMeServices as a bean alias, allowing it to be used by other beans in the application context.
+	attribute services-alias {xsd:token}?
+
+remember-me.attlist &=
+	## Determines whether the "secure" flag will be set on the remember-me cookie. If set to true, the cookie will only be submitted over HTTPS (recommended). By default, secure cookies will be used if the request is made on a secure connection.
+	attribute use-secure-cookie {xsd:boolean}?
+
+remember-me.attlist &=
+	## The period (in seconds) for which the remember-me cookie should be valid.
+	attribute token-validity-seconds {xsd:string}?
+
+remember-me.attlist &=
+	## Reference to an AuthenticationSuccessHandler bean which should be used to handle a successful remember-me authentication.
+	attribute authentication-success-handler-ref {xsd:token}?
+remember-me.attlist &=
+	## The name of the request parameter which toggles remember-me authentication. Defaults to 'remember-me'.
+	attribute remember-me-parameter {xsd:token}?
+remember-me.attlist &=
+	## The name of cookie which store the token for remember-me authentication. Defaults to 'remember-me'.
+	attribute remember-me-cookie {xsd:token}?
+
+token-repository-ref =
+	## Reference to a PersistentTokenRepository bean for use with the persistent token remember-me implementation.
+	attribute token-repository-ref {xsd:token}
+remember-me-services-ref =
+	## Allows a custom implementation of RememberMeServices to be used. Note that this implementation should return RememberMeAuthenticationToken instances with the same "key" value as specified in the remember-me element. Alternatively it should register its own AuthenticationProvider. It should also implement the LogoutHandler interface, which will be invoked when a user logs out. Typically the remember-me cookie would be removed on logout.
+	attribute services-ref {xsd:token}?
+remember-me-data-source-ref =
+	## DataSource bean for the database that contains the token repository schema.
+	data-source-ref
+
+anonymous =
+	## Adds support for automatically granting all anonymous web requests a particular principal identity and a corresponding granted authority.
+	element anonymous {anonymous.attlist}
+anonymous.attlist &=
+	## The key shared between the provider and filter. This generally does not need to be set. If unset, it will default to a random value generated by SecureRandom.
+	attribute key {xsd:token}?
+anonymous.attlist &=
+	## The username that should be assigned to the anonymous request. This allows the principal to be identified, which may be important for logging and auditing. if unset, defaults to "anonymousUser".
+	attribute username {xsd:token}?
+anonymous.attlist &=
+	## The granted authority that should be assigned to the anonymous request. Commonly this is used to assign the anonymous request particular roles, which can subsequently be used in authorization decisions. If unset, defaults to "ROLE_ANONYMOUS".
+	attribute granted-authority {xsd:token}?
+anonymous.attlist &=
+	## With the default namespace setup, the anonymous "authentication" facility is automatically enabled. You can disable it using this property.
+	attribute enabled {xsd:boolean}?
+
+
+port-mappings =
+	## Defines the list of mappings between http and https ports for use in redirects
+	element port-mappings {port-mappings.attlist, port-mapping+}
+
+port-mappings.attlist &= empty
+
+port-mapping =
+	## Provides a method to map http ports to https ports when forcing a redirect.
+	element port-mapping {http-port, https-port}
+
+http-port =
+	## The http port to use.
+	attribute http {xsd:token}
+
+https-port =
+	## The https port to use.
+	attribute https {xsd:token}
+
+
+x509 =
+	## Adds support for X.509 client authentication.
+	element x509 {x509.attlist}
+x509.attlist &=
+	## The regular expression used to obtain the username from the certificate's subject. Defaults to matching on the common name using the pattern "CN=(.*?),".
+	attribute subject-principal-regex {xsd:token}?
+x509.attlist &=
+	## Explicitly specifies which user-service should be used to load user data for X.509 authenticated clients. If ommitted, the default user-service will be used.
+	user-service-ref?
+x509.attlist &=
+	## Reference to an AuthenticationDetailsSource which will be used by the authentication filter
+	attribute authentication-details-source-ref {xsd:token}?
+
+jee =
+	## Adds a J2eePreAuthenticatedProcessingFilter to the filter chain to provide integration with container authentication.
+	element jee {jee.attlist}
+jee.attlist &=
+	## A comma-separate list of roles to look for in the incoming HttpServletRequest.
+	attribute mappable-roles {xsd:token}
+jee.attlist &=
+	## Explicitly specifies which user-service should be used to load user data for container authenticated clients. If ommitted, the set of mappable-roles will be used to construct the authorities for the user.
+	user-service-ref?
+
+authentication-manager =
+	## Registers the AuthenticationManager instance and allows its list of AuthenticationProviders to be defined. Also allows you to define an alias to allow you to reference the AuthenticationManager in your own beans.
+	element authentication-manager {authman.attlist & authentication-provider* & ldap-authentication-provider*}
+authman.attlist &=
+	id?
+authman.attlist &=
+	## An alias you wish to use for the AuthenticationManager bean (not required it you are using a specific id)
+	attribute alias {xsd:token}?
+authman.attlist &=
+	## If set to true, the AuthenticationManger will attempt to clear any credentials data in the returned Authentication object, once the user has been authenticated.
+	attribute erase-credentials {xsd:boolean}?
+
+authentication-provider =
+	## Indicates that the contained user-service should be used as an authentication source.
+	element authentication-provider {ap.attlist & any-user-service & password-encoder?}
+ap.attlist &=
+	## Specifies a reference to a separately configured AuthenticationProvider instance which should be registered within the AuthenticationManager.
+	ref?
+ap.attlist &=
+	## Specifies a reference to a separately configured UserDetailsService from which to obtain authentication data.
+	user-service-ref?
+
+user-service =
+	## Creates an in-memory UserDetailsService from a properties file or a list of "user" child elements. Usernames are converted to lower-case internally to allow for case-insensitive lookups, so this should not be used if case-sensitivity is required.
+	element user-service {id? & (properties-file | (user*))}
+properties-file =
+	## The location of a Properties file where each line is in the format of username=password,grantedAuthority[,grantedAuthority][,enabled|disabled]
+	attribute properties {xsd:token}?
+
+user =
+	## Represents a user in the application.
+	element user {user.attlist, empty}
+user.attlist &=
+	## The username assigned to the user.
+	attribute name {xsd:token}
+user.attlist &=
+	## The password assigned to the user. This may be hashed if the corresponding authentication provider supports hashing (remember to set the "hash" attribute of the "user-service" element). This attribute be omitted in the case where the data will not be used for authentication, but only for accessing authorities. If omitted, the namespace will generate a random value, preventing its accidental use for authentication. Cannot be empty.
+	attribute password {xsd:string}?
+user.attlist &=
+	## One of more authorities granted to the user. Separate authorities with a comma (but no space). For example, "ROLE_USER,ROLE_ADMINISTRATOR"
+	attribute authorities {xsd:token}
+user.attlist &=
+	## Can be set to "true" to mark an account as locked and unusable.
+	attribute locked {xsd:boolean}?
+user.attlist &=
+	## Can be set to "true" to mark an account as disabled and unusable.
+	attribute disabled {xsd:boolean}?
+
+jdbc-user-service =
+	## Causes creation of a JDBC-based UserDetailsService.
+	element jdbc-user-service {id? & jdbc-user-service.attlist}
+jdbc-user-service.attlist &=
+	## The bean ID of the DataSource which provides the required tables.
+	attribute data-source-ref {xsd:token}
+jdbc-user-service.attlist &=
+	cache-ref?
+jdbc-user-service.attlist &=
+	## An SQL statement to query a username, password, and enabled status given a username. Default is "select username,password,enabled from users where username = ?"
+	attribute users-by-username-query {xsd:token}?
+jdbc-user-service.attlist &=
+	## An SQL statement to query for a user's granted authorities given a username. The default is "select username, authority from authorities where username = ?"
+	attribute authorities-by-username-query {xsd:token}?
+jdbc-user-service.attlist &=
+	## An SQL statement to query user's group authorities given a username. The default is "select g.id, g.group_name, ga.authority from groups g, group_members gm, group_authorities ga where gm.username = ? and g.id = ga.group_id and g.id = gm.group_id"
+	attribute group-authorities-by-username-query {xsd:token}?
+jdbc-user-service.attlist &=
+	role-prefix?
+
+csrf =
+## Element for configuration of the CsrfFilter for protection against CSRF. It also updates the default RequestCache to only replay "GET" requests.
+	element csrf {csrf-options.attlist}
+csrf-options.attlist &=
+	## Specifies if csrf protection should be disabled. Default false (i.e. CSRF protection is enabled).
+	attribute disabled {xsd:boolean}?
+csrf-options.attlist &=
+	## The RequestMatcher instance to be used to determine if CSRF should be applied. Default is any HTTP method except "GET", "TRACE", "HEAD", "OPTIONS"
+	attribute request-matcher-ref { xsd:token }?
+csrf-options.attlist &=
+	## The CsrfTokenRepository to use. The default is HttpSessionCsrfTokenRepository wrapped by LazyCsrfTokenRepository.
+	attribute token-repository-ref { xsd:token }?
+
+headers =
+## Element for configuration of the HeaderWritersFilter. Enables easy setting for the X-Frame-Options, X-XSS-Protection and X-Content-Type-Options headers.
+element headers { headers-options.attlist, (cache-control? & xss-protection? & hsts? & frame-options? & content-type-options? & hpkp? & content-security-policy? & referrer-policy? & feature-policy? & permissions-policy? & header*)}
+headers-options.attlist &=
+	## Specifies if the default headers should be disabled. Default false.
+	attribute defaults-disabled {xsd:token}?
+headers-options.attlist &=
+	## Specifies if headers should be disabled. Default false.
+	attribute disabled {xsd:token}?
+hsts =
+	## Adds support for HTTP Strict Transport Security (HSTS)
+	element hsts {hsts-options.attlist}
+hsts-options.attlist &=
+	## Specifies if HTTP Strict Transport Security (HSTS) should be disabled. Default false.
+	attribute disabled {xsd:boolean}?
+hsts-options.attlist &=
+	## Specifies if subdomains should be included. Default true.
+	attribute include-subdomains {xsd:boolean}?
+hsts-options.attlist &=
+	## Specifies the maximum amount of time the host should be considered a Known HSTS Host. Default one year.
+	attribute max-age-seconds {xsd:integer}?
+hsts-options.attlist &=
+	## The RequestMatcher instance to be used to determine if the header should be set. Default is if HttpServletRequest.isSecure() is true.
+	attribute request-matcher-ref { xsd:token }?
+hsts-options.attlist &=
+	## Specifies if preload should be included. Default false.
+	attribute preload {xsd:boolean}?
+
+cors =
+## Element for configuration of CorsFilter. If no CorsFilter or CorsConfigurationSource is specified a HandlerMappingIntrospector is used as the CorsConfigurationSource
+element cors { cors-options.attlist }
+cors-options.attlist &=
+	ref?
+cors-options.attlist &=
+	## Specifies a bean id that is a CorsConfigurationSource used to construct the CorsFilter to use
+	attribute configuration-source-ref {xsd:token}?
+
+hpkp =
+	## Adds support for HTTP Public Key Pinning (HPKP).
+	element hpkp {hpkp.pins,hpkp.attlist}
+hpkp.pins =
+	## The list with pins
+	element pins {hpkp.pin+}
+hpkp.pin =
+	## A pin is specified using the base64-encoded SPKI fingerprint as value and the cryptographic hash algorithm as attribute
+	element pin {
+		## The cryptographic hash algorithm
+		attribute algorithm { xsd:string }?,
+		text
+	}
+hpkp.attlist &=
+	## Specifies if HTTP Public Key Pinning (HPKP) should be disabled. Default false.
+	attribute disabled {xsd:boolean}?
+hpkp.attlist &=
+	## Specifies if subdomains should be included. Default false.
+	attribute include-subdomains {xsd:boolean}?
+hpkp.attlist &=
+	## Sets the value for the max-age directive of the Public-Key-Pins header. Default 60 days.
+	attribute max-age-seconds {xsd:integer}?
+hpkp.attlist &=
+	## Specifies if the browser should only report pin validation failures. Default true.
+	attribute report-only {xsd:boolean}?
+hpkp.attlist &=
+	## Specifies the URI to which the browser should report pin validation failures.
+	attribute report-uri {xsd:string}?
+
+content-security-policy =
+	## Adds support for Content Security Policy (CSP)
+	element content-security-policy {csp-options.attlist}
+csp-options.attlist &=
+	## The security policy directive(s) for the Content-Security-Policy header or if report-only is set to true, then the Content-Security-Policy-Report-Only header is used.
+	attribute policy-directives {xsd:token}?
+csp-options.attlist &=
+	## Set to true, to enable the Content-Security-Policy-Report-Only header for reporting policy violations only. Defaults to false.
+	attribute report-only {xsd:boolean}?
+
+referrer-policy =
+	## Adds support for Referrer Policy
+	element referrer-policy {referrer-options.attlist}
+referrer-options.attlist &=
+	## The policies for the Referrer-Policy header.
+	attribute policy {"no-referrer","no-referrer-when-downgrade","same-origin","origin","strict-origin","origin-when-cross-origin","strict-origin-when-cross-origin","unsafe-url"}?
+
+feature-policy =
+	## Adds support for Feature Policy
+	element feature-policy {feature-options.attlist}
+feature-options.attlist &=
+	## The security policy directive(s) for the Feature-Policy header.
+	attribute policy-directives {xsd:token}?
+
+permissions-policy =
+	## Adds support for Permissions Policy
+	element permissions-policy {permissions-options.attlist}
+permissions-options.attlist &=
+	## The policies for the Permissions-Policy header.
+	attribute policy {xsd:token}?
+
+cache-control =
+	## Adds Cache-Control no-cache, no-store, must-revalidate, Pragma no-cache, and Expires 0 for every request
+	element cache-control {cache-control.attlist}
+cache-control.attlist &=
+	## Specifies if Cache Control should be disabled. Default false.
+	attribute disabled {xsd:boolean}?
+
+frame-options =
+	## Enable basic clickjacking support for newer browsers (IE8+), will set the X-Frame-Options header.
+	element frame-options {frame-options.attlist,empty}
+frame-options.attlist &=
+	## If disabled, the X-Frame-Options header will not be included. Default false.
+	attribute disabled {xsd:boolean}?
+frame-options.attlist &=
+	## Specify the policy to use for the X-Frame-Options-Header.
+	attribute policy {"DENY","SAMEORIGIN","ALLOW-FROM"}?
+frame-options.attlist &=
+	## Specify the strategy to use when ALLOW-FROM is chosen.
+	attribute strategy {"static","whitelist","regexp"}?
+frame-options.attlist &=
+	## Specify a reference to the custom AllowFromStrategy to use when ALLOW-FROM is chosen.
+	ref?
+frame-options.attlist &=
+	## Specify a value to use for the chosen strategy.
+	attribute value {xsd:string}?
+frame-options.attlist &=
+	## Specify the request parameter to use for the origin when using a 'whitelist' or 'regexp' based strategy. Default is 'from'.
+	## Deprecated ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use
+	## Content-Security-Policy with the
+	## <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors">frame-ancestors</a>
+	## directive.
+	attribute from-parameter {xsd:string}?
+
+
+xss-protection =
+	## Enable basic XSS browser protection, supported by newer browsers (IE8+), will set the X-XSS-Protection header.
+	element xss-protection {xss-protection.attlist,empty}
+xss-protection.attlist &=
+	## disable the X-XSS-Protection header. Default is 'false' meaning it is enabled.
+	attribute disabled {xsd:boolean}?
+xss-protection.attlist &=
+	## specify that XSS Protection should be explicitly enabled or disabled. Default is 'true' meaning it is enabled.
+	attribute enabled {xsd:boolean}?
+xss-protection.attlist &=
+	## Add mode=block to the header or not, default is on.
+	attribute block {xsd:boolean}?
+
+content-type-options =
+	## Add a X-Content-Type-Options header to the resopnse. Value is always 'nosniff'.
+	element content-type-options {content-type-options.attlist, empty}
+content-type-options.attlist &=
+	## If disabled, the X-Content-Type-Options header will not be included. Default false.
+	attribute disabled {xsd:boolean}?
+
+header=
+	## Add additional headers to the response.
+	element header {header.attlist}
+header.attlist &=
+	## The name of the header to add.
+	attribute name {xsd:token}?
+header.attlist &=
+	## The value for the header.
+	attribute value {xsd:token}?
+header.attlist &=
+	## Reference to a custom HeaderWriter implementation.
+	ref?
+
+any-user-service = user-service | jdbc-user-service | ldap-user-service
+
+custom-filter =
+	## Used to indicate that a filter bean declaration should be incorporated into the security filter chain.
+	element custom-filter {custom-filter.attlist}
+
+custom-filter.attlist &=
+	ref
+
+custom-filter.attlist &=
+	(after | before | position)
+
+after =
+	## The filter immediately after which the custom-filter should be placed in the chain. This feature will only be needed by advanced users who wish to mix their own filters into the security filter chain and have some knowledge of the standard Spring Security filters. The filter names map to specific Spring Security implementation filters.
+	attribute after {named-security-filter}
+before =
+	## The filter immediately before which the custom-filter should be placed in the chain
+	attribute before {named-security-filter}
+position =
+	## The explicit position at which the custom-filter should be placed in the chain. Use if you are replacing a standard filter.
+	attribute position {named-security-filter}
+
+named-security-filter = "FIRST" | "CHANNEL_FILTER" | "SECURITY_CONTEXT_FILTER" | "CONCURRENT_SESSION_FILTER" | "WEB_ASYNC_MANAGER_FILTER" | "HEADERS_FILTER" | "CORS_FILTER" | "CSRF_FILTER" | "LOGOUT_FILTER" | "OAUTH2_AUTHORIZATION_REQUEST_FILTER" | "X509_FILTER" | "PRE_AUTH_FILTER" | "CAS_FILTER" | "OAUTH2_LOGIN_FILTER" | "FORM_LOGIN_FILTER" | "OPENID_FILTER" | "LOGIN_PAGE_FILTER" |"LOGOUT_PAGE_FILTER" | "DIGEST_AUTH_FILTER" | "BEARER_TOKEN_AUTH_FILTER" | "BASIC_AUTH_FILTER" | "REQUEST_CACHE_FILTER" | "SERVLET_API_SUPPORT_FILTER" | "JAAS_API_SUPPORT_FILTER" | "REMEMBER_ME_FILTER" | "ANONYMOUS_FILTER" | "OAUTH2_AUTHORIZATION_CODE_GRANT_FILTER" | "WELL_KNOWN_CHANGE_PASSWORD_REDIRECT_FILTER" | "SESSION_MANAGEMENT_FILTER" | "EXCEPTION_TRANSLATION_FILTER" | "FILTER_SECURITY_INTERCEPTOR" | "SWITCH_USER_FILTER" | "LAST"
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-6.0.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-6.0.xsd
new file mode 100644
index 00000000000..0297b1bafed
--- /dev/null
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-6.0.xsd
@@ -0,0 +1,3284 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
+           xmlns:security="http://www.springframework.org/schema/security"
+           elementFormDefault="qualified"
+           targetNamespace="http://www.springframework.org/schema/security">
+  <xs:attributeGroup name="hash">
+      <xs:attribute name="hash" use="required">
+         <xs:annotation>
+            <xs:documentation>Defines the hashing algorithm used on user passwords. Bcrypt is recommended.
+                </xs:documentation>
+         </xs:annotation>
+         <xs:simpleType>
+            <xs:restriction base="xs:token">
+               <xs:enumeration value="bcrypt"/>
+            </xs:restriction>
+         </xs:simpleType>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="base64">
+      <xs:attribute name="base64" use="required" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>Whether a string should be base64 encoded
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="request-matcher">
+      <xs:attribute name="request-matcher" use="required">
+         <xs:annotation>
+            <xs:documentation>Defines the strategy use for matching incoming requests. Currently the options are 'mvc'
+                (for Spring MVC matcher), 'ant' (for ant path patterns), 'regex' for regular expressions
+                and 'ciRegex' for case-insensitive regular expressions.
+                </xs:documentation>
+         </xs:annotation>
+         <xs:simpleType>
+            <xs:restriction base="xs:token">
+               <xs:enumeration value="mvc"/>
+               <xs:enumeration value="ant"/>
+               <xs:enumeration value="regex"/>
+               <xs:enumeration value="ciRegex"/>
+            </xs:restriction>
+         </xs:simpleType>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="port">
+      <xs:attribute name="port" use="required" type="xs:nonNegativeInteger">
+         <xs:annotation>
+            <xs:documentation>Specifies an IP port number. Used to configure an embedded LDAP server, for example.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="url">
+      <xs:attribute name="url" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Specifies a URL.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="id">
+      <xs:attribute name="id" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A bean identifier, used for referring to the bean elsewhere in the context.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="name">
+      <xs:attribute name="name" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A bean identifier, used for referring to the bean elsewhere in the context.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="ref">
+      <xs:attribute name="ref" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Defines a reference to a Spring bean Id.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="cache-ref">
+      <xs:attribute name="cache-ref" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Defines a reference to a cache for use with a UserDetailsService.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="user-service-ref">
+      <xs:attribute name="user-service-ref" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A reference to a user-service (or UserDetailsService bean) Id
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="authentication-manager-ref">
+      <xs:attribute name="authentication-manager-ref" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A reference to an AuthenticationManager bean
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="data-source-ref">
+      <xs:attribute name="data-source-ref" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A reference to a DataSource bean
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="debug">
+      <xs:annotation>
+         <xs:documentation>Enables Spring Security debugging infrastructure. This will provide human-readable
+                (multi-line) debugging information to monitor requests coming into the security filters.
+                This may include sensitive information, such as request parameters or headers, and should
+                only be used in a development environment.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType/>
+   </xs:element>
+  
+  <xs:attributeGroup name="password-encoder.attlist">
+      <xs:attribute name="ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Defines a reference to a Spring bean Id.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="hash">
+         <xs:annotation>
+            <xs:documentation>Defines the hashing algorithm used on user passwords. Bcrypt is recommended.
+                </xs:documentation>
+         </xs:annotation>
+         <xs:simpleType>
+            <xs:restriction base="xs:token">
+               <xs:enumeration value="bcrypt"/>
+            </xs:restriction>
+         </xs:simpleType>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="role-prefix">
+      <xs:attribute name="role-prefix" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A non-empty string prefix that will be added to role strings loaded from persistent
+                storage (e.g. "ROLE_"). Use the value "none" for no prefix in cases where the default is
+                non-empty.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="use-expressions">
+      <xs:attribute name="use-expressions" use="required" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>Enables the use of expressions in the 'access' attributes in &lt;intercept-url&gt; elements
+                rather than the traditional list of configuration attributes. Defaults to 'true'. If
+                enabled, each attribute should contain a single boolean expression. If the expression
+                evaluates to 'true', access will be granted.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="ldap-server">
+      <xs:annotation>
+         <xs:documentation>Defines an LDAP server location or starts an embedded server. The url indicates the
+                location of a remote server. If no url is given, an embedded server will be started,
+                listening on the supplied port number. The port is optional and defaults to 33389. A
+                Spring LDAP ContextSource bean will be registered for the server with the id supplied.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:attributeGroup ref="security:ldap-server.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="ldap-server.attlist">
+      <xs:attribute name="id" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A bean identifier, used for referring to the bean elsewhere in the context.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="url" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Specifies a URL.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="port" type="xs:nonNegativeInteger">
+         <xs:annotation>
+            <xs:documentation>Specifies an IP port number. Used to configure an embedded LDAP server, for example.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="manager-dn" type="xs:string">
+         <xs:annotation>
+            <xs:documentation>Username (DN) of the "manager" user identity which will be used to authenticate to a
+                (non-embedded) LDAP server. If omitted, anonymous access will be used.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="manager-password" type="xs:string">
+         <xs:annotation>
+            <xs:documentation>The password for the manager DN. This is required if the manager-dn is specified.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="ldif" type="xs:string">
+         <xs:annotation>
+            <xs:documentation>Explicitly specifies an ldif file resource to load into an embedded LDAP server. The
+                default is classpath*:*.ldiff
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="root" type="xs:string">
+         <xs:annotation>
+            <xs:documentation>Optional root suffix for the embedded LDAP server. Default is "dc=springframework,dc=org"
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="mode">
+         <xs:annotation>
+            <xs:documentation>Explicitly specifies which embedded ldap server should use. Values are 'apacheds' and
+                'unboundid'. By default, it will depends if the library is available in the classpath.
+                </xs:documentation>
+         </xs:annotation>
+         <xs:simpleType>
+            <xs:restriction base="xs:token">
+               <xs:enumeration value="apacheds"/>
+               <xs:enumeration value="unboundid"/>
+            </xs:restriction>
+         </xs:simpleType>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="ldap-server-ref-attribute">
+      <xs:attribute name="server-ref" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The optional server to use. If omitted, and a default LDAP server is registered (using
+                &lt;ldap-server&gt; with no Id), that server will be used.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="group-search-filter-attribute">
+      <xs:attribute name="group-search-filter" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Group search filter. Defaults to (uniqueMember={0}). The substituted parameter is the DN
+                of the user.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="group-search-base-attribute">
+      <xs:attribute name="group-search-base" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Search base for group membership searches. Defaults to "" (searching from the root).
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="user-search-filter-attribute">
+      <xs:attribute name="user-search-filter" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The LDAP filter used to search for users (optional). For example "(uid={0})". The
+                substituted parameter is the user's login name.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="user-search-base-attribute">
+      <xs:attribute name="user-search-base" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Search base for user searches. Defaults to "". Only used with a 'user-search-filter'.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="group-role-attribute-attribute">
+      <xs:attribute name="group-role-attribute" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The LDAP attribute name which contains the role name which will be used within Spring
+                Security. Defaults to "cn".
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="user-details-class-attribute">
+      <xs:attribute name="user-details-class" use="required">
+         <xs:annotation>
+            <xs:documentation>Allows the objectClass of the user entry to be specified. If set, the framework will
+                attempt to load standard attributes for the defined class into the returned UserDetails
+                object
+                </xs:documentation>
+         </xs:annotation>
+         <xs:simpleType>
+            <xs:restriction base="xs:token">
+               <xs:enumeration value="person"/>
+               <xs:enumeration value="inetOrgPerson"/>
+            </xs:restriction>
+         </xs:simpleType>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="user-context-mapper-attribute">
+      <xs:attribute name="user-context-mapper-ref" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Allows explicit customization of the loaded user object by specifying a
+                UserDetailsContextMapper bean which will be called with the context information from the
+                user's directory entry
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="ldap-user-service" substitutionGroup="security:any-user-service">
+      <xs:annotation>
+         <xs:documentation>This element configures a LdapUserDetailsService which is a combination of a
+                FilterBasedLdapUserSearch and a DefaultLdapAuthoritiesPopulator.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:attributeGroup ref="security:ldap-us.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="ldap-us.attlist">
+      <xs:attribute name="id" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A bean identifier, used for referring to the bean elsewhere in the context.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="server-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The optional server to use. If omitted, and a default LDAP server is registered (using
+                &lt;ldap-server&gt; with no Id), that server will be used.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="user-search-filter" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The LDAP filter used to search for users (optional). For example "(uid={0})". The
+                substituted parameter is the user's login name.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="user-search-base" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Search base for user searches. Defaults to "". Only used with a 'user-search-filter'.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="group-search-filter" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Group search filter. Defaults to (uniqueMember={0}). The substituted parameter is the DN
+                of the user.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="group-search-base" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Search base for group membership searches. Defaults to "" (searching from the root).
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="group-role-attribute" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The LDAP attribute name which contains the role name which will be used within Spring
+                Security. Defaults to "cn".
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="cache-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Defines a reference to a cache for use with a UserDetailsService.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="role-prefix" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A non-empty string prefix that will be added to role strings loaded from persistent
+                storage (e.g. "ROLE_"). Use the value "none" for no prefix in cases where the default is
+                non-empty.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="user-details-class">
+         <xs:annotation>
+            <xs:documentation>Allows the objectClass of the user entry to be specified. If set, the framework will
+                attempt to load standard attributes for the defined class into the returned UserDetails
+                object
+                </xs:documentation>
+         </xs:annotation>
+         <xs:simpleType>
+            <xs:restriction base="xs:token">
+               <xs:enumeration value="person"/>
+               <xs:enumeration value="inetOrgPerson"/>
+            </xs:restriction>
+         </xs:simpleType>
+      </xs:attribute>
+      <xs:attribute name="user-context-mapper-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Allows explicit customization of the loaded user object by specifying a
+                UserDetailsContextMapper bean which will be called with the context information from the
+                user's directory entry
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  
+  <xs:attributeGroup name="ldap-ap.attlist">
+      <xs:attribute name="server-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The optional server to use. If omitted, and a default LDAP server is registered (using
+                &lt;ldap-server&gt; with no Id), that server will be used.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="user-search-base" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Search base for user searches. Defaults to "". Only used with a 'user-search-filter'.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="user-search-filter" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The LDAP filter used to search for users (optional). For example "(uid={0})". The
+                substituted parameter is the user's login name.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="group-search-base" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Search base for group membership searches. Defaults to "" (searching from the root).
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="group-search-filter" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Group search filter. Defaults to (uniqueMember={0}). The substituted parameter is the DN
+                of the user.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="group-role-attribute" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The LDAP attribute name which contains the role name which will be used within Spring
+                Security. Defaults to "cn".
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="user-dn-pattern" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A specific pattern used to build the user's DN, for example "uid={0},ou=people". The key
+                "{0}" must be present and will be substituted with the username.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="role-prefix" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A non-empty string prefix that will be added to role strings loaded from persistent
+                storage (e.g. "ROLE_"). Use the value "none" for no prefix in cases where the default is
+                non-empty.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="user-details-class">
+         <xs:annotation>
+            <xs:documentation>Allows the objectClass of the user entry to be specified. If set, the framework will
+                attempt to load standard attributes for the defined class into the returned UserDetails
+                object
+                </xs:documentation>
+         </xs:annotation>
+         <xs:simpleType>
+            <xs:restriction base="xs:token">
+               <xs:enumeration value="person"/>
+               <xs:enumeration value="inetOrgPerson"/>
+            </xs:restriction>
+         </xs:simpleType>
+      </xs:attribute>
+      <xs:attribute name="user-context-mapper-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Allows explicit customization of the loaded user object by specifying a
+                UserDetailsContextMapper bean which will be called with the context information from the
+                user's directory entry
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  
+  <xs:attributeGroup name="password-compare.attlist">
+      <xs:attribute name="password-attribute" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The attribute in the directory which contains the user password. Defaults to
+                "userPassword".
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="hash">
+         <xs:annotation>
+            <xs:documentation>Defines the hashing algorithm used on user passwords. Bcrypt is recommended.
+                </xs:documentation>
+         </xs:annotation>
+         <xs:simpleType>
+            <xs:restriction base="xs:token">
+               <xs:enumeration value="bcrypt"/>
+            </xs:restriction>
+         </xs:simpleType>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="intercept-methods">
+      <xs:annotation>
+         <xs:documentation>Can be used inside a bean definition to add a security interceptor to the bean and set up
+                access configuration attributes for the bean's methods
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:sequence>
+            <xs:element maxOccurs="unbounded" name="protect">
+               <xs:annotation>
+                  <xs:documentation>Defines a protected method and the access control configuration attributes that apply to
+                it. We strongly advise you NOT to mix "protect" declarations with any services provided
+                "global-method-security".
+                </xs:documentation>
+               </xs:annotation>
+               <xs:complexType>
+                  <xs:attributeGroup ref="security:protect.attlist"/>
+               </xs:complexType>
+            </xs:element>
+         </xs:sequence>
+         <xs:attributeGroup ref="security:intercept-methods.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="intercept-methods.attlist">
+      <xs:attribute name="access-decision-manager-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Optional AccessDecisionManager bean ID to be used by the created method security
+                interceptor.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  
+  <xs:attributeGroup name="protect.attlist">
+      <xs:attribute name="method" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A method name
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="access" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Access configuration attributes list that applies to the method, e.g. "ROLE_A,ROLE_B".
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="method-security-metadata-source">
+      <xs:annotation>
+         <xs:documentation>Creates a MethodSecurityMetadataSource instance
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:sequence>
+            <xs:element maxOccurs="unbounded" name="protect">
+               <xs:annotation>
+                  <xs:documentation>Defines a protected method and the access control configuration attributes that apply to
+                it. We strongly advise you NOT to mix "protect" declarations with any services provided
+                "global-method-security".
+                </xs:documentation>
+               </xs:annotation>
+               <xs:complexType>
+                  <xs:attributeGroup ref="security:protect.attlist"/>
+               </xs:complexType>
+            </xs:element>
+         </xs:sequence>
+         <xs:attributeGroup ref="security:msmds.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="msmds.attlist">
+      <xs:attribute name="id" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A bean identifier, used for referring to the bean elsewhere in the context.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="use-expressions" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>Enables the use of expressions in the 'access' attributes in &lt;intercept-url&gt; elements
+                rather than the traditional list of configuration attributes. Defaults to 'true'. If
+                enabled, each attribute should contain a single boolean expression. If the expression
+                evaluates to 'true', access will be granted.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="method-security">
+      <xs:annotation>
+         <xs:documentation>Provides method security for all beans registered in the Spring application context.
+                Specifically, beans will be scanned for matches with Spring Security annotations. Where
+                there is a match, the beans will automatically be proxied and security authorization
+                applied to the methods accordingly. Interceptors are invoked in the order specified in
+                AuthorizationInterceptorsOrder. Use can create your own interceptors using Spring AOP.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:sequence>
+            <xs:element minOccurs="0" name="expression-handler">
+               <xs:annotation>
+                  <xs:documentation>Defines the SecurityExpressionHandler instance which will be used if expression-based
+                access-control is enabled. A default implementation (with no ACL support) will be used if
+                not supplied.
+                </xs:documentation>
+               </xs:annotation>
+               <xs:complexType>
+                  <xs:attributeGroup ref="security:ref"/>
+               </xs:complexType>
+            </xs:element>
+         </xs:sequence>
+         <xs:attributeGroup ref="security:method-security.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="method-security.attlist">
+      <xs:attribute name="pre-post-enabled" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>Specifies whether the use of Spring Security's pre and post invocation annotations
+                (@PreFilter, @PreAuthorize, @PostFilter, @PostAuthorize) should be enabled for this
+                application context. Defaults to "true".
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="secured-enabled" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>Specifies whether the use of Spring Security's @Secured annotations should be enabled for
+                this application context. Defaults to "false".
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="jsr250-enabled" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>Specifies whether JSR-250 style attributes are to be used (for example "RolesAllowed").
+                This will require the javax.annotation.security classes on the classpath. Defaults to
+                "false".
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="proxy-target-class" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>If true, class-based proxying will be used instead of interface-based proxying.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="global-method-security">
+      <xs:annotation>
+         <xs:documentation>Provides method security for all beans registered in the Spring application context.
+                Specifically, beans will be scanned for matches with the ordered list of
+                "protect-pointcut" sub-elements, Spring Security annotations and/or. Where there is a
+                match, the beans will automatically be proxied and security authorization applied to the
+                methods accordingly. If you use and enable all four sources of method security metadata
+                (ie "protect-pointcut" declarations, expression annotations, @Secured and also JSR250
+                security annotations), the metadata sources will be queried in that order. In practical
+                terms, this enables you to use XML to override method security metadata expressed in
+                annotations. If using annotations, the order of precedence is EL-based (@PreAuthorize
+                etc.), @Secured and finally JSR-250.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:sequence>
+            <xs:choice minOccurs="0">
+               <xs:element name="pre-post-annotation-handling">
+                  <xs:annotation>
+                     <xs:documentation>Allows the default expression-based mechanism for handling Spring Security's pre and post
+                invocation annotations (@PreFilter, @PreAuthorize, @PostFilter, @PostAuthorize) to be
+                replace entirely. Only applies if these annotations are enabled.
+                </xs:documentation>
+                  </xs:annotation>
+                  <xs:complexType>
+                     <xs:sequence>
+                        <xs:element name="invocation-attribute-factory">
+                           <xs:annotation>
+                              <xs:documentation>Defines the PrePostInvocationAttributeFactory instance which is used to generate pre and
+                post invocation metadata from the annotated methods.
+                </xs:documentation>
+                           </xs:annotation>
+                           <xs:complexType>
+                              <xs:attributeGroup ref="security:ref"/>
+                           </xs:complexType>
+                        </xs:element>
+                        <xs:element name="pre-invocation-advice">
+                           <xs:annotation>
+                              <xs:documentation>Customizes the PreInvocationAuthorizationAdviceVoter with the ref as the
+                PreInvocationAuthorizationAdviceVoter for the &lt;pre-post-annotation-handling&gt; element.
+                </xs:documentation>
+                           </xs:annotation>
+                           <xs:complexType>
+                              <xs:attributeGroup ref="security:ref"/>
+                           </xs:complexType>
+                        </xs:element>
+                        <xs:element name="post-invocation-advice">
+                           <xs:annotation>
+                              <xs:documentation>Customizes the PostInvocationAdviceProvider with the ref as the
+                PostInvocationAuthorizationAdvice for the &lt;pre-post-annotation-handling&gt; element.
+                </xs:documentation>
+                           </xs:annotation>
+                           <xs:complexType>
+                              <xs:attributeGroup ref="security:ref"/>
+                           </xs:complexType>
+                        </xs:element>
+                     </xs:sequence>
+                  </xs:complexType>
+               </xs:element>
+               <xs:element name="expression-handler">
+                  <xs:annotation>
+                     <xs:documentation>Defines the SecurityExpressionHandler instance which will be used if expression-based
+                access-control is enabled. A default implementation (with no ACL support) will be used if
+                not supplied.
+                </xs:documentation>
+                  </xs:annotation>
+                  <xs:complexType>
+                     <xs:attributeGroup ref="security:ref"/>
+                  </xs:complexType>
+               </xs:element>
+            </xs:choice>
+            <xs:element minOccurs="0" maxOccurs="unbounded" name="protect-pointcut">
+               <xs:annotation>
+                  <xs:documentation>Defines a protected pointcut and the access control configuration attributes that apply to
+                it. Every bean registered in the Spring application context that provides a method that
+                matches the pointcut will receive security authorization.
+                </xs:documentation>
+               </xs:annotation>
+               <xs:complexType>
+                  <xs:attributeGroup ref="security:protect-pointcut.attlist"/>
+               </xs:complexType>
+            </xs:element>
+            <xs:element minOccurs="0" maxOccurs="unbounded" name="after-invocation-provider">
+               <xs:annotation>
+                  <xs:documentation>Allows addition of extra AfterInvocationProvider beans which should be called by the
+                MethodSecurityInterceptor created by global-method-security.
+                </xs:documentation>
+               </xs:annotation>
+               <xs:complexType>
+                  <xs:attributeGroup ref="security:ref"/>
+               </xs:complexType>
+            </xs:element>
+         </xs:sequence>
+         <xs:attributeGroup ref="security:global-method-security.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="global-method-security.attlist">
+      <xs:attribute name="pre-post-annotations">
+         <xs:annotation>
+            <xs:documentation>Specifies whether the use of Spring Security's pre and post invocation annotations
+                (@PreFilter, @PreAuthorize, @PostFilter, @PostAuthorize) should be enabled for this
+                application context. Defaults to "disabled".
+                </xs:documentation>
+         </xs:annotation>
+         <xs:simpleType>
+            <xs:restriction base="xs:token">
+               <xs:enumeration value="disabled"/>
+               <xs:enumeration value="enabled"/>
+            </xs:restriction>
+         </xs:simpleType>
+      </xs:attribute>
+      <xs:attribute name="secured-annotations">
+         <xs:annotation>
+            <xs:documentation>Specifies whether the use of Spring Security's @Secured annotations should be enabled for
+                this application context. Defaults to "disabled".
+                </xs:documentation>
+         </xs:annotation>
+         <xs:simpleType>
+            <xs:restriction base="xs:token">
+               <xs:enumeration value="disabled"/>
+               <xs:enumeration value="enabled"/>
+            </xs:restriction>
+         </xs:simpleType>
+      </xs:attribute>
+      <xs:attribute name="jsr250-annotations">
+         <xs:annotation>
+            <xs:documentation>Specifies whether JSR-250 style attributes are to be used (for example "RolesAllowed").
+                This will require the javax.annotation.security classes on the classpath. Defaults to
+                "disabled".
+                </xs:documentation>
+         </xs:annotation>
+         <xs:simpleType>
+            <xs:restriction base="xs:token">
+               <xs:enumeration value="disabled"/>
+               <xs:enumeration value="enabled"/>
+            </xs:restriction>
+         </xs:simpleType>
+      </xs:attribute>
+      <xs:attribute name="access-decision-manager-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Optional AccessDecisionManager bean ID to override the default used for method security.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="run-as-manager-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Optional RunAsmanager implementation which will be used by the configured
+                MethodSecurityInterceptor
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="order" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Allows the advice "order" to be set for the method security interceptor.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="proxy-target-class" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>If true, class based proxying will be used instead of interface based proxying.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="mode">
+         <xs:annotation>
+            <xs:documentation>Can be used to specify that AspectJ should be used instead of the default Spring AOP. If
+                set, secured classes must be woven with the AnnotationSecurityAspect from the
+                spring-security-aspects module.
+                </xs:documentation>
+         </xs:annotation>
+         <xs:simpleType>
+            <xs:restriction base="xs:token">
+               <xs:enumeration value="aspectj"/>
+            </xs:restriction>
+         </xs:simpleType>
+      </xs:attribute>
+      <xs:attribute name="metadata-source-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>An external MethodSecurityMetadataSource instance can be supplied which will take priority
+                over other sources (such as the default annotations).
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="authentication-manager-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A reference to an AuthenticationManager bean
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  
+  
+  
+  
+  
+  
+  
+  <xs:attributeGroup name="protect-pointcut.attlist">
+      <xs:attribute name="expression" use="required" type="xs:string">
+         <xs:annotation>
+            <xs:documentation>An AspectJ expression, including the 'execution' keyword. For example, 'execution(int
+                com.foo.TargetObject.countLength(String))' (without the quotes).
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="access" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Access configuration attributes list that applies to all methods matching the pointcut,
+                e.g. "ROLE_A,ROLE_B"
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="websocket-message-broker">
+      <xs:annotation>
+         <xs:documentation>Allows securing a Message Broker. There are two modes. If no id is specified: ensures that
+                any SimpAnnotationMethodMessageHandler has the AuthenticationPrincipalArgumentResolver
+                registered as a custom argument resolver; ensures that the
+                SecurityContextChannelInterceptor is automatically registered for the
+                clientInboundChannel; and that a ChannelSecurityInterceptor is registered with the
+                clientInboundChannel. If the id is specified, creates a ChannelSecurityInterceptor that
+                can be manually registered with the clientInboundChannel.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:choice minOccurs="0" maxOccurs="unbounded">
+            <xs:element ref="security:intercept-message"/>
+            <xs:element name="expression-handler">
+               <xs:annotation>
+                  <xs:documentation>Defines the SecurityExpressionHandler instance which will be used if expression-based
+                access-control is enabled. A default implementation (with no ACL support) will be used if
+                not supplied.
+                </xs:documentation>
+               </xs:annotation>
+               <xs:complexType>
+                  <xs:attributeGroup ref="security:ref"/>
+               </xs:complexType>
+            </xs:element>
+         </xs:choice>
+         <xs:attributeGroup ref="security:websocket-message-broker.attrlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="websocket-message-broker.attrlist">
+      <xs:attribute name="id" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A bean identifier, used for referring to the bean elsewhere in the context. If specified,
+                explicit configuration within clientInboundChannel is required. If not specified, ensures
+                that any SimpAnnotationMethodMessageHandler has the
+                AuthenticationPrincipalArgumentResolver registered as a custom argument resolver; ensures
+                that the SecurityContextChannelInterceptor is automatically registered for the
+                clientInboundChannel; and that a ChannelSecurityInterceptor is registered with the
+                clientInboundChannel.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="same-origin-disabled" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>Disables the requirement for CSRF token to be present in the Stomp headers (default
+                false). Changing the default is useful if it is necessary to allow other origins to make
+                SockJS connections.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="intercept-message">
+      <xs:annotation>
+         <xs:documentation>Creates an authorization rule for a websocket message.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:attributeGroup ref="security:intercept-message.attrlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="intercept-message.attrlist">
+      <xs:attribute name="pattern" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The destination ant pattern which will be mapped to the access attribute. For example, /**
+                matches any message with a destination, /admin/** matches any message that has a
+                destination that starts with admin.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="access" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The access configuration attributes that apply for the configured message. For example,
+                permitAll grants access to anyone, hasRole('ROLE_ADMIN') requires the user have the role
+                'ROLE_ADMIN'.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="type">
+         <xs:annotation>
+            <xs:documentation>The type of message to match on. Valid values are defined in SimpMessageType (i.e.
+                CONNECT, CONNECT_ACK, HEARTBEAT, MESSAGE, SUBSCRIBE, UNSUBSCRIBE, DISCONNECT,
+                DISCONNECT_ACK, OTHER).
+                </xs:documentation>
+         </xs:annotation>
+         <xs:simpleType>
+            <xs:restriction base="xs:token">
+               <xs:enumeration value="CONNECT"/>
+               <xs:enumeration value="CONNECT_ACK"/>
+               <xs:enumeration value="HEARTBEAT"/>
+               <xs:enumeration value="MESSAGE"/>
+               <xs:enumeration value="SUBSCRIBE"/>
+               <xs:enumeration value="UNSUBSCRIBE"/>
+               <xs:enumeration value="DISCONNECT"/>
+               <xs:enumeration value="DISCONNECT_ACK"/>
+               <xs:enumeration value="OTHER"/>
+            </xs:restriction>
+         </xs:simpleType>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="http-firewall">
+      <xs:annotation>
+         <xs:documentation>Allows a custom instance of HttpFirewall to be injected into the FilterChainProxy created
+                by the namespace.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:attributeGroup ref="security:ref"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:element name="http">
+      <xs:annotation>
+         <xs:documentation>Container element for HTTP security configuration. Multiple elements can now be defined,
+                each with a specific pattern to which the enclosed security configuration applies. A
+                pattern can also be configured to bypass Spring Security's filters completely by setting
+                the "security" attribute to "none".
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:choice minOccurs="0" maxOccurs="unbounded">
+            <xs:element name="intercept-url">
+               <xs:annotation>
+                  <xs:documentation>Specifies the access attributes and/or filter list for a particular set of URLs.
+                </xs:documentation>
+               </xs:annotation>
+               <xs:complexType>
+                  <xs:attributeGroup ref="security:intercept-url.attlist"/>
+               </xs:complexType>
+            </xs:element>
+            <xs:element name="access-denied-handler">
+               <xs:annotation>
+                  <xs:documentation>Defines the access-denied strategy that should be used. An access denied page can be
+                defined or a reference to an AccessDeniedHandler instance.
+                </xs:documentation>
+               </xs:annotation>
+               <xs:complexType>
+                  <xs:attributeGroup ref="security:access-denied-handler.attlist"/>
+               </xs:complexType>
+            </xs:element>
+            <xs:element name="form-login">
+               <xs:annotation>
+                  <xs:documentation>Sets up a form login configuration for authentication with a username and password
+                </xs:documentation>
+               </xs:annotation>
+               <xs:complexType>
+                  <xs:attributeGroup ref="security:form-login.attlist"/>
+               </xs:complexType>
+            </xs:element>
+            <xs:element ref="security:oauth2-login"/>
+            <xs:element ref="security:oauth2-client"/>
+            <xs:element ref="security:oauth2-resource-server"/>
+            <xs:element name="openid-login">
+               <xs:annotation>
+                  <xs:documentation>Sets up form login for authentication with an Open ID identity. NOTE: The OpenID 1.0 and
+                2.0 protocols have been deprecated and users are &lt;a
+                href="https://openid.net/specs/openid-connect-migration-1_0.html"&gt;encouraged to
+                migrate&lt;/a&gt; to &lt;a href="https://openid.net/connect/"&gt;OpenID Connect&lt;/a&gt;, which is
+                supported by &lt;code&gt;spring-security-oauth2&lt;/code&gt;.
+                </xs:documentation>
+               </xs:annotation>
+               <xs:complexType>
+                  <xs:sequence>
+                     <xs:element minOccurs="0" maxOccurs="unbounded" ref="security:attribute-exchange"/>
+                  </xs:sequence>
+                  <xs:attributeGroup ref="security:form-login.attlist"/>
+                  <xs:attribute name="user-service-ref" type="xs:token">
+                     <xs:annotation>
+                        <xs:documentation>A reference to a user-service (or UserDetailsService bean) Id
+                </xs:documentation>
+                     </xs:annotation>
+                  </xs:attribute>
+               </xs:complexType>
+            </xs:element>
+            <xs:element name="x509">
+               <xs:annotation>
+                  <xs:documentation>Adds support for X.509 client authentication.
+                </xs:documentation>
+               </xs:annotation>
+               <xs:complexType>
+                  <xs:attributeGroup ref="security:x509.attlist"/>
+               </xs:complexType>
+            </xs:element>
+            <xs:element ref="security:jee"/>
+            <xs:element name="http-basic">
+               <xs:annotation>
+                  <xs:documentation>Adds support for basic authentication
+                </xs:documentation>
+               </xs:annotation>
+               <xs:complexType>
+                  <xs:attributeGroup ref="security:http-basic.attlist"/>
+               </xs:complexType>
+            </xs:element>
+            <xs:element name="logout">
+               <xs:annotation>
+                  <xs:documentation>Incorporates a logout processing filter. Most web applications require a logout filter,
+                although you may not require one if you write a controller to provider similar logic.
+                </xs:documentation>
+               </xs:annotation>
+               <xs:complexType>
+                  <xs:attributeGroup ref="security:logout.attlist"/>
+               </xs:complexType>
+            </xs:element>
+            <xs:element ref="security:password-management"/>
+            <xs:element name="session-management">
+               <xs:annotation>
+                  <xs:documentation>Session-management related functionality is implemented by the addition of a
+                SessionManagementFilter to the filter stack.
+                </xs:documentation>
+               </xs:annotation>
+               <xs:complexType>
+                  <xs:sequence>
+                     <xs:element minOccurs="0" name="concurrency-control">
+                        <xs:annotation>
+                           <xs:documentation>Enables concurrent session control, limiting the number of authenticated sessions a user
+                may have at the same time.
+                </xs:documentation>
+                        </xs:annotation>
+                        <xs:complexType>
+                           <xs:attributeGroup ref="security:concurrency-control.attlist"/>
+                        </xs:complexType>
+                     </xs:element>
+                  </xs:sequence>
+                  <xs:attributeGroup ref="security:session-management.attlist"/>
+               </xs:complexType>
+            </xs:element>
+            <xs:element name="remember-me">
+               <xs:annotation>
+                  <xs:documentation>Sets up remember-me authentication. If used with the "key" attribute (or no attributes)
+                the cookie-only implementation will be used. Specifying "token-repository-ref" or
+                "remember-me-data-source-ref" will use the more secure, persisten token approach.
+                </xs:documentation>
+               </xs:annotation>
+               <xs:complexType>
+                  <xs:attributeGroup ref="security:remember-me.attlist"/>
+               </xs:complexType>
+            </xs:element>
+            <xs:element name="anonymous">
+               <xs:annotation>
+                  <xs:documentation>Adds support for automatically granting all anonymous web requests a particular principal
+                identity and a corresponding granted authority.
+                </xs:documentation>
+               </xs:annotation>
+               <xs:complexType>
+                  <xs:attributeGroup ref="security:anonymous.attlist"/>
+               </xs:complexType>
+            </xs:element>
+            <xs:element name="port-mappings">
+               <xs:annotation>
+                  <xs:documentation>Defines the list of mappings between http and https ports for use in redirects
+                </xs:documentation>
+               </xs:annotation>
+               <xs:complexType>
+                  <xs:sequence>
+                     <xs:element maxOccurs="unbounded" name="port-mapping">
+                        <xs:annotation>
+                           <xs:documentation>Provides a method to map http ports to https ports when forcing a redirect.
+                </xs:documentation>
+                        </xs:annotation>
+                        <xs:complexType>
+                           <xs:attributeGroup ref="security:http-port"/>
+                           <xs:attributeGroup ref="security:https-port"/>
+                        </xs:complexType>
+                     </xs:element>
+                  </xs:sequence>
+               </xs:complexType>
+            </xs:element>
+            <xs:element ref="security:custom-filter"/>
+            <xs:element ref="security:request-cache"/>
+            <xs:element name="expression-handler">
+               <xs:annotation>
+                  <xs:documentation>Defines the SecurityExpressionHandler instance which will be used if expression-based
+                access-control is enabled. A default implementation (with no ACL support) will be used if
+                not supplied.
+                </xs:documentation>
+               </xs:annotation>
+               <xs:complexType>
+                  <xs:attributeGroup ref="security:ref"/>
+               </xs:complexType>
+            </xs:element>
+            <xs:element ref="security:headers"/>
+            <xs:element ref="security:csrf"/>
+            <xs:element ref="security:cors"/>
+         </xs:choice>
+         <xs:attributeGroup ref="security:http.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="http.attlist">
+      <xs:attribute name="pattern" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The request URL pattern which will be mapped to the filter chain created by this &lt;http&gt;
+                element. If omitted, the filter chain will match all requests.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="security">
+         <xs:annotation>
+            <xs:documentation>When set to 'none', requests matching the pattern attribute will be ignored by Spring
+                Security. No security filters will be applied and no SecurityContext will be available. If
+                set, the &lt;http&gt; element must be empty, with no children.
+                </xs:documentation>
+         </xs:annotation>
+         <xs:simpleType>
+            <xs:restriction base="xs:token">
+               <xs:enumeration value="none"/>
+            </xs:restriction>
+         </xs:simpleType>
+      </xs:attribute>
+      <xs:attribute name="request-matcher-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Allows a RequestMatcher instance to be used, as an alternative to pattern-matching.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="auto-config" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>A legacy attribute which automatically registers a login form, BASIC authentication and a
+                logout URL and logout services. If unspecified, defaults to "false". We'd recommend you
+                avoid using this and instead explicitly configure the services you require.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="use-expressions" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>Enables the use of expressions in the 'access' attributes in &lt;intercept-url&gt; elements
+                rather than the traditional list of configuration attributes. Defaults to 'true'. If
+                enabled, each attribute should contain a single boolean expression. If the expression
+                evaluates to 'true', access will be granted.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="create-session">
+         <xs:annotation>
+            <xs:documentation>Controls the eagerness with which an HTTP session is created by Spring Security classes.
+                If not set, defaults to "ifRequired". If "stateless" is used, this implies that the
+                application guarantees that it will not create a session. This differs from the use of
+                "never" which means that Spring Security will not create a session, but will make use of
+                one if the application does.
+                </xs:documentation>
+         </xs:annotation>
+         <xs:simpleType>
+            <xs:restriction base="xs:token">
+               <xs:enumeration value="ifRequired"/>
+               <xs:enumeration value="always"/>
+               <xs:enumeration value="never"/>
+               <xs:enumeration value="stateless"/>
+            </xs:restriction>
+         </xs:simpleType>
+      </xs:attribute>
+      <xs:attribute name="security-context-repository-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A reference to a SecurityContextRepository bean. This can be used to customize how the
+                SecurityContext is stored between requests.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="request-matcher">
+         <xs:annotation>
+            <xs:documentation>Defines the strategy use for matching incoming requests. Currently the options are 'mvc'
+                (for Spring MVC matcher), 'ant' (for ant path patterns), 'regex' for regular expressions
+                and 'ciRegex' for case-insensitive regular expressions.
+                </xs:documentation>
+         </xs:annotation>
+         <xs:simpleType>
+            <xs:restriction base="xs:token">
+               <xs:enumeration value="mvc"/>
+               <xs:enumeration value="ant"/>
+               <xs:enumeration value="regex"/>
+               <xs:enumeration value="ciRegex"/>
+            </xs:restriction>
+         </xs:simpleType>
+      </xs:attribute>
+      <xs:attribute name="servlet-api-provision" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>Provides versions of HttpServletRequest security methods such as isUserInRole() and
+                getPrincipal() which are implemented by accessing the Spring SecurityContext. Defaults to
+                "true".
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="jaas-api-provision" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>If available, runs the request as the Subject acquired from the JaasAuthenticationToken.
+                Defaults to "false".
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="access-decision-manager-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Optional attribute specifying the ID of the AccessDecisionManager implementation which
+                should be used for authorizing HTTP requests.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="realm" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Optional attribute specifying the realm name that will be used for all authentication
+                features that require a realm name (eg BASIC and Digest authentication). If unspecified,
+                defaults to "Spring Security Application".
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="entry-point-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Allows a customized AuthenticationEntryPoint to be set on the ExceptionTranslationFilter.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="once-per-request" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>Corresponds to the observeOncePerRequest property of FilterSecurityInterceptor. Defaults
+                to "true"
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="disable-url-rewriting" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>Prevents the jsessionid parameter from being added to rendered URLs. Defaults to "true"
+                (rewriting is disabled).
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="name" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A bean identifier, used for referring to the bean elsewhere in the context.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="authentication-manager-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A reference to an AuthenticationManager bean
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  
+  <xs:attributeGroup name="access-denied-handler.attlist">
