diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index 55b6b20d..1816002d 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@@ -21,10 +21,10 @@ jobs:
 
     steps:
     - uses: actions/checkout@v3
-    - name: Set up JDK 11
+    - name: Set up JDK 17
       uses: actions/setup-java@v3
       with:
-        java-version: '11'
+        java-version: '17'
         distribution: 'temurin'
         cache: maven
     - name: Build with Maven
diff --git a/README.adoc b/README.adoc
index 10e21f99..94b48ead 100644
--- a/README.adoc
+++ b/README.adoc
@@ -2,11 +2,7 @@
 
 Current release version:
 
-* 3.1.x - http://wicket.apache.org/[Wicket 9.x] with Spring Boot 2.6.1 - Branch master
-* 3.0.x - http://wicket.apache.org/[Wicket 9.x] with Spring Boot 2.1 - Branch master (deprecated)
-* 2.1.x - http://wicket.apache.org/[Wicket 8.x] with Spring Boot 2 - Branch wicket-8
-* 2.0.x - http://wicket.apache.org/[Wicket 8.x] with Spring Boot 1 - Branch wicket-8
-* 1.x.x - http://wicket.apache.org/[Wicket 7.x] with Spring Boot 1 - Branch wicket-7
+* 4.0.x - http://wicket.apache.org/[Wicket 10.x] with Spring Boot 3.2.x - Branch master
 
 NOTE: http://search.maven.org/#search|ga|1|com.giffing.wicket.spring.boot
 
diff --git a/pom.xml b/pom.xml
index 7f122ce7..59c3ca0d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,8 +1,10 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.giffing.wicket.spring.boot.starter</groupId>
 	<artifactId>wicket-spring-boot-starter-parent</artifactId>
-	<version>3.1.7</version>
+	<version>4.0.0</version>
 	<packaging>pom</packaging>
 
 	<name>Wicket Spring Boot Starter Parent</name>
@@ -20,7 +22,7 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>2.7.5</version>
+		<version>3.2.4</version>
 		<relativePath /> <!-- lookup parent from repository -->
 	</parent>
 
@@ -50,12 +52,10 @@
 
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-		<java.version>11</java.version>
+		<java.version>17</java.version>
 		<apache-shiro.version>1.8.0</apache-shiro.version>
-		<wicket.version>9.12.0</wicket.version>
-		<wicketstuff.version>9.12.0</wicketstuff.version>
-		<dependency-check-maven.version>5.3.0</dependency-check-maven.version>
-		<log4j2.version>2.16.0</log4j2.version>
+		<wicket.version>10.0.0</wicket.version>
+		<wicketstuff.version>10.0.0</wicketstuff.version>
 	</properties>
 
 	<dependencyManagement>
@@ -141,7 +141,7 @@
 			<dependency>
 				<groupId>org.wicketstuff.htmlvalidator</groupId>
 				<artifactId>wicketstuff-htmlvalidator</artifactId>
-				<version>1.11</version>
+				<version>${wicketstuff.version}</version>
 			</dependency>
 			<dependency>
 				<groupId>org.wicketstuff</groupId>
@@ -158,7 +158,7 @@
 			<dependency>
 				<groupId>de.agilecoders.wicket.webjars</groupId>
 				<artifactId>wicket-webjars</artifactId>
-				<version>3.0.0-M3</version>
+				<version>3.0.7</version>
 			</dependency>
 			<!-- Wicket datastore dependencies -->
 			<dependency>
@@ -203,6 +203,11 @@
 				<artifactId>wicket-source</artifactId>
 				<version>9.0.0</version>
 			</dependency>
+			<dependency>
+				<groupId>org.apache.wicket</groupId>
+				<artifactId>wicket-tester</artifactId>
+				<version>${wicket.version}</version>
+			</dependency>
 			<!-- Security - Apache Shiro -->
 			<dependency>
 				<groupId>org.wicketstuff</groupId>
@@ -240,7 +245,7 @@
 					<plugin>
 						<groupId>org.apache.maven.plugins</groupId>
 						<artifactId>maven-gpg-plugin</artifactId>
-						<version>1.6</version>
+						<version>3.0.1</version>
 						<executions>
 							<execution>
 								<id>sign-artifacts</id>
@@ -275,7 +280,7 @@
 							</execution>
 						</executions>
 						<configuration>
-							<source>11</source>
+							<source>${java.version}</source>
 						</configuration>
 					</plugin>
 				</plugins>
@@ -294,20 +299,11 @@
 		</profile>
 	</profiles>
 	<build>
-		<pluginManagement>
-			<plugins>
-				<plugin>
-					<groupId>org.apache.maven.plugins</groupId>
-					<artifactId>maven-release-plugin</artifactId>
-					<version>2.5.3</version>
-				</plugin>
-			</plugins>
-		</pluginManagement>
 		<plugins>
 			<plugin>
 				<groupId>org.sonatype.plugins</groupId>
 				<artifactId>nexus-staging-maven-plugin</artifactId>
-				<version>1.6.8</version>
+				<version>1.6.13</version>
 				<extensions>true</extensions>
 				<configuration>
 					<serverId>ossrh</serverId>
@@ -316,6 +312,27 @@
 				</configuration>
 			</plugin>
 		</plugins>
-        
 	</build>
+	<repositories>
+		<repository>
+			<id>apache.snapshots.https</id>
+			<url>https://repository.apache.org/content/repositories/snapshots</url>
+			<releases>
+				<enabled>false</enabled>
+			</releases>
+			<snapshots>
+				<enabled>true</enabled>
+			</snapshots>
+		</repository>
+		<repository>
+			<id>sonatype</id>
+			<url>https://oss.sonatype.org/content/repositories/snapshots</url>
+			<releases>
+				<enabled>false</enabled>
+			</releases>
+			<snapshots>
+				<enabled>true</enabled>
+			</snapshots>
+		</repository>
+	</repositories>
 </project>
diff --git a/wicket-spring-boot-context/pom.xml b/wicket-spring-boot-context/pom.xml
index 8970b2fd..c575df0d 100644
--- a/wicket-spring-boot-context/pom.xml
+++ b/wicket-spring-boot-context/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<groupId>com.giffing.wicket.spring.boot.starter</groupId>
 		<artifactId>wicket-spring-boot-starter-parent</artifactId>
-		<version>3.1.7</version>
+		<version>4.0.0</version>
 	</parent>
 
 	<artifactId>wicket-spring-boot-context</artifactId>
diff --git a/wicket-spring-boot-starter-example/pom.xml b/wicket-spring-boot-starter-example/pom.xml
index d256b500..10817e06 100644
--- a/wicket-spring-boot-starter-example/pom.xml
+++ b/wicket-spring-boot-starter-example/pom.xml
@@ -5,7 +5,7 @@
 	<parent>
 		<groupId>com.giffing.wicket.spring.boot.starter</groupId>
 		<artifactId>wicket-spring-boot-starter-parent</artifactId>
-		<version>3.1.7</version>
+		<version>4.0.0</version>
 		<relativePath>..</relativePath>
 	</parent>
 
@@ -73,6 +73,10 @@
 			<groupId>de.agilecoders.wicket.webjars</groupId>
 			<artifactId>wicket-webjars</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>jakarta.xml.bind</groupId>
+			<artifactId>jakarta.xml.bind-api</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>org.wicketstuff</groupId>
 			<artifactId>wicketstuff-serializer-fast2</artifactId>
@@ -85,7 +89,7 @@
 		<dependency>
 			<groupId>de.agilecoders.wicket</groupId>
 			<artifactId>jquery-selectors</artifactId>
-			<version>2.0.11</version>
+			<version>4.0.2</version>
 		</dependency>
 		<dependency>
 			<groupId>org.liquibase</groupId>
@@ -109,9 +113,14 @@
 			<artifactId>spring-boot-starter-test</artifactId>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.apache.wicket</groupId>
+			<artifactId>wicket-tester</artifactId>
+			<scope>test</scope>
+		</dependency>
 		<!-- To provide the annotation processor in the IDE's classpath -->
 		<dependency>
-			<groupId>org.hibernate</groupId>
+			<groupId>org.hibernate.orm</groupId>
 			<artifactId>hibernate-jpamodelgen</artifactId>
 			<scope>provided</scope>
 		</dependency>
@@ -160,7 +169,6 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-release-plugin</artifactId>
-				<version>2.5.3</version>
 				<executions>
 					<execution>
 						<phase>none</phase>
@@ -178,6 +186,39 @@
 				<groupId>org.springframework.boot</groupId>
 				<artifactId>spring-boot-maven-plugin</artifactId>
 			</plugin>
+			<plugin>
+				<artifactId>maven-compiler-plugin</artifactId>
+				<configuration>
+					<release>${java.version}</release>
+					<compilerArgument>-proc:none</compilerArgument>
+				</configuration>
+			</plugin>
+			<plugin>
+				<groupId>org.bsc.maven</groupId>
+				<artifactId>maven-processor-plugin</artifactId>
+				<version>${maven-processor-plugin.version}</version>
+				<executions>
+					<execution>
+						<id>process</id>
+						<goals>
+							<goal>process</goal>
+						</goals>
+						<phase>generate-sources</phase>
+						<configuration>
+							<processors>
+								<processor>org.hibernate.jpamodelgen.JPAMetaModelEntityProcessor</processor>
+							</processors>
+						</configuration>
+					</execution>
+				</executions>
+				<dependencies>
+					<dependency>
+						<groupId>org.hibernate.orm</groupId>
+						<artifactId>hibernate-jpamodelgen</artifactId>
+						<version>${hibernate.version}</version>
+					</dependency>
+				</dependencies>
+			</plugin>
 			<!-- Assist eclipse in recognizing the classes generated -->
 			<!-- by jpa-modelgen (via maven-processor-plugin) as source files -->
 			<plugin>
@@ -201,7 +242,7 @@
 			<plugin>
 				<groupId>org.asciidoctor</groupId>
 				<artifactId>asciidoctor-maven-plugin</artifactId>
-				<version>1.5.2</version>
+				<version>2.2.2</version>
 				<executions>
 					<execution>
 						<id>output-html</id>
diff --git a/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/model/Customer.java b/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/model/Customer.java
index 1dbc1c50..48fbda7c 100644
--- a/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/model/Customer.java
+++ b/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/model/Customer.java
@@ -2,10 +2,10 @@
 
 import java.io.Serializable;
 
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
+import jakarta.persistence.Entity;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
 
 import com.giffing.wicket.spring.boot.example.repository.Domain;
 
diff --git a/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/repository/services/customer/CustomerRepositoryServiceImpl.java b/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/repository/services/customer/CustomerRepositoryServiceImpl.java
index 5b1999d1..38e4a1b2 100644
--- a/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/repository/services/customer/CustomerRepositoryServiceImpl.java
+++ b/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/repository/services/customer/CustomerRepositoryServiceImpl.java
@@ -5,21 +5,17 @@
 import java.util.List;
 import java.util.Optional;
 
-import javax.annotation.Resource;
-import javax.inject.Inject;
-import javax.persistence.EntityManager;
-import javax.persistence.TypedQuery;
-import javax.persistence.criteria.CriteriaBuilder;
-import javax.persistence.criteria.CriteriaQuery;
-import javax.persistence.criteria.Predicate;
-import javax.persistence.criteria.Root;
+import jakarta.annotation.Resource;
+import jakarta.persistence.EntityManager;
+import jakarta.persistence.TypedQuery;
+import jakarta.persistence.criteria.CriteriaBuilder;
+import jakarta.persistence.criteria.CriteriaQuery;
+import jakarta.persistence.criteria.Predicate;
+import jakarta.persistence.criteria.Root;
 
 import org.springframework.data.domain.PageRequest;
-import org.springframework.data.domain.Sort;
 import org.springframework.data.jpa.domain.Specification;
-import org.springframework.stereotype.Component;
 import org.springframework.stereotype.Repository;
-import org.springframework.transaction.annotation.Transactional;
 
 import com.giffing.wicket.spring.boot.example.model.Customer;
 import com.giffing.wicket.spring.boot.example.model.Customer_;
diff --git a/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/general/action/panel/items/yesno/YesNoLink.java b/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/general/action/panel/items/yesno/YesNoLink.java
index 4773f5df..d9c78f6c 100644
--- a/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/general/action/panel/items/yesno/YesNoLink.java
+++ b/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/general/action/panel/items/yesno/YesNoLink.java
@@ -25,9 +25,7 @@ protected void yesClicked(AjaxRequestTarget target) {
 			}
 		};
 		((BasePage)getPage()).replaceDefaultModal(yesNoModal);
-		yesNoModal.showUnloadConfirmation(false);
-		yesNoModal.show(target);
-		
+		yesNoModal.open(target);
 	}
 
 	protected abstract void yesClicked(AjaxRequestTarget target);
diff --git a/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/html/modal/YesNoModal.java b/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/html/modal/YesNoModal.java
index a09ae078..14131d4d 100644
--- a/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/html/modal/YesNoModal.java
+++ b/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/html/modal/YesNoModal.java
@@ -1,21 +1,13 @@
 package com.giffing.wicket.spring.boot.example.web.html.modal;
 
 import org.apache.wicket.ajax.AjaxRequestTarget;
-import org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow;
-import org.apache.wicket.model.Model;
+import org.apache.wicket.extensions.ajax.markup.html.modal.ModalDialog;
 
-public abstract class YesNoModal extends ModalWindow {
+public abstract class YesNoModal extends ModalDialog {
 
 	public YesNoModal(String id) {
 		super(id);
-		setMinimalHeight(200);
-		setMinimalWidth(400);
-		setInitialHeight(200);
-		setInitialWidth(400);
-		setAutoSize(false);
-		setTitle(Model.of("Are you sure?"));
-		String contentId = getContentId();
-		YesNoPanel yesNoPanel = new YesNoPanel(contentId){
+		YesNoPanel yesNoPanel = new YesNoPanel(CONTENT_ID){
 
 			@Override
 			protected void yesClicked(AjaxRequestTarget target) {
@@ -29,16 +21,12 @@ protected void noClicked(AjaxRequestTarget target) {
 			
 		};
 		setContent(yesNoPanel);
-		
 	}
 
 	protected void noClicked(AjaxRequestTarget target) {
 		close(target);
-		
 	}
 
 	protected abstract void yesClicked(AjaxRequestTarget target);
 	
-	
-	
 }
diff --git a/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/html/modal/YesNoPanel.html b/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/html/modal/YesNoPanel.html
index 9517acfc..86fcf1ad 100644
--- a/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/html/modal/YesNoPanel.html
+++ b/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/html/modal/YesNoPanel.html
@@ -1,4 +1,5 @@
 <wicket:panel>
+        <label>Are you sure?</label>
         <a wicket:id="yes">yes</a>
-		<a wicket:id="no">no</a>
-</wicket:panel>
\ No newline at end of file
+        <a wicket:id="no">no</a>
+</wicket:panel>
diff --git a/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/pages/BasePage.java b/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/pages/BasePage.java
index 28408939..6f77a99e 100644
--- a/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/pages/BasePage.java
+++ b/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/pages/BasePage.java
@@ -1,7 +1,7 @@
 package com.giffing.wicket.spring.boot.example.web.pages;
 
 import org.apache.wicket.MarkupContainer;
-import org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow;
+import org.apache.wicket.extensions.ajax.markup.html.modal.ModalDialog;
 import org.apache.wicket.markup.head.CssHeaderItem;
 import org.apache.wicket.markup.head.IHeaderResponse;
 import org.apache.wicket.markup.head.JavaScriptHeaderItem;
@@ -34,7 +34,7 @@ private void initPage(){
 		add(defaultModal);
 	}
 	
-	public void replaceDefaultModal(ModalWindow newModal){
+	public void replaceDefaultModal(ModalDialog newModal){
 		defaultModal.replaceWith(newModal);
 		defaultModal = newModal;
 		defaultModal.setOutputMarkupId(true);
diff --git a/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/pages/errors/AccessDeniedPage.java b/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/pages/errors/AccessDeniedPage.java
index 03294d8e..b1c64117 100644
--- a/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/pages/errors/AccessDeniedPage.java
+++ b/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/pages/errors/AccessDeniedPage.java
@@ -1,6 +1,6 @@
 package com.giffing.wicket.spring.boot.example.web.pages.errors;
 
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.wicket.request.http.WebResponse;
 import org.wicketstuff.annotation.mount.MountPath;
diff --git a/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/pages/errors/ExpiredPage.java b/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/pages/errors/ExpiredPage.java
index 30e95943..f1d0644d 100644
--- a/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/pages/errors/ExpiredPage.java
+++ b/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/pages/errors/ExpiredPage.java
@@ -1,6 +1,6 @@
 package com.giffing.wicket.spring.boot.example.web.pages.errors;
 
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.wicket.markup.html.WebPage;
 import org.apache.wicket.request.http.WebResponse;
diff --git a/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/security/SpringSecurityWicketSessionResolver.java b/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/security/SpringSecurityWicketSessionResolver.java
index 0d7a0ef1..21338b7c 100644
--- a/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/security/SpringSecurityWicketSessionResolver.java
+++ b/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/security/SpringSecurityWicketSessionResolver.java
@@ -1,14 +1,13 @@
 package com.giffing.wicket.spring.boot.example.web.security;
 
-import java.util.List;
-import java.util.Map;
-import java.util.stream.Collectors;
-
+import com.giffing.wicket.spring.boot.starter.web.servlet.websocket.WicketSessionResolver;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.session.FindByIndexNameSessionRepository;
 import org.springframework.session.Session;
 
-import com.giffing.wicket.spring.boot.starter.web.servlet.websocket.WicketSessionResolver;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
 
 public class SpringSecurityWicketSessionResolver implements WicketSessionResolver {
 	
@@ -18,7 +17,7 @@ public class SpringSecurityWicketSessionResolver implements WicketSessionResolve
 	@Override
 	public List<String> resolve(Object identifier) {
 		Map<String, ? extends Session> findByPrincipalName = sessions.findByPrincipalName(identifier.toString());
-		return findByPrincipalName.keySet().stream().collect(Collectors.toList());
+		return new ArrayList<>(findByPrincipalName.keySet());
 	}
 
 }
diff --git a/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/security/WicketWebSecurityAdapterConfig.java b/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/security/WicketWebSecurityAdapterConfig.java
index 5e571b9b..97d49c45 100644
--- a/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/security/WicketWebSecurityAdapterConfig.java
+++ b/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/web/security/WicketWebSecurityAdapterConfig.java
@@ -4,78 +4,85 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
+import org.springframework.security.config.annotation.web.configurers.LogoutConfigurer;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.firewall.HttpFirewall;
 import org.springframework.security.web.firewall.StrictHttpFirewall;
-
-import com.giffing.wicket.spring.boot.starter.web.servlet.websocket.WicketSessionResolver;
+import org.springframework.security.web.SecurityFilterChain;
 
 /**
  * Default Spring Boot Wicket security getting started configuration. Its only
- * active if there is not other {@link WebSecurityConfigurerAdapter} present.
- * 
+ * active if there is not other {@link SecurityFilterChain} bean is present.
+ * <p>
  * Holds hard coded users which should only be used to get started
- * 
- * @author Marc Giffing
  *
+ * @author Marc Giffing
  */
 @Configuration
 @EnableWebSecurity
-public class WicketWebSecurityAdapterConfig extends WebSecurityConfigurerAdapter  {
-	
-	@Override
-	protected void configure(HttpSecurity http) throws Exception {
-		http
-			.csrf().disable()
-			.authorizeRequests().antMatchers("/**").permitAll()
-			.and().logout().permitAll();
-		http.headers().frameOptions().disable();
-	}
-	
-	@Bean
-	public static BCryptPasswordEncoder passwordEncoder() {
-	return new BCryptPasswordEncoder();
-	}
-	
-	@Bean( name="authenticationManager")
-    @Override
-    public AuthenticationManager authenticationManagerBean() throws Exception {
-        return super.authenticationManagerBean();
+public class WicketWebSecurityAdapterConfig {
+
+    @ConditionalOnMissingBean
+    @Bean
+    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
+        return authenticationConfiguration.getAuthenticationManager();
+    }
+
+    @ConditionalOnMissingBean
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        return http
+                .securityContext(ctx -> ctx.requireExplicitSave(false))
+                .csrf(AbstractHttpConfigurer::disable)
+                .authorizeHttpRequests(authorizeHttpRequests ->
+                        authorizeHttpRequests.requestMatchers("/**").permitAll())
+                .logout(LogoutConfigurer::permitAll)
+                .headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
+                .build();
+    }
+
+    @Bean
+    public static BCryptPasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+    @Bean
+    //TODO Add Wicket Issue - problem with semicolon in wicket websocket url. Allow semicolon.
+    public HttpFirewall allowUrlEncodedSlashHttpFirewall() {
+        StrictHttpFirewall fw = new StrictHttpFirewall();
+        fw.setAllowSemicolon(true);
+        return fw;
+    }
+
+    @ConditionalOnMissingBean
+    @Bean
+    public UserDetailsService userDetailsService(final PasswordEncoder passwordEncoder) {
+        InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
+        manager.createUser(
+                User.withUsername("admin")
+                        .password(passwordEncoder.encode("admin"))
+                        .authorities("USER", "ADMIN")
+                        .build());
+        manager.createUser(
+                User.withUsername("customer")
+                        .password(passwordEncoder.encode("customer"))
+                        .authorities("USER", "ADMIN")
+                        .build());
+        return manager;
     }
-	
-	@Bean
-	//TODO Add Wicket Issue - problem with semicolon in wicket websocket url. Allow semicolon.
-	public HttpFirewall allowUrlEncodedSlashHttpFirewall() {
-		StrictHttpFirewall fw = new StrictHttpFirewall();
-		fw.setAllowSemicolon(true);
-	    return fw;
-	}
 
-	@Bean
-	public UserDetailsService userDetailsService() {
-	    InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
-	    manager.createUser(
-	    		User.withUsername("admin")
-	    		 .password(passwordEncoder().encode("admin"))
-	    		 .authorities("USER", "ADMIN")
-	    		 .build());
-	    manager.createUser(
-	    		User.withUsername("customer")
-	    		 .password(passwordEncoder().encode("customer"))
-	    		 .authorities("USER", "ADMIN")
-	    		 .build());
-	    return manager;
-	}
-	
-	//@Bean
-	//public WicketSessionResolver springSecurityWicketSessionResolver() {
-	//	return new SpringSecurityWicketSessionResolver();
-	//}
+    //@Bean
+    //public WicketSessionResolver springSecurityWicketSessionResolver() {
+    //	return new SpringSecurityWicketSessionResolver();
+    //}
 
 }
diff --git a/wicket-spring-boot-starter-example/src/test/java/com/giffing/wicket/spring/boot/example/web/WicketBaseIntTest.java b/wicket-spring-boot-starter-example/src/test/java/com/giffing/wicket/spring/boot/example/web/WicketBaseIntTest.java
index f3fb7837..c7af303c 100644
--- a/wicket-spring-boot-starter-example/src/test/java/com/giffing/wicket/spring/boot/example/web/WicketBaseIntTest.java
+++ b/wicket-spring-boot-starter-example/src/test/java/com/giffing/wicket/spring/boot/example/web/WicketBaseIntTest.java
@@ -1,24 +1,19 @@
 package com.giffing.wicket.spring.boot.example.web;
 
+import com.giffing.wicket.spring.boot.example.WicketApplication;
+import com.giffing.wicket.spring.boot.example.web.pages.login.LoginPage;
+import com.giffing.wicket.spring.boot.starter.configuration.extensions.external.spring.security.SecureWebSession;
+import com.giffing.wicket.spring.boot.starter.web.servlet.websocket.WebSocketMessageBroadcaster;
 import org.apache.wicket.protocol.http.WebApplication;
 import org.apache.wicket.util.tester.FormTester;
 import org.apache.wicket.util.tester.WicketTester;
 import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Disabled;
-import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.Mockito;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Primary;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.test.context.junit.jupiter.SpringExtension;
-
-import com.giffing.wicket.spring.boot.example.WicketApplication;
-import com.giffing.wicket.spring.boot.example.web.pages.login.LoginPage;
-import com.giffing.wicket.spring.boot.starter.configuration.extensions.external.spring.security.SecureWebSession;
-import com.giffing.wicket.spring.boot.starter.web.servlet.websocket.WebSocketMessageBroadcaster;
 
 /**
  * Test class for initialize Wicket & Spring Boot only in the web package. All
@@ -27,11 +22,8 @@
  * @author Marc Giffing
  *
  */
-@ExtendWith(SpringExtension.class)
 @SpringBootTest(classes = WicketApplication.class)
-@EnableWebSecurity
-@Disabled
-public class WicketBaseIntTest {
+public abstract class WicketBaseIntTest {
 
 	private static final String USERNAME = "admin";
 	private static final String PASSWORD = "admin";
@@ -50,8 +42,6 @@ public WebSocketMessageBroadcaster webSocketMessageBroadcaster() {
 		}
 	}
 
-	
-
 	@BeforeEach
 	public void setUp() {
 		tester = new WicketTester(wicketApplication, new WicketMockServletContext(wicketApplication, null));
diff --git a/wicket-spring-boot-starter-example/src/test/java/com/giffing/wicket/spring/boot/example/web/WicketBaseTest.java b/wicket-spring-boot-starter-example/src/test/java/com/giffing/wicket/spring/boot/example/web/WicketBaseTest.java
index 41c94319..f9f4f633 100644
--- a/wicket-spring-boot-starter-example/src/test/java/com/giffing/wicket/spring/boot/example/web/WicketBaseTest.java
+++ b/wicket-spring-boot-starter-example/src/test/java/com/giffing/wicket/spring/boot/example/web/WicketBaseTest.java
@@ -15,7 +15,6 @@
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.test.context.junit.jupiter.SpringExtension;
-import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.util.ReflectionTestUtils;
 
 import com.giffing.wicket.spring.boot.example.web.pages.home.HomePage;
diff --git a/wicket-spring-boot-starter-example/src/test/java/com/giffing/wicket/spring/boot/example/web/WicketMockServletContext.java b/wicket-spring-boot-starter-example/src/test/java/com/giffing/wicket/spring/boot/example/web/WicketMockServletContext.java
index 0a5e1748..ee92f189 100644
--- a/wicket-spring-boot-starter-example/src/test/java/com/giffing/wicket/spring/boot/example/web/WicketMockServletContext.java
+++ b/wicket-spring-boot-starter-example/src/test/java/com/giffing/wicket/spring/boot/example/web/WicketMockServletContext.java
@@ -1,10 +1,8 @@
 package com.giffing.wicket.spring.boot.example.web;
 
-import java.util.Arrays;
-import java.util.HashSet;
 import java.util.Set;
 
-import javax.servlet.SessionTrackingMode;
+import jakarta.servlet.SessionTrackingMode;
 
 import org.apache.wicket.Application;
 import org.apache.wicket.protocol.http.mock.MockServletContext;
@@ -17,12 +15,12 @@ public WicketMockServletContext(Application application, String path) {
 	
 	@Override
 	public Set<SessionTrackingMode> getDefaultSessionTrackingModes() {
-		return new HashSet<>(Arrays.asList( SessionTrackingMode.COOKIE ));
+		return Set.of(SessionTrackingMode.COOKIE);
 	}
 
 	@Override
 	public Set<SessionTrackingMode> getEffectiveSessionTrackingModes() {
-		return new HashSet<>(Arrays.asList( SessionTrackingMode.COOKIE ));
+		return Set.of(SessionTrackingMode.COOKIE);
 	}
 
 }
diff --git a/wicket-spring-boot-starter-example/src/test/java/com/giffing/wicket/spring/boot/example/web/pages/customers/CustomerListIntTest.java b/wicket-spring-boot-starter-example/src/test/java/com/giffing/wicket/spring/boot/example/web/pages/customers/CustomerListIntTest.java
index 10c8c1a7..6f68d29a 100644
--- a/wicket-spring-boot-starter-example/src/test/java/com/giffing/wicket/spring/boot/example/web/pages/customers/CustomerListIntTest.java
+++ b/wicket-spring-boot-starter-example/src/test/java/com/giffing/wicket/spring/boot/example/web/pages/customers/CustomerListIntTest.java
@@ -1,69 +1,64 @@
 package com.giffing.wicket.spring.boot.example.web.pages.customers;
 
