diff --git a/spring-bootstrap-actuator/pom.xml b/spring-bootstrap-actuator/pom.xml
index d5a2e90175..884f836070 100644
--- a/spring-bootstrap-actuator/pom.xml
+++ b/spring-bootstrap-actuator/pom.xml
@@ -50,6 +50,11 @@
 			<artifactId>spring-security-javaconfig</artifactId>
 			<optional>true</optional>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-web</artifactId>
+			<optional>true</optional>
+		</dependency>
 		<dependency>
 			<groupId>org.apache.tomcat.embed</groupId>
 			<artifactId>tomcat-embed-core</artifactId>
diff --git a/spring-bootstrap-actuator/src/main/java/org/springframework/bootstrap/actuate/autoconfigure/EndpointWebMvcChildContextConfiguration.java b/spring-bootstrap-actuator/src/main/java/org/springframework/bootstrap/actuate/autoconfigure/EndpointWebMvcChildContextConfiguration.java
index 3e476e36a5..f710090429 100644
--- a/spring-bootstrap-actuator/src/main/java/org/springframework/bootstrap/actuate/autoconfigure/EndpointWebMvcChildContextConfiguration.java
+++ b/spring-bootstrap-actuator/src/main/java/org/springframework/bootstrap/actuate/autoconfigure/EndpointWebMvcChildContextConfiguration.java
@@ -30,7 +30,7 @@ import org.springframework.bootstrap.context.embedded.EmbeddedServletContainer;
 import org.springframework.bootstrap.context.embedded.EmbeddedServletContainerCustomizer;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.web.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.web.servlet.DispatcherServlet;
 import org.springframework.web.servlet.HandlerAdapter;
 import org.springframework.web.servlet.HandlerMapping;
diff --git a/spring-bootstrap-actuator/src/main/java/org/springframework/bootstrap/actuate/autoconfigure/SecurityAutoConfiguration.java b/spring-bootstrap-actuator/src/main/java/org/springframework/bootstrap/actuate/autoconfigure/SecurityAutoConfiguration.java
index d2756f5641..e232eccc3e 100644
--- a/spring-bootstrap-actuator/src/main/java/org/springframework/bootstrap/actuate/autoconfigure/SecurityAutoConfiguration.java
+++ b/spring-bootstrap-actuator/src/main/java/org/springframework/bootstrap/actuate/autoconfigure/SecurityAutoConfiguration.java
@@ -37,12 +37,12 @@ import org.springframework.security.authentication.AuthenticationEventPublisher;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
 import org.springframework.security.authentication.ProviderManager;
-import org.springframework.security.config.annotation.authentication.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.web.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.HttpConfiguration;
-import org.springframework.security.config.annotation.web.WebSecurityBuilder;
-import org.springframework.security.config.annotation.web.WebSecurityBuilder.IgnoredRequestRegistry;
-import org.springframework.security.config.annotation.web.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity.IgnoredRequestConfigurer;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
 
@@ -73,7 +73,7 @@ import org.springframework.security.web.authentication.www.BasicAuthenticationEn
  * <code>security.basic.enabled: false</code></li>
  * <li>Customize the user details: add an AuthenticationManager bean</li>
  * <li>Add form login for user facing resources: add a
- * {@link WebSecurityConfigurerAdapter} and use {@link HttpConfiguration#formLogin()}</li>
+ * {@link WebSecurityConfigurerAdapter} and use {@link HttpSecurity#formLogin()}</li>
  * </ul>
  * 
  * @author Dave Syer
@@ -122,7 +122,7 @@ public class SecurityAutoConfiguration {
 		private ErrorController errorController;
 
 		@Override
-		protected void configure(HttpConfiguration http) throws Exception {
+		protected void configure(HttpSecurity http) throws Exception {
 
 			if (this.security.isRequireSsl()) {
 				http.requiresChannel().anyRequest().requiresSecure();
@@ -152,7 +152,7 @@ public class SecurityAutoConfiguration {
 					list.add(path);
 				}
 			}
-			// FIXME makes more sense to secure enpoints with a different role
+			// FIXME makes more sense to secure endpoints with a different role
 			list.addAll(Arrays.asList(getEndpointPaths(true)));
 			return list.toArray(new String[list.size()]);
 		}
@@ -164,8 +164,8 @@ public class SecurityAutoConfiguration {
 		}
 
 		@Override
-		public void configure(WebSecurityBuilder builder) throws Exception {
-			IgnoredRequestRegistry ignoring = builder.ignoring();
+		public void configure(WebSecurity builder) throws Exception {
+			IgnoredRequestConfigurer ignoring = builder.ignoring();
 			ignoring.antMatchers(this.security.getIgnored());
 			ignoring.antMatchers(getEndpointPaths(false));
 			if (this.errorController != null) {
diff --git a/spring-bootstrap-actuator/src/main/java/org/springframework/bootstrap/actuate/properties/SecurityProperties.java b/spring-bootstrap-actuator/src/main/java/org/springframework/bootstrap/actuate/properties/SecurityProperties.java
index 5e63831b04..1ea56222c4 100644
--- a/spring-bootstrap-actuator/src/main/java/org/springframework/bootstrap/actuate/properties/SecurityProperties.java
+++ b/spring-bootstrap-actuator/src/main/java/org/springframework/bootstrap/actuate/properties/SecurityProperties.java
@@ -17,7 +17,7 @@
 package org.springframework.bootstrap.actuate.properties;
 
 import org.springframework.bootstrap.context.annotation.ConfigurationProperties;
-import org.springframework.security.config.annotation.web.SessionCreationPolicy;
+import org.springframework.security.config.annotation.web.configurers.SessionCreationPolicy;
 
 /**
  * Properties for the security aspects of an application.
diff --git a/spring-bootstrap-samples/spring-bootstrap-actuator-ui-sample/pom.xml b/spring-bootstrap-samples/spring-bootstrap-actuator-ui-sample/pom.xml
index 753aa5b64b..b847540af5 100644
--- a/spring-bootstrap-samples/spring-bootstrap-actuator-ui-sample/pom.xml
+++ b/spring-bootstrap-samples/spring-bootstrap-actuator-ui-sample/pom.xml
@@ -48,6 +48,10 @@
 			<groupId>org.springframework.security</groupId>
 			<artifactId>spring-security-javaconfig</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-web</artifactId>
+		</dependency>
 	</dependencies>
 	<build>
 		<plugins>