+      <xs:attribute name="ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Defines a reference to a Spring bean Id.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="error-page" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The access denied page that an authenticated user will be redirected to if they request a
+                page which they don't have the authority to access.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="access-denied-handler-page">
+      <xs:attribute name="error-page" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The access denied page that an authenticated user will be redirected to if they request a
+                page which they don't have the authority to access.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  
+  <xs:attributeGroup name="intercept-url.attlist">
+      <xs:attribute name="pattern" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The request URL pattern which will be mapped to the FilterChain.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="request-matcher-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Allows a RequestMatcher instance to be used, as an alternative to pattern-matching.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="access" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The access configuration attributes that apply for the configured path.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="method">
+         <xs:annotation>
+            <xs:documentation>The HTTP Method for which the access configuration attributes should apply. If not
+                specified, the attributes will apply to any method.
+                </xs:documentation>
+         </xs:annotation>
+         <xs:simpleType>
+            <xs:restriction base="xs:token">
+               <xs:enumeration value="GET"/>
+               <xs:enumeration value="DELETE"/>
+               <xs:enumeration value="HEAD"/>
+               <xs:enumeration value="OPTIONS"/>
+               <xs:enumeration value="POST"/>
+               <xs:enumeration value="PUT"/>
+               <xs:enumeration value="PATCH"/>
+               <xs:enumeration value="TRACE"/>
+            </xs:restriction>
+         </xs:simpleType>
+      </xs:attribute>
+      <xs:attribute name="requires-channel" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Used to specify that a URL must be accessed over http or https, or that there is no
+                preference. The value should be "http", "https" or "any", respectively.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="servlet-path" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The path to the servlet. This attribute is only applicable when 'request-matcher' is
+                'mvc'. In addition, the value is only required in the following 2 use cases: 1) There are
+                2 or more HttpServlet's registered in the ServletContext that have mappings starting with
+                '/' and are different; 2) The pattern starts with the same value of a registered
+                HttpServlet path, excluding the default (root) HttpServlet '/'.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  
+  <xs:attributeGroup name="logout.attlist">
+      <xs:attribute name="logout-url" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Specifies the URL that will cause a logout. Spring Security will initialize a filter that
+                responds to this particular URL. Defaults to /logout if unspecified.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="logout-success-url" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Specifies the URL to display once the user has logged out. If not specified, defaults to
+                &lt;form-login-login-page&gt;/?logout (i.e. /login?logout).
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="invalidate-session" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>Specifies whether a logout also causes HttpSession invalidation, which is generally
+                desirable. If unspecified, defaults to true.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="success-handler-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A reference to a LogoutSuccessHandler implementation which will be used to determine the
+                destination to which the user is taken after logging out.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="delete-cookies" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A comma-separated list of the names of cookies which should be deleted when the user logs
+                out
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="request-cache">
+      <xs:annotation>
+         <xs:documentation>Allow the RequestCache used for saving requests during the login process to be set
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:attributeGroup ref="security:ref"/>
+      </xs:complexType>
+   </xs:element>
+  
+  <xs:attributeGroup name="form-login.attlist">
+      <xs:attribute name="login-processing-url" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The URL that the login form is posted to. If unspecified, it defaults to /login.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="username-parameter" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The name of the request parameter which contains the username. Defaults to 'username'.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="password-parameter" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The name of the request parameter which contains the password. Defaults to 'password'.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="default-target-url" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The URL that will be redirected to after successful authentication, if the user's previous
+                action could not be resumed. This generally happens if the user visits a login page
+                without having first requested a secured operation that triggers authentication. If
+                unspecified, defaults to the root of the application.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="always-use-default-target" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>Whether the user should always be redirected to the default-target-url after login.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="login-page" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The URL for the login page. If no login URL is specified, Spring Security will
+                automatically create a login URL at GET /login and a corresponding filter to render that
+                login URL when requested.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="authentication-failure-url" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The URL for the login failure page. If no login failure URL is specified, Spring Security
+                will automatically create a failure login URL at /login?error and a corresponding filter
+                to render that login failure URL when requested.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="authentication-success-handler-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to an AuthenticationSuccessHandler bean which should be used to handle a
+                successful authentication request. Should not be used in combination with
+                default-target-url (or always-use-default-target-url) as the implementation should always
+                deal with navigation to the subsequent destination
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="authentication-failure-handler-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to an AuthenticationFailureHandler bean which should be used to handle a failed
+                authentication request. Should not be used in combination with authentication-failure-url
+                as the implementation should always deal with navigation to the subsequent destination
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="authentication-details-source-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to an AuthenticationDetailsSource which will be used by the authentication
+                filter
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="authentication-failure-forward-url" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The URL for the ForwardAuthenticationFailureHandler
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="authentication-success-forward-url" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The URL for the ForwardAuthenticationSuccessHandler
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="oauth2-login">
+      <xs:annotation>
+         <xs:documentation>Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0 Provider.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:attributeGroup ref="security:oauth2-login.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="oauth2-login.attlist">
+      <xs:attribute name="client-registration-repository-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to the ClientRegistrationRepository
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="authorized-client-repository-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to the OAuth2AuthorizedClientRepository
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="authorized-client-service-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to the OAuth2AuthorizedClientService
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="authorization-request-repository-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to the AuthorizationRequestRepository
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="authorization-request-resolver-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to the OAuth2AuthorizationRequestResolver
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="access-token-response-client-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to the OAuth2AccessTokenResponseClient
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="user-authorities-mapper-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to the GrantedAuthoritiesMapper
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="user-service-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to the OAuth2UserService
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="oidc-user-service-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to the OpenID Connect OAuth2UserService
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="login-processing-url" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The URI where the filter processes authentication requests
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="login-page" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The URI to send users to login
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="authentication-success-handler-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to the AuthenticationSuccessHandler
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="authentication-failure-handler-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to the AuthenticationFailureHandler
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="jwt-decoder-factory-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to the JwtDecoderFactory used by OidcAuthorizationCodeAuthenticationProvider
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="oauth2-client">
+      <xs:annotation>
+         <xs:documentation>Configures OAuth 2.0 Client support.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:sequence>
+            <xs:element minOccurs="0" ref="security:authorization-code-grant"/>
+         </xs:sequence>
+         <xs:attributeGroup ref="security:oauth2-client.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="oauth2-client.attlist">
+      <xs:attribute name="client-registration-repository-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to the ClientRegistrationRepository
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="authorized-client-repository-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to the OAuth2AuthorizedClientRepository
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="authorized-client-service-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to the OAuth2AuthorizedClientService
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="authorization-code-grant">
+      <xs:annotation>
+         <xs:documentation>Configures OAuth 2.0 Authorization Code Grant.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:attributeGroup ref="security:authorization-code-grant.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="authorization-code-grant.attlist">
+      <xs:attribute name="authorization-request-repository-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to the AuthorizationRequestRepository
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="authorization-request-resolver-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to the OAuth2AuthorizationRequestResolver
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="access-token-response-client-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to the OAuth2AccessTokenResponseClient
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="client-registrations">
+      <xs:annotation>
+         <xs:documentation>Container element for client(s) registered with an OAuth 2.0 or OpenID Connect 1.0
+                Provider.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:sequence>
+            <xs:element maxOccurs="unbounded" ref="security:client-registration"/>
+            <xs:element minOccurs="0" maxOccurs="unbounded" ref="security:provider"/>
+         </xs:sequence>
+      </xs:complexType>
+   </xs:element>
+  <xs:element name="client-registration">
+      <xs:annotation>
+         <xs:documentation>Represents a client registered with an OAuth 2.0 or OpenID Connect 1.0 Provider.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:attributeGroup ref="security:client-registration.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="client-registration.attlist">
+      <xs:attribute name="registration-id" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The ID that uniquely identifies the client registration.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="client-id" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The client identifier.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="client-secret" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The client secret.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="client-authentication-method">
+         <xs:annotation>
+            <xs:documentation>The method used to authenticate the client with the provider. The supported values are
+                client_secret_basic, client_secret_post and none (public clients).
+                </xs:documentation>
+         </xs:annotation>
+         <xs:simpleType>
+            <xs:restriction base="xs:token">
+               <xs:enumeration value="client_secret_basic"/>
+               <xs:enumeration value="basic"/>
+               <xs:enumeration value="client_secret_post"/>
+               <xs:enumeration value="post"/>
+               <xs:enumeration value="none"/>
+            </xs:restriction>
+         </xs:simpleType>
+      </xs:attribute>
+      <xs:attribute name="authorization-grant-type">
+         <xs:annotation>
+            <xs:documentation>The OAuth 2.0 Authorization Framework defines four Authorization Grant types. The
+                supported values are authorization_code, client_credentials, password and implicit.
+                </xs:documentation>
+         </xs:annotation>
+         <xs:simpleType>
+            <xs:restriction base="xs:token">
+               <xs:enumeration value="authorization_code"/>
+               <xs:enumeration value="client_credentials"/>
+               <xs:enumeration value="password"/>
+               <xs:enumeration value="implicit"/>
+            </xs:restriction>
+         </xs:simpleType>
+      </xs:attribute>
+      <xs:attribute name="redirect-uri" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The client’s registered redirect URI that the Authorization Server redirects the
+                end-user’s user-agent to after the end-user has authenticated and authorized access to the
+                client.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="scope" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A comma-separated list of scope(s) requested by the client during the Authorization
+                Request flow, such as openid, email, or profile.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="client-name" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A descriptive name used for the client. The name may be used in certain scenarios, such as
+                when displaying the name of the client in the auto-generated login page.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="provider-id" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A reference to the associated provider. May reference a 'provider' element or use one of
+                the common providers (google, github, facebook, okta).
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="provider">
+      <xs:annotation>
+         <xs:documentation>The configuration information for an OAuth 2.0 or OpenID Connect 1.0 Provider.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:attributeGroup ref="security:provider.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="provider.attlist">
+      <xs:attribute name="provider-id" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The ID that uniquely identifies the provider.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="authorization-uri" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The Authorization Endpoint URI for the Authorization Server.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="token-uri" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The Token Endpoint URI for the Authorization Server.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="user-info-uri" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The UserInfo Endpoint URI used to access the claims/attributes of the authenticated
+                end-user.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="user-info-authentication-method">
+         <xs:annotation>
+            <xs:documentation>The authentication method used when sending the access token to the UserInfo Endpoint. The
+                supported values are header, form and query.
+                </xs:documentation>
+         </xs:annotation>
+         <xs:simpleType>
+            <xs:restriction base="xs:token">
+               <xs:enumeration value="header"/>
+               <xs:enumeration value="form"/>
+               <xs:enumeration value="query"/>
+            </xs:restriction>
+         </xs:simpleType>
+      </xs:attribute>
+      <xs:attribute name="user-info-user-name-attribute" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The name of the attribute returned in the UserInfo Response that references the Name or
+                Identifier of the end-user.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="jwk-set-uri" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The URI used to retrieve the JSON Web Key (JWK) Set from the Authorization Server, which
+                contains the cryptographic key(s) used to verify the JSON Web Signature (JWS) of the ID
+                Token and optionally the UserInfo Response.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="issuer-uri" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The URI used to discover the configuration information for an OAuth 2.0 or OpenID Connect
+                1.0 Provider.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="oauth2-resource-server">
+      <xs:annotation>
+         <xs:documentation>Configures authentication support as an OAuth 2.0 Resource Server.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:choice minOccurs="0" maxOccurs="unbounded">
+            <xs:element ref="security:jwt"/>
+            <xs:element ref="security:opaque-token"/>
+         </xs:choice>
+         <xs:attributeGroup ref="security:oauth2-resource-server.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="oauth2-resource-server.attlist">
+      <xs:attribute name="authentication-manager-resolver-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to an AuthenticationManagerResolver
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="bearer-token-resolver-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to a BearerTokenResolver
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="entry-point-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to a AuthenticationEntryPoint
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="jwt">
+      <xs:annotation>
+         <xs:documentation>Configures JWT authentication
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:attributeGroup ref="security:jwt.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="jwt.attlist">
+      <xs:attribute name="jwk-set-uri" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The URI to use to collect the JWK Set for verifying JWTs
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="decoder-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to a JwtDecoder
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="jwt-authentication-converter-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to a Converter&lt;Jwt, AbstractAuthenticationToken&gt;
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="opaque-token">
+      <xs:annotation>
+         <xs:documentation>Configuration Opaque Token authentication
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:attributeGroup ref="security:opaque-token.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="opaque-token.attlist">
+      <xs:attribute name="introspection-uri" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The URI to use to introspect opaque token attributes
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="client-id" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The Client ID to use to authenticate the introspection request
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="client-secret" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The Client secret to use to authenticate the introspection request
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="introspector-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to an OpaqueTokenIntrospector
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  
+  <xs:element name="attribute-exchange">
+      <xs:annotation>
+         <xs:documentation>Sets up an attribute exchange configuration to request specified attributes from the
+                OpenID identity provider. When multiple elements are used, each must have an
+                identifier-attribute attribute. Each configuration will be matched in turn against the
+                supplied login identifier until a match is found.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:sequence>
+            <xs:element maxOccurs="unbounded" ref="security:openid-attribute"/>
+         </xs:sequence>
+         <xs:attributeGroup ref="security:attribute-exchange.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="attribute-exchange.attlist">
+      <xs:attribute name="identifier-match" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A regular expression which will be compared against the claimed identity, when deciding
+                which attribute-exchange configuration to use during authentication.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="openid-attribute">
+      <xs:annotation>
+         <xs:documentation>Attributes used when making an OpenID AX Fetch Request. NOTE: The OpenID 1.0 and 2.0
+                protocols have been deprecated and users are &lt;a
+                href="https://openid.net/specs/openid-connect-migration-1_0.html"&gt;encouraged to
+                migrate&lt;/a&gt; to &lt;a href="https://openid.net/connect/"&gt;OpenID Connect&lt;/a&gt;, which is
+                supported by &lt;code&gt;spring-security-oauth2&lt;/code&gt;.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:attributeGroup ref="security:openid-attribute.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="openid-attribute.attlist">
+      <xs:attribute name="name" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Specifies the name of the attribute that you wish to get back. For example, email.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="type" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Specifies the attribute type. For example, https://axschema.org/contact/email. See your
+                OP's documentation for valid attribute types.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="required" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>Specifies if this attribute is required to the OP, but does not error out if the OP does
+                not return the attribute. Default is false.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="count" type="xs:int">
+         <xs:annotation>
+            <xs:documentation>Specifies the number of attributes that you wish to get back. For example, return 3
+                emails. The default value is 1.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="filter-chain-map">
+      <xs:annotation>
+         <xs:documentation>Used to explicitly configure a FilterChainProxy instance with a FilterChainMap
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:sequence>
+            <xs:element maxOccurs="unbounded" ref="security:filter-chain"/>
+         </xs:sequence>
+         <xs:attributeGroup ref="security:filter-chain-map.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="filter-chain-map.attlist">
+      <xs:attribute name="request-matcher">
+         <xs:annotation>
+            <xs:documentation>Defines the strategy use for matching incoming requests. Currently the options are 'mvc'
+                (for Spring MVC matcher), 'ant' (for ant path patterns), 'regex' for regular expressions
+                and 'ciRegex' for case-insensitive regular expressions.
+                </xs:documentation>
+         </xs:annotation>
+         <xs:simpleType>
+            <xs:restriction base="xs:token">
+               <xs:enumeration value="mvc"/>
+               <xs:enumeration value="ant"/>
+               <xs:enumeration value="regex"/>
+               <xs:enumeration value="ciRegex"/>
+            </xs:restriction>
+         </xs:simpleType>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="filter-chain">
+      <xs:annotation>
+         <xs:documentation>Used within to define a specific URL pattern and the list of filters which apply to the
+                URLs matching that pattern. When multiple filter-chain elements are assembled in a list in
+                order to configure a FilterChainProxy, the most specific patterns must be placed at the
+                top of the list, with most general ones at the bottom.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:attributeGroup ref="security:filter-chain.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="filter-chain.attlist">
+      <xs:attribute name="pattern" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The request URL pattern which will be mapped to the FilterChain.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="request-matcher-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Allows a RequestMatcher instance to be used, as an alternative to pattern-matching.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="filters" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A comma separated list of bean names that implement Filter that should be processed for
+                this FilterChain. If the value is none, then no Filters will be used for this FilterChain.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="pattern">
+      <xs:attribute name="pattern" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The request URL pattern which will be mapped to the FilterChain.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="request-matcher-ref">
+      <xs:attribute name="request-matcher-ref" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Allows a RequestMatcher instance to be used, as an alternative to pattern-matching.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="filter-security-metadata-source">
+      <xs:annotation>
+         <xs:documentation>Used to explicitly configure a FilterSecurityMetadataSource bean for use with a
+                FilterSecurityInterceptor. Usually only needed if you are configuring a FilterChainProxy
+                explicitly, rather than using the &lt;http&gt; element. The intercept-url elements used should
+                only contain pattern, method and access attributes. Any others will result in a
+                configuration error.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:sequence>
+            <xs:element maxOccurs="unbounded" name="intercept-url">
+               <xs:annotation>
+                  <xs:documentation>Specifies the access attributes and/or filter list for a particular set of URLs.
+                </xs:documentation>
+               </xs:annotation>
+               <xs:complexType>
+                  <xs:attributeGroup ref="security:intercept-url.attlist"/>
+               </xs:complexType>
+            </xs:element>
+         </xs:sequence>
+         <xs:attributeGroup ref="security:fsmds.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="fsmds.attlist">
+      <xs:attribute name="use-expressions" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>Enables the use of expressions in the 'access' attributes in &lt;intercept-url&gt; elements
+                rather than the traditional list of configuration attributes. Defaults to 'true'. If
+                enabled, each attribute should contain a single boolean expression. If the expression
+                evaluates to 'true', access will be granted.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="id" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A bean identifier, used for referring to the bean elsewhere in the context.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="request-matcher">
+         <xs:annotation>
+            <xs:documentation>Defines the strategy use for matching incoming requests. Currently the options are 'mvc'
+                (for Spring MVC matcher), 'ant' (for ant path patterns), 'regex' for regular expressions
+                and 'ciRegex' for case-insensitive regular expressions.
+                </xs:documentation>
+         </xs:annotation>
+         <xs:simpleType>
+            <xs:restriction base="xs:token">
+               <xs:enumeration value="mvc"/>
+               <xs:enumeration value="ant"/>
+               <xs:enumeration value="regex"/>
+               <xs:enumeration value="ciRegex"/>
+            </xs:restriction>
+         </xs:simpleType>
+      </xs:attribute>
+  </xs:attributeGroup>
+  
+  <xs:attributeGroup name="http-basic.attlist">
+      <xs:attribute name="entry-point-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Sets the AuthenticationEntryPoint which is used by the BasicAuthenticationFilter.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="authentication-details-source-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to an AuthenticationDetailsSource which will be used by the authentication
+                filter
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="password-management">
+      <xs:annotation>
+         <xs:documentation>Adds support for the password management.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:attributeGroup ref="security:password-management.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="password-management.attlist">
+      <xs:attribute name="change-password-page" type="xs:string">
+         <xs:annotation>
+            <xs:documentation>The change password page. Defaults to "/change-password".
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  
+  <xs:attributeGroup name="session-management.attlist">
+      <xs:attribute name="session-fixation-protection">
+         <xs:annotation>
+            <xs:documentation>Indicates how session fixation protection will be applied when a user authenticates. If
+                set to "none", no protection will be applied. "newSession" will create a new empty
+                session, with only Spring Security-related attributes migrated. "migrateSession" will
+                create a new session and copy all session attributes to the new session. In Servlet 3.1
+                (Java EE 7) and newer containers, specifying "changeSessionId" will keep the existing
+                session and use the container-supplied session fixation protection
+                (HttpServletRequest#changeSessionId()). Defaults to "changeSessionId" in Servlet 3.1 and
+                newer containers, "migrateSession" in older containers. Throws an exception if
+                "changeSessionId" is used in older containers.
+                </xs:documentation>
+         </xs:annotation>
+         <xs:simpleType>
+            <xs:restriction base="xs:token">
+               <xs:enumeration value="none"/>
+               <xs:enumeration value="newSession"/>
+               <xs:enumeration value="migrateSession"/>
+               <xs:enumeration value="changeSessionId"/>
+            </xs:restriction>
+         </xs:simpleType>
+      </xs:attribute>
+      <xs:attribute name="invalid-session-url" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The URL to which a user will be redirected if they submit an invalid session indentifier.
+                Typically used to detect session timeouts.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="invalid-session-strategy-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Allows injection of the InvalidSessionStrategy instance used by the
+                SessionManagementFilter
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="session-authentication-strategy-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Allows injection of the SessionAuthenticationStrategy instance used by the
+                SessionManagementFilter
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="session-authentication-error-url" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Defines the URL of the error page which should be shown when the
+                SessionAuthenticationStrategy raises an exception. If not set, an unauthorized (401) error
+                code will be returned to the client. Note that this attribute doesn't apply if the error
+                occurs during a form-based login, where the URL for authentication failure will take
+                precedence.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  
+  <xs:attributeGroup name="concurrency-control.attlist">
+      <xs:attribute name="max-sessions" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The maximum number of sessions a single authenticated user can have open at the same time.
+                Defaults to "1". A negative value denotes unlimited sessions.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="expired-url" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The URL a user will be redirected to if they attempt to use a session which has been
+                "expired" because they have logged in again.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="expired-session-strategy-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Allows injection of the SessionInformationExpiredStrategy instance used by the
+                ConcurrentSessionFilter
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="error-if-maximum-exceeded" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>Specifies that an unauthorized error should be reported when a user attempts to login when
+                they already have the maximum configured sessions open. The default behaviour is to expire
+                the original session. If the session-authentication-error-url attribute is set on the
+                session-management URL, the user will be redirected to this URL.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="session-registry-alias" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Allows you to define an alias for the SessionRegistry bean in order to access it in your
+                own configuration.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="session-registry-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Allows you to define an external SessionRegistry bean to be used by the concurrency
+                control setup.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  
+  <xs:attributeGroup name="remember-me.attlist">
+      <xs:attribute name="key" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The "key" used to identify cookies from a specific token-based remember-me application.
+                You should set this to a unique value for your application. If unset, it will default to a
+                random value generated by SecureRandom.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="token-repository-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to a PersistentTokenRepository bean for use with the persistent token
+                remember-me implementation.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="data-source-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A reference to a DataSource bean
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attributeGroup ref="security:remember-me-services-ref"/>
+      <xs:attribute name="user-service-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A reference to a user-service (or UserDetailsService bean) Id
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="services-alias" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Exports the internally defined RememberMeServices as a bean alias, allowing it to be used
+                by other beans in the application context.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="use-secure-cookie" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>Determines whether the "secure" flag will be set on the remember-me cookie. If set to
+                true, the cookie will only be submitted over HTTPS (recommended). By default, secure
+                cookies will be used if the request is made on a secure connection.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="token-validity-seconds" type="xs:string">
+         <xs:annotation>
+            <xs:documentation>The period (in seconds) for which the remember-me cookie should be valid.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="authentication-success-handler-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to an AuthenticationSuccessHandler bean which should be used to handle a
+                successful remember-me authentication.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="remember-me-parameter" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The name of the request parameter which toggles remember-me authentication. Defaults to
+                'remember-me'.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="remember-me-cookie" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The name of cookie which store the token for remember-me authentication. Defaults to
+                'remember-me'.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="token-repository-ref">
+      <xs:attribute name="token-repository-ref" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to a PersistentTokenRepository bean for use with the persistent token
+                remember-me implementation.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="remember-me-services-ref">
+      <xs:attribute name="services-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Allows a custom implementation of RememberMeServices to be used. Note that this
+                implementation should return RememberMeAuthenticationToken instances with the same "key"
+                value as specified in the remember-me element. Alternatively it should register its own
+                AuthenticationProvider. It should also implement the LogoutHandler interface, which will
+                be invoked when a user logs out. Typically the remember-me cookie would be removed on
+                logout.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="remember-me-data-source-ref">
+      <xs:attributeGroup ref="security:data-source-ref"/>
+  </xs:attributeGroup>
+  
+  <xs:attributeGroup name="anonymous.attlist">
+      <xs:attribute name="key" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The key shared between the provider and filter. This generally does not need to be set. If
+                unset, it will default to a random value generated by SecureRandom.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="username" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The username that should be assigned to the anonymous request. This allows the principal
+                to be identified, which may be important for logging and auditing. if unset, defaults to
+                "anonymousUser".
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="granted-authority" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The granted authority that should be assigned to the anonymous request. Commonly this is
+                used to assign the anonymous request particular roles, which can subsequently be used in
+                authorization decisions. If unset, defaults to "ROLE_ANONYMOUS".
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="enabled" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>With the default namespace setup, the anonymous "authentication" facility is automatically
+                enabled. You can disable it using this property.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  
+  
+  <xs:attributeGroup name="http-port">
+      <xs:attribute name="http" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The http port to use.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="https-port">
+      <xs:attribute name="https" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The https port to use.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  
+  <xs:attributeGroup name="x509.attlist">
+      <xs:attribute name="subject-principal-regex" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The regular expression used to obtain the username from the certificate's subject.
+                Defaults to matching on the common name using the pattern "CN=(.*?),".
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="user-service-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A reference to a user-service (or UserDetailsService bean) Id
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="authentication-details-source-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Reference to an AuthenticationDetailsSource which will be used by the authentication
+                filter
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="jee">
+      <xs:annotation>
+         <xs:documentation>Adds a J2eePreAuthenticatedProcessingFilter to the filter chain to provide integration
+                with container authentication.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:attributeGroup ref="security:jee.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="jee.attlist">
+      <xs:attribute name="mappable-roles" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A comma-separate list of roles to look for in the incoming HttpServletRequest.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="user-service-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A reference to a user-service (or UserDetailsService bean) Id
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="authentication-manager">
+      <xs:annotation>
+         <xs:documentation>Registers the AuthenticationManager instance and allows its list of
+                AuthenticationProviders to be defined. Also allows you to define an alias to allow you to
+                reference the AuthenticationManager in your own beans.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:choice minOccurs="0" maxOccurs="unbounded">
+            <xs:element name="authentication-provider">
+               <xs:annotation>
+                  <xs:documentation>Indicates that the contained user-service should be used as an authentication source.
+                </xs:documentation>
+               </xs:annotation>
+               <xs:complexType>
+                  <xs:choice minOccurs="0" maxOccurs="unbounded">
+                     <xs:element ref="security:any-user-service"/>
+                     <xs:element name="password-encoder">
+                        <xs:annotation>
+                           <xs:documentation>element which defines a password encoding strategy. Used by an authentication provider to
+                convert submitted passwords to hashed versions, for example.
+                </xs:documentation>
+                        </xs:annotation>
+                        <xs:complexType>
+                           <xs:attributeGroup ref="security:password-encoder.attlist"/>
+                        </xs:complexType>
+                     </xs:element>
+                  </xs:choice>
+                  <xs:attributeGroup ref="security:ap.attlist"/>
+               </xs:complexType>
+            </xs:element>
+            <xs:element name="ldap-authentication-provider">
+               <xs:annotation>
+                  <xs:documentation>Sets up an ldap authentication provider
+                </xs:documentation>
+               </xs:annotation>
+               <xs:complexType>
+                  <xs:sequence>
+                     <xs:element minOccurs="0" name="password-compare">
+                        <xs:annotation>
+                           <xs:documentation>Specifies that an LDAP provider should use an LDAP compare operation of the user's
+                password to authenticate the user
+                </xs:documentation>
+                        </xs:annotation>
+                        <xs:complexType>
+                           <xs:sequence>
+                              <xs:element minOccurs="0" name="password-encoder">
+                                 <xs:annotation>
+                                    <xs:documentation>element which defines a password encoding strategy. Used by an authentication provider to
+                convert submitted passwords to hashed versions, for example.
+                </xs:documentation>
+                                 </xs:annotation>
+                                 <xs:complexType>
+                                    <xs:attributeGroup ref="security:password-encoder.attlist"/>
+                                 </xs:complexType>
+                              </xs:element>
+                           </xs:sequence>
+                           <xs:attributeGroup ref="security:password-compare.attlist"/>
+                        </xs:complexType>
+                     </xs:element>
+                  </xs:sequence>
+                  <xs:attributeGroup ref="security:ldap-ap.attlist"/>
+               </xs:complexType>
+            </xs:element>
+         </xs:choice>
+         <xs:attributeGroup ref="security:authman.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="authman.attlist">
+      <xs:attribute name="id" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A bean identifier, used for referring to the bean elsewhere in the context.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="alias" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>An alias you wish to use for the AuthenticationManager bean (not required it you are using
+                a specific id)
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="erase-credentials" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>If set to true, the AuthenticationManger will attempt to clear any credentials data in the
+                returned Authentication object, once the user has been authenticated.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  
+  <xs:attributeGroup name="ap.attlist">
+      <xs:attribute name="ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Defines a reference to a Spring bean Id.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="user-service-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A reference to a user-service (or UserDetailsService bean) Id
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="user-service" substitutionGroup="security:any-user-service">
+      <xs:annotation>
+         <xs:documentation>Creates an in-memory UserDetailsService from a properties file or a list of "user" child
+                elements. Usernames are converted to lower-case internally to allow for case-insensitive
+                lookups, so this should not be used if case-sensitivity is required.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:sequence>
+            <xs:element minOccurs="0" maxOccurs="unbounded" name="user">
+               <xs:annotation>
+                  <xs:documentation>Represents a user in the application.
+                </xs:documentation>
+               </xs:annotation>
+               <xs:complexType>
+                  <xs:attributeGroup ref="security:user.attlist"/>
+               </xs:complexType>
+            </xs:element>
+         </xs:sequence>
+         <xs:attribute name="id" type="xs:token">
+            <xs:annotation>
+               <xs:documentation>A bean identifier, used for referring to the bean elsewhere in the context.
+                </xs:documentation>
+            </xs:annotation>
+         </xs:attribute>
+         <xs:attributeGroup ref="security:properties-file"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="properties-file">
+      <xs:attribute name="properties" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The location of a Properties file where each line is in the format of
+                username=password,grantedAuthority[,grantedAuthority][,enabled|disabled]
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  
+  <xs:attributeGroup name="user.attlist">
+      <xs:attribute name="name" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The username assigned to the user.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="password" type="xs:string">
+         <xs:annotation>
+            <xs:documentation>The password assigned to the user. This may be hashed if the corresponding authentication
+                provider supports hashing (remember to set the "hash" attribute of the "user-service"
+                element). This attribute be omitted in the case where the data will not be used for
+                authentication, but only for accessing authorities. If omitted, the namespace will
+                generate a random value, preventing its accidental use for authentication. Cannot be
+                empty.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="authorities" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>One of more authorities granted to the user. Separate authorities with a comma (but no
+                space). For example, "ROLE_USER,ROLE_ADMINISTRATOR"
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="locked" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>Can be set to "true" to mark an account as locked and unusable.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="disabled" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>Can be set to "true" to mark an account as disabled and unusable.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="jdbc-user-service" substitutionGroup="security:any-user-service">
+      <xs:annotation>
+         <xs:documentation>Causes creation of a JDBC-based UserDetailsService.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:attribute name="id" type="xs:token">
+            <xs:annotation>
+               <xs:documentation>A bean identifier, used for referring to the bean elsewhere in the context.
+                </xs:documentation>
+            </xs:annotation>
+         </xs:attribute>
+         <xs:attributeGroup ref="security:jdbc-user-service.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="jdbc-user-service.attlist">
+      <xs:attribute name="data-source-ref" use="required" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The bean ID of the DataSource which provides the required tables.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="cache-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Defines a reference to a cache for use with a UserDetailsService.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="users-by-username-query" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>An SQL statement to query a username, password, and enabled status given a username.
+                Default is "select username,password,enabled from users where username = ?"
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="authorities-by-username-query" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>An SQL statement to query for a user's granted authorities given a username. The default
+                is "select username, authority from authorities where username = ?"
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="group-authorities-by-username-query" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>An SQL statement to query user's group authorities given a username. The default is
+                "select g.id, g.group_name, ga.authority from groups g, group_members gm,
+                group_authorities ga where gm.username = ? and g.id = ga.group_id and g.id = gm.group_id"
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="role-prefix" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>A non-empty string prefix that will be added to role strings loaded from persistent
+                storage (e.g. "ROLE_"). Use the value "none" for no prefix in cases where the default is
+                non-empty.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="csrf">
+      <xs:annotation>
+         <xs:documentation>Element for configuration of the CsrfFilter for protection against CSRF. It also updates
+                the default RequestCache to only replay "GET" requests.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:attributeGroup ref="security:csrf-options.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="csrf-options.attlist">
+      <xs:attribute name="disabled" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>Specifies if csrf protection should be disabled. Default false (i.e. CSRF protection is
+                enabled).
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="request-matcher-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The RequestMatcher instance to be used to determine if CSRF should be applied. Default is
+                any HTTP method except "GET", "TRACE", "HEAD", "OPTIONS"
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="token-repository-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The CsrfTokenRepository to use. The default is HttpSessionCsrfTokenRepository wrapped by
+                LazyCsrfTokenRepository.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="headers">
+      <xs:annotation>
+         <xs:documentation>Element for configuration of the HeaderWritersFilter. Enables easy setting for the
+                X-Frame-Options, X-XSS-Protection and X-Content-Type-Options headers.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:choice minOccurs="0" maxOccurs="unbounded">
+            <xs:element ref="security:cache-control"/>
+            <xs:element ref="security:xss-protection"/>
+            <xs:element ref="security:hsts"/>
+            <xs:element ref="security:frame-options"/>
+            <xs:element ref="security:content-type-options"/>
+            <xs:element ref="security:hpkp"/>
+            <xs:element ref="security:content-security-policy"/>
+            <xs:element ref="security:referrer-policy"/>
+            <xs:element ref="security:feature-policy"/>
+            <xs:element ref="security:permissions-policy"/>
+            <xs:element ref="security:header"/>
+         </xs:choice>
+         <xs:attributeGroup ref="security:headers-options.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="headers-options.attlist">
+      <xs:attribute name="defaults-disabled" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Specifies if the default headers should be disabled. Default false.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="disabled" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Specifies if headers should be disabled. Default false.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="hsts">
+      <xs:annotation>
+         <xs:documentation>Adds support for HTTP Strict Transport Security (HSTS)
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:attributeGroup ref="security:hsts-options.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="hsts-options.attlist">
+      <xs:attribute name="disabled" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>Specifies if HTTP Strict Transport Security (HSTS) should be disabled. Default false.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="include-subdomains" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>Specifies if subdomains should be included. Default true.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="max-age-seconds" type="xs:integer">
+         <xs:annotation>
+            <xs:documentation>Specifies the maximum amount of time the host should be considered a Known HSTS Host.
+                Default one year.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="request-matcher-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The RequestMatcher instance to be used to determine if the header should be set. Default
+                is if HttpServletRequest.isSecure() is true.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="preload" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>Specifies if preload should be included. Default false.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="cors">
+      <xs:annotation>
+         <xs:documentation>Element for configuration of CorsFilter. If no CorsFilter or CorsConfigurationSource is
+                specified a HandlerMappingIntrospector is used as the CorsConfigurationSource
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:attributeGroup ref="security:cors-options.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="cors-options.attlist">
+      <xs:attribute name="ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Defines a reference to a Spring bean Id.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="configuration-source-ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Specifies a bean id that is a CorsConfigurationSource used to construct the CorsFilter to
+                use
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="hpkp">
+      <xs:annotation>
+         <xs:documentation>Adds support for HTTP Public Key Pinning (HPKP).
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:complexContent>
+            <xs:extension base="security:hpkp.pins">
+               <xs:attributeGroup ref="security:hpkp.attlist"/>
+            </xs:extension>
+         </xs:complexContent>
+      </xs:complexType>
+   </xs:element>
+  <xs:complexType name="hpkp.pins">
+      <xs:sequence>
+         <xs:element ref="security:pins"/>
+      </xs:sequence>
+  </xs:complexType>
+  <xs:element name="pins">
+      <xs:annotation>
+         <xs:documentation>The list with pins
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:sequence>
+            <xs:element maxOccurs="unbounded" ref="security:pin"/>
+         </xs:sequence>
+      </xs:complexType>
+   </xs:element>
+  <xs:element name="pin">
+      <xs:annotation>
+         <xs:documentation>A pin is specified using the base64-encoded SPKI fingerprint as value and the
+                cryptographic hash algorithm as attribute
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType mixed="true">
+         <xs:attribute name="algorithm" type="xs:string">
+            <xs:annotation>
+               <xs:documentation>The cryptographic hash algorithm
+                </xs:documentation>
+            </xs:annotation>
+         </xs:attribute>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="hpkp.attlist">
+      <xs:attribute name="disabled" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>Specifies if HTTP Public Key Pinning (HPKP) should be disabled. Default false.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="include-subdomains" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>Specifies if subdomains should be included. Default false.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="max-age-seconds" type="xs:integer">
+         <xs:annotation>
+            <xs:documentation>Sets the value for the max-age directive of the Public-Key-Pins header. Default 60 days.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="report-only" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>Specifies if the browser should only report pin validation failures. Default true.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="report-uri" type="xs:string">
+         <xs:annotation>
+            <xs:documentation>Specifies the URI to which the browser should report pin validation failures.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="content-security-policy">
+      <xs:annotation>
+         <xs:documentation>Adds support for Content Security Policy (CSP)
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:attributeGroup ref="security:csp-options.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="csp-options.attlist">
+      <xs:attribute name="policy-directives" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The security policy directive(s) for the Content-Security-Policy header or if report-only
+                is set to true, then the Content-Security-Policy-Report-Only header is used.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="report-only" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>Set to true, to enable the Content-Security-Policy-Report-Only header for reporting policy
+                violations only. Defaults to false.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="referrer-policy">
+      <xs:annotation>
+         <xs:documentation>Adds support for Referrer Policy
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:attributeGroup ref="security:referrer-options.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="referrer-options.attlist">
+      <xs:attribute name="policy">
+         <xs:annotation>
+            <xs:documentation>The policies for the Referrer-Policy header.
+                </xs:documentation>
+         </xs:annotation>
+         <xs:simpleType>
+            <xs:restriction base="xs:token">
+               <xs:enumeration value="no-referrer"/>
+               <xs:enumeration value="no-referrer-when-downgrade"/>
+               <xs:enumeration value="same-origin"/>
+               <xs:enumeration value="origin"/>
+               <xs:enumeration value="strict-origin"/>
+               <xs:enumeration value="origin-when-cross-origin"/>
+               <xs:enumeration value="strict-origin-when-cross-origin"/>
+               <xs:enumeration value="unsafe-url"/>
+            </xs:restriction>
+         </xs:simpleType>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="feature-policy">
+      <xs:annotation>
+         <xs:documentation>Adds support for Feature Policy
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:attributeGroup ref="security:feature-options.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="feature-options.attlist">
+      <xs:attribute name="policy-directives" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The security policy directive(s) for the Feature-Policy header.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="permissions-policy">
+      <xs:annotation>
+         <xs:documentation>Adds support for Permissions Policy
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:attributeGroup ref="security:permissions-options.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="permissions-options.attlist">
+      <xs:attribute name="policy" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The policies for the Permissions-Policy header.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="cache-control">
+      <xs:annotation>
+         <xs:documentation>Adds Cache-Control no-cache, no-store, must-revalidate, Pragma no-cache, and Expires 0 for
+                every request
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:attributeGroup ref="security:cache-control.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="cache-control.attlist">
+      <xs:attribute name="disabled" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>Specifies if Cache Control should be disabled. Default false.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="frame-options">
+      <xs:annotation>
+         <xs:documentation>Enable basic clickjacking support for newer browsers (IE8+), will set the X-Frame-Options
+                header.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:attributeGroup ref="security:frame-options.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="frame-options.attlist">
+      <xs:attribute name="disabled" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>If disabled, the X-Frame-Options header will not be included. Default false.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="policy">
+         <xs:annotation>
+            <xs:documentation>Specify the policy to use for the X-Frame-Options-Header.
+                </xs:documentation>
+         </xs:annotation>
+         <xs:simpleType>
+            <xs:restriction base="xs:token">
+               <xs:enumeration value="DENY"/>
+               <xs:enumeration value="SAMEORIGIN"/>
+               <xs:enumeration value="ALLOW-FROM"/>
+            </xs:restriction>
+         </xs:simpleType>
+      </xs:attribute>
+      <xs:attribute name="strategy">
+         <xs:annotation>
+            <xs:documentation>Specify the strategy to use when ALLOW-FROM is chosen.
+                </xs:documentation>
+         </xs:annotation>
+         <xs:simpleType>
+            <xs:restriction base="xs:token">
+               <xs:enumeration value="static"/>
+               <xs:enumeration value="whitelist"/>
+               <xs:enumeration value="regexp"/>
+            </xs:restriction>
+         </xs:simpleType>
+      </xs:attribute>
+      <xs:attribute name="ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Defines a reference to a Spring bean Id.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="value" type="xs:string">
+         <xs:annotation>
+            <xs:documentation>Specify a value to use for the chosen strategy.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="from-parameter" type="xs:string">
+         <xs:annotation>
+            <xs:documentation>Specify the request parameter to use for the origin when using a 'whitelist' or 'regexp'
+                based strategy. Default is 'from'. Deprecated ALLOW-FROM is an obsolete directive that no
+                longer works in modern browsers. Instead use Content-Security-Policy with the &lt;a
+                href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors"&gt;frame-ancestors&lt;/a&gt;
+                directive.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="xss-protection">
+      <xs:annotation>
+         <xs:documentation>Enable basic XSS browser protection, supported by newer browsers (IE8+), will set the
+                X-XSS-Protection header.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:attributeGroup ref="security:xss-protection.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="xss-protection.attlist">
+      <xs:attribute name="disabled" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>disable the X-XSS-Protection header. Default is 'false' meaning it is enabled.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="enabled" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>specify that XSS Protection should be explicitly enabled or disabled. Default is 'true'
+                meaning it is enabled.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="block" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>Add mode=block to the header or not, default is on.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="content-type-options">
+      <xs:annotation>
+         <xs:documentation>Add a X-Content-Type-Options header to the resopnse. Value is always 'nosniff'.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:attributeGroup ref="security:content-type-options.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="content-type-options.attlist">
+      <xs:attribute name="disabled" type="xs:boolean">
+         <xs:annotation>
+            <xs:documentation>If disabled, the X-Content-Type-Options header will not be included. Default false.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="header">
+      <xs:annotation>
+         <xs:documentation>Add additional headers to the response.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:attributeGroup ref="security:header.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="header.attlist">
+      <xs:attribute name="name" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The name of the header to add.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="value" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>The value for the header.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="ref" type="xs:token">
+         <xs:annotation>
+            <xs:documentation>Defines a reference to a Spring bean Id.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="any-user-service" abstract="true"/>
+  <xs:element name="custom-filter">
+      <xs:annotation>
+         <xs:documentation>Used to indicate that a filter bean declaration should be incorporated into the security
+                filter chain.
+                </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:attributeGroup ref="security:custom-filter.attlist"/>
+      </xs:complexType>
+   </xs:element>
+  <xs:attributeGroup name="custom-filter.attlist">
+      <xs:attributeGroup ref="security:ref"/>
+      <xs:attribute name="after" type="security:named-security-filter">
+         <xs:annotation>
+            <xs:documentation>The filter immediately after which the custom-filter should be placed in the chain. This
+                feature will only be needed by advanced users who wish to mix their own filters into the
+                security filter chain and have some knowledge of the standard Spring Security filters. The
+                filter names map to specific Spring Security implementation filters.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="before" type="security:named-security-filter">
+         <xs:annotation>
+            <xs:documentation>The filter immediately before which the custom-filter should be placed in the chain
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="position" type="security:named-security-filter">
+         <xs:annotation>
+            <xs:documentation>The explicit position at which the custom-filter should be placed in the chain. Use if you
+                are replacing a standard filter.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="after">
+      <xs:attribute name="after" use="required" type="security:named-security-filter">
+         <xs:annotation>
+            <xs:documentation>The filter immediately after which the custom-filter should be placed in the chain. This
+                feature will only be needed by advanced users who wish to mix their own filters into the
+                security filter chain and have some knowledge of the standard Spring Security filters. The
+                filter names map to specific Spring Security implementation filters.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="before">
+      <xs:attribute name="before" use="required" type="security:named-security-filter">
+         <xs:annotation>
+            <xs:documentation>The filter immediately before which the custom-filter should be placed in the chain
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:attributeGroup name="position">
+      <xs:attribute name="position" use="required" type="security:named-security-filter">
+         <xs:annotation>
+            <xs:documentation>The explicit position at which the custom-filter should be placed in the chain. Use if you
+                are replacing a standard filter.
+                </xs:documentation>
+         </xs:annotation>
+      </xs:attribute>
+  </xs:attributeGroup>
+  <xs:simpleType name="named-security-filter">
+      <xs:restriction base="xs:token">
+         <xs:enumeration value="FIRST"/>
+         <xs:enumeration value="CHANNEL_FILTER"/>
+         <xs:enumeration value="SECURITY_CONTEXT_FILTER"/>
+         <xs:enumeration value="CONCURRENT_SESSION_FILTER"/>
+         <xs:enumeration value="WEB_ASYNC_MANAGER_FILTER"/>
+         <xs:enumeration value="HEADERS_FILTER"/>
+         <xs:enumeration value="CORS_FILTER"/>
+         <xs:enumeration value="CSRF_FILTER"/>
+         <xs:enumeration value="LOGOUT_FILTER"/>
+         <xs:enumeration value="OAUTH2_AUTHORIZATION_REQUEST_FILTER"/>
+         <xs:enumeration value="X509_FILTER"/>
+         <xs:enumeration value="PRE_AUTH_FILTER"/>
+         <xs:enumeration value="CAS_FILTER"/>
+         <xs:enumeration value="OAUTH2_LOGIN_FILTER"/>
+         <xs:enumeration value="FORM_LOGIN_FILTER"/>
+         <xs:enumeration value="OPENID_FILTER"/>
+         <xs:enumeration value="LOGIN_PAGE_FILTER"/>
+         <xs:enumeration value="LOGOUT_PAGE_FILTER"/>
+         <xs:enumeration value="DIGEST_AUTH_FILTER"/>
+         <xs:enumeration value="BEARER_TOKEN_AUTH_FILTER"/>
+         <xs:enumeration value="BASIC_AUTH_FILTER"/>
+         <xs:enumeration value="REQUEST_CACHE_FILTER"/>
+         <xs:enumeration value="SERVLET_API_SUPPORT_FILTER"/>
+         <xs:enumeration value="JAAS_API_SUPPORT_FILTER"/>
+         <xs:enumeration value="REMEMBER_ME_FILTER"/>
+         <xs:enumeration value="ANONYMOUS_FILTER"/>
+         <xs:enumeration value="OAUTH2_AUTHORIZATION_CODE_GRANT_FILTER"/>
+         <xs:enumeration value="WELL_KNOWN_CHANGE_PASSWORD_REDIRECT_FILTER"/>
+         <xs:enumeration value="SESSION_MANAGEMENT_FILTER"/>
+         <xs:enumeration value="EXCEPTION_TRANSLATION_FILTER"/>
+         <xs:enumeration value="FILTER_SECURITY_INTERCEPTOR"/>
+         <xs:enumeration value="SWITCH_USER_FILTER"/>
+         <xs:enumeration value="LAST"/>
+      </xs:restriction>
+  </xs:simpleType>
+</xs:schema>
\ No newline at end of file
diff --git a/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java b/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java
index edd33b4b10b..b0dde842f57 100644
--- a/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java
@@ -18,10 +18,10 @@
 