-import static org.assertj.core.api.Assertions.assertThat;
 import static org.hamcrest.CoreMatchers.equalTo;
-
+import static org.hamcrest.MatcherAssert.assertThat;
 
 import org.apache.wicket.extensions.markup.html.repeater.data.table.DataTable;
 import org.apache.wicket.markup.repeater.Item;
 import org.junit.jupiter.api.Test;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.test.annotation.Rollback;
 import org.springframework.transaction.annotation.Transactional;
 
 import com.giffing.wicket.spring.boot.example.model.Customer;
-import com.giffing.wicket.spring.boot.example.repository.services.customer.CustomerRepositoryService;
 import com.giffing.wicket.spring.boot.example.repository.services.customer.filter.CustomerSort;
 import com.giffing.wicket.spring.boot.example.web.WicketBaseIntTest;
 import com.giffing.wicket.spring.boot.example.web.html.modal.YesNoModal;
-import static org.hamcrest.MatcherAssert.assertThat;
-
 
 @Transactional
 @Rollback
 public class CustomerListIntTest extends WicketBaseIntTest {
-	
-	@Autowired
-	private CustomerRepositoryService service;
-	
-	@Test
-	@SuppressWarnings({ "rawtypes", "unchecked" })
-	public void assert_start_customer_list_page(){
-		getTester().startPage(CustomerListPage.class);
-		getTester().assertRenderedPage(CustomerListPage.class);
-		getTester().assertComponent("filterForm:table", DataTable.class);
-		
-		DataTable<Customer, CustomerSort> dataTable = (DataTable) getTester().getComponentFromLastRenderedPage("filterForm:table");
-		assertThat(dataTable.getItemCount(), equalTo(5L));
-		//id, username, firstname, lastname, active, actions
-		assertThat(dataTable.getColumns().size(), equalTo(6));
-		//get third row
-		Item<Customer> item3 = (Item) getTester().getComponentFromLastRenderedPage("filterForm:table:body:rows:3");
-		assertThat(item3.getModelObject().getId(), equalTo(3L));
-		assertThat(item3.getModelObject().getUsername(), equalTo("adalgrim"));
-		
-		Item<Customer> item5 = (Item) getTester().getComponentFromLastRenderedPage("filterForm:table:body:rows:5");
-		assertThat(item5.getModelObject().getId(), equalTo(5L));
-		assertThat(item5.getModelObject().getUsername(), equalTo("tuk"));
-	}
-	
-	@Test
-	public void assert_delete_customer_method_called_once(){
-		getTester().startPage(CustomerListPage.class);
-		getTester().assertRenderedPage(CustomerListPage.class);
-		
-		DataTable<Customer, CustomerSort> dataTable = (DataTable) getTester().getComponentFromLastRenderedPage("filterForm:table");
-		assertThat(dataTable.getItemCount(), equalTo(5L));
-		
-		getTester().clickLink(getTableCell(5, 6) + "items:1:item:link");
-		getTester().assertComponent("defaultModal", YesNoModal.class);
-		getTester().clickLink("defaultModal:content:yes", true);
-		
-		assertThat(dataTable.getItemCount(), equalTo(4L));
-		
-	}
-	
-	private String getTableCell(int row, int cell){
-		return "filterForm:table:body:rows:" + row + ":cells:" + cell + ":cell:";
-	}
+
+    @Test
+    @SuppressWarnings({ "rawtypes", "unchecked" })
+    public void assert_start_customer_list_page() {
+        getTester().startPage(CustomerListPage.class);
+        getTester().assertRenderedPage(CustomerListPage.class);
+        getTester().assertComponent("filterForm:table", DataTable.class);
+
+        DataTable<Customer, CustomerSort> dataTable = (DataTable) getTester().getComponentFromLastRenderedPage(
+                "filterForm:table");
+        assertThat(dataTable.getItemCount(), equalTo(5L));
+        //id, username, firstname, lastname, active, actions
+        assertThat(dataTable.getColumns().size(), equalTo(6));
+        //get third row
+        Item<Customer> item3 = (Item) getTester().getComponentFromLastRenderedPage("filterForm:table:body:rows:3");
+        assertThat(item3.getModelObject().getId(), equalTo(3L));
+        assertThat(item3.getModelObject().getUsername(), equalTo("adalgrim"));
+
+        Item<Customer> item5 = (Item) getTester().getComponentFromLastRenderedPage("filterForm:table:body:rows:5");
+        assertThat(item5.getModelObject().getId(), equalTo(5L));
+        assertThat(item5.getModelObject().getUsername(), equalTo("tuk"));
+    }
+
+    @Test
+    public void assert_delete_customer_method_called_once() {
+        getTester().startPage(CustomerListPage.class);
+        getTester().assertRenderedPage(CustomerListPage.class);
+
+        @SuppressWarnings("unchecked")
+        DataTable<Customer, CustomerSort> dataTable = (DataTable) getTester().getComponentFromLastRenderedPage(
+                "filterForm:table");
+        assertThat(dataTable.getItemCount(), equalTo(5L));
+
+        getTester().clickLink(getTableCell(5, 6) + "items:1:item:link");
+        getTester().assertComponent("defaultModal", YesNoModal.class);
+        getTester().clickLink("defaultModal:overlay:dialog:content:yes", true);
+
+        assertThat(dataTable.getItemCount(), equalTo(4L));
+
+    }
+
+    private String getTableCell(int row, int cell) {
+        return "filterForm:table:body:rows:" + row + ":cells:" + cell + ":cell:";
+    }
 }
diff --git a/wicket-spring-boot-starter-example/src/test/java/com/giffing/wicket/spring/boot/example/web/pages/customers/CustomerListPageTest.java b/wicket-spring-boot-starter-example/src/test/java/com/giffing/wicket/spring/boot/example/web/pages/customers/CustomerListPageTest.java
index 6515e3bd..caf746b5 100644
--- a/wicket-spring-boot-starter-example/src/test/java/com/giffing/wicket/spring/boot/example/web/pages/customers/CustomerListPageTest.java
+++ b/wicket-spring-boot-starter-example/src/test/java/com/giffing/wicket/spring/boot/example/web/pages/customers/CustomerListPageTest.java
@@ -1,6 +1,7 @@
 package com.giffing.wicket.spring.boot.example.web.pages.customers;
 
 import static org.hamcrest.CoreMatchers.equalTo;
+import static org.hamcrest.MatcherAssert.assertThat;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 
@@ -9,7 +10,6 @@
 
 import org.apache.wicket.extensions.markup.html.repeater.data.table.DataTable;
 import org.apache.wicket.markup.repeater.Item;
-import static org.hamcrest.MatcherAssert.assertThat;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.mockito.Mockito;
@@ -90,7 +90,7 @@ public void assert_delete_customer_method_called_once(){
 		
