From 96f6368214221f4bfc603f96c8540a00329406c0 Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@users.noreply.github.com>
Date: Mon, 16 Oct 2017 13:38:21 -0500
Subject: [PATCH] Update to Spring Framework 5.0.1.BUILD-SNAPSHOT

Fixes gh-4633
---
 .../core/SpringSecurityCoreVersion.java         |  2 +-
 gradle/dependency-management.gradle             |  2 +-
 .../web/reactive/server/WebTestHandler.java     |  3 ++-
 .../DefaultServerRedirectStrategyTests.java     | 15 ++++++++++-----
 ...tingServerAuthenticationEntryPointTests.java |  3 ++-
 ...erHttpBasicAuthenticationConverterTests.java | 17 +++++++++++------
 ...asicServerAuthenticationEntryPointTests.java | 10 ++++++++--
 ...rectServerAuthenticationEntryPointTests.java |  5 +++--
 ...ServerAuthenticationSuccessHandlerTests.java |  5 +++--
 ...ttpStatusServerAccessDeniedHandlerTests.java |  3 ++-
 ...henticationReactorContextWebFilterTests.java |  3 ++-
 ...SecurityContextRepositoryWebFilterTests.java |  3 ++-
 ...uteServerSecurityContextRepositoryTests.java |  3 ++-
 ...acheControlServerHttpHeadersWriterTests.java |  4 +++-
 .../CompositeServerHttpHeadersWriterTests.java  |  3 ++-
 .../StaticServerHttpHeadersWriterTests.java     |  4 +++-
 ...ortSecurityServerHttpHeadersWriterTests.java | 15 ++++++++++-----
 ...TypeOptionsServerHttpHeadersWriterTests.java |  4 +++-
 ...rameOptionsServerHttpHeadersWriterTests.java |  6 +++++-
 ...sProtectionServerHttpHeadersWriterTests.java |  3 ++-
 .../MediaTypeServerWebExchangeMatcherTests.java |  3 ++-
 ...athMatcherServerWebExchangeMatcherTests.java |  4 ++--
 .../matcher/ServerWebExchangeMatchersTests.java |  4 +++-
 23 files changed, 84 insertions(+), 40 deletions(-)

diff --git a/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java b/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
index b03c602d31..a509bd2124 100644
--- a/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
+++ b/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
@@ -40,7 +40,7 @@ public class SpringSecurityCoreVersion {
 	 */
 	public static final long SERIAL_VERSION_UID = 500L;
 
-	static final String MIN_SPRING_VERSION = "5.0.0.RELEASE";
+	static final String MIN_SPRING_VERSION = "5.0.1.BUILD-SNAPSHOT";
 
 	static {
 		performVersionChecks();
diff --git a/gradle/dependency-management.gradle b/gradle/dependency-management.gradle
index a2a5208597..8751d6b642 100644
--- a/gradle/dependency-management.gradle
+++ b/gradle/dependency-management.gradle
@@ -1,7 +1,7 @@
 dependencyManagement {
 	imports {
 		mavenBom 'io.projectreactor:reactor-bom:Bismuth-RELEASE'
-		mavenBom 'org.springframework:spring-framework-bom:5.0.0.RELEASE'
+		mavenBom 'org.springframework:spring-framework-bom:5.0.1.BUILD-SNAPSHOT'
 		mavenBom 'org.springframework.data:spring-data-releasetrain:Kay-RELEASE'
 	}
 	dependencies {
diff --git a/webflux/src/test/java/org/springframework/security/test/web/reactive/server/WebTestHandler.java b/webflux/src/test/java/org/springframework/security/test/web/reactive/server/WebTestHandler.java
index ca46d07dfa..9460ae887a 100644
--- a/webflux/src/test/java/org/springframework/security/test/web/reactive/server/WebTestHandler.java
+++ b/webflux/src/test/java/org/springframework/security/test/web/reactive/server/WebTestHandler.java
@@ -16,6 +16,7 @@
 package org.springframework.security.test.web.reactive.server;
 