 import java.util.List;
 
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java b/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java
index 31d31c7a937..4e6d6ed9767 100644
--- a/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java
@@ -83,7 +83,7 @@ public void pre32SchemaAreNotSupported() {
 	// SEC-1868
 	@Test
 	public void initDoesNotLogErrorWhenFilterChainProxyFailsToLoad() throws Exception {
-		String className = "javax.servlet.Filter";
+		String className = "jakarta.servlet.Filter";
 		Log logger = mock(Log.class);
 		SecurityNamespaceHandler handler = new SecurityNamespaceHandler();
 		ReflectionTestUtils.setField(handler, "logger", logger);
@@ -94,7 +94,7 @@ public void initDoesNotLogErrorWhenFilterChainProxyFailsToLoad() throws Exceptio
 
 	@Test
 	public void filterNoClassDefFoundError() throws Exception {
-		String className = "javax.servlet.Filter";
+		String className = "jakarta.servlet.Filter";
 		expectClassUtilsForNameThrowsNoClassDefFoundError(className);
 		assertThatExceptionOfType(BeanDefinitionParsingException.class)
 				.isThrownBy(() -> new InMemoryXmlApplicationContext(XML_AUTHENTICATION_MANAGER + XML_HTTP_BLOCK))
@@ -103,7 +103,7 @@ public void filterNoClassDefFoundError() throws Exception {
 
 	@Test
 	public void filterNoClassDefFoundErrorNoHttpBlock() throws Exception {
-		String className = "javax.servlet.Filter";
+		String className = "jakarta.servlet.Filter";
 		expectClassUtilsForNameThrowsNoClassDefFoundError(className);
 		new InMemoryXmlApplicationContext(XML_AUTHENTICATION_MANAGER);
 		// should load just fine since no http block
diff --git a/config/src/test/java/org/springframework/security/config/annotation/issue50/Issue50Tests.java b/config/src/test/java/org/springframework/security/config/annotation/issue50/Issue50Tests.java
index 6de1764992b..1a2b82b0048 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/issue50/Issue50Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/issue50/Issue50Tests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.config.annotation.issue50;
 
-import javax.transaction.Transactional;
+import jakarta.transaction.Transactional;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/issue50/domain/User.java b/config/src/test/java/org/springframework/security/config/annotation/issue50/domain/User.java
index d30ada88c45..0a5a1d1d85a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/issue50/domain/User.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/issue50/domain/User.java
@@ -16,10 +16,10 @@
 
 package org.springframework.security.config.annotation.issue50.domain;
 
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
+import jakarta.persistence.Entity;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
 
 /**
  * @author Rob Winch
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityService.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityService.java
index b3675705c03..3638e844851 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityService.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityService.java
@@ -18,8 +18,8 @@
 
 import java.util.List;
 
-import javax.annotation.security.DenyAll;
-import javax.annotation.security.PermitAll;
+import jakarta.annotation.security.DenyAll;
+import jakarta.annotation.security.PermitAll;
 
 import org.springframework.security.access.annotation.Secured;
 import org.springframework.security.access.prepost.PostAuthorize;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java b/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
index ddc1c1f634f..222c20abe2c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.config.annotation.sec2758;
 
-import javax.annotation.security.RolesAllowed;
+import jakarta.annotation.security.RolesAllowed;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryTests.java
index 1b38cac950b..bc8b85adf2a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryTests.java
@@ -18,7 +18,7 @@
 
 import java.util.List;
 
-import javax.servlet.DispatcherType;
+import jakarta.servlet.DispatcherType;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/HttpSecurityHeadersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/HttpSecurityHeadersTests.java
index 39b800955c0..72e00cf57fd 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/HttpSecurityHeadersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/HttpSecurityHeadersTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.config.annotation.web;
 
-import javax.servlet.Filter;
+import jakarta.servlet.Filter;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
index 176ba69bb7a..9248f84bb3f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
@@ -18,7 +18,7 @@
 
 import java.util.Base64;
 
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
index 563696b7942..4a126cf7db2 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java
@@ -20,10 +20,10 @@
 import java.util.ArrayList;
 import java.util.List;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/FilterOrderRegistrationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/FilterOrderRegistrationTests.java
index 3991a622cf7..a38a37f28d3 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/FilterOrderRegistrationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/FilterOrderRegistrationTests.java
@@ -18,11 +18,11 @@
 
 import java.io.IOException;
 
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
 
 import org.junit.jupiter.api.Test;
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
index 53635b93d89..5afcf873faa 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
@@ -18,12 +18,12 @@
 
 import java.io.IOException;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpSecurityAddFilterTest.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpSecurityAddFilterTest.java
index d3b5044c427..19519b6b671 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpSecurityAddFilterTest.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpSecurityAddFilterTest.java
@@ -20,11 +20,11 @@
 import java.util.List;
 import java.util.stream.Collectors;
 
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
 
 import org.assertj.core.api.ListAssert;
 import org.junit.jupiter.api.Test;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
index ae167e0e5cb..a51e3490a6b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
@@ -18,8 +18,9 @@
 
 import javax.security.auth.Subject;
 import javax.security.auth.login.LoginContext;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpSession;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java
index 275c5d23c9b..3076cb5d2ba 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.config.annotation.web.builders;
 
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java
index 813723e2839..2158b06cb8b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java
@@ -18,7 +18,7 @@
 
 import java.util.concurrent.Callable;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import com.google.common.net.HttpHeaders;
 import org.junit.jupiter.api.Test;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
index d70f27453c6..4f7876c0dbc 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.config.annotation.web.configuration;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java
index 251ccbd88cc..4b5f4cb24f9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.config.annotation.web.configuration;
 
-import javax.annotation.PreDestroy;
+import jakarta.annotation.PreDestroy;
 
 import okhttp3.mockwebserver.Dispatcher;
 import okhttp3.mockwebserver.MockResponse;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java
index e0e57c86c45..6a20b0fafd4 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java
@@ -20,8 +20,8 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
index ce9977c7c5d..7fa1908957f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
@@ -22,8 +22,8 @@
 import java.util.ArrayList;
 import java.util.List;
 
-import javax.servlet.Filter;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.Filter;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java
index cc8c9dc8856..d3e972094a7 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.config.annotation.web.configurers;
 
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java
index 750609bf149..c0853a20a80 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java
@@ -18,8 +18,8 @@
 
 import java.net.URI;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java
index 37f9b28c72a..be2da0c432a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java
@@ -20,8 +20,8 @@
 import java.util.List;
 import java.util.stream.Collectors;
 
-import javax.servlet.Filter;
-import javax.servlet.ServletException;
+import jakarta.servlet.Filter;
+import jakarta.servlet.ServletException;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java
index 06d66a0f89a..25b64b421a6 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.config.annotation.web.configurers;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java
index 58f83e9d085..0b441f69882 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.config.annotation.web.configurers;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
index 73d366be009..7719249759a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.config.annotation.web.configurers;
 
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java
index 9e60e93994f..02ea35edfec 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.config.annotation.web.configurers;
 
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java
index e0f25237b12..069aca52536 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java
@@ -19,7 +19,7 @@
 import java.lang.reflect.InvocationTargetException;
 import java.util.List;
 
-import javax.servlet.Filter;
+import jakarta.servlet.Filter;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
index b66fa2de263..77c257c91b9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.config.annotation.web.configurers;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.apache.http.HttpHeaders;
 import org.junit.jupiter.api.Test;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
index cb0d6cc089d..83621fabae3 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
@@ -20,10 +20,10 @@
 import java.util.List;
 import java.util.stream.Collectors;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.assertj.core.api.ListAssert;
 import org.junit.jupiter.api.Test;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFirewallTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFirewallTests.java
index a2f2cbbde05..ec529e249ae 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFirewallTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFirewallTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.config.annotation.web.configurers;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
index 90d8a2a6ed8..fe03e67fc31 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.config.annotation.web.configurers;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
index a5d1884b29c..9c468d87b70 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
@@ -20,7 +20,7 @@
 import java.util.Optional;
 import java.util.function.Predicate;
 
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpSession;
 
 import org.assertj.core.api.Condition;
 import org.junit.jupiter.api.Test;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
index d57a9ab8bf6..31af12b0144 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
@@ -19,7 +19,7 @@
 import java.util.Arrays;
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import okhttp3.mockwebserver.MockResponse;
 import okhttp3.mockwebserver.MockWebServer;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
index ea4ba0442e3..b9ec9faa4ba 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
@@ -16,9 +16,9 @@
 
 package org.springframework.security.config.annotation.web.configurers;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
index 7e2cfa0e413..0414368d7e9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.config.annotation.web.configurers;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
index d54a0a286e2..7cbfd570317 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
@@ -21,11 +21,14 @@
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 
-import javax.servlet.http.HttpServletRequest;
+import javax.security.auth.x500.X500Principal;
 
+import jakarta.servlet.http.HttpServletRequest;
+
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x500.style.BCStyle;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
-import sun.security.x509.X500Name;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
@@ -240,12 +243,8 @@ protected void configure(HttpSecurity http) throws Exception {
 		}
 
 		private String extractCommonName(X509Certificate certificate) {
-			try {
-				return ((X500Name) certificate.getSubjectDN()).getCommonName();
-			}
-			catch (Exception ex) {
-				throw new IllegalArgumentException(ex);
-			}
+			X500Principal principal = certificate.getSubjectX500Principal();
+			return new X500Name(principal.getName()).getRDNs(BCStyle.CN)[0].getFirst().getValue().toString();
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
index 9487d6ee0a9..ad2c6cbdc74 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java
@@ -16,9 +16,9 @@
 
 package org.springframework.security.config.annotation.web.configurers;
 
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
index c88a240965b..b20b51d399a 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
@@ -21,8 +21,8 @@
 import java.util.Date;
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
index aa91f3a8f16..643f1d0d0e9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
@@ -18,8 +18,8 @@
 
 import java.util.Collections;
 
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpSession;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
index c3a38ef24d1..fc62d353648 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.config.annotation.web.configurers;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java
index bd1f4e937b9..f1faf2f76e5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.config.annotation.web.configurers;
 
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpSession;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java
index f86916d26a5..4b48ce8ec88 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java
@@ -18,10 +18,10 @@
 
 import java.util.List;
 
-import javax.servlet.Filter;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.Filter;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
index e833999f1a6..5a766e1c073 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.config.annotation.web.configurers;
 
-import javax.servlet.Filter;
+import jakarta.servlet.Filter;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionAuthenticationStrategyTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionAuthenticationStrategyTests.java
index 1b68b8a866a..5c9befad9dd 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionAuthenticationStrategyTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionAuthenticationStrategyTests.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.config.annotation.web.configurers;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
index 7fdf966b529..58619d310ff 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
@@ -16,9 +16,9 @@
 
 package org.springframework.security.config.annotation.web.configurers;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java
index 914ea135ea9..7caa7e33d3c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.config.annotation.web.configurers;
 
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java
index e8540437740..f36bdb3f103 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java
@@ -18,7 +18,7 @@
 
 import java.util.List;
 
-import javax.servlet.Filter;
+import jakarta.servlet.Filter;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
index fdb28a46fd0..c1087c3e888 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
@@ -19,8 +19,8 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
index f43127de1ec..32626bf8b8d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
@@ -32,8 +32,8 @@
 import java.util.Map;
 import java.util.stream.Collectors;
 
-import javax.annotation.PreDestroy;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.annotation.PreDestroy;
+import jakarta.servlet.http.HttpServletRequest;
 
 import com.nimbusds.jose.JWSAlgorithm;
 import com.nimbusds.jose.JWSHeader;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
index b37040eff36..83e555430df 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
@@ -24,9 +24,9 @@
 import java.util.Collection;
 import java.util.Collections;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Assertions;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java
index 8d0ad848357..a9ad443d6d5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java
@@ -19,7 +19,7 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
index e90098d4471..ec3f02e95ae 100644
--- a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
+++ b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
@@ -18,11 +18,11 @@
 
 import java.io.IOException;
 
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java
index 8fb04ed1d53..f459db36a5c 100644
--- a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java
+++ b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java
@@ -18,11 +18,11 @@
 
 import java.io.IOException;
 
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/config/src/test/java/org/springframework/security/config/core/HelloWorldMessageService.java b/config/src/test/java/org/springframework/security/config/core/HelloWorldMessageService.java
index 452a20042fb..9ab9b3442dd 100755
--- a/config/src/test/java/org/springframework/security/config/core/HelloWorldMessageService.java
+++ b/config/src/test/java/org/springframework/security/config/core/HelloWorldMessageService.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.config.core;
 
-import javax.annotation.security.RolesAllowed;
+import jakarta.annotation.security.RolesAllowed;
 
 import org.springframework.security.access.prepost.PreAuthorize;
 
diff --git a/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java b/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java
index 35d857c84a9..78a1e0f0d4e 100644
--- a/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java
+++ b/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -64,7 +64,7 @@ public class XsdDocumentedTests {
 
 	String schema31xDocumentLocation = "org/springframework/security/config/spring-security-3.1.xsd";
 
-	String schemaDocumentLocation = "org/springframework/security/config/spring-security-5.6.xsd";
+	String schemaDocumentLocation = "org/springframework/security/config/spring-security-6.0.xsd";
 
 	XmlSupport xml = new XmlSupport();
 
@@ -149,8 +149,8 @@ public void sizeWhenReadingFilesystemThenIsCorrectNumberOfSchemaFiles() throws I
 				.getParentFile()
 				.list((dir, name) -> name.endsWith(".xsd"));
 		// @formatter:on
-		assertThat(schemas.length).isEqualTo(18)
-				.withFailMessage("the count is equal to 18, if not then schemaDocument needs updating");
+		assertThat(schemas.length).isEqualTo(19)
+				.withFailMessage("the count is equal to 19, if not then schemaDocument needs updating");
 	}
 
 	/**
diff --git a/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java b/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java
index 3a831ac78af..9c31a81089c 100644
--- a/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.config.http;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.eclipse.jetty.http.HttpStatus;
 import org.junit.jupiter.api.Test;
diff --git a/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java b/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
index ce17aebd9ac..99a4465da37 100644
--- a/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java
@@ -19,9 +19,9 @@
 import java.net.URI;
 import java.util.List;
 
-import javax.servlet.Filter;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.Filter;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.eclipse.jetty.http.HttpStatus;
 import org.junit.jupiter.api.Test;
diff --git a/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java b/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java
index c03c855c47c..82a3c924981 100644
--- a/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java
@@ -18,9 +18,9 @@
 
 import java.util.List;
 
-import javax.servlet.Filter;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.Filter;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java
index 990a6482211..40ba00ce494 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.config.http;
 
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpServletResponseWrapper;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponseWrapper;
 
 import org.apache.http.HttpStatus;
 import org.junit.jupiter.api.Test;
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java b/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java
index 462fa5dd385..106dd0cc203 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.config.http;
 
-import javax.servlet.Filter;
+import jakarta.servlet.Filter;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Test;
diff --git a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
index 2ebd408395f..1c4a87b2922 100644
--- a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
@@ -19,7 +19,7 @@
 import java.util.Collections;
 import java.util.Map;
 
-import javax.servlet.ServletRegistration;
+import jakarta.servlet.ServletRegistration;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java b/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
index 0fc87cfe8cb..9f6128b0898 100644
--- a/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
@@ -32,11 +32,12 @@
 import javax.security.auth.Subject;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.spi.LoginModule;
-import javax.servlet.Filter;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpServletResponseWrapper;
+
+import jakarta.servlet.Filter;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponseWrapper;
 
 import ch.qos.logback.classic.Logger;
 import ch.qos.logback.classic.spi.ILoggingEvent;
diff --git a/config/src/test/java/org/springframework/security/config/http/NamespaceHttpBasicTests.java b/config/src/test/java/org/springframework/security/config/http/NamespaceHttpBasicTests.java
index 1616a8b6c77..3366458955b 100644
--- a/config/src/test/java/org/springframework/security/config/http/NamespaceHttpBasicTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/NamespaceHttpBasicTests.java
@@ -19,8 +19,8 @@
 import java.lang.reflect.Method;
 import java.util.Base64;
 
-import javax.servlet.Filter;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.Filter;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
index e5613347138..2a43d604e14 100644
--- a/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java
@@ -30,7 +30,7 @@
 import java.util.Properties;
 import java.util.stream.Collectors;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import com.nimbusds.jose.JWSAlgorithm;
 import com.nimbusds.jose.JWSHeader;
diff --git a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
index 80a43d8859d..dee0a388181 100644
--- a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
@@ -19,8 +19,8 @@
 import java.util.HashSet;
 import java.util.Set;
 
-import javax.servlet.Filter;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.Filter;
+import jakarta.servlet.http.HttpServletRequest;
 
 import okhttp3.mockwebserver.MockResponse;
 import okhttp3.mockwebserver.MockWebServer;
diff --git a/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java b/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java
index 3843c280bd4..8cc9fe2516d 100644
--- a/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java
@@ -18,7 +18,7 @@
 
 import java.util.Collections;
 
-import javax.servlet.http.Cookie;
+import jakarta.servlet.http.Cookie;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java b/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java
index 7371dc5ec5f..a14b5c9c905 100644
--- a/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java
@@ -18,9 +18,9 @@
 
 import java.io.IOException;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.http.HttpHeaders;
 import org.junit.jupiter.api.Test;
diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java
index c21f42b9850..e64e54f7e9d 100644
--- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.config.http;
 
-import javax.servlet.Filter;
+import jakarta.servlet.Filter;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
index dc5c4c1a634..e4cbcb4f433 100644
--- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java
@@ -20,12 +20,12 @@
 import java.security.Principal;
 import java.util.List;
 
-import javax.servlet.Filter;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpServletResponseWrapper;
+import jakarta.servlet.Filter;
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponseWrapper;
 
 import org.apache.http.HttpStatus;
 import org.junit.jupiter.api.Test;
diff --git a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java
index 3644ed52eab..a6bf001e363 100644
--- a/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java
@@ -18,7 +18,7 @@
 
 import java.util.Properties;
 
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
index c4d08dc5295..378abd27ee9 100644
--- a/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
@@ -208,24 +208,6 @@ public void duplicateElementCausesError() {
 				.isThrownBy(() -> setContext("<global-method-security />" + "<global-method-security />"));
 	}
 
-	// SEC-936
-	@Test
-	public void worksWithoutTargetOrClass() {
-		// @formatter:off
-		setContext("<global-method-security secured-annotations='enabled'/>"
-				+ "<b:bean id='businessService' class='org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean'>"
-				+ "    <b:property name='serviceUrl' value='http://localhost:8080/SomeService'/>"
-				+ "    <b:property name='serviceInterface' value='org.springframework.security.access.annotation.BusinessService'/>"
-				+ "</b:bean>"
-				+ ConfigTestUtils.AUTH_PROVIDER_XML);
-		// @formatter:on
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
-				AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
-		SecurityContextHolder.getContext().setAuthentication(token);
-		this.target = (BusinessService) this.appContext.getBean("businessService");
-		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.target::someUserMethod1);
-	}
-
 	// Expression configuration tests
 	@SuppressWarnings("unchecked")
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/method/sec2136/JpaPermissionEvaluator.java b/config/src/test/java/org/springframework/security/config/method/sec2136/JpaPermissionEvaluator.java
index d186330f0ee..db25f03c7d4 100644
--- a/config/src/test/java/org/springframework/security/config/method/sec2136/JpaPermissionEvaluator.java
+++ b/config/src/test/java/org/springframework/security/config/method/sec2136/JpaPermissionEvaluator.java
@@ -18,7 +18,7 @@
 
 import java.io.Serializable;
 
-import javax.persistence.EntityManager;
+import jakarta.persistence.EntityManager;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.PermissionEvaluator;
diff --git a/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java b/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java
index 36a741b99ad..3ca308e511c 100644
--- a/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java
+++ b/config/src/test/java/org/springframework/security/config/test/SpringTestContext.java
@@ -20,10 +20,10 @@
 import java.util.ArrayList;
 import java.util.List;
 
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor;
 import org.springframework.mock.web.MockServletConfig;
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
index ef3ff4db4d5..4a6d0c373c8 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
@@ -28,7 +28,7 @@
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
-import javax.annotation.PreDestroy;
+import jakarta.annotation.PreDestroy;
 
 import okhttp3.mockwebserver.Dispatcher;
 import okhttp3.mockwebserver.MockResponse;
@@ -70,7 +70,6 @@
 import org.springframework.security.web.server.authentication.HttpStatusServerEntryPoint;
 import org.springframework.security.web.server.authentication.ServerAuthenticationConverter;
 import org.springframework.security.web.server.authorization.HttpStatusServerAccessDeniedHandler;
-import org.springframework.test.context.junit.jupiter.SpringExtension;
 import org.springframework.test.web.reactive.server.WebTestClient;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -93,7 +92,7 @@
  * Tests for
  * {@link org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec}
  */
-@ExtendWith({ SpringExtension.class, SpringTestContextExtension.class })
+@ExtendWith({ SpringTestContextExtension.class })
 public class OAuth2ResourceServerSpecTests {
 
 	private String expired = "eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE1MzUwMzc4OTd9.jqZDDjfc2eysX44lHXEIr9XFd2S8vjIZHCccZU-dRWMRJNsQ1QN5VNnJGklqJBXJR4qgla6cmVqPOLkUHDb0sL0nxM5XuzQaG5ZzKP81RV88shFyAiT0fD-6nl1k-Fai-Fu-VkzSpNXgeONoTxDaYhdB-yxmgrgsApgmbOTE_9AcMk-FQDXQ-pL9kynccFGV0lZx4CA7cyknKN7KBxUilfIycvXODwgKCjj_1WddLTCNGYogJJSg__7NoxzqbyWd3udbHVjqYq7GsMMrGB4_2kBD4CkghOSNcRHbT_DIXowxfAVT7PAg7Q0E5ruZsr2zPZacEUDhJ6-wbvlA0FAOUg";
diff --git a/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java b/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java
index 1c5eb64faa8..7496bc9c2d9 100644
--- a/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java
@@ -40,7 +40,7 @@
 import org.springframework.messaging.handler.invocation.HandlerMethodArgumentResolver;
 import org.springframework.messaging.simp.SimpMessageHeaderAccessor;
 import org.springframework.messaging.simp.SimpMessageType;
-import org.springframework.messaging.support.ChannelInterceptorAdapter;
+import org.springframework.messaging.support.ChannelInterceptor;
 import org.springframework.messaging.support.GenericMessage;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.expression.SecurityExpressionOperations;
@@ -444,7 +444,7 @@ public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory)
 
 	}
 
-	static class ExceptingInterceptor extends ChannelInterceptorAdapter {
+	static class ExceptingInterceptor implements ChannelInterceptor {
 
 		@Override
 		public Message<?> preSend(Message<?> message, MessageChannel channel) {
diff --git a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientWebConnection.java b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientWebConnection.java
index a2fed90d58d..91e948bf904 100644
--- a/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientWebConnection.java
+++ b/config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientWebConnection.java
@@ -60,8 +60,8 @@ public WebTestClientWebConnection(WebTestClient webTestClient, WebClient webClie
 	 * Validate the supplied {@code contextPath}.
 	 * <p>
 	 * If the value is not {@code null}, it must conform to
-	 * {@link javax.servlet.http.HttpServletRequest#getContextPath()} which states that it
-	 * can be an empty string and otherwise must start with a "/" character and not end
+	 * {@link jakarta.servlet.http.HttpServletRequest#getContextPath()} which states that
+	 * it can be an empty string and otherwise must start with a "/" character and not end
 	 * with a "/" character.
 	 * @param contextPath the path to validate
 	 */
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/AnonymousDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/AnonymousDslTests.kt
similarity index 98%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/AnonymousDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/AnonymousDslTests.kt
index 754a9d91ff7..2574802eb04 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/AnonymousDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/AnonymousDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/AuthorizeRequestsDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsDslTests.kt
similarity index 99%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/AuthorizeRequestsDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsDslTests.kt
index 279d78b359a..e0f99c9b45a 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/AuthorizeRequestsDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/CorsDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/CorsDslTests.kt
similarity index 98%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/CorsDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/CorsDslTests.kt
index bd33989bb7c..b12420f5732 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/CorsDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/CorsDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import org.assertj.core.api.Assertions.assertThatThrownBy
 import org.junit.jupiter.api.Test
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/CsrfDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/CsrfDslTests.kt
similarity index 99%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/CsrfDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/CsrfDslTests.kt
index 19b885e29b7..2ed2df0a1da 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/CsrfDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/CsrfDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import io.mockk.every
 import io.mockk.mockkObject
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/ExceptionHandlingDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingDslTests.kt
similarity index 99%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/ExceptionHandlingDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingDslTests.kt
index 43a525148f7..2e3bebbaae6 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/ExceptionHandlingDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import org.assertj.core.api.Assertions.assertThatExceptionOfType
 import org.junit.jupiter.api.Test
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/FormLoginDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/FormLoginDslTests.kt
similarity index 98%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/FormLoginDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/FormLoginDslTests.kt
index 16783f1307c..b0a88a19990 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/FormLoginDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/FormLoginDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import io.mockk.every
 import io.mockk.mockkObject
@@ -40,7 +40,7 @@ import org.springframework.test.web.servlet.get
 import org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl
 import org.springframework.test.web.servlet.result.MockMvcResultMatchers.status
 import org.springframework.web.bind.annotation.GetMapping
-import javax.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletRequest
 
 /**
  * Tests for [FormLoginDsl]
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/HeadersDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/HeadersDslTests.kt
similarity index 97%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/HeadersDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/HeadersDslTests.kt
index c2cbfb371dd..f7056433bc7 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/HeadersDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/HeadersDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
@@ -25,7 +25,6 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
-import org.springframework.security.config.web.servlet.headers.PermissionsPolicyDsl
 import org.springframework.security.web.header.writers.StaticHeadersWriter
 import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter
 import org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/HttpBasicDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/HttpBasicDslTests.kt
similarity index 98%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/HttpBasicDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/HttpBasicDslTests.kt
index cb6f6b47f8c..b6dcff2e7ee 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/HttpBasicDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/HttpBasicDslTests.kt
@@ -14,12 +14,12 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import io.mockk.every
 import io.mockk.mockkObject
 import io.mockk.verify
-import javax.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletRequest
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
 import org.springframework.beans.factory.annotation.Autowired
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/HttpSecurityDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/HttpSecurityDslTests.kt
similarity index 99%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/HttpSecurityDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/HttpSecurityDslTests.kt
index eea2c3bff1e..456f1605a6c 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/HttpSecurityDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/HttpSecurityDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import io.mockk.every
 import io.mockk.mockkObject
@@ -52,7 +52,7 @@ import org.springframework.test.web.servlet.get
 import org.springframework.test.web.servlet.post
 import org.springframework.test.web.servlet.request.MockMvcRequestBuilders
 import org.springframework.web.servlet.config.annotation.EnableWebMvc
-import javax.servlet.Filter
+import jakarta.servlet.Filter
 
 /**
  * Tests for [HttpSecurityDsl]
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/LogoutDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/LogoutDslTests.kt
similarity index 99%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/LogoutDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/LogoutDslTests.kt
index 2bf1af54716..14a12921fd1 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/LogoutDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/LogoutDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import io.mockk.every
 import io.mockk.mockkObject
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/OAuth2ClientDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/OAuth2ClientDslTests.kt
similarity index 98%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/OAuth2ClientDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/OAuth2ClientDslTests.kt
index ba45eb97cbb..4ab7925a5d7 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/OAuth2ClientDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/OAuth2ClientDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import io.mockk.every
 import io.mockk.mockkObject
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/OAuth2LoginDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/OAuth2LoginDslTests.kt
similarity index 98%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/OAuth2LoginDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/OAuth2LoginDslTests.kt
index f0b146a3c18..333d143decb 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/OAuth2LoginDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/OAuth2LoginDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import io.mockk.every
 import io.mockk.mockkObject
@@ -42,7 +42,7 @@ import org.springframework.test.web.servlet.get
 import org.springframework.test.web.servlet.post
 import org.springframework.web.bind.annotation.GetMapping
 import org.springframework.web.bind.annotation.RestController
-import javax.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletRequest
 
