Fix links to Spring Security's reference documentation

Closes gh-28407

Author: wilkinsona

spring-boot-project/spring-boot-docs/build.gradle

@@ -228,6 +228,8 @@ tasks.withType(org.asciidoctor.gradle.jvm.AbstractAsciidoctorTask) {
 	}
 	doFirst {
 		def versionConstraints = dependencyVersions.versionConstraints
+		def securityVersion = versionConstraints["org.springframework.security:spring-security-core"]
+		securityVersion = securityVersion.substring(0, securityVersion.lastIndexOf("."))
 		attributes	"embedded-mongo-version": versionConstraints["de.flapdoodle.embed:de.flapdoodle.embed.mongo"],
 					"jetty-version": versionConstraints["org.eclipse.jetty:jetty-server"],
 					"jooq-version": versionConstraints["org.jooq:jooq"],
@@ -247,7 +249,7 @@ tasks.withType(org.asciidoctor.gradle.jvm.AbstractAsciidoctorTask) {
 					"spring-framework-version": versionConstraints["org.springframework:spring-core"],
 					"spring-kafka-version": versionConstraints["org.springframework.kafka:spring-kafka"],
 					"spring-integration-version": versionConstraints["org.springframework.integration:spring-integration-core"],
-					"spring-security-version": versionConstraints["org.springframework.security:spring-security-core"],
+					"spring-security-version": securityVersion,
 					"spring-webservices-version": versionConstraints["org.springframework.ws:spring-ws-core"]
 	}
 }

spring-boot-project/spring-boot-docs/src/docs/asciidoc/actuator/endpoints.adoc

@@ -368,7 +368,7 @@ This means that the actuator endpoints that require a `POST` (shutdown and logge
 
 NOTE: We recommend disabling CSRF protection completely only if you are creating a service that is used by non-browser clients.
 
-You can find additional information about CSRF protection in the {spring-security-docs}#csrf[Spring Security Reference Guide].
+You can find additional information about CSRF protection in the {spring-security-docs}/features/exploits/csrf.html[Spring Security Reference Guide].
 
 
 

spring-boot-project/spring-boot-docs/src/docs/asciidoc/attributes.adoc

@@ -86,7 +86,7 @@
 :spring-kafka-docs: https://docs.spring.io/spring-kafka/docs/{spring-kafka-version}/reference/html/
 :spring-restdocs: https://spring.io/projects/spring-restdocs
 :spring-security: https://spring.io/projects/spring-security
-:spring-security-docs: https://docs.spring.io/spring-security/site/docs/{spring-security-version}/reference/html5/
+:spring-security-docs: https://docs.spring.io/spring-security/{spring-security-version}
 :spring-security-oauth2: https://spring.io/projects/spring-security-oauth
 :spring-security-oauth2-docs: https://projects.spring.io/spring-security-oauth/docs/oauth2.html
 :spring-session: https://spring.io/projects/spring-session

spring-boot-project/spring-boot-docs/src/docs/asciidoc/howto/security.adoc

@@ -15,7 +15,7 @@ If you define a `@Configuration` with a `WebSecurityConfigurerAdapter` or a `Sec
 [[howto.security.change-user-details-service-and-add-user-accounts]]
 === Change the UserDetailsService and Add User Accounts
 If you provide a `@Bean` of type `AuthenticationManager`, `AuthenticationProvider`, or `UserDetailsService`, the default `@Bean` for `InMemoryUserDetailsManager` is not created.
-This means you have the full feature set of Spring Security available (such as {spring-security-docs}#servlet-authentication[various authentication options]).
+This means you have the full feature set of Spring Security available (such as {spring-security-docs}/servlet/authentication/index.html[various authentication options]).
 
 The easiest way to add user accounts is to provide your own `UserDetailsService` bean.
 

spring-boot-project/spring-boot-docs/src/docs/asciidoc/howto/testing.adoc

@@ -17,7 +17,7 @@ include::{docs-java}/howto/testing/withspringsecurity/MySecurityTests.java[]
 
 Spring Security provides comprehensive integration with Spring MVC Test and this can also be used when testing controllers using the `@WebMvcTest` slice and `MockMvc`.
 
-For additional details on Spring Security's testing support, refer to Spring Security's {spring-security-docs}#test[reference documentation]).
+For additional details on Spring Security's testing support, refer to Spring Security's {spring-security-docs}/servlet/test/index.html[reference documentation].
 
 
 

spring-boot-project/spring-boot-docs/src/docs/asciidoc/web/spring-security.adoc

@@ -3,7 +3,7 @@
 If {spring-security}[Spring Security] is on the classpath, then web applications are secured by default.
 Spring Boot relies on Spring Security’s content-negotiation strategy to determine whether to use `httpBasic` or `formLogin`.
 To add method-level security to a web application, you can also add `@EnableGlobalMethodSecurity` with your desired settings.
-Additional information can be found in the {spring-security-docs}#jc-method[Spring Security Reference Guide].
+Additional information can be found in the {spring-security-docs}/servlet/authorization/method-security.html[Spring Security Reference Guide].
 
 The default `UserDetailsService` has a single user.
 The user name is `user`, and the password is random and is printed at INFO level when the application starts, as shown in the following example: