Merge branch '5.7.x' into 5.8.x

docs/modules/ROOT/pages/reactive/oauth2/login/advanced.adoc

@@ -207,7 +207,7 @@ The Redirection Endpoint is used by the Authorization Server for returning the A
 OAuth 2.0 Login leverages the Authorization Code Grant.
 Therefore, the authorization credential is the authorization code.
 
-The default Authorization Response redirection endpoint is `/login/oauth2/code/{registrationId}`.
+The default Authorization Response redirection endpoint is `+/login/oauth2/code/{registrationId}+`.
 
 If you would like to customize the Authorization Response redirection endpoint, configure it as shown in the following example:
 
@@ -739,5 +739,5 @@ class OAuth2LoginSecurityConfig {
 ----
 ====
 
-NOTE: `OidcClientInitiatedServerLogoutSuccessHandler` supports the `{baseUrl}` placeholder.
+NOTE: `OidcClientInitiatedServerLogoutSuccessHandler` supports the `+{baseUrl}+` placeholder.
 If used, the application's base URL, like `https://app.example.org`, will replace it at request time.

docs/modules/ROOT/pages/servlet/authentication/persistence.adoc

@@ -188,9 +188,11 @@ The {security-api-url}org/springframework/security/web/context/SecurityContextPe
 
 image::{figures}/securitycontextpersistencefilter.png[]
 
-<1> Before running the rest of the application, `SecurityContextPersistenceFilter` loads the `SecurityContext` from the `SecurityContextRepository` and sets it on the `SecurityContextHolder`.
+image:{icondir}/number_1.png[] Before running the rest of the application, `SecurityContextPersistenceFilter` loads the `SecurityContext` from the `SecurityContextRepository` and sets it on the `SecurityContextHolder`.
-<2> Next, the application is ran.
+
-<3> Finally, if the `SecurityContext` has changed, we save the `SecurityContext` using the `SecurityContextPersistenceRepository`.
+image:{icondir}/number_2.png[] Next, the application is ran.
+
+image:{icondir}/number_3.png[] Finally, if the `SecurityContext` has changed, we save the `SecurityContext` using the `SecurityContextPersistenceRepository`.
 This means that when using `SecurityContextPersistenceFilter`, just setting the `SecurityContextHolder` will ensure that the `SecurityContext` is persisted using `SecurityContextRepository`.
 
 In some cases a response is committed and written to the client before the `SecurityContextPersisteneFilter` method completes.
@@ -207,11 +209,12 @@ The {security-api-url}org/springframework/security/web/context/SecurityContextHo
 
 image::{figures}/securitycontextholderfilter.png[]
 
-<1> Before running the rest of the application, `SecurityContextHolderFilter` loads the `SecurityContext` from the `SecurityContextRepository` and sets it on the `SecurityContextHolder`.
+image:{icondir}/number_1.png[] Before running the rest of the application, `SecurityContextHolderFilter` loads the `SecurityContext` from the `SecurityContextRepository` and sets it on the `SecurityContextHolder`.
-<2> Next, the application is ran.
+
+image:{icondir}/number_2.png[] Next, the application is ran.
 
 Unlike, xref:servlet/authentication/persistence.adoc#securitycontextpersistencefilter[`SecurityContextPersistenceFilter`], `SecurityContextHolderFilter` only loads the `SecurityContext` it does not save the `SecurityContext`.
 This means that when using `SecurityContextHolderFilter`, it is required that the `SecurityContext` is explicitly saved.
 
 
-include::partial$servlet/architecture/security-context-explicit.adoc[]
+include::partial$servlet/architecture/security-context-explicit.adoc[]

docs/modules/ROOT/pages/servlet/oauth2/login/advanced.adoc

@@ -958,5 +958,5 @@ class OAuth2LoginSecurityConfig {
 ----
 ====
 
-NOTE: `OidcClientInitiatedLogoutSuccessHandler` supports the `{baseUrl}` placeholder.
+NOTE: `OidcClientInitiatedLogoutSuccessHandler` supports the `+{baseUrl}+` placeholder.
 If used, the application's base URL, like `https://app.example.org`, will replace it at request time.