 /**
  * Tests for [OAuth2LoginDsl]
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/OAuth2ResourceServerDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/OAuth2ResourceServerDslTests.kt
similarity index 98%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/OAuth2ResourceServerDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/OAuth2ResourceServerDslTests.kt
index 72b0fae55e8..d8f289cfdcb 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/OAuth2ResourceServerDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/OAuth2ResourceServerDslTests.kt
@@ -14,13 +14,13 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import io.mockk.every
 import io.mockk.mockk
 import io.mockk.mockkObject
 import io.mockk.verify
-import javax.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletRequest
 import org.assertj.core.api.Assertions
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/PasswordManagementDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/PasswordManagementDslTests.kt
similarity index 97%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/PasswordManagementDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/PasswordManagementDslTests.kt
index af302cf96ff..a38fee019a8 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/PasswordManagementDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/PasswordManagementDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/PortMapperDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/PortMapperDslTests.kt
similarity index 97%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/PortMapperDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/PortMapperDslTests.kt
index 7f020208c82..86fce3776c8 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/PortMapperDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/PortMapperDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/RememberMeDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/RememberMeDslTests.kt
similarity index 98%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/RememberMeDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/RememberMeDslTests.kt
index 17efacf3a4d..eea14f2fd92 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/RememberMeDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/RememberMeDslTests.kt
@@ -14,24 +14,20 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
-import io.mockk.Called
-import io.mockk.confirmVerified
 import io.mockk.every
 import io.mockk.justRun
 import io.mockk.mockk
 import io.mockk.mockkObject
 import io.mockk.verify
-import javax.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletRequest
 import org.assertj.core.api.Assertions.assertThat
 import org.junit.jupiter.api.Test
-import org.junit.jupiter.api.extension.ExtendWith
 import org.junit.jupiter.api.fail
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.context.annotation.Bean
 import org.springframework.core.annotation.Order
-import org.springframework.mock.web.MockHttpServletRequest
 import org.springframework.mock.web.MockHttpSession
 import org.springframework.security.authentication.RememberMeAuthenticationToken
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
@@ -39,7 +35,6 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.test.SpringTestContext
-import org.springframework.security.config.test.SpringTestContextExtension
 import org.springframework.security.core.Authentication
 import org.springframework.security.core.authority.AuthorityUtils
 import org.springframework.security.core.userdetails.PasswordEncodedUser
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/RequestCacheDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/RequestCacheDslTests.kt
similarity index 97%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/RequestCacheDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/RequestCacheDslTests.kt
index 52ee0492e58..ff0322a996e 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/RequestCacheDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/RequestCacheDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/RequiresChannelDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/RequiresChannelDslTests.kt
similarity index 98%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/RequiresChannelDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/RequiresChannelDslTests.kt
index 3ec020307bc..69e19900538 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/RequiresChannelDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/RequiresChannelDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import io.mockk.mockkObject
 import io.mockk.verify
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/Saml2DslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/Saml2DslTests.kt
similarity index 98%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/Saml2DslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/Saml2DslTests.kt
index a9dc47a2daf..69433d5767c 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/Saml2DslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/Saml2DslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import io.mockk.every
 import io.mockk.mockk
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/SessionManagementDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/SessionManagementDslTests.kt
similarity index 99%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/SessionManagementDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/SessionManagementDslTests.kt
index 25302355ea2..a7a6463f8c0 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/SessionManagementDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/SessionManagementDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import io.mockk.every
 import io.mockk.justRun
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/X509DslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/X509DslTests.kt
similarity index 99%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/X509DslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/X509DslTests.kt
index e0f6577f149..f3334c9317d 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/X509DslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/X509DslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet
+package org.springframework.security.config.annotation.web.configurers
 
 import io.mockk.mockk
 import java.security.cert.Certificate
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/headers/CacheControlDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/headers/CacheControlDslTests.kt
similarity index 95%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/headers/CacheControlDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/headers/CacheControlDslTests.kt
index ab2782ac43b..cd3c96262d1 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/headers/CacheControlDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/headers/CacheControlDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.headers
+package org.springframework.security.config.annotation.web.configurers.headers
 
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
@@ -23,7 +23,7 @@ import org.springframework.http.HttpHeaders
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
-import org.springframework.security.config.web.servlet.invoke
+import org.springframework.security.config.annotation.web.configurers.invoke
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
 import org.springframework.test.web.servlet.MockMvc
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/headers/ContentSecurityPolicyDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/headers/ContentSecurityPolicyDslTests.kt
similarity index 96%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/headers/ContentSecurityPolicyDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/headers/ContentSecurityPolicyDslTests.kt
index b312311cd65..9e6c49c7ae5 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/headers/ContentSecurityPolicyDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/headers/ContentSecurityPolicyDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.headers
+package org.springframework.security.config.annotation.web.configurers.headers
 
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
@@ -22,7 +22,7 @@ import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
-import org.springframework.security.config.web.servlet.invoke
+import org.springframework.security.config.annotation.web.configurers.invoke
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
 import org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/headers/ContentTypeOptionsDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/headers/ContentTypeOptionsDslTests.kt
similarity index 95%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/headers/ContentTypeOptionsDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/headers/ContentTypeOptionsDslTests.kt
index ce682ed76d4..42a2926c986 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/headers/ContentTypeOptionsDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/headers/ContentTypeOptionsDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.headers
+package org.springframework.security.config.annotation.web.configurers.headers
 
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
@@ -22,7 +22,7 @@ import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
-import org.springframework.security.config.web.servlet.invoke
+import org.springframework.security.config.annotation.web.configurers.invoke
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
 import org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/headers/FrameOptionsDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/headers/FrameOptionsDslTests.kt
similarity index 97%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/headers/FrameOptionsDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/headers/FrameOptionsDslTests.kt
index 021dda0848f..cb164d844a2 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/headers/FrameOptionsDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/headers/FrameOptionsDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.headers
+package org.springframework.security.config.annotation.web.configurers.headers
 
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
@@ -22,7 +22,7 @@ import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
-import org.springframework.security.config.web.servlet.invoke
+import org.springframework.security.config.annotation.web.configurers.invoke
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
 import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/headers/HttpPublicKeyPinningDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/headers/HttpPublicKeyPinningDslTests.kt
similarity index 98%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/headers/HttpPublicKeyPinningDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/headers/HttpPublicKeyPinningDslTests.kt
index e4759fb2840..e882bf4b122 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/headers/HttpPublicKeyPinningDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/headers/HttpPublicKeyPinningDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.headers
+package org.springframework.security.config.annotation.web.configurers.headers
 
 import org.assertj.core.api.Assertions
 import org.junit.jupiter.api.Test
@@ -25,7 +25,7 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
-import org.springframework.security.config.web.servlet.invoke
+import org.springframework.security.config.annotation.web.configurers.invoke
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.get
 
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/headers/HttpStrictTransportSecurityDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/headers/HttpStrictTransportSecurityDslTests.kt
similarity index 97%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/headers/HttpStrictTransportSecurityDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/headers/HttpStrictTransportSecurityDslTests.kt
index 374eb607c30..9701bf418ea 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/headers/HttpStrictTransportSecurityDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/headers/HttpStrictTransportSecurityDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.headers
+package org.springframework.security.config.annotation.web.configurers.headers
 
 import org.assertj.core.api.Assertions
 import org.junit.jupiter.api.Test
@@ -23,7 +23,7 @@ import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
-import org.springframework.security.config.web.servlet.invoke
+import org.springframework.security.config.annotation.web.configurers.invoke
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
 import org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/headers/ReferrerPolicyDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/headers/ReferrerPolicyDslTests.kt
similarity index 95%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/headers/ReferrerPolicyDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/headers/ReferrerPolicyDslTests.kt
index c9d3c04d067..65881103f6c 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/headers/ReferrerPolicyDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/headers/ReferrerPolicyDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.headers
+package org.springframework.security.config.annotation.web.configurers.headers
 
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
@@ -22,7 +22,7 @@ import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
-import org.springframework.security.config.web.servlet.invoke
+import org.springframework.security.config.annotation.web.configurers.invoke
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
 import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/headers/XssProtectionConfigDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/headers/XssProtectionConfigDslTests.kt
similarity index 96%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/headers/XssProtectionConfigDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/headers/XssProtectionConfigDslTests.kt
index 8b10f28cce4..73b005cb9a7 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/headers/XssProtectionConfigDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/headers/XssProtectionConfigDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.headers
+package org.springframework.security.config.annotation.web.configurers.headers
 
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
@@ -22,7 +22,7 @@ import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
-import org.springframework.security.config.web.servlet.invoke
+import org.springframework.security.config.annotation.web.configurers.invoke
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
 import org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/oauth2/client/AuthorizationCodeGrantDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeGrantDslTests.kt
similarity index 98%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/oauth2/client/AuthorizationCodeGrantDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeGrantDslTests.kt
index 72e5db552e3..0ea86c40e1d 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/oauth2/client/AuthorizationCodeGrantDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeGrantDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.oauth2.client
+package org.springframework.security.config.annotation.web.configurers.oauth2.client
 
 import io.mockk.every
 import io.mockk.mockk
@@ -31,7 +31,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.config.oauth2.client.CommonOAuth2Provider
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
-import org.springframework.security.config.web.servlet.invoke
+import org.springframework.security.config.annotation.web.configurers.invoke
 import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient
 import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/oauth2/login/AuthorizationEndpointDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/login/AuthorizationEndpointDslTests.kt
similarity index 96%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/oauth2/login/AuthorizationEndpointDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/login/AuthorizationEndpointDslTests.kt
index c4dff79baf6..8771468c3d6 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/oauth2/login/AuthorizationEndpointDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/login/AuthorizationEndpointDslTests.kt
@@ -14,12 +14,12 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.oauth2.login
+package org.springframework.security.config.annotation.web.configurers.oauth2.login
 
 import io.mockk.every
 import io.mockk.mockkObject
 import io.mockk.verify
-import javax.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletRequest
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
 import org.springframework.beans.factory.annotation.Autowired
@@ -31,7 +31,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.config.oauth2.client.CommonOAuth2Provider
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
-import org.springframework.security.config.web.servlet.invoke
+import org.springframework.security.config.annotation.web.configurers.invoke
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
 import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository
 import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/oauth2/login/RedirectionEndpointDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/login/RedirectionEndpointDslTests.kt
similarity index 97%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/oauth2/login/RedirectionEndpointDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/login/RedirectionEndpointDslTests.kt
index 9487e857ec8..6dacd27cdd1 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/oauth2/login/RedirectionEndpointDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/login/RedirectionEndpointDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.oauth2.login
+package org.springframework.security.config.annotation.web.configurers.oauth2.login
 
 import io.mockk.every
 import io.mockk.mockkObject
@@ -29,7 +29,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.config.oauth2.client.CommonOAuth2Provider
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
-import org.springframework.security.config.web.servlet.invoke
+import org.springframework.security.config.annotation.web.configurers.invoke
 import org.springframework.security.core.authority.SimpleGrantedAuthority
 import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient
 import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/oauth2/login/TokenEndpointDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/login/TokenEndpointDslTests.kt
similarity index 97%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/oauth2/login/TokenEndpointDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/login/TokenEndpointDslTests.kt
index 9dc1df0cb51..442c03ebd07 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/oauth2/login/TokenEndpointDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/login/TokenEndpointDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.oauth2.login
+package org.springframework.security.config.annotation.web.configurers.oauth2.login
 
 import io.mockk.every
 import io.mockk.mockkObject
@@ -30,7 +30,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.config.oauth2.client.CommonOAuth2Provider
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
-import org.springframework.security.config.web.servlet.invoke
+import org.springframework.security.config.annotation.web.configurers.invoke
 import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient
 import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/oauth2/login/UserInfoEndpointDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/login/UserInfoEndpointDslTests.kt
similarity index 97%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/oauth2/login/UserInfoEndpointDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/login/UserInfoEndpointDslTests.kt
index 477504ec5c3..3f5e2297f7f 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/oauth2/login/UserInfoEndpointDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/login/UserInfoEndpointDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.oauth2.login
+package org.springframework.security.config.annotation.web.configurers.oauth2.login
 
 import io.mockk.every
 import io.mockk.mockk
@@ -31,7 +31,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.config.oauth2.client.CommonOAuth2Provider
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
-import org.springframework.security.config.web.servlet.invoke
+import org.springframework.security.config.annotation.web.configurers.invoke
 import org.springframework.security.core.authority.SimpleGrantedAuthority
 import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient
 import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/oauth2/resourceserver/JwtDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/resourceserver/JwtDslTests.kt
similarity index 98%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/oauth2/resourceserver/JwtDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/resourceserver/JwtDslTests.kt
index b0d92a53bd5..cd721089e09 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/oauth2/resourceserver/JwtDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/resourceserver/JwtDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.oauth2.resourceserver
+package org.springframework.security.config.annotation.web.configurers.oauth2.resourceserver
 
 import io.mockk.every
 import io.mockk.mockk
@@ -35,7 +35,7 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
-import org.springframework.security.config.web.servlet.invoke
+import org.springframework.security.config.annotation.web.configurers.invoke
 import org.springframework.security.core.Authentication
 import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
 import org.springframework.security.oauth2.jwt.Jwt
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/oauth2/resourceserver/OpaqueTokenDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/resourceserver/OpaqueTokenDslTests.kt
similarity index 98%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/oauth2/resourceserver/OpaqueTokenDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/resourceserver/OpaqueTokenDslTests.kt
index 218e0618b94..c6df2f0132c 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/oauth2/resourceserver/OpaqueTokenDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/oauth2/resourceserver/OpaqueTokenDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.oauth2.resourceserver
+package org.springframework.security.config.annotation.web.configurers.oauth2.resourceserver
 
 import io.mockk.every
 import io.mockk.mockkObject
@@ -35,7 +35,7 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
-import org.springframework.security.config.web.servlet.invoke
+import org.springframework.security.config.annotation.web.configurers.invoke
 import org.springframework.security.core.Authentication
 import org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal
 import org.springframework.security.oauth2.core.TestOAuth2AccessTokens
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/session/SessionConcurrencyDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/session/SessionConcurrencyDslTests.kt
similarity index 97%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/session/SessionConcurrencyDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/session/SessionConcurrencyDslTests.kt
index f35ca1284fa..cf4e1a4bd2e 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/session/SessionConcurrencyDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/session/SessionConcurrencyDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.session
+package org.springframework.security.config.annotation.web.configurers.session
 
 import io.mockk.every
 import io.mockk.mockkObject
@@ -30,7 +30,7 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
-import org.springframework.security.config.web.servlet.invoke
+import org.springframework.security.config.annotation.web.configurers.invoke
 import org.springframework.security.core.session.SessionInformation
 import org.springframework.security.core.session.SessionRegistry
 import org.springframework.security.core.session.SessionRegistryImpl
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/session/SessionFixationDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/session/SessionFixationDslTests.kt
similarity index 97%
rename from config/src/test/kotlin/org/springframework/security/config/web/servlet/session/SessionFixationDslTests.kt
rename to config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/session/SessionFixationDslTests.kt
index c28d9397027..ebb3a7ea759 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/session/SessionFixationDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/configurers/session/SessionFixationDslTests.kt
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.web.servlet.session
+package org.springframework.security.config.annotation.web.configurers.session
 
 import org.assertj.core.api.Assertions.assertThat
 import org.junit.jupiter.api.Test
@@ -28,7 +28,7 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.core.userdetails.User
 import org.springframework.security.core.userdetails.UserDetailsService
-import org.springframework.security.config.web.servlet.invoke
+import org.springframework.security.config.annotation.web.configurers.invoke
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
 import org.springframework.security.provisioning.InMemoryUserDetailsManager
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/server/ServerJwtDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/web/server/ServerJwtDslTests.kt
index 52b92a041f6..2f01d9d5383 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/server/ServerJwtDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/web/server/ServerJwtDslTests.kt
@@ -23,7 +23,7 @@ import java.math.BigInteger
 import java.security.KeyFactory
 import java.security.interfaces.RSAPublicKey
 import java.security.spec.RSAPublicKeySpec
-import javax.annotation.PreDestroy
+import jakarta.annotation.PreDestroy
 import okhttp3.mockwebserver.MockResponse
 import okhttp3.mockwebserver.MockWebServer
 import org.assertj.core.api.Assertions.assertThat
diff --git a/config/src/test/kotlin/org/springframework/security/config/web/server/ServerOpaqueTokenDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/web/server/ServerOpaqueTokenDslTests.kt
index c201df93347..efa51a4b73e 100644
--- a/config/src/test/kotlin/org/springframework/security/config/web/server/ServerOpaqueTokenDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/web/server/ServerOpaqueTokenDslTests.kt
@@ -33,7 +33,7 @@ import org.springframework.security.oauth2.server.resource.introspection.Reactiv
 import org.springframework.security.web.server.SecurityWebFilterChain
 import org.springframework.test.web.reactive.server.WebTestClient
 import org.springframework.web.reactive.config.EnableWebFlux
-import javax.annotation.PreDestroy
+import jakarta.annotation.PreDestroy
 
 /**
  * Tests for [ServerOpaqueTokenDsl]
diff --git a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-CollidingFilters.xml b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-CollidingFilters.xml
index 905a1ad7025..e6a66cd5bf9 100644
--- a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-CollidingFilters.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-CollidingFilters.xml
@@ -29,7 +29,7 @@
 	</http>
 
 	<b:bean name="userFilter" class="org.mockito.Mockito" factory-method="mock">
-		<b:constructor-arg value="javax.servlet.Filter"/>
+		<b:constructor-arg value="jakarta.servlet.Filter"/>
 	</b:bean>
 
 	<b:import resource="userservice.xml"/>
diff --git a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-CustomFilters.xml b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-CustomFilters.xml
index 024ee1f6624..e2e1ffbdc6e 100644
--- a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-CustomFilters.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-CustomFilters.xml
@@ -33,7 +33,7 @@
 	<b:bean name="propertyPlaceholderConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
 
 	<b:bean name="userFilter" class="org.mockito.Mockito" factory-method="mock">
-		<b:constructor-arg value="javax.servlet.Filter"/>
+		<b:constructor-arg value="jakarta.servlet.Filter"/>
 	</b:bean>
 
 	<b:import resource="userservice.xml"/>
diff --git a/core/spring-security-core.gradle b/core/spring-security-core.gradle
index 213f24f92c5..173b5baba1e 100644
--- a/core/spring-security-core.gradle
+++ b/core/spring-security-core.gradle
@@ -13,8 +13,7 @@ dependencies {
 
 	optional 'com.fasterxml.jackson.core:jackson-databind'
 	optional 'io.projectreactor:reactor-core'
-	optional 'javax.annotation:jsr250-api'
-	optional 'net.sf.ehcache:ehcache'
+	optional 'jakarta.annotation:jakarta.annotation-api'
 	optional 'org.aspectj:aspectjrt'
 	optional 'org.springframework:spring-jdbc'
 	optional 'org.springframework:spring-tx'
diff --git a/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java
index 2cc9700280b..0c279c92131 100644
--- a/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java
@@ -22,9 +22,9 @@
 import java.util.Collection;
 import java.util.List;
 
-import javax.annotation.security.DenyAll;
-import javax.annotation.security.PermitAll;
-import javax.annotation.security.RolesAllowed;
+import jakarta.annotation.security.DenyAll;
+import jakarta.annotation.security.PermitAll;
+import jakarta.annotation.security.RolesAllowed;
 
 import org.springframework.core.annotation.AnnotationUtils;
 import org.springframework.security.access.ConfigAttribute;
diff --git a/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java b/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java
index 133498535b1..17580721a58 100644
--- a/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.access.annotation;
 
-import javax.annotation.security.DenyAll;
-import javax.annotation.security.PermitAll;
+import jakarta.annotation.security.DenyAll;
+import jakarta.annotation.security.PermitAll;
 
 import org.springframework.security.access.SecurityConfig;
 
diff --git a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationException.java b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationException.java
deleted file mode 100644
index fdfece6ba7c..00000000000
--- a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationException.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.authentication.rcp;
-
-import org.springframework.core.NestedRuntimeException;
-import org.springframework.security.core.SpringSecurityCoreVersion;
-
-/**
- * Thrown if a <code>RemoteAuthenticationManager</code> cannot validate the presented
- * authentication request.
- * <p>
- * This is thrown rather than the normal <code>AuthenticationException</code> because
- * <code>AuthenticationException</code> contains additional properties which may cause
- * issues for the remoting protocol.
- *
- * @author Ben Alex
- */
-public class RemoteAuthenticationException extends NestedRuntimeException {
-
-	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
-
-	/**
-	 * Constructs a <code>RemoteAuthenticationException</code> with the specified message
-	 * and no root cause.
-	 * @param msg the detail message
-	 */
-	public RemoteAuthenticationException(String msg) {
-		super(msg);
-	}
-
-}
diff --git a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManager.java b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManager.java
deleted file mode 100644
index f2bec46c898..00000000000
--- a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManager.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.authentication.rcp;
-
-import java.util.Collection;
-
-import org.springframework.security.core.GrantedAuthority;
-
-/**
- * Allows remote clients to attempt authentication.
- *
- * @author Ben Alex
- */
-public interface RemoteAuthenticationManager {
-
-	/**
-	 * Attempts to authenticate the remote client using the presented username and
-	 * password. If authentication is successful, a collection of {@code GrantedAuthority}
-	 * objects will be returned.
-	 * <p>
-	 * In order to maximise remoting protocol compatibility, a design decision was taken
-	 * to operate with minimal arguments and return only the minimal amount of information
-	 * required for remote clients to enable/disable relevant user interface commands etc.
-	 * There is nothing preventing users from implementing their own equivalent package
-	 * that works with more complex object types.
-	 * @param username the username the remote client wishes to authenticate with.
-	 * @param password the password the remote client wishes to authenticate with.
-	 * @return all of the granted authorities the specified username and password have
-	 * access to.
-	 * @throws RemoteAuthenticationException if the authentication failed.
-	 */
-	Collection<? extends GrantedAuthority> attemptAuthentication(String username, String password)
-			throws RemoteAuthenticationException;
-
-}
diff --git a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImpl.java b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImpl.java
deleted file mode 100644
index 2f3063cdd37..00000000000
--- a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImpl.java
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.authentication.rcp;
-
-import java.util.Collection;
-
-import org.springframework.beans.factory.InitializingBean;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.util.Assert;
-
-/**
- * Server-side processor of a remote authentication request.
- * <p>
- * This bean requires no security interceptor to protect it. Instead, the bean uses the
- * configured <code>AuthenticationManager</code> to resolve an authentication request.
- *
- * @author Ben Alex
- */
-public class RemoteAuthenticationManagerImpl implements RemoteAuthenticationManager, InitializingBean {
-
-	private AuthenticationManager authenticationManager;
-
-	@Override
-	public void afterPropertiesSet() {
-		Assert.notNull(this.authenticationManager, "authenticationManager is required");
-	}
-
-	@Override
-	public Collection<? extends GrantedAuthority> attemptAuthentication(String username, String password)
-			throws RemoteAuthenticationException {
-		UsernamePasswordAuthenticationToken request = new UsernamePasswordAuthenticationToken(username, password);
-		try {
-			return this.authenticationManager.authenticate(request).getAuthorities();
-		}
-		catch (AuthenticationException ex) {
-			throw new RemoteAuthenticationException(ex.getMessage());
-		}
-	}
-
-	protected AuthenticationManager getAuthenticationManager() {
-		return this.authenticationManager;
-	}
-
-	public void setAuthenticationManager(AuthenticationManager authenticationManager) {
-		this.authenticationManager = authenticationManager;
-	}
-
-}
diff --git a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java
deleted file mode 100644
index 3ed938a2482..00000000000
--- a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.authentication.rcp;
-
-import java.util.Collection;
-
-import org.springframework.beans.factory.InitializingBean;
-import org.springframework.security.authentication.AuthenticationProvider;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.util.Assert;
-
-/**
- * Client-side object which queries a {@link RemoteAuthenticationManager} to validate an
- * authentication request.
- * <p>
- * A new <code>Authentication</code> object is created by this class comprising the
- * request <code>Authentication</code> object's <code>principal</code>,
- * <code>credentials</code> and the <code>GrantedAuthority</code>[]s returned by the
- * <code>RemoteAuthenticationManager</code>.
- * <p>
- * The <code>RemoteAuthenticationManager</code> should not require any special username or
- * password setting on the remoting client proxy factory to execute the call. Instead the
- * entire authentication request must be encapsulated solely within the
- * <code>Authentication</code> request object. In practical terms this means the
- * <code>RemoteAuthenticationManager</code> will <b>not</b> be protected by BASIC or any
- * other HTTP-level authentication.
- * </p>
- * <p>
- * If authentication fails, a <code>RemoteAuthenticationException</code> will be thrown.
- * This exception should be caught and displayed to the user, enabling them to retry with
- * alternative credentials etc.
- * </p>
- *
- * @author Ben Alex
- */
-public class RemoteAuthenticationProvider implements AuthenticationProvider, InitializingBean {
-
-	private RemoteAuthenticationManager remoteAuthenticationManager;
-
-	@Override
-	public void afterPropertiesSet() {
-		Assert.notNull(this.remoteAuthenticationManager, "remoteAuthenticationManager is mandatory");
-	}
-
-	@Override
-	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
-		String username = authentication.getPrincipal().toString();
-		Object credentials = authentication.getCredentials();
-		String password = (credentials != null) ? credentials.toString() : null;
-		Collection<? extends GrantedAuthority> authorities = this.remoteAuthenticationManager
-				.attemptAuthentication(username, password);
-		return new UsernamePasswordAuthenticationToken(username, password, authorities);
-	}
-
-	public RemoteAuthenticationManager getRemoteAuthenticationManager() {
-		return this.remoteAuthenticationManager;
-	}
-
-	public void setRemoteAuthenticationManager(RemoteAuthenticationManager remoteAuthenticationManager) {
-		this.remoteAuthenticationManager = remoteAuthenticationManager;
-	}
-
-	@Override
-	public boolean supports(Class<?> authentication) {
-		return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
-	}
-
-}
diff --git a/core/src/main/java/org/springframework/security/authentication/rcp/package-info.java b/core/src/main/java/org/springframework/security/authentication/rcp/package-info.java
deleted file mode 100644
index b4010d186bb..00000000000
--- a/core/src/main/java/org/springframework/security/authentication/rcp/package-info.java
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
- * Copyright 2002-2016 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/**
- * Allows remote clients to authenticate and obtain a populated
- * <code>Authentication</code> object.
- */
-package org.springframework.security.authentication.rcp;
diff --git a/core/src/main/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeMethodInterceptor.java b/core/src/main/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeMethodInterceptor.java
index 38b6f03b1bf..b5a0f3b9921 100644
--- a/core/src/main/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeMethodInterceptor.java
+++ b/core/src/main/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeMethodInterceptor.java
@@ -18,9 +18,9 @@
 
 import java.util.function.Supplier;
 
-import javax.annotation.security.DenyAll;
-import javax.annotation.security.PermitAll;
-import javax.annotation.security.RolesAllowed;
+import jakarta.annotation.security.DenyAll;
+import jakarta.annotation.security.PermitAll;
+import jakarta.annotation.security.RolesAllowed;
 
 import org.aopalliance.aop.Advice;
 import org.aopalliance.intercept.MethodInterceptor;
diff --git a/core/src/main/java/org/springframework/security/authorization/method/Jsr250AuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/method/Jsr250AuthorizationManager.java
index ccf8da60410..6f276c59343 100644
--- a/core/src/main/java/org/springframework/security/authorization/method/Jsr250AuthorizationManager.java
+++ b/core/src/main/java/org/springframework/security/authorization/method/Jsr250AuthorizationManager.java
@@ -22,9 +22,9 @@
 import java.util.Set;
 import java.util.function.Supplier;
 
-import javax.annotation.security.DenyAll;
-import javax.annotation.security.PermitAll;
-import javax.annotation.security.RolesAllowed;
+import jakarta.annotation.security.DenyAll;
+import jakarta.annotation.security.PermitAll;
+import jakarta.annotation.security.RolesAllowed;
 
 import org.aopalliance.intercept.MethodInvocation;
 
diff --git a/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java b/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
index 2b13e626773..682ae359130 100644
--- a/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
+++ b/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
@@ -43,7 +43,7 @@ public final class SpringSecurityCoreVersion {
 	 * N.B. Classes are not intended to be serializable between different versions. See
 	 * SEC-1709 for why we still need a serial version.
 	 */
-	public static final long SERIAL_VERSION_UID = 560L;
+	public static final long SERIAL_VERSION_UID = 600L;
 
 	static final String MIN_SPRING_VERSION = getSpringVersion();
 
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java b/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java
deleted file mode 100644
index 1aba15b2186..00000000000
--- a/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.core.userdetails.cache;
-
-import net.sf.ehcache.Ehcache;
-import net.sf.ehcache.Element;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import org.springframework.beans.factory.InitializingBean;
-import org.springframework.core.log.LogMessage;
-import org.springframework.security.core.userdetails.UserCache;
-import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.util.Assert;
-
-/**
- * Caches <code>User</code> objects using a Spring IoC defined
- * <A HREF="https://www.ehcache.org/">EHCACHE</a>.
- *
- * @author Ben Alex
- * @deprecated since 5.6. In favor of JCache based implementations
- */
-@Deprecated
-public class EhCacheBasedUserCache implements UserCache, InitializingBean {
-
-	private static final Log logger = LogFactory.getLog(EhCacheBasedUserCache.class);
-
-	private Ehcache cache;
-
-	@Override
-	public void afterPropertiesSet() {
-		Assert.notNull(this.cache, "cache mandatory");
-	}
-
-	public Ehcache getCache() {
-		return this.cache;
-	}
-
-	@Override
-	public UserDetails getUserFromCache(String username) {
-		Element element = this.cache.get(username);
-		logger.debug(LogMessage.of(() -> "Cache hit: " + (element != null) + "; username: " + username));
-		return (element != null) ? (UserDetails) element.getValue() : null;
-	}
-
-	@Override
-	public void putUserInCache(UserDetails user) {
-		Element element = new Element(user.getUsername(), user);
-		logger.debug(LogMessage.of(() -> "Cache put: " + element.getKey()));
-		this.cache.put(element);
-	}
-
-	public void removeUserFromCache(UserDetails user) {
-		logger.debug(LogMessage.of(() -> "Cache remove: " + user.getUsername()));
-		this.removeUserFromCache(user.getUsername());
-	}
-
-	@Override
-	public void removeUserFromCache(String username) {
-		this.cache.remove(username);
-	}
-
-	public void setCache(Ehcache cache) {
-		this.cache = cache;
-	}
-
-}
diff --git a/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java b/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java
index febd2b755cc..cc625e84a85 100644
--- a/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java
+++ b/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java
@@ -120,7 +120,7 @@ public static List<Module> getModules(ClassLoader loader) {
 		for (String className : securityJackson2ModuleClasses) {
 			addToModulesList(loader, modules, className);
 		}
-		if (ClassUtils.isPresent("javax.servlet.http.Cookie", loader)) {
+		if (ClassUtils.isPresent("jakarta.servlet.http.Cookie", loader)) {
 			addToModulesList(loader, modules, webServletJackson2ModuleClass);
 		}
 		if (ClassUtils.isPresent("org.springframework.security.oauth2.client.OAuth2AuthorizedClient", loader)) {
diff --git a/core/src/test/java/org/springframework/security/access/annotation/BusinessService.java b/core/src/test/java/org/springframework/security/access/annotation/BusinessService.java
index 7d42e18f3c0..cafb805b1c9 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/BusinessService.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/BusinessService.java
@@ -19,8 +19,8 @@
 import java.io.Serializable;
 import java.util.List;
 
-import javax.annotation.security.PermitAll;
-import javax.annotation.security.RolesAllowed;
+import jakarta.annotation.security.PermitAll;
+import jakarta.annotation.security.RolesAllowed;
 
 import org.springframework.security.access.prepost.PreAuthorize;
 
diff --git a/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java b/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java
index 09aa5ae48c3..b19b19bfcfa 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java
@@ -19,8 +19,8 @@
 import java.util.ArrayList;
 import java.util.List;
 
-import javax.annotation.security.PermitAll;
-import javax.annotation.security.RolesAllowed;
+import jakarta.annotation.security.PermitAll;
+import jakarta.annotation.security.RolesAllowed;
 
 /**
  * @author Luke Taylor
diff --git a/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java
index 4c6697d6a6e..2ee09b82be5 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java
@@ -18,8 +18,8 @@
 
 import java.util.Collection;
 
-import javax.annotation.security.PermitAll;
-import javax.annotation.security.RolesAllowed;
+import jakarta.annotation.security.PermitAll;
+import jakarta.annotation.security.RolesAllowed;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
@@ -63,7 +63,7 @@ public void methodWithRolesAllowedHasCorrectAttribute() throws Exception {
 	public void permitAllMethodHasPermitAllAttribute() throws Exception {
 		ConfigAttribute[] accessAttributes = findAttributes("permitAllMethod");
 		assertThat(accessAttributes).hasSize(1);
-		assertThat(accessAttributes[0].toString()).isEqualTo("javax.annotation.security.PermitAll");
+		assertThat(accessAttributes[0].toString()).isEqualTo("jakarta.annotation.security.PermitAll");
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/access/annotation/RequireAdminRole.java b/core/src/test/java/org/springframework/security/access/annotation/RequireAdminRole.java
index 70e68eda6ea..71d4dbf4f07 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/RequireAdminRole.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/RequireAdminRole.java
@@ -19,7 +19,7 @@
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
 
-import javax.annotation.security.RolesAllowed;
+import jakarta.annotation.security.RolesAllowed;
 
 import org.springframework.security.access.prepost.PreAuthorize;
 
diff --git a/core/src/test/java/org/springframework/security/access/annotation/RequireUserRole.java b/core/src/test/java/org/springframework/security/access/annotation/RequireUserRole.java
index a11b7fc6def..575a326f01b 100644
--- a/core/src/test/java/org/springframework/security/access/annotation/RequireUserRole.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/RequireUserRole.java
@@ -19,7 +19,7 @@
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
 
-import javax.annotation.security.RolesAllowed;
+import jakarta.annotation.security.RolesAllowed;
 
 import org.springframework.security.access.prepost.PreAuthorize;
 
diff --git a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
index 73056c57fcc..52490153d71 100644
--- a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
@@ -22,6 +22,7 @@
 
 import org.junit.jupiter.api.Test;
 
+import org.springframework.cache.Cache;
 import org.springframework.dao.DataRetrievalFailureException;
 import org.springframework.security.authentication.AccountExpiredException;
 import org.springframework.security.authentication.AuthenticationServiceException;
@@ -41,8 +42,8 @@
 import org.springframework.security.core.userdetails.UserDetailsPasswordService;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.security.core.userdetails.cache.EhCacheBasedUserCache;
 import org.springframework.security.core.userdetails.cache.NullUserCache;
+import org.springframework.security.core.userdetails.cache.SpringCacheBasedUserCache;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 import org.springframework.security.crypto.password.NoOpPasswordEncoder;
@@ -326,8 +327,8 @@ public void testGettersSetters() {
 		DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
 		provider.setPasswordEncoder(new BCryptPasswordEncoder());
 		assertThat(provider.getPasswordEncoder().getClass()).isEqualTo(BCryptPasswordEncoder.class);
-		provider.setUserCache(new EhCacheBasedUserCache());
-		assertThat(provider.getUserCache().getClass()).isEqualTo(EhCacheBasedUserCache.class);
+		provider.setUserCache(new SpringCacheBasedUserCache(mock(Cache.class)));
+		assertThat(provider.getUserCache().getClass()).isEqualTo(SpringCacheBasedUserCache.class);
 		assertThat(provider.isForcePrincipalAsString()).isFalse();
 		provider.setForcePrincipalAsString(true);
 		assertThat(provider.isForcePrincipalAsString()).isTrue();
diff --git a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java
deleted file mode 100644
index 51e89c29ce0..00000000000
--- a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.authentication.rcp;
-
-import org.junit.jupiter.api.Test;
-
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.authentication.BadCredentialsException;
-import org.springframework.security.authentication.TestingAuthenticationToken;
-import org.springframework.security.core.Authentication;
-
-import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
-import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.BDDMockito.given;
-import static org.mockito.Mockito.mock;
-
-/**
- * Tests {@link RemoteAuthenticationManagerImpl}.
- *
- * @author Ben Alex
- */
-public class RemoteAuthenticationManagerImplTests {
-
-	@Test
-	public void testFailedAuthenticationReturnsRemoteAuthenticationException() {
-		RemoteAuthenticationManagerImpl manager = new RemoteAuthenticationManagerImpl();
-		AuthenticationManager am = mock(AuthenticationManager.class);
-		given(am.authenticate(any(Authentication.class))).willThrow(new BadCredentialsException(""));
-		manager.setAuthenticationManager(am);
-		assertThatExceptionOfType(RemoteAuthenticationException.class)
-				.isThrownBy(() -> manager.attemptAuthentication("rod", "password"));
-	}
-
-	@Test
-	public void testStartupChecksAuthenticationManagerSet() throws Exception {
-		RemoteAuthenticationManagerImpl manager = new RemoteAuthenticationManagerImpl();
-		assertThatIllegalArgumentException().isThrownBy(manager::afterPropertiesSet);
-		manager.setAuthenticationManager(mock(AuthenticationManager.class));
-		manager.afterPropertiesSet();
-	}
-
-	@Test
-	public void testSuccessfulAuthentication() {
-		RemoteAuthenticationManagerImpl manager = new RemoteAuthenticationManagerImpl();
-		AuthenticationManager am = mock(AuthenticationManager.class);
-		given(am.authenticate(any(Authentication.class))).willReturn(new TestingAuthenticationToken("u", "p", "A"));
-		manager.setAuthenticationManager(am);
-		manager.attemptAuthentication("rod", "password");
-	}
-
-}
diff --git a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java
deleted file mode 100644
index e2276352949..00000000000
--- a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
- * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.authentication.rcp;
-
-import java.util.Collection;
-
-import org.junit.jupiter.api.Test;
-
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.AuthorityUtils;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
-import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
-
-/**
- * Tests {@link RemoteAuthenticationProvider}.
- *
- * @author Ben Alex
- */
-public class RemoteAuthenticationProviderTests {
-
-	@Test
-	public void testExceptionsGetPassedBackToCaller() {
-		RemoteAuthenticationProvider provider = new RemoteAuthenticationProvider();
-		provider.setRemoteAuthenticationManager(new MockRemoteAuthenticationManager(false));
-		assertThatExceptionOfType(RemoteAuthenticationException.class)
-				.isThrownBy(() -> provider.authenticate(new UsernamePasswordAuthenticationToken("rod", "password")));
-	}
-
-	@Test
-	public void testGettersSetters() {
-		RemoteAuthenticationProvider provider = new RemoteAuthenticationProvider();
-		provider.setRemoteAuthenticationManager(new MockRemoteAuthenticationManager(true));
-		assertThat(provider.getRemoteAuthenticationManager()).isNotNull();
-	}
-
-	@Test
-	public void testStartupChecksAuthenticationManagerSet() throws Exception {
-		RemoteAuthenticationProvider provider = new RemoteAuthenticationProvider();
-		assertThatIllegalArgumentException().isThrownBy(provider::afterPropertiesSet);
-		provider.setRemoteAuthenticationManager(new MockRemoteAuthenticationManager(true));
-		provider.afterPropertiesSet();
-	}
-
-	@Test
-	public void testSuccessfulAuthenticationCreatesObject() {
-		RemoteAuthenticationProvider provider = new RemoteAuthenticationProvider();
-		provider.setRemoteAuthenticationManager(new MockRemoteAuthenticationManager(true));
-		Authentication result = provider.authenticate(new UsernamePasswordAuthenticationToken("rod", "password"));
-		assertThat(result.getPrincipal()).isEqualTo("rod");
-		assertThat(result.getCredentials()).isEqualTo("password");
-		assertThat(AuthorityUtils.authorityListToSet(result.getAuthorities())).contains("foo");
-	}
-
-	@Test
-	public void testNullCredentialsDoesNotCauseNullPointerException() {
-		RemoteAuthenticationProvider provider = new RemoteAuthenticationProvider();
-		provider.setRemoteAuthenticationManager(new MockRemoteAuthenticationManager(false));
-		assertThatExceptionOfType(RemoteAuthenticationException.class)
-				.isThrownBy(() -> provider.authenticate(new UsernamePasswordAuthenticationToken("rod", null)));
-	}
-
-	@Test
-	public void testSupports() {
-		RemoteAuthenticationProvider provider = new RemoteAuthenticationProvider();
-		assertThat(provider.supports(UsernamePasswordAuthenticationToken.class)).isTrue();
-	}
-
-	private class MockRemoteAuthenticationManager implements RemoteAuthenticationManager {
-
-		private boolean grantAccess;
-
-		MockRemoteAuthenticationManager(boolean grantAccess) {
-			this.grantAccess = grantAccess;
-		}
-
-		@Override
-		public Collection<? extends GrantedAuthority> attemptAuthentication(String username, String password)
-				throws RemoteAuthenticationException {
-			if (this.grantAccess) {
-				return AuthorityUtils.createAuthorityList("foo");
-			}
-			else {
-				throw new RemoteAuthenticationException("as requested");
-			}
-		}
-
-	}
-
-}
diff --git a/core/src/test/java/org/springframework/security/authorization/method/Jsr250AuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/method/Jsr250AuthorizationManagerTests.java
index 504effbab83..8e8db58b51c 100644
--- a/core/src/test/java/org/springframework/security/authorization/method/Jsr250AuthorizationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authorization/method/Jsr250AuthorizationManagerTests.java
@@ -20,9 +20,9 @@
 import java.lang.annotation.RetentionPolicy;
 import java.util.function.Supplier;
 
-import javax.annotation.security.DenyAll;
-import javax.annotation.security.PermitAll;
-import javax.annotation.security.RolesAllowed;
+import jakarta.annotation.security.DenyAll;
+import jakarta.annotation.security.PermitAll;
+import jakarta.annotation.security.RolesAllowed;
 
 import org.junit.jupiter.api.Test;
 
diff --git a/core/src/test/java/org/springframework/security/core/JavaVersionTests.java b/core/src/test/java/org/springframework/security/core/JavaVersionTests.java
index 80a8e2ef388..f36cb6f7180 100644
--- a/core/src/test/java/org/springframework/security/core/JavaVersionTests.java
+++ b/core/src/test/java/org/springframework/security/core/JavaVersionTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -29,7 +29,7 @@
  */
 public class JavaVersionTests {
 
-	private static final int JDK8_CLASS_VERSION = 52;
+	private static final int JDK17_CLASS_VERSION = 61;
 
 	@Test
 	public void authenticationCorrectJdkCompatibility() throws Exception {
@@ -44,7 +44,7 @@ private void assertClassVersion(Class<?> clazz) throws Exception {
 			data.readInt();
 			data.readShort(); // minor
 			int major = data.readShort();
-			assertThat(major).isEqualTo(JDK8_CLASS_VERSION);
+			assertThat(major).isEqualTo(JDK17_CLASS_VERSION);
 		}
 	}
 