 		getTester().clickLink(getTableCell(5, 6) + "items:1:item:link");
 		getTester().assertComponent("defaultModal", YesNoModal.class);
-		getTester().clickLink("defaultModal:content:yes", true);
+		getTester().clickLink("defaultModal:overlay:dialog:content:yes", true);
 		
 		verify(repository, times(1)).delete(Mockito.anyLong());
 		verify(repository, times(1)).delete(5L);
@@ -111,7 +111,7 @@ public static List<Customer> createCustomers(long count) {
 
 	public static Customer createCustomer(long i) {
 		Customer customer = new Customer();
-		customer.setId(Long.valueOf(i));
+		customer.setId(i);
 		customer.setUsername("username" + i);
 		customer.setFirstname("firstname" + i);
 		customer.setLastname("lastname" + i);
diff --git a/wicket-spring-boot-starter-example/src/test/java/test/com/giffing/wicket/spring/boot/example/web/WicketWebApplicationConfig.java b/wicket-spring-boot-starter-example/src/test/java/test/com/giffing/wicket/spring/boot/example/web/WicketWebApplicationConfig.java
index c981b193..146428ac 100644
--- a/wicket-spring-boot-starter-example/src/test/java/test/com/giffing/wicket/spring/boot/example/web/WicketWebApplicationConfig.java
+++ b/wicket-spring-boot-starter-example/src/test/java/test/com/giffing/wicket/spring/boot/example/web/WicketWebApplicationConfig.java
@@ -9,7 +9,6 @@
 import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration;
 import org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration;
 import org.springframework.context.annotation.ComponentScan;
-import org.springframework.session.jdbc.config.annotation.web.http.EnableJdbcHttpSession;
 import org.springframework.transaction.annotation.EnableTransactionManagement;
 
 import com.giffing.wicket.spring.boot.example.WicketApplication;
@@ -52,7 +51,4 @@ protected Class<? extends AbstractAuthenticatedWebSession> getWebSessionClass()
 		return SecureWebSession.class;
 	}
 	
-	
-
-	
 }
diff --git a/wicket-spring-boot-starter-example/src/test/resources/application.yml b/wicket-spring-boot-starter-example/src/test/resources/application.yml
index 2cd30b83..6aa78caf 100644
--- a/wicket-spring-boot-starter-example/src/test/resources/application.yml
+++ b/wicket-spring-boot-starter-example/src/test/resources/application.yml
@@ -10,4 +10,7 @@ wicket:
   stuff:
     serializer:
       fast2:
-        enabled: false
\ No newline at end of file
+        enabled: false
+  core:
+    csrf:
+      enabled: false
diff --git a/wicket-spring-boot-starter/pom.xml b/wicket-spring-boot-starter/pom.xml
index b0de8017..80ffb650 100644
--- a/wicket-spring-boot-starter/pom.xml
+++ b/wicket-spring-boot-starter/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<groupId>com.giffing.wicket.spring.boot.starter</groupId>
 		<artifactId>wicket-spring-boot-starter-parent</artifactId>
-		<version>3.1.7</version>
+		<version>4.0.0</version>
 		<relativePath>..</relativePath>
 	</parent>
 
@@ -187,33 +187,7 @@
 		</dependency>
 	</dependencies>
 
-	<distributionManagement>
-		<snapshotRepository>
-			<id>apache.snapshots</id>
-			<name>Apache Development Snapshot Repository</name>
-			<url>https://repository.apache.org/content/repositories/snapshots/</url>
-		</snapshotRepository>
-		<repository>
-			<id>ossrh</id>
-			<url>https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/</url>
-		</repository>
-	</distributionManagement>
-
 	<build>
-		<plugins>
-			<plugin>
-				<groupId>org.sonatype.plugins</groupId>
-				<artifactId>nexus-staging-maven-plugin</artifactId>
-				<version>1.6.8</version>
-				<extensions>true</extensions>
-				<configuration>
-					<serverId>ossrh</serverId>
-					<nexusUrl>https://s01.oss.sonatype.org/</nexusUrl>
-					<autoReleaseAfterClose>true</autoReleaseAfterClose>
-				</configuration>
-			</plugin>
-		</plugins>
-
 		<resources>
 			<resource>
 				<directory>src/main/resources</directory>
diff --git a/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/WicketAutoConfiguration.java b/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/WicketAutoConfiguration.java
index 2489d5a2..1866fd24 100644
--- a/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/WicketAutoConfiguration.java
+++ b/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/WicketAutoConfiguration.java
@@ -5,7 +5,6 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 
-import com.giffing.wicket.spring.boot.starter.app.classscanner.ClassCandidateScanner;
 import com.giffing.wicket.spring.boot.starter.app.classscanner.ClassCandidateScannerConfiguration;
 import com.giffing.wicket.spring.boot.starter.app.verifier.WicketDependencyVersionChecker;
 import com.giffing.wicket.spring.boot.starter.configuration.CustomAnnotationBeanNameGenerator;
@@ -15,7 +14,7 @@
 
 /**
  * The main starter configuration class which will be called by spring.
- * The class is configured in META-INF/spring.factories
+ * The class is configured in META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
  * 
  * @author Marc Giffing
  *
diff --git a/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/app/WicketBootSecuredWebApplication.java b/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/app/WicketBootSecuredWebApplication.java
index 9fcdcc14..488f0d45 100644
--- a/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/app/WicketBootSecuredWebApplication.java
+++ b/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/app/WicketBootSecuredWebApplication.java
@@ -44,8 +44,7 @@
  */
 public class WicketBootSecuredWebApplication extends AuthenticatedWebApplication implements WicketBootWebApplication {
 	
-	private final static Logger logger = LoggerFactory
-		.getLogger(WicketBootStandardWebApplication.class);
+	private final static Logger logger = LoggerFactory.getLogger(WicketBootStandardWebApplication.class);
 
 	@Autowired
 	private ApplicationContext applicationContext;
diff --git a/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/app/verifier/WicketDependencyVersionChecker.java b/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/app/verifier/WicketDependencyVersionChecker.java
index 41b1364e..a98d4239 100644
--- a/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/app/verifier/WicketDependencyVersionChecker.java
+++ b/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/app/verifier/WicketDependencyVersionChecker.java
@@ -5,7 +5,7 @@
 import java.util.List;
 import java.util.Properties;
 
-import javax.annotation.PostConstruct;
+import jakarta.annotation.PostConstruct;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
diff --git a/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/configuration/extensions/core/csrf/CsrfAttacksPreventionConfig.java b/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/configuration/extensions/core/csrf/CsrfAttacksPreventionConfig.java
index b3152290..698980ad 100644
--- a/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/configuration/extensions/core/csrf/CsrfAttacksPreventionConfig.java
+++ b/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/configuration/extensions/core/csrf/CsrfAttacksPreventionConfig.java
@@ -1,6 +1,8 @@
 package com.giffing.wicket.spring.boot.starter.configuration.extensions.core.csrf;
 