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest.BaseBuilder;
+import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilter;
 import org.springframework.web.server.WebHandler;
@@ -39,7 +40,7 @@ public class WebTestHandler {
 	}
 
 	public WebHandlerResult exchange(BaseBuilder<?> baseBuilder) {
-		ServerWebExchange exchange = baseBuilder.toExchange();
+		ServerWebExchange exchange = MockServerWebExchange.from(baseBuilder.build());
 		return exchange(exchange);
 	}
 
diff --git a/webflux/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java b/webflux/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java
index 2b91da38b6..b8f4008a30 100644
--- a/webflux/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java
+++ b/webflux/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java
@@ -22,6 +22,7 @@ import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 import org.springframework.http.HttpStatus;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
+import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.web.server.ServerWebExchange;
@@ -67,7 +68,7 @@ public class DefaultServerRedirectStrategyTests {
 
 	@Test
 	public void sendRedirectWhenNoContextThenStatusAndLocationSet() {
-		this.exchange = MockServerHttpRequest.get("/").toExchange();
+		this.exchange = exchange(MockServerHttpRequest.get("/"));
 
 		this.strategy.sendRedirect(this.exchange, this.location).block();
 
@@ -78,7 +79,7 @@ public class DefaultServerRedirectStrategyTests {
 
 	@Test
 	public void sendRedirectWhenContextPathSetThenStatusAndLocationSet() {
-		this.exchange = MockServerHttpRequest.get("/context/foo").contextPath("/context").toExchange();
+		this.exchange = exchange(MockServerHttpRequest.get("/context/foo").contextPath("/context"));
 
 		this.strategy.sendRedirect(this.exchange, this.location).block();
 
@@ -89,7 +90,7 @@ public class DefaultServerRedirectStrategyTests {
 	@Test
 	public void sendRedirectWhenContextPathSetAndAbsoluteURLThenStatusAndLocationSet() {
 		this.location = URI.create("https://example.com/foo/bar");
-		this.exchange = MockServerHttpRequest.get("/context/foo").contextPath("/context").toExchange();
+		this.exchange = exchange(MockServerHttpRequest.get("/context/foo").contextPath("/context"));
 
 		this.strategy.sendRedirect(this.exchange, this.location).block();
 
@@ -100,7 +101,7 @@ public class DefaultServerRedirectStrategyTests {
 	@Test
 	public void sendRedirectWhenContextPathSetAndDisabledThenStatusAndLocationSet() {
 		this.strategy.setContextRelative(false);
-		this.exchange = MockServerHttpRequest.get("/context/foo").contextPath("/context").toExchange();
+		this.exchange = exchange(MockServerHttpRequest.get("/context/foo").contextPath("/context"));
 
 		this.strategy.sendRedirect(this.exchange, this.location).block();
 
@@ -112,7 +113,7 @@ public class DefaultServerRedirectStrategyTests {
 	public void sendRedirectWhenCustomStatusThenStatusSet() {
 		HttpStatus status = HttpStatus.MOVED_PERMANENTLY;
 		this.strategy.setHttpStatus(status);
-		this.exchange = MockServerHttpRequest.get("/").toExchange();
+		this.exchange = exchange(MockServerHttpRequest.get("/"));
 
 		this.strategy.sendRedirect(this.exchange, this.location).block();
 
@@ -124,4 +125,8 @@ public class DefaultServerRedirectStrategyTests {
 	public void setHttpStatusWhenNullLocationThenException() {
 		this.strategy.setHttpStatus(null);
 	}
+
+	private static MockServerWebExchange exchange(MockServerHttpRequest.BaseBuilder<?> request) {
+		return MockServerWebExchange.from(request.build());
+	}
 }
diff --git a/webflux/src/test/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPointTests.java b/webflux/src/test/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPointTests.java
index 2458d611f8..d215bda6c0 100644
--- a/webflux/src/test/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPointTests.java
+++ b/webflux/src/test/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPointTests.java
@@ -22,6 +22,7 @@ import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 import org.springframework.http.HttpStatus;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
+import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
@@ -40,7 +41,7 @@ import static org.springframework.security.web.server.DelegatingServerAuthentica
  */
 @RunWith(MockitoJUnitRunner.class)
 public class DelegatingServerAuthenticationEntryPointTests {
-	private ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
+	private ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 
 	@Mock
 	private ServerWebExchangeMatcher matcher1;
diff --git a/webflux/src/test/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverterTests.java b/webflux/src/test/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverterTests.java
index 4762e82356..22561ad586 100644
--- a/webflux/src/test/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverterTests.java
+++ b/webflux/src/test/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverterTests.java
@@ -19,6 +19,7 @@ package org.springframework.security.web.server;
 import org.junit.Test;
 import org.springframework.http.HttpHeaders;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
+import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import reactor.core.publisher.Mono;
@@ -36,45 +37,49 @@ public class ServerHttpBasicAuthenticationConverterTests {
 