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java b/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java
deleted file mode 100644
index 907290dd63c..00000000000
--- a/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.core.userdetails.cache;
-
-import net.sf.ehcache.Cache;
-import net.sf.ehcache.CacheManager;
-import net.sf.ehcache.Ehcache;
-import org.junit.jupiter.api.AfterAll;
-import org.junit.jupiter.api.BeforeAll;
-import org.junit.jupiter.api.Test;
-
-import org.springframework.security.core.authority.AuthorityUtils;
-import org.springframework.security.core.userdetails.User;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
-
-/**
- * Tests {@link EhCacheBasedUserCache}.
- *
- * @author Ben Alex
- */
-public class EhCacheBasedUserCacheTests {
-
-	private static CacheManager cacheManager;
-
-	@BeforeAll
-	public static void initCacheManaer() {
-		cacheManager = CacheManager.create();
-		cacheManager.addCache(new Cache("ehcacheusercachetests", 500, false, false, 30, 30));
-	}
-
-	@AfterAll
-	public static void shutdownCacheManager() {
-		cacheManager.removalAll();
-		cacheManager.shutdown();
-	}
-
-	private Ehcache getCache() {
-		Ehcache cache = cacheManager.getCache("ehcacheusercachetests");
-		cache.removeAll();
-		return cache;
-	}
-
-	private User getUser() {
-		return new User("john", "password", true, true, true, true,
-				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
-	}
-
-	@Test
-	public void cacheOperationsAreSuccessful() throws Exception {
-		EhCacheBasedUserCache cache = new EhCacheBasedUserCache();
-		cache.setCache(getCache());
-		cache.afterPropertiesSet();
-		// Check it gets stored in the cache
-		cache.putUserInCache(getUser());
-		assertThat(getUser().getPassword()).isEqualTo(cache.getUserFromCache(getUser().getUsername()).getPassword());
-		// Check it gets removed from the cache
-		cache.removeUserFromCache(getUser());
-		assertThat(cache.getUserFromCache(getUser().getUsername())).isNull();
-		// Check it doesn't return values for null or unknown users
-		assertThat(cache.getUserFromCache(null)).isNull();
-		assertThat(cache.getUserFromCache("UNKNOWN_USER")).isNull();
-	}
-
-	@Test
-	public void startupDetectsMissingCache() throws Exception {
-		EhCacheBasedUserCache cache = new EhCacheBasedUserCache();
-		assertThatIllegalArgumentException().isThrownBy(cache::afterPropertiesSet);
-		Ehcache myCache = getCache();
-		cache.setCache(myCache);
-		assertThat(cache.getCache()).isEqualTo(myCache);
-	}
-
-}
diff --git a/data/spring-security-data.gradle b/data/spring-security-data.gradle
index e0c9f14dab7..3e915ef871d 100644
--- a/data/spring-security-data.gradle
+++ b/data/spring-security-data.gradle
@@ -3,7 +3,7 @@ apply plugin: 'io.spring.convention.spring-module'
 dependencies {
 	management platform(project(":spring-security-dependencies"))
 	api project(':spring-security-core')
-	api 'javax.xml.bind:jaxb-api'
+	api 'jakarta.xml.bind:jakarta.xml.bind-api'
 	api 'org.springframework.data:spring-data-commons'
 	api 'org.springframework:spring-core'
 	
diff --git a/dependencies/spring-security-dependencies.gradle b/dependencies/spring-security-dependencies.gradle
index b2cc1be458d..fd7f082982c 100644
--- a/dependencies/spring-security-dependencies.gradle
+++ b/dependencies/spring-security-dependencies.gradle
@@ -11,7 +11,7 @@ dependencies {
 	api platform("io.projectreactor:reactor-bom:2020.0.12")
 	api platform("io.rsocket:rsocket-bom:1.1.1")
 	api platform("org.junit:junit-bom:5.8.1")
-	api platform("org.springframework.data:spring-data-bom:2021.1.0-M1")
+	api platform("org.springframework.data:spring-data-bom:2022.1.0-SNAPSHOT")
 	api platform("org.jetbrains.kotlin:kotlin-bom:$kotlinVersion")
 	api platform("org.jetbrains.kotlinx:kotlinx-coroutines-bom:1.5.2")
 	api platform("com.fasterxml.jackson:jackson-bom:2.13.0")
@@ -27,14 +27,13 @@ dependencies {
 		api "commons-collections:commons-collections:3.2.2"
 		api "commons-logging:commons-logging:1.2"
 		api "io.mockk:mockk:1.12.0"
-		api "io.projectreactor.tools:blockhound:1.0.6.RELEASE"
-		api "javax.annotation:jsr250-api:1.0"
-		api "javax.servlet.jsp.jstl:javax.servlet.jsp.jstl-api:1.2.2"
-		api "javax.servlet.jsp:javax.servlet.jsp-api:2.3.3"
-		api "javax.servlet:javax.servlet-api:4.0.1"
-		api "javax.xml.bind:jaxb-api:2.3.1"
+		api "jakarta.annotation:jakarta.annotation-api:2.0.0"
+		api "jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api:2.0.0"
+		api "jakarta.servlet.jsp:jakarta.servlet.jsp-api:3.0.0"
+		api "jakarta.servlet:jakarta.servlet-api:5.0.0"
+		api "jakarta.xml.bind:jakarta.xml.bind-api:3.0.1"
+		api "jakarta.persistence:jakarta.persistence-api:3.0.0"
 		api "ldapsdk:ldapsdk:4.1"
-		api "net.sf.ehcache:ehcache:2.10.9.2"
 		api "net.sourceforge.htmlunit:htmlunit:2.54.0"
 		api "net.sourceforge.nekohtml:nekohtml:1.9.22"
 		api "org.apache.directory.server:apacheds-core-entry:1.5.5"
@@ -49,11 +48,11 @@ dependencies {
 		api "org.assertj:assertj-core:3.21.0"
 		api "org.bouncycastle:bcpkix-jdk15on:1.69"
 		api "org.bouncycastle:bcprov-jdk15on:1.69"
-		api "org.eclipse.jetty:jetty-server:9.4.44.v20210927"
-		api "org.eclipse.jetty:jetty-servlet:9.4.44.v20210927"
-		api "org.eclipse.persistence:javax.persistence:2.2.1"
+		api "org.eclipse.jetty:jetty-server:11.0.6"
+		api "org.eclipse.jetty:jetty-servlet:11.0.6"
+		api "jakarta.persistence:jakarta.persistence-api:3.0.0"
 		api "org.hamcrest:hamcrest:2.2"
-		api "org.hibernate:hibernate-entitymanager:5.6.0.Final"
+		api "org.hibernate:hibernate-core-jakarta:5.6.0.Final"
 		api "org.hsqldb:hsqldb:2.6.0"
 		api "org.jasig.cas.client:cas-client-core:3.6.2"
 		api "org.mockito:mockito-core:3.12.4"
@@ -64,7 +63,7 @@ dependencies {
 		api "org.opensaml:opensaml-saml-api:$openSamlVersion"
 		api "org.opensaml:opensaml-saml-impl:$openSamlVersion"
 		api "org.python:jython:2.5.3"
-		api "org.seleniumhq.selenium:htmlunit-driver:2.54.0"
+		api "org.seleniumhq.selenium:htmlunit-driver:2.52.0"
 		api "org.seleniumhq.selenium:selenium-java:3.141.59"
 		api "org.seleniumhq.selenium:selenium-support:3.141.59"
 		api "org.skyscreamer:jsonassert:1.5.0"
diff --git a/docs/modules/ROOT/pages/modules.adoc b/docs/modules/ROOT/pages/modules.adoc
index 3503fea601b..accef8b430e 100644
--- a/docs/modules/ROOT/pages/modules.adoc
+++ b/docs/modules/ROOT/pages/modules.adoc
@@ -21,7 +21,7 @@ Where a module depends on another Spring Security module, the non-optional depen
 
 [[spring-security-core]]
 == Core -- `spring-security-core.jar`
-This module contains core authentication and access-contol classes and interfaces, remoting support, and basic provisioning APIs.
+This module contains core authentication and access-contol classes and interfaces, and basic provisioning APIs.
 It is required by any application that uses Spring Security.
 It supports standalone applications, remote clients, method (service layer) security, and JDBC user provisioning.
 It contains the following top-level packages:
@@ -69,25 +69,6 @@ It contains the following top-level packages:
 |===
 
 
-[[spring-security-remoting]]
-== Remoting -- `spring-security-remoting.jar`
-This module provides integration with Spring Remoting.
-You do not need this unless you are writing a remote client that uses Spring Remoting.
-The main package is `org.springframework.security.remoting`.
-
-.Remoting Dependencies
-|===
-| Dependency | Version | Description
-
-| spring-security-core
-|
-|
-
-| spring-web
-|
-| Required for clients which use HTTP remoting support.
-|===
-
 [[spring-security-web]]
 == Web -- `spring-security-web.jar`
 This module contains filters and related web-security infrastructure code.
diff --git a/docs/modules/ROOT/pages/servlet/appendix/faq.adoc b/docs/modules/ROOT/pages/servlet/appendix/faq.adoc
index 87dcff45642..4eda4df8ef0 100644
--- a/docs/modules/ROOT/pages/servlet/appendix/faq.adoc
+++ b/docs/modules/ROOT/pages/servlet/appendix/faq.adoc
@@ -305,7 +305,7 @@ This usually means that the user's application is creating a session somewhere,
 The most common culprit is a JSP. Many people aren't aware that JSPs create sessions by default.
 To prevent a JSP from creating a session, add the directive `<%@ page session="false" %>` to the top of the page.
 
-If you are having trouble working out where a session is being created, you can add some debugging code to track down the location(s). One way to do this would be to add a `javax.servlet.http.HttpSessionListener` to your application, which calls `Thread.dumpStack()` in the `sessionCreated` method.
+If you are having trouble working out where a session is being created, you can add some debugging code to track down the location(s). One way to do this would be to add a `jakarta.servlet.http.HttpSessionListener` to your application, which calls `Thread.dumpStack()` in the `sessionCreated` method.
 
 [[appendix-faq-forbidden-csrf]]
 === I get a 403 Forbidden when performing a POST
diff --git a/docs/modules/ROOT/pages/servlet/appendix/namespace.adoc b/docs/modules/ROOT/pages/servlet/appendix/namespace.adoc
index a6518b4ed13..d67429fc9e1 100644
--- a/docs/modules/ROOT/pages/servlet/appendix/namespace.adoc
+++ b/docs/modules/ROOT/pages/servlet/appendix/namespace.adoc
@@ -709,7 +709,7 @@ Default is any HTTP method except "GET", "TRACE", "HEAD", "OPTIONS".
 [[nsa-custom-filter]]
 === <custom-filter>
 This element is used to add a filter to the filter chain.
-It doesn't create any additional beans but is used to select a bean of type `javax.servlet.Filter` which is already defined in the application context and add that at a particular position in the filter chain maintained by Spring Security.
+It doesn't create any additional beans but is used to select a bean of type `jakarta.servlet.Filter` which is already defined in the application context and add that at a particular position in the filter chain maintained by Spring Security.
 Full details can be found in the xref:servlet/configuration/xml-namespace.adoc#ns-custom-filters[ namespace chapter].
 
 
diff --git a/docs/modules/ROOT/pages/servlet/authentication/session-management.adoc b/docs/modules/ROOT/pages/servlet/authentication/session-management.adoc
index 6024d34a1bd..d677336f019 100644
--- a/docs/modules/ROOT/pages/servlet/authentication/session-management.adoc
+++ b/docs/modules/ROOT/pages/servlet/authentication/session-management.adoc
@@ -186,7 +186,7 @@ This is the default in Servlet 3.1 and newer containers.
 
 
 When session fixation protection occurs, it results in a `SessionFixationProtectionEvent` being published in the application context.
-If you use `changeSessionId`, this protection will __also__ result in any  ``javax.servlet.http.HttpSessionIdListener``s being notified, so use caution if your code listens for both events.
+If you use `changeSessionId`, this protection will __also__ result in any  ``jakarta.servlet.http.HttpSessionIdListener``s being notified, so use caution if your code listens for both events.
 See the <<session-mgmt,Session Management>> chapter for additional information.
 
 == SessionManagementFilter
diff --git a/docs/modules/ROOT/pages/servlet/integrations/servlet-api.adoc b/docs/modules/ROOT/pages/servlet/integrations/servlet-api.adoc
index 741a0629f73..b3b0267ac54 100644
--- a/docs/modules/ROOT/pages/servlet/integrations/servlet-api.adoc
+++ b/docs/modules/ROOT/pages/servlet/integrations/servlet-api.adoc
@@ -84,7 +84,7 @@ The following section describes the Servlet 3 methods that Spring Security integ
 
 [[servletapi-authenticate]]
 === HttpServletRequest.authenticate(HttpServletRequest,HttpServletResponse)
-The https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#authenticate%28javax.servlet.http.HttpServletResponse%29[HttpServletRequest.authenticate(HttpServletRequest,HttpServletResponse)] method can be used to ensure that a user is authenticated.
+The https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#authenticate%28jakarta.servlet.http.HttpServletResponse%29[HttpServletRequest.authenticate(HttpServletRequest,HttpServletResponse)] method can be used to ensure that a user is authenticated.
 If they are not authenticated, the configured AuthenticationEntryPoint will be used to request the user to authenticate (i.e. redirect to the login page).
 
 
diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index e42d8124ea5..b7f5427cb63 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -13,6 +13,7 @@
 
 	<!-- Ignore third-party code -->
 	<suppress files="BCrypt\.java|BCryptTests\.java" checks=".*"/>
+	<suppress files="org[\\/]springframework[\\/]security[\\/]cas[\\/]web[\\/]CommonUtils\.java" checks=".*"/>
 	<suppress files="org[\\/]springframework[\\/]security[\\/]core[\\/]ComparableVersion\.java" checks=".*"/>
 
 	<!-- InterfaceIsType rules we can't fix until a major revision due to back compatibility -->
diff --git a/gradle.properties b/gradle.properties
index 7b3f61fcec0..0f86c7d74cf 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -1,12 +1,12 @@
-aspectjVersion=1.9.7
+aspectjVersion=1.9.8.RC1
 springJavaformatVersion=0.0.29
 springBootVersion=2.4.2
-springFrameworkVersion=5.3.11
+springFrameworkVersion=6.0.0-SNAPSHOT
 openSamlVersion=3.4.6
-version=5.6.0-RC1
+version=6.0.0-SNAPSHOT
 kotlinVersion=1.5.31
-samplesBranch=main
-org.gradle.jvmargs=-Xmx3g -XX:MaxPermSize=2048m -XX:+HeapDumpOnOutOfMemoryError
+samplesBranch=6.0.x
+org.gradle.jvmargs=-Xmx3g -XX:+HeapDumpOnOutOfMemoryError
 org.gradle.parallel=true
 org.gradle.caching=true
 kotlin.stdlib.default.dependency=false
diff --git a/itest/context/spring-security-itest-context.gradle b/itest/context/spring-security-itest-context.gradle
index 9e3334454ab..15d323cc9f2 100644
--- a/itest/context/spring-security-itest-context.gradle
+++ b/itest/context/spring-security-itest-context.gradle
@@ -10,7 +10,7 @@ dependencies {
 	implementation 'org.springframework:spring-tx'
 
 	testImplementation project(':spring-security-web')
-	testImplementation 'javax.servlet:javax.servlet-api'
+	testImplementation 'jakarta.servlet:jakarta.servlet-api'
 	testImplementation 'org.springframework:spring-web'
 	testImplementation "org.assertj:assertj-core"
 	testImplementation "org.junit.jupiter:junit-jupiter-api"
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/HttpNamespaceWithMultipleInterceptorsTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/HttpNamespaceWithMultipleInterceptorsTests.java
index 8f52555cdbc..ea9a91c155a 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/HttpNamespaceWithMultipleInterceptorsTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/HttpNamespaceWithMultipleInterceptorsTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.integration;
 
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpSession;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/HttpPathParameterStrippingTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/HttpPathParameterStrippingTests.java
index 7ddef561722..44af9454501 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/HttpPathParameterStrippingTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/HttpPathParameterStrippingTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.integration;
 
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpSession;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/SEC936ApplicationContextTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/SEC936ApplicationContextTests.java
deleted file mode 100644
index cc49be6d4e0..00000000000
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/SEC936ApplicationContextTests.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright 2002-2016 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.integration;
-
-import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.ExtendWith;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.access.AccessDeniedException;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.core.session.SessionRegistry;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit.jupiter.SpringExtension;
-
-import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
-
-/**
- * @author Luke Taylor
- * @since 2.0
- */
-@ContextConfiguration(locations = { "/sec-936-app-context.xml" })
-@ExtendWith(SpringExtension.class)
-public class SEC936ApplicationContextTests {
-
-	/**
-	 * SessionRegistry is used as the test service interface (nothing to do with the test)
-	 */
-	@Autowired
-	private SessionRegistry sessionRegistry;
-
-	@Test
-	public void securityInterceptorHandlesCallWithNoTargetObject() {
-		SecurityContextHolder.getContext()
-				.setAuthentication(new UsernamePasswordAuthenticationToken("bob", "bobspassword"));
-		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.sessionRegistry::getAllPrincipals);
-	}
-
-}
diff --git a/itest/context/src/integration-test/java/org/springframework/security/performance/FilterChainPerformanceTests.java b/itest/context/src/integration-test/java/org/springframework/security/performance/FilterChainPerformanceTests.java
index e53d4f839e6..a450851c4f0 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/performance/FilterChainPerformanceTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/performance/FilterChainPerformanceTests.java
@@ -19,7 +19,7 @@
 import java.util.Arrays;
 import java.util.List;
 
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpSession;
 
 import org.junit.jupiter.api.AfterAll;
 import org.junit.jupiter.api.AfterEach;
diff --git a/itest/web/spring-security-itest-web.gradle b/itest/web/spring-security-itest-web.gradle
index 26feb48b14e..4a82c48b079 100644
--- a/itest/web/spring-security-itest-web.gradle
+++ b/itest/web/spring-security-itest-web.gradle
@@ -5,7 +5,7 @@ dependencies {
 	implementation 'org.springframework:spring-context'
 	implementation 'org.springframework:spring-web'
 
-	compileOnly 'javax.servlet:javax.servlet-api'
+	compileOnly 'jakarta.servlet:jakarta.servlet-api'
 
 	testImplementation project(':spring-security-core')
 	testImplementation project(':spring-security-test')
@@ -21,7 +21,7 @@ dependencies {
 	testImplementation "org.mockito:mockito-core"
 	testImplementation "org.mockito:mockito-junit-jupiter"
 	testImplementation "org.springframework:spring-test"
-	testImplementation 'javax.servlet:javax.servlet-api'
+	testImplementation 'jakarta.servlet:jakarta.servlet-api'
 
 	testRuntimeOnly project(':spring-security-config')
 	testRuntimeOnly project(':spring-security-ldap')
diff --git a/messaging/spring-security-messaging.gradle b/messaging/spring-security-messaging.gradle
index 6556c0e6b00..b5a8e03ec7a 100644
--- a/messaging/spring-security-messaging.gradle
+++ b/messaging/spring-security-messaging.gradle
@@ -12,7 +12,7 @@ dependencies {
 	optional project(':spring-security-web')
 	optional 'org.springframework:spring-websocket'
 	optional 'io.projectreactor:reactor-core'
-	optional 'javax.servlet:javax.servlet-api'
+	optional 'jakarta.servlet:jakarta.servlet-api'
 
 	testImplementation project(path: ':spring-security-core', configuration: 'tests')
 	testImplementation 'commons-codec:commons-codec'
diff --git a/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java b/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java
index 594cfcacba8..b7f959c499d 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java
@@ -22,7 +22,7 @@
 import org.springframework.messaging.MessageChannel;
 import org.springframework.messaging.MessageHandler;
 import org.springframework.messaging.simp.SimpMessageHeaderAccessor;
-import org.springframework.messaging.support.ChannelInterceptorAdapter;
+import org.springframework.messaging.support.ChannelInterceptor;
 import org.springframework.messaging.support.ExecutorChannelInterceptor;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -40,8 +40,7 @@
  * @author Rob Winch
  * @since 4.0
  */
-public final class SecurityContextChannelInterceptor extends ChannelInterceptorAdapter
-		implements ExecutorChannelInterceptor {
+public final class SecurityContextChannelInterceptor implements ExecutorChannelInterceptor, ChannelInterceptor {
 
 	private static final SecurityContext EMPTY_CONTEXT = SecurityContextHolder.createEmptyContext();
 
diff --git a/messaging/src/main/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptor.java b/messaging/src/main/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptor.java
index 059b34bddba..cc2a696662c 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptor.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptor.java
@@ -22,7 +22,7 @@
 import org.springframework.messaging.MessageChannel;
 import org.springframework.messaging.simp.SimpMessageHeaderAccessor;
 import org.springframework.messaging.simp.SimpMessageType;
-import org.springframework.messaging.support.ChannelInterceptorAdapter;
+import org.springframework.messaging.support.ChannelInterceptor;
 import org.springframework.security.messaging.util.matcher.MessageMatcher;
 import org.springframework.security.messaging.util.matcher.SimpMessageTypeMatcher;
 import org.springframework.security.web.csrf.CsrfToken;
@@ -30,14 +30,14 @@
 import org.springframework.security.web.csrf.MissingCsrfTokenException;
 
 /**
- * {@link ChannelInterceptorAdapter} that validates that a valid CSRF is included in the
- * header of any {@link SimpMessageType#CONNECT} message. The expected {@link CsrfToken}
- * is populated by CsrfTokenHandshakeInterceptor.
+ * {@link ChannelInterceptor} that validates that a valid CSRF is included in the header
+ * of any {@link SimpMessageType#CONNECT} message. The expected {@link CsrfToken} is
+ * populated by CsrfTokenHandshakeInterceptor.
  *
  * @author Rob Winch
  * @since 4.0
  */
-public final class CsrfChannelInterceptor extends ChannelInterceptorAdapter {
+public final class CsrfChannelInterceptor implements ChannelInterceptor {
 
 	private final MessageMatcher<Object> matcher = new SimpMessageTypeMatcher(SimpMessageType.CONNECT);
 
diff --git a/messaging/src/main/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptor.java b/messaging/src/main/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptor.java
index aa40975f2f6..aa936c91fe0 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptor.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptor.java
@@ -18,7 +18,7 @@
 
 import java.util.Map;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.http.server.ServerHttpRequest;
 import org.springframework.http.server.ServerHttpResponse;
diff --git a/oauth2/oauth2-client/spring-security-oauth2-client.gradle b/oauth2/oauth2-client/spring-security-oauth2-client.gradle
index 3a6b1c1394a..b16fa09bebe 100644
--- a/oauth2/oauth2-client/spring-security-oauth2-client.gradle
+++ b/oauth2/oauth2-client/spring-security-oauth2-client.gradle
@@ -21,7 +21,6 @@ dependencies {
 	testImplementation 'com.squareup.okhttp3:mockwebserver'
 	testImplementation 'io.projectreactor.netty:reactor-netty'
 	testImplementation 'io.projectreactor:reactor-test'
-	testImplementation 'io.projectreactor.tools:blockhound'
 	testImplementation 'org.skyscreamer:jsonassert'
 	testImplementation 'io.r2dbc:r2dbc-h2:0.8.4.RELEASE'
 	testImplementation 'io.r2dbc:r2dbc-spi-test:0.8.6.RELEASE'
@@ -35,5 +34,5 @@ dependencies {
 
 	testRuntimeOnly 'org.hsqldb:hsqldb'
 
-	provided 'javax.servlet:javax.servlet-api'
+	provided 'jakarta.servlet:jakarta.servlet-api'
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationFailureHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationFailureHandler.java
index 4e6089eab1d..3a246c49fbd 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationFailureHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationFailureHandler.java
@@ -40,9 +40,9 @@ public interface OAuth2AuthorizationFailureHandler {
 	 * @param principal the {@code Principal} associated with the attempted authorization
 	 * @param attributes an immutable {@code Map} of (optional) attributes present under
 	 * certain conditions. For example, this might contain a
-	 * {@code javax.servlet.http.HttpServletRequest} and
-	 * {@code javax.servlet.http.HttpServletResponse} if the authorization was performed
-	 * within the context of a {@code javax.servlet.ServletContext}.
+	 * {@code jakarta.servlet.http.HttpServletRequest} and
+	 * {@code jakarta.servlet.http.HttpServletResponse} if the authorization was performed
+	 * within the context of a {@code jakarta.servlet.ServletContext}.
 	 */
 	void onAuthorizationFailure(OAuth2AuthorizationException authorizationException, Authentication principal,
 			Map<String, Object> attributes);
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationSuccessHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationSuccessHandler.java
index 7e5e81a3854..c28a388c8bd 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationSuccessHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationSuccessHandler.java
@@ -40,9 +40,9 @@ public interface OAuth2AuthorizationSuccessHandler {
 	 * @param principal the {@code Principal} associated with the authorized client
 	 * @param attributes an immutable {@code Map} of (optional) attributes present under
 	 * certain conditions. For example, this might contain a
-	 * {@code javax.servlet.http.HttpServletRequest} and
-	 * {@code javax.servlet.http.HttpServletResponse} if the authorization was performed
-	 * within the context of a {@code javax.servlet.ServletContext}.
+	 * {@code jakarta.servlet.http.HttpServletRequest} and
+	 * {@code jakarta.servlet.http.HttpServletResponse} if the authorization was performed
+	 * within the context of a {@code jakarta.servlet.ServletContext}.
 	 */
 	void onAuthorizationSuccess(OAuth2AuthorizedClient authorizedClient, Authentication principal,
 			Map<String, Object> attributes);
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java
index 3701e8457ce..d367685e21f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java
@@ -143,9 +143,9 @@ public interface OAuth2AuthorizedClientRemover {
 		 * @param principal the End-User {@link Authentication} (Resource Owner)
 		 * @param attributes an immutable {@code Map} of (optional) attributes present
 		 * under certain conditions. For example, this might contain a
-		 * {@code javax.servlet.http.HttpServletRequest} and
-		 * {@code javax.servlet.http.HttpServletResponse} if the authorization was
-		 * performed within the context of a {@code javax.servlet.ServletContext}.
+		 * {@code jakarta.servlet.http.HttpServletRequest} and
+		 * {@code jakarta.servlet.http.HttpServletResponse} if the authorization was
+		 * performed within the context of a {@code jakarta.servlet.ServletContext}.
 		 */
 		void removeAuthorizedClient(String clientRegistrationId, Authentication principal,
 				Map<String, Object> attributes);
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java
index 262e08a2aae..766424f4fe2 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java
@@ -20,8 +20,8 @@
 import java.nio.charset.StandardCharsets;
 import java.util.Collections;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepository.java
index 246f729aa9d..fb0e5d2889f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepository.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.oauth2.client.web;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.authentication.AuthenticationTrustResolver;
 import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java
index 90e47929f1e..b10f694b83e 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.oauth2.client.web;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
index 7e606eae6bd..fc7b8747ab9 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
@@ -24,7 +24,7 @@
 import java.util.Map;
 import java.util.function.Consumer;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.security.crypto.keygen.Base64StringKeyGenerator;
 import org.springframework.security.crypto.keygen.StringKeyGenerator;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java
index 02e41ab33f8..bfe626cfdc6 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java
@@ -21,8 +21,8 @@
 import java.util.Map;
 import java.util.function.Function;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.lang.Nullable;
 import org.springframework.security.core.Authentication;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java
index fd19d1c2cdb..c1103f98467 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java
@@ -19,9 +19,9 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepository.java
index e0b65a63980..727cab1aa65 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepository.java
@@ -19,9 +19,9 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java
index f8bc3b13b2f..1e41edf85cf 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java
@@ -23,10 +23,10 @@
 import java.util.Objects;
 import java.util.Set;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.authentication.AuthenticationManager;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
index ab8e7c4413a..2bf35d43b63 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
@@ -18,10 +18,10 @@
 
 import java.io.IOException;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.core.log.LogMessage;
 import org.springframework.http.HttpStatus;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestResolver.java
index d4c6fda21fa..dd930f6d4e6 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestResolver.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.oauth2.client.web;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizedClientRepository.java
index f52993a3d54..50661037764 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizedClientRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizedClientRepository.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.oauth2.client.web;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
index 9bebb0869c8..275b9eb7fd3 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.oauth2.client.web;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.security.authentication.AuthenticationManager;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
index 32247a860a7..951ee9effa0 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.oauth2.client.web.method.annotation;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.core.MethodParameter;
 import org.springframework.core.annotation.AnnotatedElementUtils;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
index c2fcadc1c79..712ef7352ee 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
@@ -24,8 +24,8 @@
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import reactor.core.publisher.Mono;
 import reactor.core.scheduler.Schedulers;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java
index b5ca968f99a..d270b9c0d67 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java
@@ -20,7 +20,7 @@
 import java.net.URI;
 import java.util.Collections;
 
-import javax.servlet.ServletException;
+import jakarta.servlet.ServletException;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
index 2a28fea70a4..d7b39ff1d48 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
@@ -20,7 +20,7 @@
 import java.net.URI;
 import java.util.Collections;
 
-import javax.servlet.ServletException;
+import jakarta.servlet.ServletException;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
index 5c91205e4a7..58db8b5e509 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
@@ -19,7 +19,7 @@
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java
index 8fe786146fc..868505c5b18 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java
@@ -20,8 +20,8 @@
 import java.util.Map;
 import java.util.function.Function;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java
index 1054b29beb0..1af63530677 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java
@@ -18,7 +18,7 @@
 
 import java.util.Map;
 
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpSession;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java
index e822c4b932a..55d3bd793d1 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java
@@ -21,10 +21,10 @@
 import java.util.Map;
 import java.util.stream.Collectors;
 
-import javax.servlet.FilterChain;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java
index 0df8ea1a03d..e82985de03c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java
@@ -21,11 +21,11 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
index d399f3c3dbe..e0bf75ddf73 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
@@ -20,9 +20,9 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import javax.servlet.FilterChain;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
index 1e83a645f94..5f6ec7b1291 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java
@@ -20,8 +20,8 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java
index d0a0b8e7308..b06e30c6fa0 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java
@@ -23,17 +23,15 @@
 import java.util.HashSet;
 import java.util.Map;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import okhttp3.mockwebserver.MockResponse;
 import okhttp3.mockwebserver.MockWebServer;
 import org.junit.jupiter.api.AfterEach;
-import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.mockito.ArgumentCaptor;
-import reactor.blockhound.BlockHound;
 import reactor.util.context.Context;
 
 import org.springframework.http.HttpHeaders;
@@ -89,23 +87,6 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests {
 
 	private MockHttpServletResponse response;
 
-	@BeforeAll
-	public static void setUpBlockingChecks() {
-		// IMPORTANT:
-		// Before enabling BlockHound, we need to white-list
-		// `java.lang.Class.getPackage()`.
-		// When the JVM loads `java.lang.Package.getSystemPackage()`, it attempts to
-		// `java.lang.Package.loadManifest()` which is blocking I/O and triggers
-		// BlockHound to error.
-		// NOTE: This is an issue with JDK 8. It's been tested on JDK 10 and works fine
-		// w/o this white-list.
-		// @formatter:off
-		BlockHound.builder()
-				.allowBlockingCallsInside(Class.class.getName(), "getPackage")
-				.install();
-		// @formatter:on
-	}
-
 	@BeforeEach
 	public void setUp() throws Exception {
 		this.clientRegistrationRepository = mock(ClientRegistrationRepository.class);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
index 849a173ebfa..46c7226dad7 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
@@ -28,8 +28,8 @@
 import java.util.Optional;
 import java.util.function.Consumer;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/oauth2/oauth2-resource-server/spring-security-oauth2-resource-server.gradle b/oauth2/oauth2-resource-server/spring-security-oauth2-resource-server.gradle
index 438bbc8b5d5..69e705766b2 100644
--- a/oauth2/oauth2-resource-server/spring-security-oauth2-resource-server.gradle
+++ b/oauth2/oauth2-resource-server/spring-security-oauth2-resource-server.gradle
@@ -12,7 +12,7 @@ dependencies {
 	optional 'io.projectreactor:reactor-core'
 	optional 'org.springframework:spring-webflux'
 
-	provided 'javax.servlet:javax.servlet-api'
+	provided 'jakarta.servlet:jakarta.servlet-api'
 
 	testImplementation project(path: ':spring-security-oauth2-jose', configuration: 'tests')
 	testImplementation 'com.squareup.okhttp3:mockwebserver'
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationToken.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationToken.java
index 940ee7b676c..a65f5b34ed1 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationToken.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenAuthenticationToken.java
@@ -57,7 +57,7 @@ public BearerTokenAuthenticationToken(String token) {
 	 * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer
 	 * Token</a>
 	 * @return the token that proves the caller's authority to perform the
-	 * {@link javax.servlet.http.HttpServletRequest}
+	 * {@link jakarta.servlet.http.HttpServletRequest}
 	 */
 	public String getToken() {
 		return this.token;
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java
index 56b8df7bc31..8c5044b5388 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java
@@ -23,7 +23,7 @@
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.function.Predicate;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import com.nimbusds.jwt.JWTParser;
 import org.apache.commons.logging.Log;
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPoint.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPoint.java
index f28cdd2c3b4..48711ae40e2 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPoint.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPoint.java
@@ -19,8 +19,8 @@
 import java.util.LinkedHashMap;
 import java.util.Map;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilter.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilter.java
index ffa9701ad39..b0d36b116a4 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilter.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilter.java
@@ -18,10 +18,10 @@
 
 import java.io.IOException;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.core.log.LogMessage;
 import org.springframework.security.authentication.AuthenticationDetailsSource;
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenResolver.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenResolver.java
index f7bd2efd3f9..7abd174630b 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenResolver.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenResolver.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.oauth2.server.resource.web;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.java
index 34073567324..eb93ad5ed5c 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.java
@@ -19,7 +19,7 @@
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolver.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolver.java
index abbabcd8454..c05551ef6c2 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolver.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/HeaderBearerTokenResolver.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.oauth2.server.resource.web;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.util.Assert;
 
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandler.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandler.java
index 043412492f0..5c2422efe43 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandler.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandler.java
@@ -19,8 +19,8 @@
 import java.util.LinkedHashMap;
 import java.util.Map;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java
index 418ca85c0a1..e1bc8a65508 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationFilterTests.java
@@ -18,8 +18,8 @@
 
 import java.io.IOException;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/openid/spring-security-openid.gradle b/openid/spring-security-openid.gradle
index 0725b0d0a8b..badd934136d 100644
--- a/openid/spring-security-openid.gradle
+++ b/openid/spring-security-openid.gradle
@@ -23,7 +23,7 @@ dependencies {
 	api 'org.springframework:spring-core'
 	api 'org.springframework:spring-web'
 
-	provided 'javax.servlet:javax.servlet-api'
+	provided 'jakarta.servlet:jakarta.servlet-api'
 
 	runtimeOnly 'net.sourceforge.nekohtml:nekohtml'
 	runtimeOnly 'org.apache.httpcomponents:httpclient'
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
index 1316b6bf874..085999f3a9b 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
@@ -20,7 +20,7 @@
 import java.util.Collections;
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
index c0c3cffbb8a..915ff464b62 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
@@ -27,8 +27,8 @@
 import java.util.Map;
 import java.util.Set;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.openid4java.consumer.ConsumerException;
 
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java b/openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java
index 671b960bb51..a58e4ba6e41 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.openid;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 /**
  * An interface for OpenID library implementations
diff --git a/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java b/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java
index 8f4cb141bee..a4a142b0b17 100644
--- a/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java
+++ b/openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.openid;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 /**
  * @author Robin Bramley, Opsera Ltd
diff --git a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
index 678d38bc0a7..54062063a2d 100644
--- a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
+++ b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
@@ -19,9 +19,9 @@
 import java.net.URI;
 import java.util.Collections;
 