-import org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener;
+import org.apache.wicket.protocol.http.FetchMetadataResourceIsolationPolicy;
+import org.apache.wicket.protocol.http.OriginResourceIsolationPolicy;
+import org.apache.wicket.protocol.http.ResourceIsolationRequestCycleListener;
 import org.apache.wicket.protocol.http.WebApplication;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
@@ -16,11 +18,11 @@
 /**
  * Enables CSRF protection if the following condition matches.
  * 
- * 1. The {@link CsrfPreventionRequestCycleListener} class is in the classpath.
+ * 1. The {@link ResourceIsolationRequestCycleListener} class is in the classpath.
  * 
  * 2. The property {@link CsrfAttacksPreventionProperties#PROPERTY_PREFIX}.enabled has to be true (default = true)
  *
- * The protection should be enabled by default cause the {@link CsrfPreventionRequestCycleListener} is located
+ * The protection should be enabled by default cause the {@link ResourceIsolationRequestCycleListener} is located
  * in Wickets core project.
  * 
  * @author Marc Giffing
@@ -28,7 +30,7 @@
  */
 @ApplicationInitExtension
 @ConditionalOnProperty(prefix = CsrfAttacksPreventionProperties.PROPERTY_PREFIX, value = "enabled", matchIfMissing = true)
-@ConditionalOnClass(value = org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener.class)
+@ConditionalOnClass(value = org.apache.wicket.protocol.http.ResourceIsolationRequestCycleListener.class)
 @EnableConfigurationProperties({ CsrfAttacksPreventionProperties.class })
 public class CsrfAttacksPreventionConfig implements WicketApplicationInitConfiguration{
 
@@ -40,15 +42,17 @@ public class CsrfAttacksPreventionConfig implements WicketApplicationInitConfigu
 	
 	@Override
 	public void init(WebApplication webApplication) {
-		CsrfPreventionRequestCycleListener listener = new CsrfPreventionRequestCycleListener();
-		listener.setConflictingOriginAction(props.getConflictingOriginAction());
+                OriginResourceIsolationPolicy originResourceIsolationPolicy = new OriginResourceIsolationPolicy();
+                props.getAcceptedOrigins().forEach(originResourceIsolationPolicy::addAcceptedOrigin);
+            
+		ResourceIsolationRequestCycleListener listener = new ResourceIsolationRequestCycleListener(
+                        new FetchMetadataResourceIsolationPolicy(),
+		        originResourceIsolationPolicy);
+                listener.setUnknownOutcomeAction(props.gtUnknownOutcomeAction());
+                listener.setDisallowedOutcomeAction(props.getDisallowedOutcomeAction());
 		listener.setErrorCode(props.getErrorCode());
 		listener.setErrorMessage(props.getErrorMessage());
-		listener.setNoOriginAction(props.getNoOriginAction());
-		for (String acceptedOrigin : props.getAcceptedOrigins()) {
-			listener.addAcceptedOrigin(acceptedOrigin);
-		}
-		webApplication.getRequestCycleListeners().add(listener);
+                webApplication.getRequestCycleListeners().add(listener);
 		
 		wicketEndpointRepository.add(new WicketAutoConfig.Builder(this.getClass())
 				.withDetail("properties", props)
diff --git a/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/configuration/extensions/core/csrf/CsrfAttacksPreventionProperties.java b/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/configuration/extensions/core/csrf/CsrfAttacksPreventionProperties.java
index e6781481..98437016 100644
--- a/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/configuration/extensions/core/csrf/CsrfAttacksPreventionProperties.java
+++ b/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/configuration/extensions/core/csrf/CsrfAttacksPreventionProperties.java
@@ -3,7 +3,7 @@
 import java.util.ArrayList;
 import java.util.List;
 
-import org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener.CsrfAction;
+import org.apache.wicket.protocol.http.ResourceIsolationRequestCycleListener.CsrfAction;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 
 @ConfigurationProperties(prefix = CsrfAttacksPreventionProperties.PROPERTY_PREFIX)
@@ -12,20 +12,22 @@ public class CsrfAttacksPreventionProperties {
 	public static final String PROPERTY_PREFIX = "wicket.core.csrf";
 	
 	/**
-	 * Action to perform when no Origin header is present in the request.
+	 * Action to perform when a request is disallowed by a resource isolation policy.
+	 * Default is {@link CsrfAction#ABORT}.
 	 */
-	private CsrfAction noOriginAction = CsrfAction.ALLOW;
+	private CsrfAction disallowedOutcomeAction = CsrfAction.ABORT;
 
 	/**
-	 * Action to perform when a conflicting Origin header is found.
+	 * Action to perform when none of the resource isolation policies can come to an outcome.
+	 * Default is {@link CsrfAction#ABORT}.
 	 */
-	private CsrfAction conflictingOriginAction = CsrfAction.ABORT;
+	private CsrfAction unknownOutcomeAction = CsrfAction.ABORT;
 
 	/**
 	 * The error code to report when the action to take for a CSRF request is
 	 * {@link CsrfAction#ABORT}. Default {@code 400 BAD REQUEST}.
 	 */
-	private int errorCode = javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST;
+	private int errorCode = jakarta.servlet.http.HttpServletResponse.SC_BAD_REQUEST;
 
 	/**
 	 * The error message to report when the action to take for a CSRF request is {@code ERROR}.
@@ -52,20 +54,20 @@ public void setEnabled(boolean enabled) {
 		this.enabled = enabled;
 	}
 
-	public CsrfAction getNoOriginAction() {
-		return noOriginAction;
+	public CsrfAction getDisallowedOutcomeAction() {
+		return disallowedOutcomeAction;
 	}
 
-	public void setNoOriginAction(CsrfAction noOriginAction) {
-		this.noOriginAction = noOriginAction;
+	public void setDisallowedOutcomeAction(CsrfAction disallowedOutcomeAction) {
+		this.disallowedOutcomeAction = disallowedOutcomeAction;
 	}
 
-	public CsrfAction getConflictingOriginAction() {
-		return conflictingOriginAction;
+	public CsrfAction gtUnknownOutcomeAction() {
+		return unknownOutcomeAction;
 	}
 
-	public void setConflictingOriginAction(CsrfAction conflictingOriginAction) {
-		this.conflictingOriginAction = conflictingOriginAction;
+	public void setUnknownOutcomeAction(CsrfAction unknownOutcomeAction) {
+		this.unknownOutcomeAction = unknownOutcomeAction;
 	}
 
 	public int getErrorCode() {
diff --git a/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/configuration/extensions/external/spring/security/SecureWebSession.java b/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/configuration/extensions/external/spring/security/SecureWebSession.java
index 720817d3..b75b5808 100644
--- a/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/configuration/extensions/external/spring/security/SecureWebSession.java
+++ b/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/configuration/extensions/external/spring/security/SecureWebSession.java
@@ -12,7 +12,6 @@
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 
@@ -32,7 +31,6 @@ public class SecureWebSession extends AuthenticatedWebSession implements Seriali
 	@SpringBean(name = "authenticationManager")
 	private AuthenticationManager authenticationManager;
 	