 	@Test
 	public void applyWhenNoAuthorizationHeaderThenEmpty() {
-		Mono<Authentication> result = converter.apply(request.toExchange());
+		Mono<Authentication> result = apply(this.request);
 
 		assertThat(result.block()).isNull();
 	}
 
 	@Test
 	public void applyWhenEmptyAuthorizationHeaderThenEmpty() {
-		Mono<Authentication> result = converter.apply(request.header(HttpHeaders.AUTHORIZATION, "").toExchange());
+		Mono<Authentication> result = apply(this.request.header(HttpHeaders.AUTHORIZATION, ""));
 
 		assertThat(result.block()).isNull();
 	}
 
 	@Test
 	public void applyWhenOnlyBasicAuthorizationHeaderThenEmpty() {
-		Mono<Authentication> result = converter.apply(request.header(HttpHeaders.AUTHORIZATION, "Basic ").toExchange());
+		Mono<Authentication> result = apply(this.request.header(HttpHeaders.AUTHORIZATION, "Basic "));
 
 		assertThat(result.block()).isNull();
 	}
 
 	@Test
 	public void applyWhenNotBase64ThenEmpty() {
-		Mono<Authentication> result = converter.apply(request.header(HttpHeaders.AUTHORIZATION, "Basic z").toExchange());
+		Mono<Authentication> result = apply(this.request.header(HttpHeaders.AUTHORIZATION, "Basic z"));
 
 		assertThat(result.block()).isNull();
 	}
 
 	@Test
 	public void applyWhenNoSemicolonThenEmpty() {
-		Mono<Authentication> result = converter.apply(request.header(HttpHeaders.AUTHORIZATION, "Basic dXNlcg==").toExchange());
+		Mono<Authentication> result = apply(this.request.header(HttpHeaders.AUTHORIZATION, "Basic dXNlcg=="));
 
 		assertThat(result.block()).isNull();
 	}
 
 	@Test
 	public void applyWhenUserPasswordThenAuthentication() {
-		Mono<Authentication> result = converter.apply(request.header(HttpHeaders.AUTHORIZATION, "Basic dXNlcjpwYXNzd29yZA==").toExchange());
+		Mono<Authentication> result = apply(this.request.header(HttpHeaders.AUTHORIZATION, "Basic dXNlcjpwYXNzd29yZA=="));
 
 		UsernamePasswordAuthenticationToken authentication = result.cast(UsernamePasswordAuthenticationToken.class).block();
 		assertThat(authentication.getPrincipal()).isEqualTo("user");
 		assertThat(authentication.getCredentials()).isEqualTo("password");
 	}
+
+	private Mono<Authentication> apply(MockServerHttpRequest.BaseBuilder<?> request) {
+		return this.converter.apply(MockServerWebExchange.from(this.request.build()));
+	}
 }
diff --git a/webflux/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java b/webflux/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java
index 5aa1b6c830..67cbd881a2 100644
--- a/webflux/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java
+++ b/webflux/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java
@@ -23,6 +23,7 @@ import org.mockito.junit.MockitoJUnitRunner;
 
 import org.springframework.http.HttpStatus;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
+import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint;
@@ -53,7 +54,7 @@ public class HttpBasicServerAuthenticationEntryPointTests {
 
 	@Test
 	public void commenceWhenSubscribeThenStatusAndHeaderSet() {
-		this.exchange = MockServerHttpRequest.get("/").toExchange();
+		this.exchange = exchange(MockServerHttpRequest.get("/"));
 
 		this.entryPoint.commence(this.exchange, this.exception).block();
 
@@ -66,7 +67,7 @@ public class HttpBasicServerAuthenticationEntryPointTests {
 	@Test
 	public void commenceWhenCustomRealmThenStatusAndHeaderSet() {
 		this.entryPoint.setRealm("Custom");
-		this.exchange = MockServerHttpRequest.get("/").toExchange();
+		this.exchange = exchange(MockServerHttpRequest.get("/"));
 
 		this.entryPoint.commence(this.exchange, this.exception).block();
 