-import javax.servlet.FilterChain;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/remoting/spring-security-remoting.gradle b/remoting/spring-security-remoting.gradle
deleted file mode 100644
index adbc8baeb31..00000000000
--- a/remoting/spring-security-remoting.gradle
+++ /dev/null
@@ -1,20 +0,0 @@
-apply plugin: 'io.spring.convention.spring-module'
-
-dependencies {
-	management platform(project(":spring-security-dependencies"))
-	api project(':spring-security-core')
-	api 'org.springframework:spring-aop'
-	api 'org.springframework:spring-beans'
-	api 'org.springframework:spring-context'
-	api 'org.springframework:spring-core'
-	api 'org.springframework:spring-web'
-
-	testImplementation project(path: ':spring-security-core', configuration: 'tests')
-	testImplementation "org.assertj:assertj-core"
-	testImplementation "org.junit.jupiter:junit-jupiter-api"
-	testImplementation "org.junit.jupiter:junit-jupiter-params"
-	testImplementation "org.junit.jupiter:junit-jupiter-engine"
-	testImplementation "org.mockito:mockito-core"
-	testImplementation "org.mockito:mockito-junit-jupiter"
-	testImplementation "org.springframework:spring-test"
-}
diff --git a/remoting/src/main/java/org/springframework/security/remoting/dns/DnsEntryNotFoundException.java b/remoting/src/main/java/org/springframework/security/remoting/dns/DnsEntryNotFoundException.java
deleted file mode 100644
index 4606bbe6171..00000000000
--- a/remoting/src/main/java/org/springframework/security/remoting/dns/DnsEntryNotFoundException.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright 2009-2016 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.remoting.dns;
-
-/**
- * This will be thrown if no entry matches the specified DNS query.
- *
- * @author Mike Wiesner
- * @since 3.0
- * @deprecated as of 5.6.0 with no replacement
- */
-@Deprecated
-public class DnsEntryNotFoundException extends DnsLookupException {
-
-	private static final long serialVersionUID = -947232730426775162L;
-
-	public DnsEntryNotFoundException(String msg) {
-		super(msg);
-	}
-
-	public DnsEntryNotFoundException(String msg, Throwable cause) {
-		super(msg, cause);
-	}
-
-}
diff --git a/remoting/src/main/java/org/springframework/security/remoting/dns/DnsLookupException.java b/remoting/src/main/java/org/springframework/security/remoting/dns/DnsLookupException.java
deleted file mode 100644
index 536bf1817fd..00000000000
--- a/remoting/src/main/java/org/springframework/security/remoting/dns/DnsLookupException.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Copyright 2009-2016 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.remoting.dns;
-
-/**
- * This will be thrown for unknown DNS errors.
- *
- * @author Mike Wiesner
- * @since 3.0
- * @deprecated as of 5.6.0 with no replacement
- */
-@Deprecated
-public class DnsLookupException extends RuntimeException {
-
-	public DnsLookupException(String msg, Throwable cause) {
-		super(msg, cause);
-	}
-
-	public DnsLookupException(String msg) {
-		super(msg);
-	}
-
-}
diff --git a/remoting/src/main/java/org/springframework/security/remoting/dns/DnsResolver.java b/remoting/src/main/java/org/springframework/security/remoting/dns/DnsResolver.java
deleted file mode 100644
index ae7c19d4191..00000000000
--- a/remoting/src/main/java/org/springframework/security/remoting/dns/DnsResolver.java
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Copyright 2009-2016 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.remoting.dns;
-
-/**
- * Helper class for DNS operations.
- *
- * @author Mike Wiesner
- * @since 3.0
- * @deprecated as of 5.6.0 with no replacement
- */
-@Deprecated
-public interface DnsResolver {
-
-	/**
-	 * Resolves the IP Address (A record) to the specified host name. Throws
-	 * DnsEntryNotFoundException if there is no record.
-	 * @param hostname The hostname for which you need the IP Address
-	 * @return IP Address as a String
-	 * @throws DnsEntryNotFoundException No record found
-	 * @throws DnsLookupException Unknown DNS error
-	 */
-	String resolveIpAddress(String hostname) throws DnsEntryNotFoundException, DnsLookupException;
-
-	/**
-	 * <p>
-	 * Resolves the host name for the specified service in the specified domain
-	 *
-	 * <p>
-	 * For example, if you need the host name for an LDAP server running in the domain
-	 * springsource.com, you would call <b>resolveServiceEntry("ldap",
-	 * "springsource.com")</b>.
-	 *
-	 * <p>
-	 * The DNS server needs to provide the service records for this, in the example above,
-	 * it would look like this:
-	 *
-	 * <pre>
-	 * _ldap._tcp.springsource.com IN SRV 10 0 88 ldap.springsource.com.
-	 * </pre>
-	 *
-	 * The method will return the record with highest priority (which means the lowest
-	 * number in the DNS record) and if there are more than one records with the same
-	 * priority, it will return the one with the highest weight. You will find more
-	 * informatione about DNS service records at
-	 * <a href="https://en.wikipedia.org/wiki/SRV_record">Wikipedia</a>.
-	 * @param serviceType The service type you are searching for, e.g. ldap, kerberos, ...
-	 * @param domain The domain, in which you are searching for the service
-	 * @return The hostname of the service
-	 * @throws DnsEntryNotFoundException No record found
-	 * @throws DnsLookupException Unknown DNS error
-	 */
-	String resolveServiceEntry(String serviceType, String domain) throws DnsEntryNotFoundException, DnsLookupException;
-
-	/**
-	 * Resolves the host name for the specified service and then the IP Address for this
-	 * host in one call.
-	 * @param serviceType The service type you are searching for, e.g. ldap, kerberos, ...
-	 * @param domain The domain, in which you are searching for the service
-	 * @return IP Address of the service
-	 * @throws DnsEntryNotFoundException No record found
-	 * @throws DnsLookupException Unknown DNS error
-	 * @see #resolveServiceEntry(String, String)
-	 * @see #resolveIpAddress(String)
-	 */
-	String resolveServiceIpAddress(String serviceType, String domain)
-			throws DnsEntryNotFoundException, DnsLookupException;
-
-}
diff --git a/remoting/src/main/java/org/springframework/security/remoting/dns/InitialContextFactory.java b/remoting/src/main/java/org/springframework/security/remoting/dns/InitialContextFactory.java
deleted file mode 100644
index 264fccc4f71..00000000000
--- a/remoting/src/main/java/org/springframework/security/remoting/dns/InitialContextFactory.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright 2009-2016 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.remoting.dns;
-
-import javax.naming.directory.DirContext;
-import javax.naming.directory.InitialDirContext;
-
-/**
- * This is used in JndiDnsResolver to get an InitialDirContext for DNS queries.
- *
- * @author Mike Wiesner
- * @since 3.0
- * @see InitialDirContext
- * @see DirContext
- * @see JndiDnsResolver
- * @deprecated as of 5.6.0 with no replacement
- */
-@Deprecated
-public interface InitialContextFactory {
-
-	/**
-	 * Must return a DirContext which can be used for DNS queries
-	 * @return JNDI DirContext
-	 */
-	DirContext getCtx();
-
-}
diff --git a/remoting/src/main/java/org/springframework/security/remoting/dns/JndiDnsResolver.java b/remoting/src/main/java/org/springframework/security/remoting/dns/JndiDnsResolver.java
deleted file mode 100644
index c9024d21bd0..00000000000
--- a/remoting/src/main/java/org/springframework/security/remoting/dns/JndiDnsResolver.java
+++ /dev/null
@@ -1,215 +0,0 @@
-/*
- * Copyright 2009-2021 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.remoting.dns;
-
-import java.util.Arrays;
-import java.util.Hashtable;
-
-import javax.naming.Context;
-import javax.naming.NameNotFoundException;
-import javax.naming.NamingEnumeration;
-import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.DirContext;
-import javax.naming.directory.InitialDirContext;
-
-/**
- * Implementation of DnsResolver which uses JNDI for the DNS queries.
- *
- * Uses an <b>InitialContextFactory</b> to get the JNDI DirContext. The default
- * implementation will just create a new Context with the context factory
- * <b>com.sun.jndi.dns.DnsContextFactory</b>
- *
- * @author Mike Wiesner
- * @author Kathryn Newbould
- * @since 3.0
- * @see DnsResolver
- * @see InitialContextFactory
- * @deprecated as of 5.6.0 with no replacement
- */
-@Deprecated
-public class JndiDnsResolver implements DnsResolver {
-
-	private InitialContextFactory ctxFactory = new DefaultInitialContextFactory();
-
-	private static final int SERVICE_RECORD_PRIORITY_INDEX = 0;
-
-	private static final int SERVICE_RECORD_WEIGHT_INDEX = 1;
-
-	private static final int SERVICE_RECORD_PORT_INDEX = 2;
-
-	private static final int SERVICE_RECORD_TARGET_INDEX = 3;
-
-	/**
-	 * Allows to inject an own JNDI context factory.
-	 * @param ctxFactory factory to use, when a DirContext is needed
-	 * @see InitialDirContext
-	 * @see DirContext
-	 */
-	public void setCtxFactory(InitialContextFactory ctxFactory) {
-		this.ctxFactory = ctxFactory;
-	}
-
-	@Override
-	public String resolveIpAddress(String hostname) {
-		return resolveIpAddress(hostname, this.ctxFactory.getCtx());
-	}
-
-	@Override
-	public String resolveServiceEntry(String serviceType, String domain) {
-		return resolveServiceEntry(serviceType, domain, this.ctxFactory.getCtx()).getHostName();
-	}
-
-	@Override
-	public String resolveServiceIpAddress(String serviceType, String domain) {
-		DirContext ctx = this.ctxFactory.getCtx();
-		String hostname = resolveServiceEntry(serviceType, domain, ctx).getHostName();
-		return resolveIpAddress(hostname, ctx);
-	}
-
-	/**
-	 * Resolves the host name for the specified service and then the IP Address and port
-	 * for this host in one call.
-	 * @param serviceType The service type you are searching for, e.g. ldap, kerberos, ...
-	 * @param domain The domain, in which you are searching for the service
-	 * @return IP address and port of the service, formatted [ip_address]:[port]
-	 * @throws DnsEntryNotFoundException No record found
-	 * @throws DnsLookupException Unknown DNS error
-	 * @since 5.6
-	 * @see #resolveServiceEntry(String, String)
-	 * @see #resolveServiceIpAddress(String, String)
-	 */
-	public String resolveServiceIpAddressAndPort(String serviceType, String domain) {
-		DirContext ctx = this.ctxFactory.getCtx();
-		ConnectionInfo hostInfo = resolveServiceEntry(serviceType, domain, ctx);
-		return resolveIpAddress(hostInfo.getHostName(), ctx) + ":" + hostInfo.getPort();
-	}
-
-	// This method is needed, so that we can use only one DirContext for
-	// resolveServiceIpAddress().
-	private String resolveIpAddress(String hostname, DirContext ctx) {
-		try {
-			Attribute dnsRecord = lookup(hostname, ctx, "A");
-			// There should be only one A record, therefore it is save to return
-			// only the first.
-			return dnsRecord.get().toString();
-		}
-		catch (NamingException ex) {
-			throw new DnsLookupException("DNS lookup failed for: " + hostname, ex);
-		}
-
-	}
-
-	// This method is needed, so that we can use only one DirContext for
-	// resolveServiceIpAddress().
-	private ConnectionInfo resolveServiceEntry(String serviceType, String domain, DirContext ctx) {
-		String target = null;
-		String port = null;
-		try {
-			String query = new StringBuilder("_").append(serviceType).append("._tcp.").append(domain).toString();
-			Attribute dnsRecord = lookup(query, ctx, "SRV");
-			// There are maybe more records defined, we will return the one
-			// with the highest priority (lowest number) and the highest weight
-			// (highest number)
-			int highestPriority = -1;
-			int highestWeight = -1;
-			for (NamingEnumeration<?> recordEnum = dnsRecord.getAll(); recordEnum.hasMoreElements();) {
-				String[] record = recordEnum.next().toString().split(" ");
-				if (record.length != 4) {
-					throw new DnsLookupException(
-							"Wrong service record for query " + query + ": [" + Arrays.toString(record) + "]");
-				}
-				int priority = Integer.parseInt(record[SERVICE_RECORD_PRIORITY_INDEX]);
-				int weight = Integer.parseInt(record[SERVICE_RECORD_WEIGHT_INDEX]);
-				// we have a new highest Priority, so forget also the highest weight
-				if (priority < highestPriority || highestPriority == -1) {
-					highestPriority = priority;
-					highestWeight = weight;
-					target = record[SERVICE_RECORD_TARGET_INDEX].trim();
-					port = record[SERVICE_RECORD_PORT_INDEX].trim();
-				}
-				// same priority, but higher weight
-				if (priority == highestPriority && weight > highestWeight) {
-					highestWeight = weight;
-					target = record[SERVICE_RECORD_TARGET_INDEX].trim();
-					port = record[SERVICE_RECORD_PORT_INDEX].trim();
-				}
-			}
-		}
-		catch (NamingException ex) {
-			throw new DnsLookupException("DNS lookup failed for service " + serviceType + " at " + domain, ex);
-		}
-		// remove the "." at the end
-		if (target.endsWith(".")) {
-			target = target.substring(0, target.length() - 1);
-		}
-		return new ConnectionInfo(target, port);
-	}
-
-	private Attribute lookup(String query, DirContext ictx, String recordType) {
-		try {
-			Attributes dnsResult = ictx.getAttributes(query, new String[] { recordType });
-			return dnsResult.get(recordType);
-		}
-		catch (NamingException ex) {
-			if (ex instanceof NameNotFoundException) {
-				throw new DnsEntryNotFoundException("DNS entry not found for:" + query, ex);
-			}
-			throw new DnsLookupException("DNS lookup failed for: " + query, ex);
-		}
-	}
-
-	private static class DefaultInitialContextFactory implements InitialContextFactory {
-
-		@Override
-		public DirContext getCtx() {
-			Hashtable<String, String> env = new Hashtable<>();
-			env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.dns.DnsContextFactory");
-			env.put(Context.PROVIDER_URL, "dns:"); // This is needed for IBM JDK/JRE
-			try {
-				return new InitialDirContext(env);
-			}
-			catch (NamingException ex) {
-				throw new DnsLookupException("Cannot create InitialDirContext for DNS lookup", ex);
-			}
-		}
-
-	}
-
-	private static class ConnectionInfo {
-
-		private final String hostName;
-
-		private final String port;
-
-		ConnectionInfo(String hostName, String port) {
-			this.hostName = hostName;
-			this.port = port;
-		}
-
-		String getHostName() {
-			return this.hostName;
-		}
-
-		String getPort() {
-			return this.port;
-		}
-
-	}
-
-}
diff --git a/remoting/src/main/java/org/springframework/security/remoting/dns/package-info.java b/remoting/src/main/java/org/springframework/security/remoting/dns/package-info.java
deleted file mode 100644
index 6f8c8a3f9bb..00000000000
--- a/remoting/src/main/java/org/springframework/security/remoting/dns/package-info.java
+++ /dev/null
@@ -1,20 +0,0 @@
-/*
- * Copyright 2002-2016 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/**
- * DNS resolution.
- */
-package org.springframework.security.remoting.dns;
diff --git a/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutor.java b/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutor.java
deleted file mode 100644
index a7dba3e4ea8..00000000000
--- a/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutor.java
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.remoting.httpinvoker;
-
-import java.io.IOException;
-import java.net.HttpURLConnection;
-import java.util.Base64;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import org.springframework.remoting.httpinvoker.SimpleHttpInvokerRequestExecutor;
-import org.springframework.security.authentication.AuthenticationTrustResolver;
-import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-
-/**
- * Adds BASIC authentication support to <code>SimpleHttpInvokerRequestExecutor</code>.
- *
- * @author Ben Alex
- * @author Rob Winch
- * @deprecated as of 5.6.0 with no replacement
- */
-@Deprecated
-public class AuthenticationSimpleHttpInvokerRequestExecutor extends SimpleHttpInvokerRequestExecutor {
-
-	private static final Log logger = LogFactory.getLog(AuthenticationSimpleHttpInvokerRequestExecutor.class);
-
-	private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
-
-	/**
-	 * Provided so subclasses can perform additional configuration if required (eg set
-	 * additional request headers for non-security related information etc).
-	 * @param con the HTTP connection to prepare
-	 * @param contentLength the length of the content to send
-	 *
-	 */
-	protected void doPrepareConnection(HttpURLConnection con, int contentLength) throws IOException {
-	}
-
-	/**
-	 * Called every time a HTTP invocation is made.
-	 * <p>
-	 * Simply allows the parent to setup the connection, and then adds an
-	 * <code>Authorization</code> HTTP header property that will be used for BASIC
-	 * authentication.
-	 * </p>
-	 * <p>
-	 * The <code>SecurityContextHolder</code> is used to obtain the relevant principal and
-	 * credentials.
-	 * </p>
-	 * @param con the HTTP connection to prepare
-	 * @param contentLength the length of the content to send
-	 * @throws IOException if thrown by HttpURLConnection methods
-	 */
-	@Override
-	protected void prepareConnection(HttpURLConnection con, int contentLength) throws IOException {
-		super.prepareConnection(con, contentLength);
-
-		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
-
-		if ((auth != null) && (auth.getName() != null) && (auth.getCredentials() != null)
-				&& !this.trustResolver.isAnonymous(auth)) {
-			String base64 = auth.getName() + ":" + auth.getCredentials().toString();
-			con.setRequestProperty("Authorization",
-					"Basic " + new String(Base64.getEncoder().encode(base64.getBytes())));
-
-			if (logger.isDebugEnabled()) {
-				logger.debug("HttpInvocation now presenting via BASIC authentication SecurityContextHolder-derived: "
-						+ auth.toString());
-			}
-		}
-		else {
-			if (logger.isDebugEnabled()) {
-				logger.debug("Unable to set BASIC authentication header as SecurityContext did not provide "
-						+ "valid Authentication: " + auth);
-			}
-		}
-
-		doPrepareConnection(con, contentLength);
-	}
-
-}
diff --git a/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/package-info.java b/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/package-info.java
deleted file mode 100644
index cd052eba4d6..00000000000
--- a/remoting/src/main/java/org/springframework/security/remoting/httpinvoker/package-info.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * Copyright 2002-2016 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/**
- * Enables use of Spring's <code>HttpInvoker</code> extension points to present the
- * <code>principal</code> and <code>credentials</code> located in the
- * <code>ContextHolder</code> via BASIC authentication.
- * <p>
- * The beans are wired as follows:
- *
- * <pre>
- * &lt;bean id="test" class="org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean"&gt;
- *   &lt;property name="serviceUrl"&gt;&lt;value&gt;http://localhost/Test&lt;/value&gt;&lt;/property&gt;
- *   &lt;property name="serviceInterface"&gt;&lt;value&gt;test.TargetInterface&lt;/value&gt;&lt;/property&gt;
- *   &lt;property name="httpInvokerRequestExecutor"&gt;&lt;ref bean="httpInvokerRequestExecutor"/&gt;&lt;/property&gt;
- * &lt;/bean&gt;
- *
- * &lt;bean id="httpInvokerRequestExecutor"
- *     class="org.springframework.security.core.context.httpinvoker.AuthenticationSimpleHttpInvokerRequestExecutor"/&gt;
- * </pre>
- */
-package org.springframework.security.remoting.httpinvoker;
diff --git a/remoting/src/main/java/org/springframework/security/remoting/package-info.java b/remoting/src/main/java/org/springframework/security/remoting/package-info.java
deleted file mode 100644
index 1439310acb2..00000000000
--- a/remoting/src/main/java/org/springframework/security/remoting/package-info.java
+++ /dev/null
@@ -1,20 +0,0 @@
-/*
- * Copyright 2002-2016 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/**
- * Remote client related functionality.
- */
-package org.springframework.security.remoting;
diff --git a/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java b/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java
deleted file mode 100644
index a6f526909ed..00000000000
--- a/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.remoting.rmi;
-
-import java.lang.reflect.InvocationTargetException;
-
-import org.aopalliance.intercept.MethodInvocation;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import org.springframework.core.log.LogMessage;
-import org.springframework.remoting.support.RemoteInvocation;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.SpringSecurityCoreVersion;
-import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.core.context.SecurityContextHolder;
-
-/**
- * The actual {@code RemoteInvocation} that is passed from the client to the server.
- * <p>
- * The principal and credentials information will be extracted from the current security
- * context and passed to the server as part of the invocation object.
- * <p>
- * To avoid potential serialization-based attacks, this implementation interprets the
- * values as {@code String}s and creates a {@code UsernamePasswordAuthenticationToken} on
- * the server side to hold them. If a different token type is required you can override
- * the {@code createAuthenticationRequest} method.
- *
- * @author James Monaghan
- * @author Ben Alex
- * @author Luke Taylor
- * @deprecated as of 5.6.0 with no replacement
- */
-@Deprecated
-public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
-
-	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
-
-	private static final Log logger = LogFactory.getLog(ContextPropagatingRemoteInvocation.class);
-
-	private final String principal;
-
-	private final String credentials;
-
-	/**
-	 * Constructs the object, storing the principal and credentials extracted from the
-	 * client-side security context.
-	 * @param methodInvocation the method to invoke
-	 */
-	public ContextPropagatingRemoteInvocation(MethodInvocation methodInvocation) {
-		super(methodInvocation);
-		Authentication currentUser = SecurityContextHolder.getContext().getAuthentication();
-		if (currentUser != null) {
-			this.principal = currentUser.getName();
-			Object userCredentials = currentUser.getCredentials();
-			this.credentials = (userCredentials != null) ? userCredentials.toString() : null;
-		}
-		else {
-			this.credentials = null;
-			this.principal = null;
-		}
-		if (logger.isDebugEnabled()) {
-			logger.debug("RemoteInvocation now has principal: " + this.principal);
-			if (this.credentials == null) {
-				logger.debug("RemoteInvocation now has null credentials.");
-			}
-		}
-	}
-
-	/**
-	 * Invoked on the server-side.
-	 * <p>
-	 * The transmitted principal and credentials will be used to create an unauthenticated
-	 * {@code Authentication} instance for processing by the
-	 * {@code AuthenticationManager}.
-	 * @param targetObject the target object to apply the invocation to
-	 * @return the invocation result
-	 * @throws NoSuchMethodException if the method name could not be resolved
-	 * @throws IllegalAccessException if the method could not be accessed
-	 * @throws InvocationTargetException if the method invocation resulted in an exception
-	 */
-	@Override
-	public Object invoke(Object targetObject)
-			throws NoSuchMethodException, IllegalAccessException, InvocationTargetException {
-		if (this.principal != null) {
-			Authentication request = createAuthenticationRequest(this.principal, this.credentials);
-			request.setAuthenticated(false);
-			SecurityContext context = SecurityContextHolder.createEmptyContext();
-			context.setAuthentication(request);
-			SecurityContextHolder.setContext(context);
-			logger.debug(LogMessage.format("Set SecurityContextHolder to contain: %s", request));
-		}
-		try {
-			return super.invoke(targetObject);
-		}
-		finally {
-			SecurityContextHolder.clearContext();
-			logger.debug("Cleared SecurityContextHolder.");
-		}
-	}
-
-	/**
-	 * Creates the server-side authentication request object.
-	 */
-	protected Authentication createAuthenticationRequest(String principal, String credentials) {
-		return new UsernamePasswordAuthenticationToken(principal, credentials);
-	}
-
-}
diff --git a/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationFactory.java b/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationFactory.java
deleted file mode 100644
index 077832a287f..00000000000
--- a/remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationFactory.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.remoting.rmi;
-
-import org.aopalliance.intercept.MethodInvocation;
-
-import org.springframework.remoting.support.RemoteInvocation;
-import org.springframework.remoting.support.RemoteInvocationFactory;
-
-/**
- * Called by a client-side instance of
- * <code>org.springframework.remoting.rmi.RmiProxyFactoryBean</code> when it wishes to
- * create a remote invocation.
- * <P>
- * Set an instance of this bean against the above class'
- * <code>remoteInvocationFactory</code> property.
- * </p>
- *
- * @author James Monaghan
- * @author Ben Alex
- * @deprecated as of 5.6.0 with no replacement
- */
-@Deprecated
-public class ContextPropagatingRemoteInvocationFactory implements RemoteInvocationFactory {
-
-	@Override
-	public RemoteInvocation createRemoteInvocation(MethodInvocation methodInvocation) {
-		return new ContextPropagatingRemoteInvocation(methodInvocation);
-	}
-
-}
diff --git a/remoting/src/main/java/org/springframework/security/remoting/rmi/package-info.java b/remoting/src/main/java/org/springframework/security/remoting/rmi/package-info.java
deleted file mode 100644
index ead4d448637..00000000000
--- a/remoting/src/main/java/org/springframework/security/remoting/rmi/package-info.java
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Copyright 2002-2016 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/**
- * Enables use of Spring's RMI remoting extension points to propagate the
- * <code>SecurityContextHolder</code> (which should contain an <code>Authentication</code>
- * request token) from one JVM to the remote JVM.
- * <p>
- * The beans are wired as follows: <pre>
- * &lt;bean id="test" class="org.springframework.remoting.rmi.RmiProxyFactoryBean"&gt;
- *   &lt;property name="serviceUrl"&gt;&lt;value&gt;rmi://localhost/Test&lt;/value&gt;&lt;/property&gt;
- *   &lt;property name="serviceInterface"&gt;&lt;value&gt;test.TargetInterface&lt;/value&gt;&lt;/property&gt;
- *   &lt;property name="refreshStubOnConnectFailure"&gt;&lt;value&gt;true&lt;/value&gt;&lt;/property&gt;
- *   &lt;property name="remoteInvocationFactory"&gt;&lt;ref bean="remoteInvocationFactory"/&gt;&lt;/property&gt;
- * &lt;/bean&gt;
- *
- * &lt;bean id="remoteInvocationFactory"
- *     class="org.springframework.security.remoting.rmi.ContextPropagatingRemoteInvocationFactory"/&gt;
- * </pre>
- */
-package org.springframework.security.remoting.rmi;
diff --git a/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java b/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java
deleted file mode 100644
index 3056c87f77f..00000000000
--- a/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Copyright 2009-2021 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.remoting.dns;
-
-import javax.naming.NameNotFoundException;
-import javax.naming.NamingException;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.BasicAttribute;
-import javax.naming.directory.BasicAttributes;
-import javax.naming.directory.DirContext;
-
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.BDDMockito.given;
-import static org.mockito.Mockito.mock;
-
-/**
- * @author Mike Wiesner
- * @since 3.0
- */
-public class JndiDnsResolverTests {
-
-	private JndiDnsResolver dnsResolver;
-
-	private InitialContextFactory contextFactory;
-
-	private DirContext context;
-
-	@BeforeEach
-	public void setup() {
-		this.contextFactory = mock(InitialContextFactory.class);
-		this.context = mock(DirContext.class);
-		this.dnsResolver = new JndiDnsResolver();
-		this.dnsResolver.setCtxFactory(this.contextFactory);
-		given(this.contextFactory.getCtx()).willReturn(this.context);
-	}
-
-	@Test
-	public void testResolveIpAddress() throws Exception {
-		Attributes records = new BasicAttributes("A", "63.246.7.80");
-		given(this.context.getAttributes("www.springsource.com", new String[] { "A" })).willReturn(records);
-		String ipAddress = this.dnsResolver.resolveIpAddress("www.springsource.com");
-		assertThat(ipAddress).isEqualTo("63.246.7.80");
-	}
-
-	@Test
-	public void testResolveIpAddressNotExisting() throws Exception {
-		given(this.context.getAttributes(any(String.class), any(String[].class)))
-				.willThrow(new NameNotFoundException("not found"));
-		assertThatExceptionOfType(DnsEntryNotFoundException.class)
-				.isThrownBy(() -> this.dnsResolver.resolveIpAddress("notexisting.ansdansdugiuzgguzgioansdiandwq.foo"));
-	}
-
-	@Test
-	public void testResolveServiceEntry() throws Exception {
-		BasicAttributes records = createSrvRecords();
-		given(this.context.getAttributes("_ldap._tcp.springsource.com", new String[] { "SRV" })).willReturn(records);
-		String hostname = this.dnsResolver.resolveServiceEntry("ldap", "springsource.com");
-		assertThat(hostname).isEqualTo("kdc.springsource.com");
-	}
-
-	@Test
-	public void testResolveServiceEntryNotExisting() throws Exception {
-		given(this.context.getAttributes(any(String.class), any(String[].class)))
-				.willThrow(new NameNotFoundException("not found"));
-		assertThatExceptionOfType(DnsEntryNotFoundException.class)
-				.isThrownBy(() -> this.dnsResolver.resolveServiceEntry("wrong", "secpod.de"));
-	}
-
-	@Test
-	public void testResolveServiceIpAddress() throws Exception {
-		BasicAttributes srvRecords = createSrvRecords();
-		BasicAttributes aRecords = new BasicAttributes("A", "63.246.7.80");
-		given(this.context.getAttributes("_ldap._tcp.springsource.com", new String[] { "SRV" })).willReturn(srvRecords);
-		given(this.context.getAttributes("kdc.springsource.com", new String[] { "A" })).willReturn(aRecords);
-		String ipAddress = this.dnsResolver.resolveServiceIpAddress("ldap", "springsource.com");
-		assertThat(ipAddress).isEqualTo("63.246.7.80");
-	}
-
-	@Test
-	public void resolveServiceIpAddressAndPortWhenExistsThenReturnsIpAddressAndPort() throws Exception {
-		BasicAttributes srvRecords = createSrvRecords();
-		BasicAttributes aRecords = new BasicAttributes("A", "63.246.7.80");
-		given(this.context.getAttributes("_ldap._tcp.springsource.com", new String[] { "SRV" })).willReturn(srvRecords);
-		given(this.context.getAttributes("kdc.springsource.com", new String[] { "A" })).willReturn(aRecords);
-		String ipAddressAndPort = this.dnsResolver.resolveServiceIpAddressAndPort("ldap", "springsource.com");
-		assertThat(ipAddressAndPort).isEqualTo("63.246.7.80:389");
-	}
-
-	@Test
-	public void testUnknowError() throws Exception {
-		given(this.context.getAttributes(any(String.class), any(String[].class)))
-				.willThrow(new NamingException("error"));
-		assertThatExceptionOfType(DnsLookupException.class).isThrownBy(() -> this.dnsResolver.resolveIpAddress(""));
-	}
-
-	private BasicAttributes createSrvRecords() {
-		BasicAttributes records = new BasicAttributes();
-		BasicAttribute record = new BasicAttribute("SRV");
-		// the structure of the service records is:
-		// priority weight port hostname
-		// for more information: https://en.wikipedia.org/wiki/SRV_record
-		record.add("20 80 389 kdc3.springsource.com.");
-		record.add("10 70 389 kdc.springsource.com.");
-		record.add("20 20 389 kdc4.springsource.com.");
-		record.add("10 30 389 kdc2.springsource.com");
-		records.put(record);
-		return records;
-	}
-
-}
diff --git a/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java b/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java
deleted file mode 100644
index 859ded84727..00000000000
--- a/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.remoting.httpinvoker;
-
-import java.net.HttpURLConnection;
-import java.net.URL;
-import java.util.HashMap;
-import java.util.Map;
-
-import org.junit.jupiter.api.AfterEach;
-import org.junit.jupiter.api.Test;
-
-import org.springframework.security.authentication.AnonymousAuthenticationToken;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.authority.AuthorityUtils;
-import org.springframework.security.core.context.SecurityContextHolder;
-
-import static org.assertj.core.api.Assertions.assertThat;
-
-/**
- * Tests {@link AuthenticationSimpleHttpInvokerRequestExecutor}.
- *
- * @author Ben Alex
- * @author Rob Winch
- */
-public class AuthenticationSimpleHttpInvokerRequestExecutorTests {
-
-	@AfterEach
-	public void tearDown() {
-		SecurityContextHolder.clearContext();
-	}
-
-	@Test
-	public void testNormalOperation() throws Exception {
-		// Setup client-side context
-		Authentication clientSideAuthentication = new UsernamePasswordAuthenticationToken("Aladdin", "open sesame");
-		SecurityContextHolder.getContext().setAuthentication(clientSideAuthentication);
-		// Create a connection and ensure our executor sets its
-		// properties correctly
-		AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor();
-		HttpURLConnection conn = new MockHttpURLConnection(new URL("https://localhost/"));
-		executor.prepareConnection(conn, 10);
-		// Check connection properties
-		// See https://tools.ietf.org/html/rfc1945 section 11.1 for example
-		// we are comparing against
-		assertThat(conn.getRequestProperty("Authorization")).isEqualTo("Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==");
-	}
-
-	@Test
-	public void testNullContextHolderIsNull() throws Exception {
-		SecurityContextHolder.getContext().setAuthentication(null);
-		// Create a connection and ensure our executor sets its
-		// properties correctly
-		AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor();
-		HttpURLConnection conn = new MockHttpURLConnection(new URL("https://localhost/"));
-		executor.prepareConnection(conn, 10);
-		// Check connection properties (shouldn't be an Authorization header)
-		assertThat(conn.getRequestProperty("Authorization")).isNull();
-	}
-
-	// SEC-1975
-	@Test
-	public void testNullContextHolderWhenAnonymous() throws Exception {
-		AnonymousAuthenticationToken anonymous = new AnonymousAuthenticationToken("key", "principal",
-				AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
-		SecurityContextHolder.getContext().setAuthentication(anonymous);
-		// Create a connection and ensure our executor sets its
-		// properties correctly
-		AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor();
-		HttpURLConnection conn = new MockHttpURLConnection(new URL("https://localhost/"));
-		executor.prepareConnection(conn, 10);
-		// Check connection properties (shouldn't be an Authorization header)
-		assertThat(conn.getRequestProperty("Authorization")).isNull();
-	}
-
-	private class MockHttpURLConnection extends HttpURLConnection {
-
-		private Map<String, String> requestProperties = new HashMap<>();
-
-		MockHttpURLConnection(URL u) {
-			super(u);
-		}
-
-		@Override
-		public void connect() {
-			throw new UnsupportedOperationException("mock not implemented");
-		}
-
-		@Override
-		public void disconnect() {
-			throw new UnsupportedOperationException("mock not implemented");
-		}
-
-		@Override
-		public String getRequestProperty(String key) {
-			return this.requestProperties.get(key);
-		}
-
-		@Override
-		public void setRequestProperty(String key, String value) {
-			this.requestProperties.put(key, value);
-		}
-
-		@Override
-		public boolean usingProxy() {
-			throw new UnsupportedOperationException("mock not implemented");
-		}
-
-	}
-
-}
diff --git a/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java b/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java
deleted file mode 100644
index ed37bc00a9e..00000000000
--- a/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.remoting.rmi;
-
-import java.lang.reflect.Method;
-
-import org.aopalliance.intercept.MethodInvocation;
-import org.junit.jupiter.api.AfterEach;
-import org.junit.jupiter.api.Test;
-
-import org.springframework.security.TargetObject;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.util.SimpleMethodInvocation;
-import org.springframework.test.util.ReflectionTestUtils;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
-
-/**
- * Tests {@link ContextPropagatingRemoteInvocation} and
- * {@link ContextPropagatingRemoteInvocationFactory}.
- *
- * @author Ben Alex
- */
-public class ContextPropagatingRemoteInvocationTests {
-
-	@AfterEach
-	public void tearDown() {
-		SecurityContextHolder.clearContext();
-	}
-
-	private ContextPropagatingRemoteInvocation getRemoteInvocation() throws Exception {
-		Class<TargetObject> clazz = TargetObject.class;
-		Method method = clazz.getMethod("makeLowerCase", new Class[] { String.class });
-		MethodInvocation mi = new SimpleMethodInvocation(new TargetObject(), method, "SOME_STRING");
-		ContextPropagatingRemoteInvocationFactory factory = new ContextPropagatingRemoteInvocationFactory();
-		return (ContextPropagatingRemoteInvocation) factory.createRemoteInvocation(mi);
-	}
-
-	@Test
-	public void testContextIsResetEvenIfExceptionOccurs() throws Exception {
-		// Setup client-side context
-		Authentication clientSideAuthentication = new UsernamePasswordAuthenticationToken("rod", "koala");
-		SecurityContextHolder.getContext().setAuthentication(clientSideAuthentication);
-		ContextPropagatingRemoteInvocation remoteInvocation = getRemoteInvocation();
-		// Set up the wrong arguments.
-		remoteInvocation.setArguments(new Object[] {});
-		assertThatIllegalArgumentException()
-				.isThrownBy(() -> remoteInvocation.invoke(TargetObject.class.newInstance()));
-		assertThat(SecurityContextHolder.getContext().getAuthentication())
-				.withFailMessage("Authentication must be null").isNull();
-	}
-
-	@Test
-	public void testNormalOperation() throws Exception {
-		// Setup client-side context
-		Authentication clientSideAuthentication = new UsernamePasswordAuthenticationToken("rod", "koala");
-		SecurityContextHolder.getContext().setAuthentication(clientSideAuthentication);
-		ContextPropagatingRemoteInvocation remoteInvocation = getRemoteInvocation();
-		// Set to null, as ContextPropagatingRemoteInvocation already obtained
-		// a copy and nulling is necessary to ensure the Context delivered by
-		// ContextPropagatingRemoteInvocation is used on server-side
-		SecurityContextHolder.clearContext();
-		// The result from invoking the TargetObject should contain the
-		// Authentication class delivered via the SecurityContextHolder
-		assertThat(remoteInvocation.invoke(new TargetObject())).isEqualTo(
-				"some_string org.springframework.security.authentication.UsernamePasswordAuthenticationToken false");
-	}
-
-	@Test
-	public void testNullContextHolderDoesNotCauseInvocationProblems() throws Exception {
-		SecurityContextHolder.clearContext(); // just to be explicit
-		ContextPropagatingRemoteInvocation remoteInvocation = getRemoteInvocation();
-		SecurityContextHolder.clearContext(); // unnecessary, but for
-												// explicitness
-		assertThat(remoteInvocation.invoke(new TargetObject())).isEqualTo("some_string Authentication empty");
-	}
-
-	// SEC-1867
-	@Test
-	public void testNullCredentials() throws Exception {
-		Authentication clientSideAuthentication = new UsernamePasswordAuthenticationToken("rod", null);
-		SecurityContextHolder.getContext().setAuthentication(clientSideAuthentication);
-		ContextPropagatingRemoteInvocation remoteInvocation = getRemoteInvocation();
-		assertThat(ReflectionTestUtils.getField(remoteInvocation, "credentials")).isNull();
-	}
-
-}
diff --git a/remoting/src/test/resources/logback-test.xml b/remoting/src/test/resources/logback-test.xml
deleted file mode 100644
index 2d51ba4180a..00000000000
--- a/remoting/src/test/resources/logback-test.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<configuration>
-	<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
-	<encoder>
-		<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
-	</encoder>
-	</appender>
-
-	<logger name="org.springframework.security" level="${sec.log.level:-WARN}"/>
-
-
-	<root level="${root.level:-WARN}">
-	<appender-ref ref="STDOUT" />
-	</root>
-
-</configuration>
diff --git a/saml2/saml2-service-provider/spring-security-saml2-service-provider.gradle b/saml2/saml2-service-provider/spring-security-saml2-service-provider.gradle
index 5bcc457a617..f3a452af944 100644
--- a/saml2/saml2-service-provider/spring-security-saml2-service-provider.gradle
+++ b/saml2/saml2-service-provider/spring-security-saml2-service-provider.gradle
@@ -36,8 +36,8 @@ configurations {
 }
 
 compileOpensaml4MainJava {
-	sourceCompatibility = '11'
-	targetCompatibility = '11'
+	sourceCompatibility = JavaVersion.VERSION_17
+	targetCompatibility = JavaVersion.VERSION_17
 }
 
 dependencies {
@@ -50,7 +50,7 @@ dependencies {
 	opensaml4MainImplementation "org.opensaml:opensaml-saml-api:4.1.0"
 	opensaml4MainImplementation "org.opensaml:opensaml-saml-impl:4.1.0"
 
-	provided 'javax.servlet:javax.servlet-api'
+	provided 'jakarta.servlet:jakarta.servlet-api'
 
 	testImplementation 'com.squareup.okhttp3:mockwebserver'
 	testImplementation "org.assertj:assertj-core"
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlVerificationUtils.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlVerificationUtils.java
index 5b8d0295874..68eb33d1c38 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlVerificationUtils.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlVerificationUtils.java
@@ -22,7 +22,7 @@
 import java.util.HashSet;
 import java.util.Set;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
 import org.opensaml.core.criterion.EntityIdCriterion;
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilter.java
index 0d5a018c361..708af40cb6e 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilter.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.saml2.provider.service.servlet.filter;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.Authentication;
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java
index 8eea145fe37..1d47d544e1e 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java
@@ -19,10 +19,10 @@
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.opensaml.core.Version;
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java
index cc5f77c318d..6bcd6fcb086 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java
@@ -20,7 +20,7 @@
 import java.util.Map;
 import java.util.function.Function;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolver.java
index 0a72ea5e7c9..0eeb10cb9e8 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolver.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolver.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.saml2.provider.service.web;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/HttpSessionSaml2AuthenticationRequestRepository.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/HttpSessionSaml2AuthenticationRequestRepository.java
index 3727b22105c..56a3e03c80f 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/HttpSessionSaml2AuthenticationRequestRepository.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/HttpSessionSaml2AuthenticationRequestRepository.java
@@ -16,9 +16,9 @@
 
 package org.springframework.security.saml2.provider.service.web;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/RelyingPartyRegistrationResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/RelyingPartyRegistrationResolver.java
index d9e5e0eb14f..bb78a8e72ca 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/RelyingPartyRegistrationResolver.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/RelyingPartyRegistrationResolver.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.saml2.provider.service.web;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationRequestContextResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationRequestContextResolver.java
index 233d93b23d4..5b3ec081f10 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationRequestContextResolver.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationRequestContextResolver.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.saml2.provider.service.web;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestContext;
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationRequestRepository.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationRequestRepository.java
index 585a8ae90a9..98a7157f387 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationRequestRepository.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationRequestRepository.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.saml2.provider.service.web;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java
index b100957d78b..a4ac1eadd40 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java
@@ -22,7 +22,7 @@
 import java.util.zip.Inflater;
 import java.util.zip.InflaterOutputStream;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.apache.commons.codec.CodecPolicy;
 import org.apache.commons.codec.binary.Base64;
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java
index f01ce2d4301..9aa6fae5e4b 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java
@@ -20,10 +20,10 @@
 import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.http.HttpHeaders;
@@ -36,7 +36,7 @@
 import org.springframework.web.filter.OncePerRequestFilter;
 
 /**
- * A {@link javax.servlet.Filter} that returns the metadata for a Relying Party
+ * A {@link jakarta.servlet.Filter} that returns the metadata for a Relying Party
  *
  * @author Jakub Kubrynski
  * @author Josh Cummings
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/HttpSessionLogoutRequestRepository.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/HttpSessionLogoutRequestRepository.java
index 79e4e45293e..2f41cc1002d 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/HttpSessionLogoutRequestRepository.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/HttpSessionLogoutRequestRepository.java
@@ -18,9 +18,9 @@
 
 import java.security.MessageDigest;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.springframework.security.crypto.codec.Utf8;
 import org.springframework.security.saml2.core.Saml2ParameterNames;
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSamlLogoutRequestResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSamlLogoutRequestResolver.java
index 5a5e64c6e37..237f6955114 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSamlLogoutRequestResolver.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSamlLogoutRequestResolver.java
@@ -20,7 +20,7 @@
 import java.util.UUID;
 import java.util.function.BiConsumer;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import net.shibboleth.utilities.java.support.xml.SerializeSupport;
 import org.apache.commons.logging.Log;
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSamlLogoutResponseResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSamlLogoutResponseResolver.java
index 935fb1febf5..a4bbecf2a1e 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSamlLogoutResponseResolver.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSamlLogoutResponseResolver.java
@@ -21,7 +21,7 @@
 import java.util.UUID;
 import java.util.function.BiConsumer;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import net.shibboleth.utilities.java.support.xml.ParserPool;
 import net.shibboleth.utilities.java.support.xml.SerializeSupport;
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutRequestFilter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutRequestFilter.java
index 619a0ef8895..5c7d58e3a46 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutRequestFilter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutRequestFilter.java
@@ -20,10 +20,10 @@
 import java.nio.charset.StandardCharsets;
 import java.util.function.Function;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutRequestRepository.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutRequestRepository.java
index f977ce84b84..d3d82e0ea8b 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutRequestRepository.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutRequestRepository.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.saml2.provider.service.web.authentication.logout;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest;
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutRequestResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutRequestResolver.java
index d4b5e4e3b27..c0a8d850fa1 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutRequestResolver.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutRequestResolver.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.saml2.provider.service.web.authentication.logout;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest;
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutResponseFilter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutResponseFilter.java
index 83b4c8eccd4..18868f7681f 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutResponseFilter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutResponseFilter.java
@@ -18,10 +18,10 @@
 
 import java.io.IOException;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutResponseResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutResponseResolver.java
index a47b39f8eb0..84cf038af9b 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutResponseResolver.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutResponseResolver.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.saml2.provider.service.web.authentication.logout;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse;
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2RelyingPartyInitiatedLogoutSuccessHandler.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2RelyingPartyInitiatedLogoutSuccessHandler.java
index 8d8b1f204f6..ff6d7020fec 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2RelyingPartyInitiatedLogoutSuccessHandler.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2RelyingPartyInitiatedLogoutSuccessHandler.java
@@ -20,8 +20,8 @@
 import java.nio.charset.StandardCharsets;
 import java.util.function.Function;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/saml2/saml2-service-provider/src/opensaml3Main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml3LogoutRequestResolver.java b/saml2/saml2-service-provider/src/opensaml3Main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml3LogoutRequestResolver.java
index 7469c0a778f..5e3e37c9a42 100644
--- a/saml2/saml2-service-provider/src/opensaml3Main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml3LogoutRequestResolver.java
+++ b/saml2/saml2-service-provider/src/opensaml3Main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml3LogoutRequestResolver.java
@@ -19,7 +19,7 @@
 import java.time.Clock;
 import java.util.function.Consumer;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.joda.time.DateTime;
 import org.opensaml.saml.saml2.core.LogoutRequest;
diff --git a/saml2/saml2-service-provider/src/opensaml3Main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml3LogoutResponseResolver.java b/saml2/saml2-service-provider/src/opensaml3Main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml3LogoutResponseResolver.java
index aded12b4286..49941bc93e3 100644
--- a/saml2/saml2-service-provider/src/opensaml3Main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml3LogoutResponseResolver.java
+++ b/saml2/saml2-service-provider/src/opensaml3Main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml3LogoutResponseResolver.java
@@ -19,7 +19,7 @@
 import java.time.Clock;
 import java.util.function.Consumer;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.joda.time.DateTime;
 import org.opensaml.saml.saml2.core.LogoutResponse;
diff --git a/saml2/saml2-service-provider/src/opensaml3Test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml3LogoutRequestResolverTests.java b/saml2/saml2-service-provider/src/opensaml3Test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml3LogoutRequestResolverTests.java
index 99e5d225b1a..e3486721853 100644
--- a/saml2/saml2-service-provider/src/opensaml3Test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml3LogoutRequestResolverTests.java
+++ b/saml2/saml2-service-provider/src/opensaml3Test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml3LogoutRequestResolverTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.saml2.provider.service.web.authentication.logout;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.Test;
 
diff --git a/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml4LogoutRequestResolver.java b/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml4LogoutRequestResolver.java
index 13409e4cdb1..7919e1eb2ad 100644
--- a/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml4LogoutRequestResolver.java
+++ b/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml4LogoutRequestResolver.java
@@ -20,7 +20,7 @@
 import java.time.Instant;
 import java.util.function.Consumer;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.opensaml.saml.saml2.core.LogoutRequest;
 
diff --git a/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml4LogoutResponseResolver.java b/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml4LogoutResponseResolver.java
index e90b2b177c3..9121d72ad82 100644
--- a/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml4LogoutResponseResolver.java
+++ b/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml4LogoutResponseResolver.java
@@ -20,7 +20,7 @@
 import java.time.Instant;
 import java.util.function.Consumer;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.opensaml.saml.saml2.core.LogoutResponse;
 
diff --git a/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml4LogoutRequestResolverTests.java b/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml4LogoutRequestResolverTests.java
index 6ea35b47161..73a7e60e95b 100644
--- a/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml4LogoutRequestResolverTests.java
+++ b/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml4LogoutRequestResolverTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.saml2.provider.service.web.authentication.logout;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.Test;
 
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java
index b95bf41d9bc..845e5ea656a 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.saml2.provider.service.servlet.filter;
 
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java
index 5ddd7168ed6..7d109e327f3 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java
@@ -19,7 +19,7 @@
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
 
-import javax.servlet.ServletException;
+import jakarta.servlet.ServletException;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java
index 02b46929618..10908a2a67e 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java
@@ -19,7 +19,7 @@
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
index 0f40eebdf33..f8f021e7a25 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
@@ -19,7 +19,7 @@
 import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
 
-import javax.servlet.FilterChain;
+import jakarta.servlet.FilterChain;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSamlLogoutRequestResolverTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSamlLogoutRequestResolverTests.java
index 7604e262f54..d386fefddc5 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSamlLogoutRequestResolverTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSamlLogoutRequestResolverTests.java
@@ -21,7 +21,7 @@
 import java.util.ArrayList;
 import java.util.HashMap;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.Test;
 import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
diff --git a/taglibs/spring-security-taglibs.gradle b/taglibs/spring-security-taglibs.gradle
index a45ad37f12a..587e83ffa7f 100644
--- a/taglibs/spring-security-taglibs.gradle
+++ b/taglibs/spring-security-taglibs.gradle
@@ -12,10 +12,10 @@ dependencies {
 	api 'org.springframework:spring-expression'
 	api 'org.springframework:spring-web'
 
-	provided 'javax.servlet.jsp:javax.servlet.jsp-api'
-	provided 'javax.servlet:javax.servlet-api'
+	provided 'jakarta.servlet.jsp:jakarta.servlet.jsp-api'
+	provided 'jakarta.servlet:jakarta.servlet-api'
 
-	testRuntimeOnly 'javax.servlet.jsp.jstl:javax.servlet.jsp.jstl-api'
+	testRuntimeOnly 'jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api'
 
 	testImplementation "org.assertj:assertj-core"
 	testImplementation "org.junit.jupiter:junit-jupiter-api"
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/TagLibConfig.java b/taglibs/src/main/java/org/springframework/security/taglibs/TagLibConfig.java
index 64083a679a8..445f7bfaefc 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/TagLibConfig.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/TagLibConfig.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.taglibs;
 
-import javax.servlet.jsp.tagext.Tag;
+import jakarta.servlet.jsp.tagext.Tag;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java
index 95fb17928f4..9216d6f6779 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java
@@ -19,10 +19,10 @@
 import java.io.IOException;
 import java.util.Map;
 
-import javax.servlet.ServletContext;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.context.ApplicationContext;
 import org.springframework.core.GenericTypeResolver;
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java
index 16904672a63..1914ce5147a 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java
@@ -20,11 +20,11 @@
 import java.util.List;
 import java.util.Map;
 
-import javax.servlet.ServletContext;
-import javax.servlet.jsp.JspException;
-import javax.servlet.jsp.PageContext;
-import javax.servlet.jsp.tagext.Tag;
-import javax.servlet.jsp.tagext.TagSupport;
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.jsp.JspException;
+import jakarta.servlet.jsp.PageContext;
+import jakarta.servlet.jsp.tagext.Tag;
+import jakarta.servlet.jsp.tagext.TagSupport;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
index d7fd43627c7..3d7cd31da16 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
@@ -18,10 +18,10 @@
 
 import java.io.IOException;
 
-import javax.servlet.jsp.JspException;
-import javax.servlet.jsp.PageContext;
-import javax.servlet.jsp.tagext.Tag;
-import javax.servlet.jsp.tagext.TagSupport;
+import jakarta.servlet.jsp.JspException;
+import jakarta.servlet.jsp.PageContext;
+import jakarta.servlet.jsp.tagext.Tag;
+import jakarta.servlet.jsp.tagext.TagSupport;
 
 import org.springframework.beans.BeanWrapperImpl;
 import org.springframework.beans.BeansException;
@@ -32,8 +32,8 @@
 import org.springframework.web.util.TagUtils;
 
 /**
- * An {@link javax.servlet.jsp.tagext.Tag} implementation that allows convenient access to
- * the current <code>Authentication</code> object.
+ * An {@link jakarta.servlet.jsp.tagext.Tag} implementation that allows convenient access
+ * to the current <code>Authentication</code> object.
  * <p>
  * Whilst JSPs can access the <code>SecurityContext</code> directly, this tag avoids
  * handling <code>null</code> conditions.
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
index e5b4cedb78b..be0c0b70d63 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
@@ -19,12 +19,12 @@
 import java.io.IOException;
 import java.util.List;
 
-import javax.servlet.ServletContext;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.jsp.JspException;
-import javax.servlet.jsp.PageContext;
-import javax.servlet.jsp.tagext.Tag;
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.jsp.JspException;
+import jakarta.servlet.jsp.PageContext;
+import jakarta.servlet.jsp.tagext.Tag;
 
 import org.springframework.expression.BeanResolver;
 import org.springframework.expression.ConstructorResolver;
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/csrf/AbstractCsrfTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/csrf/AbstractCsrfTag.java
index d9ad9145d29..5878e086d5a 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/csrf/AbstractCsrfTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/csrf/AbstractCsrfTag.java
@@ -18,8 +18,8 @@
 
 import java.io.IOException;
 
-import javax.servlet.jsp.JspException;
-import javax.servlet.jsp.tagext.TagSupport;
+import jakarta.servlet.jsp.JspException;
+import jakarta.servlet.jsp.tagext.TagSupport;
 
 import org.springframework.security.web.csrf.CsrfToken;
 
diff --git a/taglibs/src/main/resources/META-INF/security.tld b/taglibs/src/main/resources/META-INF/security.tld
index b14bac5ab4c..0ae747b7df4 100644
--- a/taglibs/src/main/resources/META-INF/security.tld
+++ b/taglibs/src/main/resources/META-INF/security.tld
@@ -20,7 +20,7 @@
         version="2.0">
     <description>Spring Security Authorization Tag Library</description>
 
-    <tlib-version>5.6</tlib-version>
+    <tlib-version>6.0</tlib-version>
     <short-name>security</short-name>
     <uri>http://www.springframework.org/security/tags</uri>
 
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java
index 12addcc94ee..0bc9653147b 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java
@@ -19,9 +19,9 @@
 import java.io.IOException;
 import java.util.Collections;
 
-import javax.servlet.ServletContext;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java
index 2c319d5e5ce..fc00a5b2626 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java
@@ -19,8 +19,8 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import javax.servlet.ServletContext;
-import javax.servlet.jsp.tagext.Tag;
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.jsp.tagext.Tag;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java
index dd53eabfa18..82cb281a302 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.taglibs.authz;
 
-import javax.servlet.jsp.JspException;
-import javax.servlet.jsp.tagext.Tag;
+import jakarta.servlet.jsp.JspException;
+import jakarta.servlet.jsp.tagext.Tag;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Test;
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java
index aa64b505b58..b740336b21a 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.taglibs.authz;
 
-import javax.servlet.jsp.JspException;
-import javax.servlet.jsp.tagext.Tag;
+import jakarta.servlet.jsp.JspException;
+import jakarta.servlet.jsp.tagext.Tag;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java
index 60522e600ef..09ca9633833 100644
--- a/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/csrf/AbstractCsrfTagTests.java
@@ -18,8 +18,8 @@
 
 import java.io.UnsupportedEncodingException;
 
-import javax.servlet.jsp.JspException;
-import javax.servlet.jsp.tagext.Tag;
+import jakarta.servlet.jsp.JspException;
+import jakarta.servlet.jsp.tagext.Tag;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/test/spring-security-test.gradle b/test/spring-security-test.gradle
index e5b977dda55..92b38684381 100644
--- a/test/spring-security-test.gradle
+++ b/test/spring-security-test.gradle
@@ -15,13 +15,13 @@ dependencies {
 	optional 'org.springframework:spring-webmvc'
 	optional 'org.springframework:spring-webflux'
 
-	provided 'javax.servlet:javax.servlet-api'
+	provided 'jakarta.servlet:jakarta.servlet-api'
 
 	testImplementation project(path : ':spring-security-config', configuration : 'tests')
 	testImplementation 'com.fasterxml.jackson.core:jackson-databind'
 	testImplementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310'
 	testImplementation 'io.projectreactor:reactor-test'
-	testImplementation 'javax.xml.bind:jaxb-api'
+	testImplementation 'jakarta.xml.bind:jakarta.xml.bind-api'
 	testImplementation "org.assertj:assertj-core"
 	testImplementation "org.junit.jupiter:junit-jupiter-api"
 	testImplementation "org.junit.jupiter:junit-jupiter-params"
diff --git a/test/src/main/java/org/springframework/security/test/context/TestSecurityContextHolder.java b/test/src/main/java/org/springframework/security/test/context/TestSecurityContextHolder.java
index f62938d4994..1eac0476709 100644
--- a/test/src/main/java/org/springframework/security/test/context/TestSecurityContextHolder.java
+++ b/test/src/main/java/org/springframework/security/test/context/TestSecurityContextHolder.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.test.context;
 
-import javax.servlet.FilterChain;
+import jakarta.servlet.FilterChain;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContext;
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuilders.java b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuilders.java
index 58058b45377..a0544f89e81 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuilders.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestBuilders.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.test.web.servlet.request;
 
-import javax.servlet.ServletContext;
+import jakarta.servlet.ServletContext;
 
 import org.springframework.beans.Mergeable;
 import org.springframework.http.MediaType;
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
index 4d140655f59..86c44f86d4d 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
@@ -37,9 +37,9 @@
 import java.util.function.Supplier;
 import java.util.stream.Collectors;
 
-import javax.servlet.ServletContext;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import com.nimbusds.oauth2.sdk.util.StringUtils;
 
@@ -470,7 +470,7 @@ private X509RequestPostProcessor(X509Certificate... certificates) {
 
 		@Override
 		public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) {
-			request.setAttribute("javax.servlet.request.X509Certificate", this.certificates);
+			request.setAttribute("jakarta.servlet.request.X509Certificate", this.certificates);
 			return request;
 		}
 
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurer.java b/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurer.java
index 98173963c1e..be16107e034 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurer.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurer.java
@@ -18,12 +18,12 @@
 
 import java.io.IOException;
 
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.FilterConfig;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
 
 import org.springframework.security.config.BeanIds;
 import org.springframework.test.web.servlet.request.RequestPostProcessor;
@@ -54,8 +54,8 @@ final class SecurityMockMvcConfigurer extends MockMvcConfigurerAdapter {
 	}
 
 	/**
-	 * Creates a new instance with the provided {@link javax.servlet.Filter}
-	 * @param springSecurityFilterChain the {@link javax.servlet.Filter} to use
+	 * Creates a new instance with the provided {@link jakarta.servlet.Filter}
+	 * @param springSecurityFilterChain the {@link jakarta.servlet.Filter} to use
 	 */
 	SecurityMockMvcConfigurer(Filter springSecurityFilterChain) {
 		this.delegateFilter = new DelegateFilter(springSecurityFilterChain);
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurers.java b/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurers.java
index 07332b3244e..d6e7f440518 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurers.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurers.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.test.web.servlet.setup;
 
-import javax.servlet.Filter;
+import jakarta.servlet.Filter;
 
 import org.springframework.test.web.servlet.setup.MockMvcConfigurer;
 import org.springframework.util.Assert;
diff --git a/test/src/main/java/org/springframework/security/test/web/support/WebTestUtils.java b/test/src/main/java/org/springframework/security/test/web/support/WebTestUtils.java
index 8f9a79f51dc..8fe7a31ffa7 100644
--- a/test/src/main/java/org/springframework/security/test/web/support/WebTestUtils.java
+++ b/test/src/main/java/org/springframework/security/test/web/support/WebTestUtils.java
@@ -18,9 +18,9 @@
 
 import java.util.List;
 
-import javax.servlet.Filter;
-import javax.servlet.ServletContext;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.Filter;
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.beans.factory.NoSuchBeanDefinitionException;
 import org.springframework.security.config.BeanIds;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java
index 924d086f66c..17b8436146d 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.test.web.servlet.request;
 
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java
index c6edafd37ea..63924093cda 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java
@@ -46,7 +46,7 @@ public void setup() {
 	public void x509SingleCertificate() {
 		MockHttpServletRequest postProcessedRequest = x509(this.certificate).postProcessRequest(this.request);
 		X509Certificate[] certificates = (X509Certificate[]) postProcessedRequest
-				.getAttribute("javax.servlet.request.X509Certificate");
+				.getAttribute("jakarta.servlet.request.X509Certificate");
 		assertThat(certificates).containsOnly(this.certificate);
 	}
 
@@ -54,7 +54,7 @@ public void x509SingleCertificate() {
 	public void x509ResourceName() throws Exception {
 		MockHttpServletRequest postProcessedRequest = x509("rod.cer").postProcessRequest(this.request);
 		X509Certificate[] certificates = (X509Certificate[]) postProcessedRequest
-				.getAttribute("javax.servlet.request.X509Certificate");
+				.getAttribute("jakarta.servlet.request.X509Certificate");
 		assertThat(certificates).hasSize(1);
 		assertThat(certificates[0].getSubjectDN().getName())
 				.isEqualTo("CN=rod, OU=Spring Security, O=Spring Framework");
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java
index 9b7240c94d8..c26e079e34b 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfTests.java
@@ -18,12 +18,12 @@
 
 import java.io.IOException;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequestWrapper;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java
index e21d6ed5574..ad5cee4bbf2 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsDigestTests.java
@@ -18,9 +18,9 @@
 
 import java.io.IOException;
 
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java
index be4975be47d..07a7b81079f 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java
@@ -19,7 +19,7 @@
 import java.util.Arrays;
 import java.util.List;
 
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java
index 2d556581778..c9c7aa991cd 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.test.web.servlet.request;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java
index afc8165b25e..db99a2a94dc 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsSecurityContextTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.test.web.servlet.request;
 
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java
index 7a919c27c6a..f9514b64b5a 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.test.web.servlet.request;
 
-import javax.servlet.Filter;
+import jakarta.servlet.Filter;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java
index a3c2f7966fb..056934feb09 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.test.web.servlet.request;
 
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java
index bbd7c98c979..66fbad1c5f5 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserDetailsTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.test.web.servlet.request;
 
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java
index f7e877d59ca..919f57aff1c 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java
@@ -19,7 +19,7 @@
 import java.util.Arrays;
 import java.util.List;
 
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java
index f4cfabe2610..667cce15108 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.test.web.servlet.setup;
 
-import javax.servlet.Filter;
-import javax.servlet.ServletContext;
+import jakarta.servlet.Filter;
+import jakarta.servlet.ServletContext;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurersTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurersTests.java
index 5c964ec6ebb..36e53f335d7 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurersTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurersTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.test.web.servlet.setup;
 
-import javax.servlet.Filter;
+import jakarta.servlet.Filter;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/web/spring-security-web.gradle b/web/spring-security-web.gradle
index ad2279b46e1..81a4e8116f5 100644
--- a/web/spring-security-web.gradle
+++ b/web/spring-security-web.gradle
@@ -17,12 +17,12 @@ dependencies {
 	optional 'org.springframework:spring-webflux'
 	optional 'org.springframework:spring-webmvc'
 
-	provided 'javax.servlet:javax.servlet-api'
+	provided 'jakarta.servlet:jakarta.servlet-api'
 
 	testImplementation project(path: ':spring-security-core', configuration: 'tests')
 	testImplementation 'commons-codec:commons-codec'
 	testImplementation 'io.projectreactor:reactor-test'
-	testImplementation 'javax.xml.bind:jaxb-api'
+	testImplementation 'jakarta.xml.bind:jakarta.xml.bind-api'
 	testImplementation 'org.hamcrest:hamcrest'
 	testImplementation 'org.mockito:mockito-core'
 	testImplementation 'org.mockito:mockito-inline'
diff --git a/web/src/main/java/org/springframework/security/web/AuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/AuthenticationEntryPoint.java
index ef59b284530..18c7657c2f0 100644
--- a/web/src/main/java/org/springframework/security/web/AuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/AuthenticationEntryPoint.java
@@ -18,9 +18,9 @@
 
 import java.io.IOException;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.access.ExceptionTranslationFilter;
diff --git a/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java b/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java
index 61c16a3789e..fd764e34f77 100644
--- a/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java
@@ -18,8 +18,8 @@
 
 import java.io.IOException;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java b/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java
index 1961bf84fd6..fb0e2b53eea 100644
--- a/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java
+++ b/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java
@@ -20,8 +20,8 @@
 import java.util.Arrays;
 import java.util.List;
 
-import javax.servlet.Filter;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.Filter;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
index 5b2d4392283..2a562fcf8cf 100644
--- a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
+++ b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
@@ -21,13 +21,13 @@
 import java.util.Collections;
 import java.util.List;
 
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -97,7 +97,7 @@
  * <p>
  * {@code FilterChainProxy} respects normal handling of {@code Filter}s that elect not to
  * call
- * {@link javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)}
+ * {@link jakarta.servlet.Filter#doFilter(jakarta.servlet.ServletRequest, jakarta.servlet.ServletResponse, jakarta.servlet.FilterChain)}
  * , in that the remainder of the original or {@code FilterChainProxy}-declared filter
  * chain will not be called.
  *
diff --git a/web/src/main/java/org/springframework/security/web/FilterInvocation.java b/web/src/main/java/org/springframework/security/web/FilterInvocation.java
index 2b848fb50e9..91631b2bf69 100644
--- a/web/src/main/java/org/springframework/security/web/FilterInvocation.java
+++ b/web/src/main/java/org/springframework/security/web/FilterInvocation.java
@@ -28,13 +28,13 @@
 import java.util.LinkedHashMap;
 import java.util.Map;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequestWrapper;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.http.HttpHeaders;
 import org.springframework.security.web.util.UrlUtils;
diff --git a/web/src/main/java/org/springframework/security/web/PortResolver.java b/web/src/main/java/org/springframework/security/web/PortResolver.java
index b83cfc976cc..501b1b43296 100644
--- a/web/src/main/java/org/springframework/security/web/PortResolver.java
+++ b/web/src/main/java/org/springframework/security/web/PortResolver.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web;
 
-import javax.servlet.ServletRequest;
+import jakarta.servlet.ServletRequest;
 
 /**
  * A <code>PortResolver</code> determines the port a web request was received on.
diff --git a/web/src/main/java/org/springframework/security/web/PortResolverImpl.java b/web/src/main/java/org/springframework/security/web/PortResolverImpl.java
index faa01d83c3f..94c200e216a 100644
--- a/web/src/main/java/org/springframework/security/web/PortResolverImpl.java
+++ b/web/src/main/java/org/springframework/security/web/PortResolverImpl.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web;
 
-import javax.servlet.ServletRequest;
+import jakarta.servlet.ServletRequest;
 
 import org.springframework.util.Assert;
 
diff --git a/web/src/main/java/org/springframework/security/web/RedirectStrategy.java b/web/src/main/java/org/springframework/security/web/RedirectStrategy.java
index 8dc718a46d7..bd75edb722b 100644
--- a/web/src/main/java/org/springframework/security/web/RedirectStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/RedirectStrategy.java
@@ -18,8 +18,8 @@
 
 import java.io.IOException;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 /**
  * Encapsulates the redirection logic for all classes in the framework which perform
diff --git a/web/src/main/java/org/springframework/security/web/RequestMatcherRedirectFilter.java b/web/src/main/java/org/springframework/security/web/RequestMatcherRedirectFilter.java
index 9971ba9034f..d3247035449 100644
--- a/web/src/main/java/org/springframework/security/web/RequestMatcherRedirectFilter.java
+++ b/web/src/main/java/org/springframework/security/web/RequestMatcherRedirectFilter.java
@@ -18,10 +18,10 @@
 
 import java.io.IOException;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
diff --git a/web/src/main/java/org/springframework/security/web/SecurityFilterChain.java b/web/src/main/java/org/springframework/security/web/SecurityFilterChain.java
index bc919ef91b7..fb87b7bae8e 100644
--- a/web/src/main/java/org/springframework/security/web/SecurityFilterChain.java
+++ b/web/src/main/java/org/springframework/security/web/SecurityFilterChain.java
@@ -18,8 +18,8 @@
 
 import java.util.List;
 
-import javax.servlet.Filter;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.Filter;
+import jakarta.servlet.http.HttpServletRequest;
 
 /**
  * Defines a filter chain which is capable of being matched against an
diff --git a/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandler.java
index 8c4495ca6ff..53fa3aec605 100644
--- a/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandler.java
@@ -18,9 +18,9 @@
 
 import java.io.IOException;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.access.AccessDeniedException;
 
diff --git a/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java b/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java
index 8139d0b2af8..e35d3b6fae7 100644
--- a/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java
+++ b/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java
@@ -18,9 +18,9 @@
 
 import java.io.IOException;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java b/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java
index 0563636dd5b..9b64bb6d159 100644
--- a/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java
+++ b/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java
@@ -18,7 +18,7 @@
 
 import java.util.Collection;
 
-import javax.servlet.ServletContext;
+import jakarta.servlet.ServletContext;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/access/DelegatingAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/access/DelegatingAccessDeniedHandler.java
index 9e5fc8d3fa1..7349ee6d790 100644
--- a/web/src/main/java/org/springframework/security/web/access/DelegatingAccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/access/DelegatingAccessDeniedHandler.java
@@ -20,9 +20,9 @@
 import java.util.LinkedHashMap;
 import java.util.Map.Entry;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.util.Assert;
diff --git a/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java b/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
index 7b96e40d792..d870e856293 100644
--- a/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
@@ -18,12 +18,12 @@
 
 import java.io.IOException;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.context.MessageSource;
 import org.springframework.context.MessageSourceAware;
diff --git a/web/src/main/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandler.java
index 65f8c1abacc..aea6e2fb28c 100644
--- a/web/src/main/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandler.java
@@ -20,9 +20,9 @@
 import java.util.LinkedHashMap;
 import java.util.Map.Entry;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.web.util.matcher.RequestMatcher;
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java b/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
index 81fd2279b46..a2496e00afc 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
@@ -18,8 +18,8 @@
 
 import java.io.IOException;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManager.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManager.java
index a2bf53d11a1..3dace42b1e1 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManager.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManager.java
@@ -19,7 +19,7 @@
 import java.io.IOException;
 import java.util.Collection;
 
-import javax.servlet.ServletException;
+import jakarta.servlet.ServletException;
 
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.web.FilterInvocation;
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java
index 5f6e05b29b1..5685c650666 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java
@@ -21,7 +21,7 @@
 import java.util.Collection;
 import java.util.List;
 
-import javax.servlet.ServletException;
+import jakarta.servlet.ServletException;
 
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.access.ConfigAttribute;
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelEntryPoint.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelEntryPoint.java
index f3e09d3beb9..f5149055bf1 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelEntryPoint.java
@@ -18,9 +18,9 @@
 
 import java.io.IOException;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 /**
  * May be used by a {@link ChannelProcessor} to launch a web channel.
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java
index b9dc1acb3e7..1f4fd2a7832 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java
@@ -21,12 +21,12 @@
 import java.util.HashSet;
 import java.util.Set;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.core.log.LogMessage;
 import org.springframework.security.access.ConfigAttribute;
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java
index 19cb406f357..07e27769c45 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java
@@ -19,7 +19,7 @@
 import java.io.IOException;
 import java.util.Collection;
 
-import javax.servlet.ServletException;
+import jakarta.servlet.ServletException;
 
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.web.FilterInvocation;
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java b/web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java
index 3c214f73d7b..dbf23df6995 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java
@@ -19,7 +19,7 @@
 import java.io.IOException;
 import java.util.Collection;
 
-import javax.servlet.ServletException;
+import jakarta.servlet.ServletException;
 
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.access.ConfigAttribute;
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java b/web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java
index 507bd679063..bc3dd8805dc 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java
@@ -19,7 +19,7 @@
 import java.io.IOException;
 import java.util.Collection;
 
-import javax.servlet.ServletException;
+import jakarta.servlet.ServletException;
 
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.access.ConfigAttribute;
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessor.java b/web/src/main/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessor.java
index b15a7c02ffa..6223c958ab0 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessor.java
@@ -18,7 +18,7 @@
 
 import java.util.Map;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.expression.EvaluationContext;
 import org.springframework.security.web.FilterInvocation;
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java b/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java
index 840a4a0b43a..932cea9d51f 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java
@@ -22,7 +22,7 @@
 import java.util.Map;
 import java.util.function.BiConsumer;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionRoot.java b/web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionRoot.java
index 91bc2df290b..e5027ebf2c4 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionRoot.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionRoot.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.access.expression;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.security.access.expression.SecurityExpressionRoot;
 import org.springframework.security.core.Authentication;
diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/AuthorizationFilter.java b/web/src/main/java/org/springframework/security/web/access/intercept/AuthorizationFilter.java
index 37b65ab0fbc..397bd2b8828 100644
--- a/web/src/main/java/org/springframework/security/web/access/intercept/AuthorizationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/AuthorizationFilter.java
@@ -18,10 +18,10 @@
 
 import java.io.IOException;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.authorization.AuthorizationManager;
diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java b/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java
index 06ac758497d..61fa5b9dae1 100644
--- a/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java
@@ -22,7 +22,7 @@
 import java.util.Map;
 import java.util.Set;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java b/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java
index 1472a1a05e8..80148744a24 100644
--- a/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java
@@ -18,12 +18,12 @@
 
 import java.io.IOException;
 
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.FilterConfig;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
 
 import org.springframework.security.access.SecurityMetadataSource;
 import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/RequestAuthorizationContext.java b/web/src/main/java/org/springframework/security/web/access/intercept/RequestAuthorizationContext.java
index c285922d55f..97e6652b339 100644
--- a/web/src/main/java/org/springframework/security/web/access/intercept/RequestAuthorizationContext.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/RequestAuthorizationContext.java
@@ -19,7 +19,7 @@
 import java.util.Collections;
 import java.util.Map;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 /**
  * An {@link HttpServletRequest} authorization context.
diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManager.java b/web/src/main/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManager.java
index b1c6378914f..f00b027b0e4 100644
--- a/web/src/main/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManager.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManager.java
@@ -20,7 +20,7 @@
 import java.util.Map;
 import java.util.function.Supplier;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
index 933463c98ca..c90c8bb5690 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
@@ -18,12 +18,12 @@
 
 import java.io.IOException;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.ApplicationEventPublisherAware;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
index 1e10dbd2326..2289660fe16 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
@@ -18,9 +18,9 @@
 
 import java.io.IOException;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java
index 341c8c16e11..3b1c6288425 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java
@@ -19,11 +19,11 @@
 import java.io.IOException;
 import java.util.List;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.core.log.LogMessage;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationConverter.java
index 63a144a0202..b8075b4bd68 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationConverter.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.authentication;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.core.Authentication;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationEntryPointFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationEntryPointFailureHandler.java
index 0c6040f0997..0e1b8fbbc07 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationEntryPointFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationEntryPointFailureHandler.java
@@ -18,9 +18,9 @@
 
 import java.io.IOException;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.AuthenticationEntryPoint;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFailureHandler.java
index ba4d23d1bc2..f31e589962c 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFailureHandler.java
@@ -18,9 +18,9 @@
 
 import java.io.IOException;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.authentication.CredentialsExpiredException;
 import org.springframework.security.core.AuthenticationException;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java
index 1239336bb9c..6e0b30c69d1 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java
@@ -18,12 +18,12 @@
 
 import java.io.IOException;
 
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.AuthenticationManager;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationSuccessHandler.java
index dc59b82f522..c40c5c4ad0e 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationSuccessHandler.java
@@ -18,10 +18,10 @@
 
 import java.io.IOException;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.Authentication;
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPoint.java
index d67dbf604f6..487e701166a 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPoint.java
@@ -19,9 +19,9 @@
 import java.io.IOException;
 import java.util.LinkedHashMap;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandler.java
index 4891c1ea83e..dee70fa430a 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandler.java
@@ -20,9 +20,9 @@
 import java.util.LinkedHashMap;
 import java.util.Map;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.util.Assert;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandler.java
index 5a619000f36..2bb72088c61 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ExceptionMappingAuthenticationFailureHandler.java
@@ -20,9 +20,9 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.util.UrlUtils;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandler.java
index 9071ea289e1..64268c2c715 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandler.java
@@ -18,9 +18,9 @@
 
 import java.io.IOException;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.WebAttributes;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationSuccessHandler.java
index 1e2ca60ef48..fb500eae67c 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationSuccessHandler.java
@@ -18,9 +18,9 @@
 
 import java.io.IOException;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.util.UrlUtils;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java
index 216654945c4..2291414e305 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java
@@ -18,8 +18,8 @@
 
 import java.io.IOException;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/HttpStatusEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/HttpStatusEntryPoint.java
index a62e01e18e6..1168b7c93c3 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/HttpStatusEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/HttpStatusEntryPoint.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.authentication;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.http.HttpStatus;
 import org.springframework.security.core.AuthenticationException;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java
index 08de9369c05..11be793f269 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java
@@ -18,10 +18,10 @@
 
 import java.io.IOException;
 
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.RequestDispatcher;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/NullRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/NullRememberMeServices.java
index c6b1189e3d7..afccdaca3f5 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/NullRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/NullRememberMeServices.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.authentication;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.Authentication;
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/RememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/RememberMeServices.java
index a90c829db5e..b53cb0ffaf4 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/RememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/RememberMeServices.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.authentication;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.Authentication;
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java
index 9118b86e90f..89235ab271c 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java
@@ -18,9 +18,9 @@
 
 import java.io.IOException;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java
index 96e327d22c2..2d204fdbc72 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java
@@ -18,10 +18,10 @@
 
 import java.io.IOException;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandler.java
index b8ac058cd82..b87657dce9c 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandler.java
@@ -18,10 +18,10 @@
 
 import java.io.IOException;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.WebAttributes;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java
index e1a444594fb..4b9b16b9038 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.authentication;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.lang.Nullable;
 import org.springframework.security.authentication.AuthenticationManager;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java b/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java
index 34586abd46c..61c26dd982e 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java
@@ -18,8 +18,8 @@
 
 import java.io.Serializable;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpSession;
 
 import org.springframework.security.core.SpringSecurityCoreVersion;
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetailsSource.java b/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetailsSource.java
index 96d62c0c0c3..bf1946e7943 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetailsSource.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetailsSource.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.authentication;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.security.authentication.AuthenticationDetailsSource;
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandler.java
index b092d80cf66..f63dae083a9 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandler.java
@@ -19,8 +19,8 @@
 import java.util.Arrays;
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.util.Assert;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
index 1ed2590024b..09b07c8bc41 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
@@ -20,9 +20,9 @@
 import java.util.List;
 import java.util.function.Function;
 
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.util.Assert;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandler.java
index 7632f57db7b..8fb550c743b 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandler.java
@@ -20,9 +20,9 @@
 import java.util.LinkedHashMap;
 import java.util.Map;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.util.matcher.RequestMatcher;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandler.java
index 90073995ca5..b1fa8aa4dec 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandler.java
@@ -18,9 +18,9 @@
 
 import java.io.IOException;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.util.UrlUtils;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandler.java
index cc5ce0309c2..f91f798b7f7 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandler.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.authentication.logout;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.header.HeaderWriter;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandler.java
index 4cc71a856a4..9eab29e5418 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandler.java
@@ -18,8 +18,8 @@
 
 import java.io.IOException;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.http.HttpStatus;
 import org.springframework.security.core.Authentication;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java
index 0c70eb0eb9c..9f987e91972 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java
@@ -18,12 +18,12 @@
 
 import java.io.IOException;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.core.log.LogMessage;
 import org.springframework.security.core.Authentication;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutHandler.java
index 4551d588a39..7e78ca2bb5b 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutHandler.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.authentication.logout;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.Authentication;
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandler.java
index e33e15cfafd..216689bf226 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutSuccessEventPublishingLogoutHandler.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.authentication.logout;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.ApplicationEventPublisherAware;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutSuccessHandler.java
index dfbedca5e0b..a40b913a685 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutSuccessHandler.java
@@ -18,9 +18,9 @@
 
 import java.io.IOException;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.Authentication;
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.java
index 1e84ab64ebc..de690e97df0 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.java
@@ -16,9 +16,9 @@
 
 package org.springframework.security.web.authentication.logout;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandler.java
index 08c4a20960e..bbc7e260781 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandler.java
@@ -18,9 +18,9 @@
 
 import java.io.IOException;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
index 574e95de826..ebc45501efc 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
@@ -18,13 +18,13 @@
 
 import java.io.IOException;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.ApplicationEventPublisherAware;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java
index f9534b5a907..5f5fa256946 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java
@@ -21,7 +21,7 @@
 import java.util.Collections;
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.SpringSecurityCoreVersion;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java
index 6d9176a2306..f791bad0cfa 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.authentication.preauth;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.util.Assert;
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestHeaderAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestHeaderAuthenticationFilter.java
index 4f5fbee3f55..4817826bad9 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestHeaderAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestHeaderAuthenticationFilter.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.authentication.preauth;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.util.Assert;
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java
index 4fbd010402f..efa29a316e3 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java
@@ -21,7 +21,7 @@
 import java.util.Collections;
 import java.util.Set;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -68,9 +68,9 @@ public void afterPropertiesSet() {
 
 	/**
 	 * Obtains the list of user roles based on the current user's JEE roles. The
-	 * {@link javax.servlet.http.HttpServletRequest#isUserInRole(String)} method is called
-	 * for each of the values in the {@code j2eeMappableRoles} set to determine if that
-	 * role should be assigned to the user.
+	 * {@link jakarta.servlet.http.HttpServletRequest#isUserInRole(String)} method is
+	 * called for each of the values in the {@code j2eeMappableRoles} set to determine if
+	 * that role should be assigned to the user.
 	 * @param request the request which should be used to extract the user's roles.
 	 * @return The subset of {@code j2eeMappableRoles} which applies to the current user
 	 * making the request.
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java
index 6d5a5dfa52a..2f67c744743 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.authentication.preauth.j2ee;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.core.log.LogMessage;
 import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilter.java
index e58ee0b182e..6e34658e82f 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilter.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.authentication.preauth.websphere;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.core.log.LogMessage;
 import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java
index 5f52f928f6c..23823293dfe 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java
@@ -19,7 +19,7 @@
 import java.util.Collection;
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509AuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509AuthenticationFilter.java
index 1692df44d08..c49cc6ab2f6 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509AuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509AuthenticationFilter.java
@@ -18,7 +18,7 @@
 
 import java.security.cert.X509Certificate;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.core.log.LogMessage;
 import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
@@ -42,7 +42,7 @@ protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
 	}
 
 	private X509Certificate extractClientCertificate(HttpServletRequest request) {
-		X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
+		X509Certificate[] certs = (X509Certificate[]) request.getAttribute("jakarta.servlet.request.X509Certificate");
 		if (certs != null && certs.length > 0) {
 			this.logger.debug(LogMessage.format("X.509 client authentication certificate:%s", certs[0]));
 			return certs[0];
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/package-info.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/package-info.java
index d45ff765457..9df5b2b9b56 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/x509/package-info.java
@@ -16,7 +16,7 @@
 
 /**
  * X.509 client certificate authentication support. Hooks into the certificate exposed by
- * the servlet container through the {@code javax.servlet.request.X509Certificate}
+ * the servlet container through the {@code jakarta.servlet.request.X509Certificate}
  * property.
  */
 package org.springframework.security.web.authentication.preauth.x509;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
index 693d7f1e39e..a1786ea4405 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
@@ -22,9 +22,9 @@
 import java.nio.charset.StandardCharsets;
 import java.util.Base64;
 
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java
index 9914275ca27..38ce40e0a3a 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java
@@ -21,8 +21,8 @@
 import java.util.Base64;
 import java.util.Date;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.core.log.LogMessage;
 import org.springframework.security.core.Authentication;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java
index d8573c0d70b..000fef5e5c8 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java
@@ -18,12 +18,12 @@
 
 import java.io.IOException;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.ApplicationEventPublisherAware;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java
index 2facda2bc17..ddd7d3cb9ba 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java
@@ -21,8 +21,8 @@
 import java.util.Arrays;
 import java.util.Date;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.userdetails.UserDetails;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java
index 3f7183b5a7b..b25dedc414b 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java
@@ -16,9 +16,9 @@
 
 package org.springframework.security.web.authentication.session;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/ChangeSessionIdAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/ChangeSessionIdAuthenticationStrategy.java
index 1f382181408..5903cb19c91 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/ChangeSessionIdAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/ChangeSessionIdAuthenticationStrategy.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.authentication.session;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpSession;
 
 /**
  * Uses {@code HttpServletRequest.changeSessionId()} to protect against session fixation
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategy.java
index 7473201df87..4af02d72d85 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategy.java
@@ -18,9 +18,9 @@
 
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java
index c35a80c5264..eac2f82f4e8 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java
@@ -19,9 +19,9 @@
 import java.util.Comparator;
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.springframework.context.MessageSource;
 import org.springframework.context.MessageSourceAware;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/NullAuthenticatedSessionStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/NullAuthenticatedSessionStrategy.java
index 5af14ee24aa..1b766804afe 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/NullAuthenticatedSessionStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/NullAuthenticatedSessionStrategy.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.authentication.session;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.Authentication;
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategy.java
index 99723e02aea..4a9e093a8fd 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategy.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.authentication.session;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.session.SessionRegistry;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/SessionAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/SessionAuthenticationStrategy.java
index dfdcf762797..00e13dafc1b 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/SessionAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/SessionAuthenticationStrategy.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.authentication.session;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.Authentication;
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionStrategy.java
index 842ba85b776..6e6aa73e823 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionStrategy.java
@@ -20,8 +20,8 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpSession;
 
 import org.springframework.core.log.LogMessage;
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
index cd716fbfe5a..256f2e7d43e 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
@@ -21,12 +21,12 @@
 import java.util.Collection;
 import java.util.List;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.beans.BeansException;
 import org.springframework.context.ApplicationEventPublisher;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
index 06f0955c658..d8750baf690 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
@@ -22,13 +22,13 @@
 import java.util.Map;
 import java.util.function.Function;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.WebAttributes;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilter.java
index 22811d01cf0..40a1ab84fcb 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilter.java
@@ -21,10 +21,10 @@
 import java.util.Map;
 import java.util.function.Function;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.core.log.LogMessage;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java
index 2e39a676245..25cd4d095d3 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java
@@ -20,7 +20,7 @@
 import java.nio.charset.StandardCharsets;
 import java.util.Base64;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.http.HttpHeaders;
 import org.springframework.security.authentication.AuthenticationDetailsSource;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java
index e67ecba1993..e4ca009c9f6 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java
@@ -18,8 +18,8 @@
 
 import java.io.IOException;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.http.HttpStatus;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
index 9d639adf151..82c0d617ffa 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
@@ -19,10 +19,10 @@
 import java.io.IOException;
 import java.nio.charset.Charset;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.core.log.LogMessage;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java
index ac547cabb5d..1ed7054e545 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java
@@ -19,8 +19,8 @@
 import java.io.IOException;
 import java.util.Base64;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
index 21efe4f5f8e..70a25379fe5 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
@@ -20,12 +20,12 @@
 import java.util.Base64;
 import java.util.Map;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java b/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java
index 2df5c7a2eb2..5bed087e011 100644
--- a/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java
+++ b/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java
@@ -20,11 +20,11 @@
 import java.util.EnumSet;
 import java.util.Set;
 
-import javax.servlet.DispatcherType;
-import javax.servlet.Filter;
-import javax.servlet.FilterRegistration.Dynamic;
-import javax.servlet.ServletContext;
-import javax.servlet.SessionTrackingMode;
+import jakarta.servlet.DispatcherType;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterRegistration.Dynamic;
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.SessionTrackingMode;
 
 import org.springframework.context.ApplicationContext;
 import org.springframework.core.Conventions;
diff --git a/web/src/main/java/org/springframework/security/web/context/HttpRequestResponseHolder.java b/web/src/main/java/org/springframework/security/web/context/HttpRequestResponseHolder.java
index d2e68ad8173..c5b2f08edc2 100644
--- a/web/src/main/java/org/springframework/security/web/context/HttpRequestResponseHolder.java
+++ b/web/src/main/java/org/springframework/security/web/context/HttpRequestResponseHolder.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.context;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 /**
  * Used to pass the incoming request to
diff --git a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
index 756db58a566..c8a0b58cef4 100644
--- a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
@@ -16,13 +16,13 @@
 
 package org.springframework.security.web.context;
 
-import javax.servlet.AsyncContext;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.AsyncContext;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequestWrapper;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/context/NullSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/context/NullSecurityContextRepository.java
index bd8563a3d03..697ce743ddc 100644
--- a/web/src/main/java/org/springframework/security/web/context/NullSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/context/NullSecurityContextRepository.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.context;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
diff --git a/web/src/main/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapper.java b/web/src/main/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapper.java
index 4fb534a5655..81bb453ac2e 100644
--- a/web/src/main/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapper.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.context;
 
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
diff --git a/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java b/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java
index 9a369a2161e..6300a02a266 100644
--- a/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java
+++ b/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java
@@ -18,13 +18,13 @@
 
 import java.io.IOException;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.springframework.core.log.LogMessage;
 import org.springframework.security.core.context.SecurityContext;
diff --git a/web/src/main/java/org/springframework/security/web/context/SecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/context/SecurityContextRepository.java
index 506dda8e38f..1039e60c98f 100644
--- a/web/src/main/java/org/springframework/security/web/context/SecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/context/SecurityContextRepository.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.context;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.context.SecurityContext;
 
diff --git a/web/src/main/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptor.java b/web/src/main/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptor.java
index bb54c2cc9da..8bb52766619 100644
--- a/web/src/main/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptor.java
+++ b/web/src/main/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptor.java
@@ -23,7 +23,6 @@
 import org.springframework.util.Assert;
 import org.springframework.web.context.request.NativeWebRequest;
 import org.springframework.web.context.request.async.CallableProcessingInterceptor;
-import org.springframework.web.context.request.async.CallableProcessingInterceptorAdapter;
 
 /**
  * <p>
@@ -40,7 +39,7 @@
  * @author Rob Winch
  * @since 3.2
  */
-public final class SecurityContextCallableProcessingInterceptor extends CallableProcessingInterceptorAdapter {
+public final class SecurityContextCallableProcessingInterceptor implements CallableProcessingInterceptor {
 
 	private volatile SecurityContext securityContext;
 
diff --git a/web/src/main/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilter.java b/web/src/main/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilter.java
index dbe0c65f4c5..4b8df31f027 100644
--- a/web/src/main/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilter.java
@@ -19,10 +19,10 @@
 import java.io.IOException;
 import java.util.concurrent.Callable;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.web.context.request.async.WebAsyncManager;
diff --git a/web/src/main/java/org/springframework/security/web/context/support/SecurityWebApplicationContextUtils.java b/web/src/main/java/org/springframework/security/web/context/support/SecurityWebApplicationContextUtils.java
index d168bc31bc8..f5a7d6894ad 100644
--- a/web/src/main/java/org/springframework/security/web/context/support/SecurityWebApplicationContextUtils.java
+++ b/web/src/main/java/org/springframework/security/web/context/support/SecurityWebApplicationContextUtils.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.context.support;
 
-import javax.servlet.ServletContext;
+import jakarta.servlet.ServletContext;
 
 import org.springframework.util.Assert;
 import org.springframework.web.context.WebApplicationContext;
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java
index 80f036e7d85..62075e0d063 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java
@@ -18,10 +18,10 @@
 
 import java.util.UUID;
 
-import javax.servlet.ServletRequest;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategy.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategy.java
index f6a19a266d7..78a813c0e3f 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategy.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.csrf;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java
index 8490c508dac..53a244d6b09 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java
@@ -21,11 +21,11 @@
 import java.util.Arrays;
 import java.util.HashSet;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfLogoutHandler.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfLogoutHandler.java
index c3b60909970..3ca7d98fc24 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfLogoutHandler.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.csrf;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.authentication.logout.LogoutHandler;
@@ -46,8 +46,8 @@ public CsrfLogoutHandler(CsrfTokenRepository csrfTokenRepository) {
 	/**
 	 * Clears the {@link CsrfToken}
 	 *
-	 * @see org.springframework.security.web.authentication.logout.LogoutHandler#logout(javax.servlet.http.HttpServletRequest,
-	 * javax.servlet.http.HttpServletResponse,
+	 * @see org.springframework.security.web.authentication.logout.LogoutHandler#logout(jakarta.servlet.http.HttpServletRequest,
+	 * jakarta.servlet.http.HttpServletResponse,
 	 * org.springframework.security.core.Authentication)
 	 */
 	@Override
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfTokenRepository.java
index bc20131685e..3fcdd01607a 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfTokenRepository.java
@@ -16,9 +16,9 @@
 
 package org.springframework.security.web.csrf;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 /**
  * An API to allow changing the method in which the expected {@link CsrfToken} is
diff --git a/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java
index 70c701b60e4..802dcc2c064 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java
@@ -18,9 +18,9 @@
 
 import java.util.UUID;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.springframework.util.Assert;
 
diff --git a/web/src/main/java/org/springframework/security/web/csrf/InvalidCsrfTokenException.java b/web/src/main/java/org/springframework/security/web/csrf/InvalidCsrfTokenException.java
index 135ba3831fb..0c57e5a604d 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/InvalidCsrfTokenException.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/InvalidCsrfTokenException.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.csrf;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 /**
  * Thrown when an expected {@link CsrfToken} exists, but it does not match the value
diff --git a/web/src/main/java/org/springframework/security/web/csrf/LazyCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/csrf/LazyCsrfTokenRepository.java
index b0f4263f2a1..d5c0c211904 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/LazyCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/LazyCsrfTokenRepository.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.csrf;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.util.Assert;
 
diff --git a/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java b/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java
index a25b7927ace..6e98b27bcc9 100644
--- a/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java
+++ b/web/src/main/java/org/springframework/security/web/debug/DebugFilter.java
@@ -20,16 +20,16 @@
 import java.util.Enumeration;
 import java.util.List;
 
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.FilterConfig;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequestWrapper;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.springframework.security.web.FilterChainProxy;
 import org.springframework.security.web.SecurityFilterChain;
diff --git a/web/src/main/java/org/springframework/security/web/firewall/DefaultHttpFirewall.java b/web/src/main/java/org/springframework/security/web/firewall/DefaultHttpFirewall.java
index aec01583a58..1bed1d74c24 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/DefaultHttpFirewall.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/DefaultHttpFirewall.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.firewall;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 /**
  * <p>
diff --git a/web/src/main/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandler.java b/web/src/main/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandler.java
index 5c4cc314c63..27d7c3328db 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandler.java
@@ -18,9 +18,9 @@
 
 import java.io.IOException;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 /**
  * Default implementation of {@link RequestRejectedHandler} that simply rethrows the
diff --git a/web/src/main/java/org/springframework/security/web/firewall/FirewalledRequest.java b/web/src/main/java/org/springframework/security/web/firewall/FirewalledRequest.java
index 396a19aa947..fddf44aceaa 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/FirewalledRequest.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/FirewalledRequest.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.firewall;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequestWrapper;
 
 /**
  * Request wrapper which is returned by the {@code HttpFirewall} interface.
diff --git a/web/src/main/java/org/springframework/security/web/firewall/FirewalledResponse.java b/web/src/main/java/org/springframework/security/web/firewall/FirewalledResponse.java
index 0f0bca9b1cc..e5d34ff197e 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/FirewalledResponse.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/FirewalledResponse.java
@@ -18,9 +18,9 @@
 
 import java.io.IOException;
 
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpServletResponseWrapper;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponseWrapper;
 
 import org.springframework.util.Assert;
 
diff --git a/web/src/main/java/org/springframework/security/web/firewall/HttpFirewall.java b/web/src/main/java/org/springframework/security/web/firewall/HttpFirewall.java
index e6c3d6ab904..3b962300a7a 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/HttpFirewall.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/HttpFirewall.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.firewall;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 /**
  * Interface which can be used to reject potentially dangerous requests and/or wrap them
diff --git a/web/src/main/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandler.java b/web/src/main/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandler.java
index 36a9df93e2e..608e54c8589 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandler.java
@@ -18,8 +18,8 @@
 
 import java.io.IOException;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/firewall/RequestRejectedHandler.java b/web/src/main/java/org/springframework/security/web/firewall/RequestRejectedHandler.java
index 5fa1a5ce312..dba6a51f30b 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/RequestRejectedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/RequestRejectedHandler.java
@@ -18,9 +18,9 @@
 
 import java.io.IOException;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 /**
  * Used by {@link org.springframework.security.web.FilterChainProxy} to handle an
diff --git a/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java b/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java
index 80a41a0a828..78de1494382 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java
@@ -19,11 +19,11 @@
 import java.io.IOException;
 import java.util.StringTokenizer;
 
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.RequestDispatcher;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
 
 /**
  * Request wrapper which ensures values of {@code servletPath} and {@code pathInfo} are
diff --git a/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java b/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java
index 282184b3b38..2869627a9e3 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java
@@ -27,8 +27,8 @@
 import java.util.function.Predicate;
 import java.util.regex.Pattern;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.http.HttpMethod;
 import org.springframework.util.Assert;
diff --git a/web/src/main/java/org/springframework/security/web/header/Header.java b/web/src/main/java/org/springframework/security/web/header/Header.java
index 2356914712f..84586f23b3b 100644
--- a/web/src/main/java/org/springframework/security/web/header/Header.java
+++ b/web/src/main/java/org/springframework/security/web/header/Header.java
@@ -19,7 +19,7 @@
 import java.util.Arrays;
 import java.util.List;
 
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.util.Assert;
 
diff --git a/web/src/main/java/org/springframework/security/web/header/HeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/HeaderWriter.java
index e844d734838..68cd541c0f6 100644
--- a/web/src/main/java/org/springframework/security/web/header/HeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/HeaderWriter.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.header;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 /**
  * Contract for writing headers to a {@link HttpServletResponse}
diff --git a/web/src/main/java/org/springframework/security/web/header/HeaderWriterFilter.java b/web/src/main/java/org/springframework/security/web/header/HeaderWriterFilter.java
index 38529ecc864..4a2defb22e3 100644
--- a/web/src/main/java/org/springframework/security/web/header/HeaderWriterFilter.java
+++ b/web/src/main/java/org/springframework/security/web/header/HeaderWriterFilter.java
@@ -19,14 +19,14 @@
 import java.io.IOException;
 import java.util.List;
 
