Let us now start applying security context to the previous reactive application through these steps:

1. Open pom.xml and add the following starter POM for Spring Security 5:

<dependency> 
      <groupId>org.springframework.boot</groupId> 
      <artifactId>spring-boot-starter-security</artifactId> 
</dependency> 

2. Create a new package org.packt.spring.boot.security and drop into it the same security context definition AppSecurityConfig from ch08.
3. Avoid registering DelegatingFilterProxy into the container since Spring Boot does it automatically by injecting org.springframework.boot.web.servlet.DelegatingFilterProxyRegistrationBean and mapping it to a filter name springSecurityFilterChain. If you include SpringSecurityInitializer from ch08 into this project, conflicts will arise and an exception like this will be thrown:

28-Jun-2017 13:01:07.219 SEVERE [https-openssl-nio-8443-exec-6] org.apache.catalina.core.StandardContext.filterStart Exception starting filter springSecurityFilterChain
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'springSecurityFilterChain' available  

4. The next step is to @Import the AppSecurityConfig to apply the security protocols indicated in the security class definition to the Spring MVC project:

@Import(value = { AppSecurityConfig.class }) 
@Configuration 
@EnableWebMvc 
public class SpringContextConfig  {  // refer to sources } 

5. Finally, you are now ready to use Spring Security 5.x. Uncomment all lines that execute SecurityContextHolder.

6. Copy the LoginController from ch08 to org.packt.spring,boot.controller.
7. Also copy the views, login.jsp, logout.jsp and after_logout.jsp to src/main/webapp of this project. Also update the views and message bundle pertaining to these view pages.
8. Save all files. Then clean and install project ch09. Manually deploy it to the server. Open a browser and access https://localhost:8443/ch09/login.html and supply the needed credentials indicated by in-memory configuration of AppSecurityConfig.