@@ -80,4 +81,9 @@ public class HttpBasicServerAuthenticationEntryPointTests {
 	public void setRealmWhenNullThenException() {
 		this.entryPoint.setRealm(null);
 	}
+
+
+	private static MockServerWebExchange exchange(MockServerHttpRequest.BaseBuilder<?> request) {
+		return MockServerWebExchange.from(request.build());
+	}
 }
diff --git a/webflux/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java b/webflux/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java
index 9d259af96f..4d6a92e71e 100644
--- a/webflux/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java
+++ b/webflux/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java
@@ -23,6 +23,7 @@ import org.mockito.junit.MockitoJUnitRunner;
 
 import org.springframework.http.HttpStatus;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
+import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.server.ServerRedirectStrategy;
@@ -69,7 +70,7 @@ public class RedirectServerAuthenticationEntryPointTests {
 
 	@Test
 	public void commenceWhenSubscribeThenStatusAndLocationSet() {
-		this.exchange = MockServerHttpRequest.get("/").toExchange();
+		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 
 		this.entryPoint.commence(this.exchange, this.exception).block();
 
@@ -84,7 +85,7 @@ public class RedirectServerAuthenticationEntryPointTests {
 		when(this.serverRedirectStrategy.sendRedirect(any(), any())).thenReturn(result);
 		HttpStatus status = HttpStatus.MOVED_PERMANENTLY;
 		this.entryPoint.setServerRedirectStrategy(this.serverRedirectStrategy);
-		this.exchange = MockServerHttpRequest.get("/").toExchange();
+		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 
 		assertThat(this.entryPoint.commence(this.exchange, this.exception)).isEqualTo(result);
 	}
diff --git a/webflux/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java b/webflux/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java
index 0305089883..76480a6eab 100644
--- a/webflux/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java
+++ b/webflux/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java
@@ -22,6 +22,7 @@ import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 import org.springframework.http.HttpStatus;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
+import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.server.ServerRedirectStrategy;
 import org.springframework.security.web.server.WebFilterExchange;
@@ -74,7 +75,7 @@ public class RedirectServerAuthenticationSuccessHandlerTests {
 
 	@Test
 	public void successWhenSubscribeThenStatusAndLocationSet() {
-		this.exchange = MockServerHttpRequest.get("/").toExchange();
+		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 
 		this.handler.onAuthenticationSuccess(new WebFilterExchange(this.exchange,
 			this.chain), this.authentication).block();
@@ -89,7 +90,7 @@ public class RedirectServerAuthenticationSuccessHandlerTests {
 		Mono<Void> result = Mono.empty();
 		when(this.serverRedirectStrategy.sendRedirect(any(), any())).thenReturn(result);
 		this.handler.setServerRedirectStrategy(this.serverRedirectStrategy);
-		this.exchange = MockServerHttpRequest.get("/").toExchange();
+		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 
 		assertThat(this.handler.onAuthenticationSuccess(new WebFilterExchange(this.exchange,
 			this.chain), this.authentication)).isEqualTo(result);
diff --git a/webflux/src/test/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandlerTests.java b/webflux/src/test/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandlerTests.java
index 234781c804..25562fd72a 100644
--- a/webflux/src/test/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandlerTests.java
+++ b/webflux/src/test/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandlerTests.java
@@ -23,6 +23,7 @@ import org.mockito.junit.MockitoJUnitRunner;
 
 import org.springframework.http.HttpStatus;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
+import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.web.server.ServerWebExchange;
 
@@ -56,7 +57,7 @@ public class HttpStatusServerAccessDeniedHandlerTests {
 
 	@Test
 	public void commenceWhenSubscribeThenStatusSet() {
-		this.exchange = MockServerHttpRequest.get("/").toExchange();
+		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 
 		this.handler.handle(this.exchange, this.exception).block();
 
diff --git a/webflux/src/test/java/org/springframework/security/web/server/context/AuthenticationReactorContextWebFilterTests.java b/webflux/src/test/java/org/springframework/security/web/server/context/AuthenticationReactorContextWebFilterTests.java
index 38dc3e4e15..3764790016 100644
--- a/webflux/src/test/java/org/springframework/security/web/server/context/AuthenticationReactorContextWebFilterTests.java
+++ b/webflux/src/test/java/org/springframework/security/web/server/context/AuthenticationReactorContextWebFilterTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.web.server.context;
 
 import org.junit.Test;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
+import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.web.server.ServerWebExchange;
@@ -39,7 +40,7 @@ public class AuthenticationReactorContextWebFilterTests {
 