-import javax.servlet.FilterChain;
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.RequestDispatcher;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequestWrapper;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.web.util.OnCommittedResponseWrapper;
 import org.springframework.util.Assert;
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/CacheControlHeadersWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/CacheControlHeadersWriter.java
index 88f78dc6aad..f7359de803b 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/CacheControlHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/CacheControlHeadersWriter.java
@@ -19,8 +19,8 @@
 import java.util.ArrayList;
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.http.HttpStatus;
 import org.springframework.security.web.header.Header;
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriter.java
index db3c4be2eb4..2a20b8fb188 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriter.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.header.writers;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/CompositeHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/CompositeHeaderWriter.java
index 4f2b9f41850..20b7369a31e 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/CompositeHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/CompositeHeaderWriter.java
@@ -18,8 +18,8 @@
 
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.web.header.HeaderWriter;
 import org.springframework.util.Assert;
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriter.java
index 5de10d04b87..ed2445a72fa 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriter.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.header.writers;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.web.header.HeaderWriter;
 import org.springframework.util.Assert;
@@ -112,8 +112,8 @@ public ContentSecurityPolicyHeaderWriter(String policyDirectives) {
 	}
 
 	/**
-	 * @see org.springframework.security.web.header.HeaderWriter#writeHeaders(javax.servlet.http.HttpServletRequest,
-	 * javax.servlet.http.HttpServletResponse)
+	 * @see org.springframework.security.web.header.HeaderWriter#writeHeaders(jakarta.servlet.http.HttpServletRequest,
+	 * jakarta.servlet.http.HttpServletResponse)
 	 */
 	@Override
 	public void writeHeaders(HttpServletRequest request, HttpServletResponse response) {
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriter.java
index d30cecc5f22..9d1f9a115c5 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriter.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.header.writers;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.web.header.HeaderWriter;
 import org.springframework.security.web.util.matcher.RequestMatcher;
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriter.java
index 3929c3df521..fe8c891eee4 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriter.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.header.writers;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.web.header.HeaderWriter;
 import org.springframework.util.Assert;
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
index 0422f525c72..ad2739613a8 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
@@ -21,8 +21,8 @@
 import java.util.LinkedHashMap;
 import java.util.Map;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java
index 127ea3527d9..2ca2fe97b25 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.header.writers;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/PermissionsPolicyHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/PermissionsPolicyHeaderWriter.java
index aaefc3d9ca6..4067177e627 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/PermissionsPolicyHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/PermissionsPolicyHeaderWriter.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.header.writers;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.web.header.HeaderWriter;
 import org.springframework.util.Assert;
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriter.java
index eab56fc3895..2daf98283aa 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriter.java
@@ -20,8 +20,8 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.web.header.HeaderWriter;
 import org.springframework.util.Assert;
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/StaticHeadersWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/StaticHeadersWriter.java
index bec4a5d5da3..f1d4dfe7f33 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/StaticHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/StaticHeadersWriter.java
@@ -19,8 +19,8 @@
 import java.util.Collections;
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.web.header.Header;
 import org.springframework.security.web.header.HeaderWriter;
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java
index a5a72d1384b..e6eab3f7694 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.header.writers;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.web.header.HeaderWriter;
 
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java
index 104a6cb2349..bf27ff69fcd 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.header.writers.frameoptions;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AllowFromStrategy.java
index 8c9a2373b50..e48fe2ac8e9 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AllowFromStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AllowFromStrategy.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.header.writers.frameoptions;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 /**
  * Strategy interfaces used by the {@code FrameOptionsHeaderWriter} to determine the
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategy.java
index 11ae4f091fd..8b7cd4792e6 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategy.java
@@ -18,7 +18,7 @@
 
 import java.net.URI;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 /**
  * Simple implementation of the {@code AllowFromStrategy}
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java
index 9cecae5cc47..a3c3f8ad779 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.header.writers.frameoptions;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.web.header.HeaderWriter;
 import org.springframework.util.Assert;
diff --git a/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java b/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java
index b340512a671..a66d1ce3c32 100644
--- a/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java
@@ -22,10 +22,11 @@
 
 import javax.security.auth.Subject;
 import javax.security.auth.login.LoginContext;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
 
 import org.springframework.core.log.LogMessage;
 import org.springframework.security.authentication.jaas.JaasAuthenticationToken;
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java b/web/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java
index 4b0c3a41f2d..0b034b5490a 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java
@@ -18,7 +18,7 @@
 
 import java.io.IOException;
 
-import javax.servlet.http.Cookie;
+import jakarta.servlet.http.Cookie;
 
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.core.JsonProcessingException;
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/CookieMixin.java b/web/src/main/java/org/springframework/security/web/jackson2/CookieMixin.java
index 4d0c42c4211..2938e796435 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/CookieMixin.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/CookieMixin.java
@@ -21,7 +21,7 @@
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 
 /**
- * Mixin class to serialize/deserialize {@link javax.servlet.http.Cookie}
+ * Mixin class to serialize/deserialize {@link jakarta.servlet.http.Cookie}
  *
  * <pre>
  *     ObjectMapper mapper = new ObjectMapper();
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/WebServletJackson2Module.java b/web/src/main/java/org/springframework/security/web/jackson2/WebServletJackson2Module.java
index 7a91aebf3f8..07bd2c3e00d 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/WebServletJackson2Module.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/WebServletJackson2Module.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.jackson2;
 
-import javax.servlet.http.Cookie;
+import jakarta.servlet.http.Cookie;
 
 import com.fasterxml.jackson.core.Version;
 import com.fasterxml.jackson.databind.module.SimpleModule;
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java b/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java
index 9999cc2ee76..d540ca98caa 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java
@@ -18,9 +18,9 @@
 
 import java.util.Base64;
 
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java b/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java
index ea2358293f6..d1a3126fdaa 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java
@@ -25,8 +25,8 @@
 import java.util.Map;
 import java.util.TreeMap;
 
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
 
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.databind.annotation.JsonPOJOBuilder;
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java b/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java
index af5d414550f..574ffb4ba18 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java
@@ -16,9 +16,9 @@
 
 package org.springframework.security.web.savedrequest;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/NullRequestCache.java b/web/src/main/java/org/springframework/security/web/savedrequest/NullRequestCache.java
index 51064839054..9557dc179e1 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/NullRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/NullRequestCache.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.savedrequest;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 /**
  * Null implementation of <tt>RequestCache</tt>. Typically used when creation of a session
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/RequestCache.java b/web/src/main/java/org/springframework/security/web/savedrequest/RequestCache.java
index 0746dbfbf62..427b81dc475 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/RequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/RequestCache.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.savedrequest;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 /**
  * Implements "saved request" logic, allowing a single request to be retrieved and
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java b/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java
index 74b769c1ee9..ccb65ed980a 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java
@@ -18,12 +18,12 @@
 
 import java.io.IOException;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.util.Assert;
 import org.springframework.web.filter.GenericFilterBean;
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/SavedCookie.java b/web/src/main/java/org/springframework/security/web/savedrequest/SavedCookie.java
index 9357e98fbed..1b9faf1f8be 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/SavedCookie.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/SavedCookie.java
@@ -18,7 +18,7 @@
 
 import java.io.Serializable;
 
-import javax.servlet.http.Cookie;
+import jakarta.servlet.http.Cookie;
 
 /**
  * Stores off the values of a cookie in a serializable holder
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequest.java b/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequest.java
index 6a2984c7329..0207c4fffb4 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequest.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequest.java
@@ -21,7 +21,7 @@
 import java.util.Locale;
 import java.util.Map;
 
-import javax.servlet.http.Cookie;
+import jakarta.servlet.http.Cookie;
 
 /**
  * Encapsulates the functionality required of a cached request for both an authentication
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapper.java b/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapper.java
index dfd47266753..204abd60125 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapper.java
@@ -28,8 +28,8 @@
 import java.util.Set;
 import java.util.TimeZone;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequestWrapper;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/SimpleSavedRequest.java b/web/src/main/java/org/springframework/security/web/savedrequest/SimpleSavedRequest.java
index 431f037703d..e1595ea6bdc 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/SimpleSavedRequest.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/SimpleSavedRequest.java
@@ -23,7 +23,7 @@
 import java.util.Locale;
 import java.util.Map;
 
-import javax.servlet.http.Cookie;
+import jakarta.servlet.http.Cookie;
 
 import org.springframework.util.Assert;
 
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java
index e2a9a81adaf..266697639f9 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java
@@ -19,8 +19,8 @@
 import java.util.Map;
 import java.util.UUID;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpSession;
 
 import reactor.core.publisher.Mono;
 import reactor.core.scheduler.Schedulers;
diff --git a/web/src/main/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessor.java b/web/src/main/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessor.java
index 1ea18dbe784..84b25b69292 100644
--- a/web/src/main/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessor.java
@@ -21,7 +21,7 @@
 import java.util.Map;
 import java.util.regex.Pattern;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.security.web.csrf.CsrfToken;
 import org.springframework.web.servlet.support.RequestDataValueProcessor;
diff --git a/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java b/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java
index 70c96faba56..542b3b639fa 100644
--- a/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java
@@ -18,7 +18,7 @@
 
 import java.util.Map;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.http.HttpMethod;
 import org.springframework.security.web.util.matcher.RequestMatcher;
diff --git a/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java b/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java
index 51113ac551a..360d4746b8c 100644
--- a/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java
+++ b/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java
@@ -19,14 +19,14 @@
 import java.io.IOException;
 import java.util.List;
 
-import javax.servlet.AsyncContext;
-import javax.servlet.AsyncListener;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.AsyncContext;
+import jakarta.servlet.AsyncListener;
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/servletapi/HttpServletRequestFactory.java b/web/src/main/java/org/springframework/security/web/servletapi/HttpServletRequestFactory.java
index e6d430d1ba7..bd7baad7fff 100644
--- a/web/src/main/java/org/springframework/security/web/servletapi/HttpServletRequestFactory.java
+++ b/web/src/main/java/org/springframework/security/web/servletapi/HttpServletRequestFactory.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.servletapi;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 /**
  * Internal interface for creating a {@link HttpServletRequest}.
diff --git a/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilter.java b/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilter.java
index 2b6238e1392..eeb4f4de826 100644
--- a/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilter.java
+++ b/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilter.java
@@ -19,13 +19,13 @@
 import java.io.IOException;
 import java.util.List;
 
-import javax.servlet.AsyncContext;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.AsyncContext;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.AuthenticationTrustResolver;
diff --git a/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java b/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java
index 612c73893a6..e2057add22c 100644
--- a/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java
@@ -19,8 +19,8 @@
 import java.security.Principal;
 import java.util.Collection;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequestWrapper;
 
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.authentication.AuthenticationTrustResolver;
diff --git a/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java b/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
index 57d5928ec09..473dc63ed89 100644
--- a/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
+++ b/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
@@ -19,13 +19,13 @@
 import java.io.IOException;
 import java.util.List;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.springframework.core.log.LogMessage;
 import org.springframework.security.core.Authentication;
diff --git a/web/src/main/java/org/springframework/security/web/session/HttpSessionCreatedEvent.java b/web/src/main/java/org/springframework/security/web/session/HttpSessionCreatedEvent.java
index f9fe0d9721b..15dcfff296a 100644
--- a/web/src/main/java/org/springframework/security/web/session/HttpSessionCreatedEvent.java
+++ b/web/src/main/java/org/springframework/security/web/session/HttpSessionCreatedEvent.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.session;
 
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpSession;
 
 import org.springframework.security.core.session.SessionCreationEvent;
 
diff --git a/web/src/main/java/org/springframework/security/web/session/HttpSessionDestroyedEvent.java b/web/src/main/java/org/springframework/security/web/session/HttpSessionDestroyedEvent.java
index ec06003d64c..944dd3c202d 100644
--- a/web/src/main/java/org/springframework/security/web/session/HttpSessionDestroyedEvent.java
+++ b/web/src/main/java/org/springframework/security/web/session/HttpSessionDestroyedEvent.java
@@ -20,7 +20,7 @@
 import java.util.Enumeration;
 import java.util.List;
 
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpSession;
 
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.session.SessionDestroyedEvent;
diff --git a/web/src/main/java/org/springframework/security/web/session/HttpSessionEventPublisher.java b/web/src/main/java/org/springframework/security/web/session/HttpSessionEventPublisher.java
index 146922129a0..f136208feae 100644
--- a/web/src/main/java/org/springframework/security/web/session/HttpSessionEventPublisher.java
+++ b/web/src/main/java/org/springframework/security/web/session/HttpSessionEventPublisher.java
@@ -16,11 +16,11 @@
 
 package org.springframework.security.web.session;
 
-import javax.servlet.ServletContext;
-import javax.servlet.http.HttpSession;
-import javax.servlet.http.HttpSessionEvent;
-import javax.servlet.http.HttpSessionIdListener;
-import javax.servlet.http.HttpSessionListener;
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpSessionEvent;
+import jakarta.servlet.http.HttpSessionIdListener;
+import jakarta.servlet.http.HttpSessionListener;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -40,9 +40,9 @@
  * </pre>
  *
  * Publishes <code>HttpSessionApplicationEvent</code>s to the Spring Root
- * WebApplicationContext. Maps javax.servlet.http.HttpSessionListener.sessionCreated() to
- * {@link HttpSessionCreatedEvent}. Maps
- * javax.servlet.http.HttpSessionListener.sessionDestroyed() to
+ * WebApplicationContext. Maps jakarta.servlet.http.HttpSessionListener.sessionCreated()
+ * to {@link HttpSessionCreatedEvent}. Maps
+ * jakarta.servlet.http.HttpSessionListener.sessionDestroyed() to
  * {@link HttpSessionDestroyedEvent}.
  *
  * @author Ray Krueger
diff --git a/web/src/main/java/org/springframework/security/web/session/HttpSessionIdChangedEvent.java b/web/src/main/java/org/springframework/security/web/session/HttpSessionIdChangedEvent.java
index 1d075c8a980..1320c1bb50d 100644
--- a/web/src/main/java/org/springframework/security/web/session/HttpSessionIdChangedEvent.java
+++ b/web/src/main/java/org/springframework/security/web/session/HttpSessionIdChangedEvent.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.session;
 
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpSession;
 
 import org.springframework.security.core.session.SessionIdChangedEvent;
 
diff --git a/web/src/main/java/org/springframework/security/web/session/InvalidSessionAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/session/InvalidSessionAccessDeniedHandler.java
index 64540da7b07..5efbd94a216 100644
--- a/web/src/main/java/org/springframework/security/web/session/InvalidSessionAccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/session/InvalidSessionAccessDeniedHandler.java
@@ -18,9 +18,9 @@
 
 import java.io.IOException;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.web.access.AccessDeniedHandler;
diff --git a/web/src/main/java/org/springframework/security/web/session/InvalidSessionStrategy.java b/web/src/main/java/org/springframework/security/web/session/InvalidSessionStrategy.java
index 5919279c7a0..75276468d75 100644
--- a/web/src/main/java/org/springframework/security/web/session/InvalidSessionStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/session/InvalidSessionStrategy.java
@@ -18,9 +18,9 @@
 
 import java.io.IOException;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 /**
  * Determines the behaviour of the {@code SessionManagementFilter} when an invalid session
diff --git a/web/src/main/java/org/springframework/security/web/session/RequestedUrlRedirectInvalidSessionStrategy.java b/web/src/main/java/org/springframework/security/web/session/RequestedUrlRedirectInvalidSessionStrategy.java
index 9d023701fff..c7a0a5296f6 100644
--- a/web/src/main/java/org/springframework/security/web/session/RequestedUrlRedirectInvalidSessionStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/session/RequestedUrlRedirectInvalidSessionStrategy.java
@@ -18,8 +18,8 @@
 
 import java.io.IOException;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredEvent.java b/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredEvent.java
index c23c882d192..925f5a04400 100644
--- a/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredEvent.java
+++ b/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredEvent.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.session;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.context.ApplicationEvent;
 import org.springframework.security.core.session.SessionInformation;
diff --git a/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredStrategy.java b/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredStrategy.java
index 29a5b59d719..a6ec0395ac4 100644
--- a/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredStrategy.java
@@ -18,7 +18,7 @@
 
 import java.io.IOException;
 
-import javax.servlet.ServletException;
+import jakarta.servlet.ServletException;
 
 /**
  * Determines the behaviour of the {@code ConcurrentSessionFilter} when an expired session
diff --git a/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java b/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
index 658b9ddb766..3cae4cf4d19 100644
--- a/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
+++ b/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
@@ -18,12 +18,12 @@
 
 import java.io.IOException;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.core.log.LogMessage;
 import org.springframework.security.authentication.AuthenticationTrustResolver;
diff --git a/web/src/main/java/org/springframework/security/web/session/SimpleRedirectInvalidSessionStrategy.java b/web/src/main/java/org/springframework/security/web/session/SimpleRedirectInvalidSessionStrategy.java
index 35db022e9e8..d38595ba053 100644
--- a/web/src/main/java/org/springframework/security/web/session/SimpleRedirectInvalidSessionStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/session/SimpleRedirectInvalidSessionStrategy.java
@@ -18,8 +18,8 @@
 
 import java.io.IOException;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/util/OnCommittedResponseWrapper.java b/web/src/main/java/org/springframework/security/web/util/OnCommittedResponseWrapper.java
index 6cd63e0e4cc..196b153242f 100644
--- a/web/src/main/java/org/springframework/security/web/util/OnCommittedResponseWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/util/OnCommittedResponseWrapper.java
@@ -20,14 +20,14 @@
 import java.io.PrintWriter;
 import java.util.Locale;
 
-import javax.servlet.ServletOutputStream;
-import javax.servlet.WriteListener;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpServletResponseWrapper;
+import jakarta.servlet.ServletOutputStream;
+import jakarta.servlet.WriteListener;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponseWrapper;
 
 /**
  * Base class for response wrappers which encapsulate the logic for handling an event when
- * the {@link javax.servlet.http.HttpServletResponse} is committed.
+ * the {@link jakarta.servlet.http.HttpServletResponse} is committed.
  *
  * @author Rob Winch
  * @since 4.0.2
@@ -84,8 +84,8 @@ private void setContentLength(long len) {
 	/**
 	 * Invoke this method to disable invoking
 	 * {@link OnCommittedResponseWrapper#onResponseCommitted()} when the
-	 * {@link javax.servlet.http.HttpServletResponse} is committed. This can be useful in
-	 * the event that Async Web Requests are made.
+	 * {@link jakarta.servlet.http.HttpServletResponse} is committed. This can be useful
+	 * in the event that Async Web Requests are made.
 	 */
 	protected void disableOnResponseCommitted() {
 		this.disableOnCommitted = true;
@@ -101,8 +101,8 @@ protected boolean isDisableOnResponseCommitted() {
 	}
 
 	/**
-	 * Implement the logic for handling the {@link javax.servlet.http.HttpServletResponse}
-	 * being committed
+	 * Implement the logic for handling the
+	 * {@link jakarta.servlet.http.HttpServletResponse} being committed
 	 */
 	protected abstract void onResponseCommitted();
 
@@ -498,8 +498,9 @@ public PrintWriter append(char c) {
 	/**
 	 * Ensures{@link OnCommittedResponseWrapper#onResponseCommitted()} is invoked before
 	 * calling methods that commit the response. We delegate all methods to the original
-	 * {@link javax.servlet.ServletOutputStream} to ensure that the behavior is as close
-	 * to the original {@link javax.servlet.ServletOutputStream} as possible. See SEC-2039
+	 * {@link jakarta.servlet.ServletOutputStream} to ensure that the behavior is as close
+	 * to the original {@link jakarta.servlet.ServletOutputStream} as possible. See
+	 * SEC-2039
 	 *
 	 * @author Rob Winch
 	 */
diff --git a/web/src/main/java/org/springframework/security/web/util/UrlUtils.java b/web/src/main/java/org/springframework/security/web/util/UrlUtils.java
index 98f4bbf5c8d..e1346a86b7e 100644
--- a/web/src/main/java/org/springframework/security/web/util/UrlUtils.java
+++ b/web/src/main/java/org/springframework/security/web/util/UrlUtils.java
@@ -18,7 +18,7 @@
 
 import java.util.regex.Pattern;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 /**
  * Provides static methods for composing URLs.
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java
index 07682a183f5..eed80e507f5 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/AndRequestMatcher.java
@@ -19,7 +19,7 @@
 import java.util.Arrays;
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java
index 49aed044786..30563b0ac7d 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java
@@ -19,7 +19,7 @@
 import java.util.Collections;
 import java.util.Map;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.http.HttpMethod;
 import org.springframework.util.AntPathMatcher;
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/AnyRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/AnyRequestMatcher.java
index 52a818cc5d1..159ea45872b 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/AnyRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/AnyRequestMatcher.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.util.matcher;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 /**
  * Matches any supplied request.
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/DispatcherTypeRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/DispatcherTypeRequestMatcher.java
index 617fc956fdf..9b0b5ba184a 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/DispatcherTypeRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/DispatcherTypeRequestMatcher.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.util.matcher;
 
-import javax.servlet.DispatcherType;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.DispatcherType;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.http.HttpMethod;
 import org.springframework.lang.Nullable;
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcher.java
index f3ce9d70a60..53091a136b9 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcher.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.util.matcher;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.Expression;
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcherContext.java b/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcherContext.java
index d6988b32846..bd0f2a01ae1 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcherContext.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/ELRequestMatcherContext.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.util.matcher;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.util.StringUtils;
 
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java
index 2666905c6a2..a0e9409e631 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java
@@ -19,7 +19,7 @@
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcher.java
index 6aa80140a64..1ff6be2452d 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcher.java
@@ -22,7 +22,7 @@
 import java.util.List;
 import java.util.Set;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java
index 3f5e92c6b88..a7eb791443a 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/NegatedRequestMatcher.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.util.matcher;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java
index 92a2e2eb784..6234a1af7ea 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/OrRequestMatcher.java
@@ -19,7 +19,7 @@
 import java.util.Arrays;
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.util.Assert;
 
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
index 9264b56f213..e93b99f9340 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
@@ -18,7 +18,7 @@
 
 import java.util.regex.Pattern;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcher.java
index 8b476f37bc0..9f1bbfcc018 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcher.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.util.matcher;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.util.Assert;
 
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/RequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/RequestMatcher.java
index 0d3fccf6f9b..e6b223d977d 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/RequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/RequestMatcher.java
@@ -19,7 +19,7 @@
 import java.util.Collections;
 import java.util.Map;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 /**
  * Simple strategy to match an <tt>HttpServletRequest</tt>.
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/RequestVariablesExtractor.java b/web/src/main/java/org/springframework/security/web/util/matcher/RequestVariablesExtractor.java
index 5c9fcb9675b..309c6ddd082 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/RequestVariablesExtractor.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/RequestVariablesExtractor.java
@@ -18,7 +18,7 @@
 
 import java.util.Map;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 /**
  * An interface for extracting URI variables from the {@link HttpServletRequest}.
diff --git a/web/src/test/java/org/springframework/security/MockFilterConfig.java b/web/src/test/java/org/springframework/security/MockFilterConfig.java
index 5a2e9b0a325..8f80bf20f3f 100644
--- a/web/src/test/java/org/springframework/security/MockFilterConfig.java
+++ b/web/src/test/java/org/springframework/security/MockFilterConfig.java
@@ -20,8 +20,8 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletContext;
+import jakarta.servlet.FilterConfig;
+import jakarta.servlet.ServletContext;
 
 /**
  * @author Ben Alex
diff --git a/web/src/test/java/org/springframework/security/MockPortResolver.java b/web/src/test/java/org/springframework/security/MockPortResolver.java
index 65e774af018..10ea448b463 100644
--- a/web/src/test/java/org/springframework/security/MockPortResolver.java
+++ b/web/src/test/java/org/springframework/security/MockPortResolver.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security;
 
-import javax.servlet.ServletRequest;
+import jakarta.servlet.ServletRequest;
 
 import org.springframework.security.web.PortResolver;
 
diff --git a/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java b/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java
index 59db2f705fb..398f639b8ac 100644
--- a/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java
+++ b/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java
@@ -20,12 +20,12 @@
 import java.util.Collections;
 import java.util.List;
 
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequestWrapper;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java b/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java
index 2d1941f3c8c..0066e0c10c3 100644
--- a/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java
+++ b/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java
@@ -16,9 +16,9 @@
 
 package org.springframework.security.web;
 
-import javax.servlet.FilterChain;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.Test;
 
diff --git a/web/src/test/java/org/springframework/security/web/RequestMatcherRedirectFilterTests.java b/web/src/test/java/org/springframework/security/web/RequestMatcherRedirectFilterTests.java
index 5603f00a2f1..2ed3a72cdb0 100644
--- a/web/src/test/java/org/springframework/security/web/RequestMatcherRedirectFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/RequestMatcherRedirectFilterTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web;
 
-import javax.servlet.FilterChain;
+import jakarta.servlet.FilterChain;
 
 import org.junit.jupiter.api.Test;
 
diff --git a/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java b/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java
index 9e93d66ded8..646718c650e 100644
--- a/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/DelegatingAccessDeniedHandlerTests.java
@@ -18,8 +18,8 @@
 
 import java.util.LinkedHashMap;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java b/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
index 9fd08885400..c3c81de1867 100644
--- a/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
@@ -19,11 +19,11 @@
 import java.io.IOException;
 import java.util.Locale;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandlerTests.java b/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandlerTests.java
index bf24389b19c..078f41fa5df 100644
--- a/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingAccessDeniedHandlerTests.java
@@ -18,7 +18,7 @@
 
 import java.util.LinkedHashMap;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java b/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java
index 20fd436a966..785e71f118b 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java
@@ -22,7 +22,7 @@
 import java.util.List;
 import java.util.Vector;
 
-import javax.servlet.FilterChain;
+import jakarta.servlet.FilterChain;
 
 import org.junit.jupiter.api.Test;
 
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
index d2f10d6333e..5a24d45928f 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
@@ -19,7 +19,7 @@
 import java.io.IOException;
 import java.util.Collection;
 
-import javax.servlet.FilterChain;
+import jakarta.servlet.FilterChain;
 
 import org.junit.jupiter.api.Test;
 
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/InsecureChannelProcessorTests.java b/web/src/test/java/org/springframework/security/web/access/channel/InsecureChannelProcessorTests.java
index fabc67814e9..bd213da46ef 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/InsecureChannelProcessorTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/InsecureChannelProcessorTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.access.channel;
 
-import javax.servlet.FilterChain;
+import jakarta.servlet.FilterChain;
 
 import org.junit.jupiter.api.Test;
 
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java b/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java
index 46f0cb7fdc7..01191c53db2 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.access.channel;
 
-import javax.servlet.FilterChain;
+import jakarta.servlet.FilterChain;
 
 import org.junit.jupiter.api.Test;
 
diff --git a/web/src/test/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessorTests.java b/web/src/test/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessorTests.java
index fad49c48d58..373e742e4ad 100644
--- a/web/src/test/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessorTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/expression/AbstractVariableEvaluationContextPostProcessorTests.java
@@ -19,7 +19,7 @@
 import java.util.Collections;
 import java.util.Map;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java b/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java
index 80c5a82291c..e471d634ed1 100644
--- a/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java
@@ -18,9 +18,9 @@
 
 import java.util.ArrayList;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
 
 import org.aopalliance.intercept.MethodInvocation;
 import org.junit.jupiter.api.Test;
diff --git a/web/src/test/java/org/springframework/security/web/access/expression/WebSecurityExpressionRootTests.java b/web/src/test/java/org/springframework/security/web/access/expression/WebSecurityExpressionRootTests.java
index 85574abc080..17bc7388670 100644
--- a/web/src/test/java/org/springframework/security/web/access/expression/WebSecurityExpressionRootTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/expression/WebSecurityExpressionRootTests.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.access.expression;
 
-import javax.servlet.FilterChain;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.Test;
 
diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/AuthorizationFilterTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/AuthorizationFilterTests.java
index b2b22c5666d..1b4e4e8392a 100644
--- a/web/src/test/java/org/springframework/security/web/access/intercept/AuthorizationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/intercept/AuthorizationFilterTests.java
@@ -18,8 +18,8 @@
 
 import java.util.function.Supplier;
 
-import javax.servlet.FilterChain;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Test;
diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java
index 01c368e286b..ce5e00ea8e1 100644
--- a/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java
@@ -19,7 +19,7 @@
 import java.util.Collection;
 import java.util.LinkedHashMap;
 
-import javax.servlet.FilterChain;
+import jakarta.servlet.FilterChain;
 
 import org.junit.jupiter.api.Test;
 
diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java
index ee6ce48ddc3..ded5a395d20 100644
--- a/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java
@@ -16,9 +16,9 @@
 
 package org.springframework.security.web.access.intercept;
 
-import javax.servlet.FilterChain;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java
index c41c12eab80..b9948c435f3 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java
@@ -16,12 +16,12 @@
 
 package org.springframework.security.web.authentication;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.apache.commons.logging.Log;
 import org.junit.jupiter.api.AfterEach;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java
index e8cef30504b..a50cc4639ae 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java
@@ -18,12 +18,12 @@
 
 import java.io.IOException;
 
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.FilterConfig;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java
index a8a97eebb10..cd737d9b7a5 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java
@@ -16,11 +16,11 @@
 
 package org.springframework.security.web.authentication;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Test;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
index 97fbfda4066..d5b4ed29e0e 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
@@ -19,9 +19,9 @@
 import java.util.Collections;
 import java.util.Locale;
 
-import javax.servlet.FilterChain;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.Test;
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java
index 9e7d85270b7..b9ac59940c1 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointContextTests.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.authentication;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java
index 761fe90bd42..678e4d31eac 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java
@@ -18,7 +18,7 @@
 
 import java.util.LinkedHashMap;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java
index 857be3a115a..7d5080b2801 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java
@@ -18,8 +18,8 @@
 
 import java.util.LinkedHashMap;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandlerTests.java
index 6bc04f2eaf0..83f7d51e94b 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandlerTests.java
@@ -19,8 +19,8 @@
 import java.util.Arrays;
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.Test;
 import org.mockito.InOrder;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandlerTests.java
index c5b6c6e8305..a6a9c864074 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandlerTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.authentication.logout;
 
-import javax.servlet.http.Cookie;
+import jakarta.servlet.http.Cookie;
 
 import org.junit.jupiter.api.Test;
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandlerTests.java
index 36c5879dc0d..ea34fd01dfb 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/DelegatingLogoutSuccessHandlerTests.java
@@ -18,7 +18,7 @@
 
 import java.util.LinkedHashMap;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
index d32323c4e72..1c81209c75a 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
@@ -16,9 +16,9 @@
 
 package org.springframework.security.web.authentication.preauth;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/Http403ForbiddenEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/Http403ForbiddenEntryPointTests.java
index 096c5315b35..e7d54ba4a84 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/Http403ForbiddenEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/Http403ForbiddenEntryPointTests.java
@@ -18,7 +18,7 @@
 
 import java.io.IOException;
 
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java
index 0be25f5c264..c6a2ef7d177 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java
@@ -21,7 +21,7 @@
 import java.util.List;
 import java.util.Set;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.Test;
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java
index 3e7275f1b7f..186346ca234 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java
@@ -22,7 +22,7 @@
 import java.util.List;
 import java.util.Set;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.Test;
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java
index 91edaf4d140..1aa89b1065d 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java
@@ -20,7 +20,7 @@
 import java.util.HashSet;
 import java.util.Set;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.Test;
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java
index d5a9e1a8d20..1a73bc66134 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.authentication.preauth.websphere;
 
-import javax.servlet.FilterChain;
+import jakarta.servlet.FilterChain;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Test;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
index a8912f326a3..7de3bef577a 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
@@ -16,9 +16,9 @@
 
 package org.springframework.security.web.authentication.rememberme;
 
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java
index b79ef32f09a..7d8a8219584 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java
@@ -19,7 +19,7 @@
 import java.util.Date;
 import java.util.concurrent.TimeUnit;
 
-import javax.servlet.http.Cookie;
+import jakarta.servlet.http.Cookie;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java
index de778a94fd4..8d036b7388d 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java
@@ -16,9 +16,9 @@
 
 package org.springframework.security.web.authentication.rememberme;
 
-import javax.servlet.FilterChain;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
index bc1aa888c10..871503f9732 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
@@ -18,7 +18,7 @@
 
 import java.util.Date;
 
-import javax.servlet.http.Cookie;
+import jakarta.servlet.http.Cookie;
 
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.codec.digest.DigestUtils;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java
index 2aaab5a6395..c36df8beb6a 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java
@@ -19,8 +19,8 @@
 import java.util.Arrays;
 import java.util.Collections;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
index 1c9f5eaef45..d483c4fddc6 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
@@ -19,7 +19,7 @@
 import java.util.ArrayList;
 import java.util.List;
 
-import javax.servlet.FilterChain;
+import jakarta.servlet.FilterChain;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java
index 744f32993a2..784f1fb969c 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.authentication.www;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.apache.commons.codec.binary.Base64;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java
index 13b265b8e00..420f6086365 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java
@@ -18,10 +18,10 @@
 
 import java.nio.charset.StandardCharsets;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.codec.binary.Base64;
 import org.junit.jupiter.api.AfterEach;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java
index 6168db71433..f0f6e9a08f8 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java
@@ -19,10 +19,10 @@
 import java.io.IOException;
 import java.util.Map;
 
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
 
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.codec.digest.DigestUtils;
diff --git a/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java b/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java
index a29ef1cab76..a92bffac0b4 100644
--- a/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java
@@ -19,8 +19,8 @@
 import java.util.Date;
 import java.util.List;
 
-import javax.servlet.FilterChain;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Test;
diff --git a/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java b/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java
index 8475a2433de..5dfb003b40b 100644
--- a/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java
@@ -22,11 +22,11 @@
 import java.util.HashSet;
 import java.util.Set;
 
-import javax.servlet.DispatcherType;
-import javax.servlet.Filter;
-import javax.servlet.FilterRegistration;
-import javax.servlet.ServletContext;
-import javax.servlet.SessionTrackingMode;
+import jakarta.servlet.DispatcherType;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterRegistration;
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.SessionTrackingMode;
 
 import org.junit.jupiter.api.Test;
 import org.mockito.ArgumentCaptor;
diff --git a/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java b/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java
index cfbe0f332f4..45c78003db8 100644
--- a/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java
@@ -22,15 +22,15 @@
 import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
 
-import javax.servlet.Filter;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpServletResponseWrapper;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.Filter;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletOutputStream;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequestWrapper;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponseWrapper;
+import jakarta.servlet.http.HttpSession;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Test;
diff --git a/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java b/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java
index 4c1b5f37982..9b5b2d5b5fa 100644
--- a/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapperTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.context;
 
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java b/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java
index 8ef48d12b2b..a3a87c1f034 100644
--- a/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/SecurityContextPersistenceFilterTests.java
@@ -18,9 +18,9 @@
 
 import java.io.IOException;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Test;
diff --git a/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java b/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java
index d2aab149693..8cdf41f5f46 100644
--- a/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java
@@ -19,8 +19,8 @@
 import java.util.concurrent.Callable;
 import java.util.concurrent.ThreadFactory;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
@@ -35,7 +35,7 @@
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.context.request.NativeWebRequest;
 import org.springframework.web.context.request.async.AsyncWebRequest;
-import org.springframework.web.context.request.async.CallableProcessingInterceptorAdapter;
+import org.springframework.web.context.request.async.CallableProcessingInterceptor;
 import org.springframework.web.context.request.async.WebAsyncManager;
 import org.springframework.web.context.request.async.WebAsyncUtils;
 
@@ -90,7 +90,7 @@ public void clearSecurityContext() {
 	@Test
 	public void doFilterInternalRegistersSecurityContextCallableProcessor() throws Exception {
 		SecurityContextHolder.setContext(this.securityContext);
-		this.asyncManager.registerCallableInterceptors(new CallableProcessingInterceptorAdapter() {
+		this.asyncManager.registerCallableInterceptors(new CallableProcessingInterceptor() {
 			@Override
 			public <T> void postProcess(NativeWebRequest request, Callable<T> task, Object concurrentResult) {
 				assertThat(SecurityContextHolder.getContext())
@@ -107,7 +107,7 @@ public <T> void postProcess(NativeWebRequest request, Callable<T> task, Object c
 	@Test
 	public void doFilterInternalRegistersSecurityContextCallableProcessorContextUpdated() throws Exception {
 		SecurityContextHolder.setContext(SecurityContextHolder.createEmptyContext());
-		this.asyncManager.registerCallableInterceptors(new CallableProcessingInterceptorAdapter() {
+		this.asyncManager.registerCallableInterceptors(new CallableProcessingInterceptor() {
 			@Override
 			public <T> void postProcess(NativeWebRequest request, Callable<T> task, Object concurrentResult) {
 				assertThat(SecurityContextHolder.getContext())
diff --git a/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java
index 3b08d4318f9..90b33b4b165 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.csrf;
 
-import javax.servlet.http.Cookie;
+import jakarta.servlet.http.Cookie;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java
index a949e3a3958..e2f70abbd1b 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.csrf;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
index b4244f228d7..91136b14a54 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
@@ -19,10 +19,10 @@
 import java.io.IOException;
 import java.util.Arrays;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.assertj.core.api.AbstractObjectAssert;
 import org.assertj.core.api.ObjectAssert;
diff --git a/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java
index 5ad35258d4c..40a19297a5f 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.csrf;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java b/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java
index 309b2454e1b..48fd8f95b2e 100644
--- a/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/debug/DebugFilterTests.java
@@ -18,10 +18,10 @@
 
 import java.util.Collections;
 
-import javax.servlet.FilterChain;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequestWrapper;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/web/src/test/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandlerTests.java b/web/src/test/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandlerTests.java
index 1e668eb8b5a..d9eec85c938 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandlerTests.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.firewall;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.Test;
 
diff --git a/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java b/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java
index dedf238ad72..2f2f2622d9e 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.firewall;
 
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/web/src/test/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandlerTests.java b/web/src/test/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandlerTests.java
index 49b28796ef5..0590e8162d6 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandlerTests.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.firewall;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.Test;
 
diff --git a/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java b/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java
index 4d1bd3f46f8..1e3d538c566 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java
@@ -19,9 +19,9 @@
 import java.util.LinkedHashMap;
 import java.util.Map;
 
-import javax.servlet.RequestDispatcher;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.RequestDispatcher;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
diff --git a/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java b/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java
index ce461e34015..92bbc2ea414 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java
@@ -19,7 +19,7 @@
 import java.util.Arrays;
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.Test;
 
diff --git a/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java b/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java
index 712e03e01c1..7841bce5603 100644
--- a/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java
@@ -21,8 +21,8 @@
 import java.util.Collections;
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java
index f1ef36b15a5..1060198e2a9 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/CompositeHeaderWriterTests.java
@@ -19,8 +19,8 @@
 import java.util.Arrays;
 import java.util.Collections;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.Test;
 
diff --git a/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java b/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java
index f1709d31921..d6efb55b747 100644
--- a/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilterTests.java
@@ -31,9 +31,10 @@
 import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
 import javax.security.auth.login.Configuration;
 import javax.security.auth.login.LoginContext;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/web/src/test/java/org/springframework/security/web/jackson2/CookieMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/CookieMixinTests.java
index 41bc753d3bc..c946e27ed91 100644
--- a/web/src/test/java/org/springframework/security/web/jackson2/CookieMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/jackson2/CookieMixinTests.java
@@ -18,7 +18,7 @@
 
 import java.io.IOException;
 
-import javax.servlet.http.Cookie;
+import jakarta.servlet.http.Cookie;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
 import org.json.JSONException;
@@ -35,7 +35,7 @@ public class CookieMixinTests extends AbstractMixinTests {
 
 	// @formatter:off
 	private static final String COOKIE_JSON = "{"
-		+ "\"@class\": \"javax.servlet.http.Cookie\", "
+		+ "\"@class\": \"jakarta.servlet.http.Cookie\", "
 		+ "\"name\": \"demo\", "
 		+ "\"value\": \"cookie1\","
 		+ "\"comment\": null, "
diff --git a/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java
index 3ef5f37fecd..b136c8c8795 100644
--- a/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java
@@ -20,9 +20,9 @@
 import java.util.Collections;
 import java.util.Locale;
 
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequestWrapper;
 
 import org.json.JSONException;
 import org.junit.jupiter.api.Test;
diff --git a/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java
index 06f4bbfa9ca..b72848e49fb 100644
--- a/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java
@@ -20,7 +20,7 @@
 import java.util.ArrayList;
 import java.util.List;
 
-import javax.servlet.http.Cookie;
+import jakarta.servlet.http.Cookie;
 
 import com.fasterxml.jackson.annotation.JsonAutoDetect;
 import com.fasterxml.jackson.annotation.PropertyAccessor;
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
index 320a2731815..be35465789a 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
@@ -18,8 +18,8 @@
 
 import java.util.Base64;
 
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.Test;
 
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java
index 05600271148..36ed7f21df4 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java
@@ -21,9 +21,9 @@
 import java.util.Locale;
 import java.util.Map;
 
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.Test;
 
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilterTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilterTests.java
index fc2184a5048..8e50b6336e6 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilterTests.java
@@ -18,7 +18,7 @@
 
 import java.util.Base64;
 
-import javax.servlet.http.Cookie;
+import jakarta.servlet.http.Cookie;
 
 import org.junit.jupiter.api.Test;
 
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/SavedCookieTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/SavedCookieTests.java
index 1f7901b069d..ec391fa20ac 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/SavedCookieTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/SavedCookieTests.java
@@ -18,7 +18,7 @@
 
 import java.io.Serializable;
 
-import javax.servlet.http.Cookie;
+import jakarta.servlet.http.Cookie;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java
index 4f53239f66e..e7fc56bd858 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java
@@ -21,7 +21,7 @@
 import java.util.Enumeration;
 import java.util.Locale;
 
-import javax.servlet.http.Cookie;
+import jakarta.servlet.http.Cookie;
 
 import org.junit.jupiter.api.Test;
 
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/SimpleSavedRequestTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/SimpleSavedRequestTests.java
index 2484589ba14..71522b4b2f4 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/SimpleSavedRequestTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/SimpleSavedRequestTests.java
@@ -22,7 +22,7 @@
 import java.util.Locale;
 import java.util.Map;
 
-import javax.servlet.http.Cookie;
+import jakarta.servlet.http.Cookie;
 
 import org.junit.jupiter.api.Test;
 
diff --git a/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java b/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java
index 5e81db0a107..8e59e41259c 100644
--- a/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java
@@ -19,11 +19,11 @@
 import java.util.Arrays;
 import java.util.List;
 
-import javax.servlet.AsyncContext;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.AsyncContext;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
diff --git a/web/src/test/java/org/springframework/security/web/session/DefaultSessionAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/session/DefaultSessionAuthenticationStrategyTests.java
index 58f651411a2..278122549a2 100644
--- a/web/src/test/java/org/springframework/security/web/session/DefaultSessionAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/session/DefaultSessionAuthenticationStrategyTests.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.session;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpSession;
 
 import org.junit.jupiter.api.Test;
 import org.mockito.ArgumentCaptor;
diff --git a/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java b/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java
index 7bdbfc7a7d4..c18b3bebd1d 100644
--- a/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java
+++ b/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.session;
 
-import javax.servlet.http.HttpSessionEvent;
+import jakarta.servlet.http.HttpSessionEvent;
 
 import org.junit.jupiter.api.Test;
 
diff --git a/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java b/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java
index b76367aa383..3bed72ead2b 100644
--- a/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java
@@ -16,9 +16,9 @@
 
 package org.springframework.security.web.session;
 
-import javax.servlet.FilterChain;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Test;
diff --git a/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java b/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java
index 82a6cab8069..97acfee56fb 100644
--- a/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java
@@ -20,8 +20,8 @@
 import java.io.PrintWriter;
 import java.util.Locale;
 
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletOutputStream;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java
index a53e569c18a..5b8705d9265 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java
@@ -20,7 +20,7 @@
 import java.util.Collections;
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java
index 50469478902..73a192c72b4 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.util.matcher;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/DispatcherTypeRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/DispatcherTypeRequestMatcherTests.java
index 509912d50d2..516904b9541 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/DispatcherTypeRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/DispatcherTypeRequestMatcherTests.java
@@ -16,8 +16,8 @@
 
 package org.springframework.security.web.util.matcher;
 
-import javax.servlet.DispatcherType;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.DispatcherType;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.Test;
 
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java
index 5192dcd9cc1..e8cbcba3651 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.util.matcher;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java
index 37314e174c6..f5f9ff36136 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java
@@ -20,7 +20,7 @@
 import java.util.Collections;
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java
index 3a87bdc5f94..1af91610b8e 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java
@@ -16,7 +16,7 @@
 
 package org.springframework.security.web.util.matcher;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;