-	
 	public SecureWebSession(Request request) {
 		super(request);
 		Injector.get().inject(this);
@@ -62,9 +60,7 @@ public Roles getRoles() {
 		Roles roles = new Roles();
 		if (isSignedIn()) {
 			Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-			for (GrantedAuthority authority : authentication.getAuthorities()) {
-				roles.add(authority.getAuthority());
-			}
+                        authentication.getAuthorities().forEach(authority -> roles.add(authority.getAuthority()));
 		}
 		return roles;
 	}
diff --git a/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/configuration/extensions/external/spring/security/SpringSecurityConfig.java b/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/configuration/extensions/external/spring/security/SpringSecurityConfig.java
index b5820139..1c2346bc 100644
--- a/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/configuration/extensions/external/spring/security/SpringSecurityConfig.java
+++ b/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/configuration/extensions/external/spring/security/SpringSecurityConfig.java
@@ -1,6 +1,5 @@
 package com.giffing.wicket.spring.boot.starter.configuration.extensions.external.spring.security;
 
-import org.apache.wicket.authroles.authentication.AbstractAuthenticatedWebSession;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
@@ -17,13 +16,12 @@
 @ConditionalOnClass(value = {
 		org.apache.wicket.authroles.authentication.AbstractAuthenticatedWebSession.class,
 		org.springframework.security.core.Authentication.class,
-		org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.class
+		org.springframework.security.web.SecurityFilterChain.class
 })
 @EnableConfigurationProperties({ SpringSecurityProperties.class })
 @ConditionalOnMissingBean(WicketBootWebApplication.class)
 public class SpringSecurityConfig {
 	
-	
 	@Bean
 	public WicketBootSecuredWebApplication wicketBootWebApplication() {
 		return new WicketBootSecuredWebApplication();
@@ -31,14 +29,6 @@ public WicketBootSecuredWebApplication wicketBootWebApplication() {
 	
 	@Bean
 	public AuthenticatedWebSessionConfig authenticatedWebSessionConfig(){
-		return new AuthenticatedWebSessionConfig() {
-			
-			@Override
-			public Class<? extends AbstractAuthenticatedWebSession> getAuthenticatedWebSessionClass() {
-				return SecureWebSession.class;
-			}
-		};
+		return () -> SecureWebSession.class;
 	}
-
-
 }
diff --git a/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/web/WicketWebInitializerProperties.java b/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/web/WicketWebInitializerProperties.java
index e6a1bd9e..8252abac 100644
--- a/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/web/WicketWebInitializerProperties.java
+++ b/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/web/WicketWebInitializerProperties.java
@@ -1,11 +1,10 @@
 package com.giffing.wicket.spring.boot.starter.web;
 
-import java.util.Arrays;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
-import javax.servlet.DispatcherType;
+import jakarta.servlet.DispatcherType;
 
 import org.springframework.boot.context.properties.ConfigurationProperties;
 
@@ -19,7 +18,7 @@ public class WicketWebInitializerProperties {
 	// Adds possibility to add init parameters dynamically
 	private Map<String, String> initParameters = new HashMap<>(); 
 
-	private List<DispatcherType> dispatcherTypes = Arrays.asList( DispatcherType.REQUEST, DispatcherType.ERROR, DispatcherType.ASYNC );
+	private List<DispatcherType> dispatcherTypes = List.of( DispatcherType.REQUEST, DispatcherType.ERROR, DispatcherType.ASYNC );
 
 	private boolean filterMatchAfter;
 
diff --git a/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/web/config/WicketWebInitializerAutoConfig.java b/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/web/config/WicketWebInitializerAutoConfig.java
index 9b49bd58..02c5819b 100644
--- a/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/web/config/WicketWebInitializerAutoConfig.java
+++ b/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/web/config/WicketWebInitializerAutoConfig.java
@@ -3,7 +3,6 @@
 import org.apache.wicket.Application;
 import org.apache.wicket.protocol.ws.javax.JavaxWebSocketFilter;
 import org.apache.wicket.protocol.ws.javax.WicketServerEndpointConfig;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.AutoConfigureAfter;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
diff --git a/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/web/servlet/websocket/DummyWicketSessionResolver.java b/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/web/servlet/websocket/DummyWicketSessionResolver.java
index a4dd5388..cef83916 100644
--- a/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/web/servlet/websocket/DummyWicketSessionResolver.java
+++ b/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/web/servlet/websocket/DummyWicketSessionResolver.java
@@ -1,13 +1,12 @@
 package com.giffing.wicket.spring.boot.starter.web.servlet.websocket;
 
-import java.util.Arrays;
 import java.util.List;
 
 public class DummyWicketSessionResolver implements WicketSessionResolver {
 
 	@Override
 	public List<String> resolve(Object value) {
-		return Arrays.asList();
+		return List.of();
 	}
 
 }
diff --git a/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/web/servlet/websocket/WicketServerEndpointConfigRegister.java b/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/web/servlet/websocket/WicketServerEndpointConfigRegister.java
index 2dae8ddd..f8b4dd34 100644
--- a/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/web/servlet/websocket/WicketServerEndpointConfigRegister.java
+++ b/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/web/servlet/websocket/WicketServerEndpointConfigRegister.java
@@ -1,11 +1,11 @@
 package com.giffing.wicket.spring.boot.starter.web.servlet.websocket;
 
-import javax.servlet.ServletContext;
-import javax.servlet.ServletContextEvent;
-import javax.servlet.ServletContextListener;
-import javax.websocket.DeploymentException;
-import javax.websocket.Endpoint;
-import javax.websocket.server.ServerContainer;
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.ServletContextEvent;
+import jakarta.servlet.ServletContextListener;
+import jakarta.websocket.DeploymentException;
+import jakarta.websocket.Endpoint;
+import jakarta.websocket.server.ServerContainer;
 
 import org.apache.wicket.protocol.ws.javax.WicketServerEndpointConfig;
 
diff --git a/wicket-spring-boot-starter/src/main/resources/META-INF/spring.factories b/wicket-spring-boot-starter/src/main/resources/META-INF/spring.factories
index 01c36617..f343bdfa 100644
--- a/wicket-spring-boot-starter/src/main/resources/META-INF/spring.factories
+++ b/wicket-spring-boot-starter/src/main/resources/META-INF/spring.factories
@@ -1,6 +1,3 @@
-# AutoConfigurations
-org.springframework.boot.autoconfigure.EnableAutoConfiguration=com.giffing.wicket.spring.boot.starter.WicketAutoConfiguration
-
 org.springframework.boot.env.EnvironmentPostProcessor=com.giffing.wicket.spring.boot.starter.configuration.extensions.external.development.springboot.devtools.WicketDevToolsPropertyDefaultsPostProcessor
 
-org.springframework.boot.diagnostics.FailureAnalyzer=com.giffing.wicket.spring.boot.starter.app.verifier.WicketDependencyVersionCheckerFailureAnalyzer
\ No newline at end of file
+org.springframework.boot.diagnostics.FailureAnalyzer=com.giffing.wicket.spring.boot.starter.app.verifier.WicketDependencyVersionCheckerFailureAnalyzer
diff --git a/wicket-spring-boot-starter/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/wicket-spring-boot-starter/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
new file mode 100644
index 00000000..bd3fab22
--- /dev/null
+++ b/wicket-spring-boot-starter/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
@@ -0,0 +1 @@
+com.giffing.wicket.spring.boot.starter.WicketAutoConfiguration