 	Principal principal = new TestingAuthenticationToken("user","password", "ROLE_USER");
 
-	ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
+	ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 
 	@Test
 	public void filterWhenExistingContextAndPrincipalNotNullThenContextPopulated() {
diff --git a/webflux/src/test/java/org/springframework/security/web/server/context/ServerSecurityContextRepositoryWebFilterTests.java b/webflux/src/test/java/org/springframework/security/web/server/context/ServerSecurityContextRepositoryWebFilterTests.java
index 0548a592a0..fc243bf280 100644
--- a/webflux/src/test/java/org/springframework/security/web/server/context/ServerSecurityContextRepositoryWebFilterTests.java
+++ b/webflux/src/test/java/org/springframework/security/web/server/context/ServerSecurityContextRepositoryWebFilterTests.java
@@ -22,6 +22,7 @@ import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
+import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextImpl;
 import org.springframework.security.test.web.reactive.server.WebTestHandler;
@@ -90,7 +91,7 @@ public class ServerSecurityContextRepositoryWebFilterTests {
 		when(repository.load(any())).thenReturn(Mono.empty());
 		filters = WebTestHandler.bindToWebFilters(filter, (e,c) -> e.getPrincipal().flatMap( p-> c.filter(e))) ;
 
-		ServerWebExchange exchangeWithPrincipal = this.exchange.toExchange().mutate().principal(Mono.just(principal)).build();
+		ServerWebExchange exchangeWithPrincipal = MockServerWebExchange.from(exchange.build()).mutate().principal(Mono.just(principal)).build();
 		WebTestHandler.WebHandlerResult result = filters.exchange(exchangeWithPrincipal);
 
 		verify(repository).load(any());
diff --git a/webflux/src/test/java/org/springframework/security/web/server/context/ServerWebExchangeAttributeServerSecurityContextRepositoryTests.java b/webflux/src/test/java/org/springframework/security/web/server/context/ServerWebExchangeAttributeServerSecurityContextRepositoryTests.java
index 5bbed6740e..4b5d213b0c 100644
--- a/webflux/src/test/java/org/springframework/security/web/server/context/ServerWebExchangeAttributeServerSecurityContextRepositoryTests.java
+++ b/webflux/src/test/java/org/springframework/security/web/server/context/ServerWebExchangeAttributeServerSecurityContextRepositoryTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.web.server.context;
 
 import org.junit.Test;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
+import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextImpl;
 import org.springframework.web.server.ServerWebExchange;
@@ -31,7 +32,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  */
 public class ServerWebExchangeAttributeServerSecurityContextRepositoryTests {
 	ServerWebExchangeAttributeServerSecurityContextRepository repository = new ServerWebExchangeAttributeServerSecurityContextRepository();
-	ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
+	ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 
 	@Test
 	public void saveAndLoad() {
diff --git a/webflux/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java b/webflux/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java
index 7c839205d9..07248475da 100644
--- a/webflux/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java
+++ b/webflux/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java
@@ -20,6 +20,7 @@ import static org.assertj.core.api.Assertions.assertThat;
 import org.junit.Test;
 import org.springframework.http.HttpHeaders;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
+import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.web.server.ServerWebExchange;
 
 /**
@@ -31,7 +32,8 @@ import org.springframework.web.server.ServerWebExchange;
 public class CacheControlServerHttpHeadersWriterTests {
 	CacheControlServerHttpHeadersWriter writer = new CacheControlServerHttpHeadersWriter();
 
-	ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
+	ServerWebExchange exchange = MockServerWebExchange
+		.from(MockServerHttpRequest.get("/").build());
 
 	HttpHeaders headers = exchange.getResponse().getHeaders();
 
diff --git a/webflux/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java b/webflux/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java
index b1d0a9faa7..a9518e3ce7 100644
--- a/webflux/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java
+++ b/webflux/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java
@@ -26,6 +26,7 @@ import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
+import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.web.server.ServerWebExchange;
 
 import reactor.core.publisher.Mono;
@@ -44,7 +45,7 @@ public class CompositeServerHttpHeadersWriterTests {
 
 	CompositeServerHttpHeadersWriter writer;
 
-	ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
+	ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 
 	@Before
 	public void setup() {
diff --git a/webflux/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java b/webflux/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java
index 08b446bcca..df35b5fb80 100644
--- a/webflux/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java
+++ b/webflux/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java
@@ -20,6 +20,7 @@ import static org.assertj.core.api.Assertions.assertThat;
 import org.junit.Test;
 import org.springframework.http.HttpHeaders;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
+import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.web.server.ServerWebExchange;
 
 /**
@@ -32,7 +33,8 @@ public class StaticServerHttpHeadersWriterTests {
 			.header(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF)
 			.build();
 
-	ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
+	ServerWebExchange exchange = MockServerWebExchange
+		.from(MockServerHttpRequest.get("/").build());
 
 	HttpHeaders headers = exchange.getResponse().getHeaders();
 
diff --git a/webflux/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java b/webflux/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java
index 65d8e4f56e..21b5e497d4 100644
--- a/webflux/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java
+++ b/webflux/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java
@@ -23,6 +23,7 @@ import java.util.Arrays;
 import org.junit.Test;
 import org.springframework.http.HttpHeaders;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
+import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.web.server.ServerWebExchange;
 
 /**
@@ -36,7 +37,7 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests {
 
 	@Test
 	public void writeHttpHeadersWhenHttpsThenWrites() {
-		exchange = MockServerHttpRequest.get("https://example.com/").toExchange();
+		exchange = exchange(MockServerHttpRequest.get("https://example.com/"));
 
 		hsts.writeHttpHeaders(exchange);
 
@@ -50,7 +51,7 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests {
 	public void writeHttpHeadersWhenCustomMaxAgeThenWrites() {
 		Duration maxAge = Duration.ofDays(1);
 		hsts.setMaxAge(maxAge);
-		exchange = MockServerHttpRequest.get("https://example.com/").toExchange();
+		exchange = exchange(MockServerHttpRequest.get("https://example.com/"));
 
 		hsts.writeHttpHeaders(exchange);
 
@@ -63,7 +64,7 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests {
 	@Test
 	public void writeHttpHeadersWhenCustomIncludeSubDomainsThenWrites() {
 		hsts.setIncludeSubDomains(false);
-		exchange = MockServerHttpRequest.get("https://example.com/").toExchange();
+		exchange = exchange(MockServerHttpRequest.get("https://example.com/"));
 
 		hsts.writeHttpHeaders(exchange);
 
@@ -75,7 +76,7 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests {
 
 	@Test
 	public void writeHttpHeadersWhenNullSchemeThenNoHeaders() {
-		exchange = MockServerHttpRequest.get("/").toExchange();
+		exchange = exchange(MockServerHttpRequest.get("/"));
 
 		hsts.writeHttpHeaders(exchange);
 
@@ -85,11 +86,15 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests {
 
 	@Test
 	public void writeHttpHeadersWhenHttpThenNoHeaders() {
-		exchange = MockServerHttpRequest.get("http://example.com/").toExchange();
+		exchange = exchange(MockServerHttpRequest.get("http://example.com/"));
 
 		hsts.writeHttpHeaders(exchange);
 
 		HttpHeaders headers = exchange.getResponse().getHeaders();
 		assertThat(headers).isEmpty();
 	}
+
+	private static MockServerWebExchange exchange(MockServerHttpRequest.BaseBuilder<?> request) {
+		return MockServerWebExchange.from(request.build());
+	}
 }
diff --git a/webflux/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java b/webflux/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java
index fa422f965f..449309a0c8 100644
--- a/webflux/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java
+++ b/webflux/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java
@@ -20,6 +20,7 @@ import static org.assertj.core.api.Assertions.assertThat;
 import org.junit.Test;
 import org.springframework.http.HttpHeaders;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
+import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.web.server.ServerWebExchange;
 
 /**
@@ -30,7 +31,8 @@ public class XContentTypeOptionsServerHttpHeadersWriterTests {
 
 	ContentTypeOptionsServerHttpHeadersWriter writer = new ContentTypeOptionsServerHttpHeadersWriter();
 
-	ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
+	ServerWebExchange exchange = MockServerWebExchange
+		.from(MockServerHttpRequest.get("/").build());
 
 	HttpHeaders headers = exchange.getResponse().getHeaders();
 
diff --git a/webflux/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java b/webflux/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java
index 29c41a4120..025f29bab0 100644
--- a/webflux/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java
+++ b/webflux/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java
@@ -21,6 +21,7 @@ import org.junit.Before;
 import org.junit.Test;
 import org.springframework.http.HttpHeaders;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
+import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.web.server.ServerWebExchange;
 
 /**
@@ -29,7 +30,7 @@ import org.springframework.web.server.ServerWebExchange;
  */
 public class XFrameOptionsServerHttpHeadersWriterTests {
 
-	ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
+	ServerWebExchange exchange = exchange(MockServerHttpRequest.get("/"));
 
 	XFrameOptionsServerHttpHeadersWriter writer;
 
@@ -81,4 +82,7 @@ public class XFrameOptionsServerHttpHeadersWriterTests {
 		assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly(headerValue);
 	}
 
+	private static MockServerWebExchange exchange(MockServerHttpRequest.BaseBuilder<?> request) {
+		return MockServerWebExchange.from(request.build());
+	}
 }
diff --git a/webflux/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java b/webflux/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java
index b196cd53ec..3134e92c82 100644
--- a/webflux/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java
+++ b/webflux/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java
@@ -20,6 +20,7 @@ import static org.assertj.core.api.Assertions.assertThat;
 import org.junit.Test;
 import org.springframework.http.HttpHeaders;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
+import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.web.server.ServerWebExchange;
 
 /**
@@ -27,7 +28,7 @@ import org.springframework.web.server.ServerWebExchange;
  * @since 5.0
  */
 public class XXssProtectionServerHttpHeadersWriterTests {
-	ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
+	ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 
 	HttpHeaders headers = exchange.getResponse().getHeaders();
 
diff --git a/webflux/src/test/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcherTests.java b/webflux/src/test/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcherTests.java
index 887baf40b4..4ff55eb81e 100644
--- a/webflux/src/test/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcherTests.java
+++ b/webflux/src/test/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcherTests.java
@@ -27,6 +27,7 @@ import org.mockito.junit.MockitoJUnitRunner;
 
 import org.springframework.http.MediaType;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
+import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.web.reactive.accept.RequestedContentTypeResolver;
 import org.springframework.web.server.ServerWebExchange;
 
@@ -131,6 +132,6 @@ public class MediaTypeServerWebExchangeMatcherTests {
 	}
 
 	private static ServerWebExchange exchange(MediaType... accept) {
-		return MockServerHttpRequest.get("/").accept(accept).toExchange();
+		return MockServerWebExchange.from(MockServerHttpRequest.get("/").accept(accept).build());
 	}
 }
diff --git a/webflux/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java b/webflux/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java
index ce3249dc72..142ef1aca3 100644
--- a/webflux/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java
+++ b/webflux/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java
@@ -23,7 +23,7 @@ import org.mockito.junit.MockitoJUnitRunner;
 import org.springframework.http.HttpMethod;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.http.server.reactive.MockServerHttpResponse;
-import org.springframework.mock.http.server.reactive.MockServerWebExchange;
+import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.web.server.session.DefaultWebSessionManager;
 import org.springframework.web.util.pattern.PathPattern;
 
@@ -53,7 +53,7 @@ public class PathMatcherServerWebExchangeMatcherTests {
 		MockServerHttpRequest request = MockServerHttpRequest.post("/path").build();
 		MockServerHttpResponse response = new MockServerHttpResponse();
 		DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
-		exchange = request.toExchange();
+		exchange = MockServerWebExchange.from(request);
 		path = "/path";
 
 		matcher = new PathPatternParserServerWebExchangeMatcher(pattern);
diff --git a/webflux/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java b/webflux/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java
index deef1fb44e..678901d532 100644
--- a/webflux/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java
+++ b/webflux/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java
@@ -19,6 +19,7 @@ package org.springframework.security.web.server.util.matcher;
 import org.junit.Test;
 import org.springframework.http.HttpMethod;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
+import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.*;
@@ -33,7 +34,8 @@ import static org.springframework.security.web.server.util.matcher.ServerWebExch
  * @since 5.0
  */
 public class ServerWebExchangeMatchersTests {
-	ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
+	ServerWebExchange exchange = MockServerWebExchange
+		.from(MockServerHttpRequest.get("/").build());
 
 	@Test
 	public void pathMatchersWhenSingleAndSamePatternThenMatches() throws Exception {