From c5023127190c8f80bf83bafabcbea4df5cf44898 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Thu, 10 Sep 2020 21:33:16 -0700
Subject: [PATCH] Replace expected @Test attributes with AssertJ

Replace JUnit expected @Test attributes with AssertJ calls.
---
 .../security/acls/domain/AclImplTests.java    |  23 +-
 .../acls/domain/ObjectIdentityImplTests.java  |   4 +-
 .../AbstractBasicLookupStrategyTests.java     |   6 +-
 .../acls/jdbc/AclClassIdUtilsTests.java       |   9 +-
 ...icLookupStrategyWithAclClassTypeTests.java |   7 +-
 .../acls/jdbc/EhCacheBasedAclCacheTests.java  |   7 +-
 .../acls/jdbc/JdbcAclServiceTests.java        |   6 +-
 .../jdbc/SpringCacheBasedAclCacheTests.java   |   5 +-
 .../aspect/AnnotationSecurityAspectTests.java |  17 +-
 .../CasAuthenticationProviderTests.java       |  26 +-
 .../CasAuthenticationTokenTests.java          |   7 +-
 .../SpringCacheBasedTicketCacheTests.java     |   5 +-
 .../cas/web/CasAuthenticationFilterTests.java |   6 +-
 .../cas/web/ServicePropertiesTests.java       |   4 +-
 ...LdapProviderBeanDefinitionParserTests.java |   7 +-
 .../config/InvalidConfigurationTests.java     |  10 +-
 .../annotation/issue50/Issue50Tests.java      |  17 +-
 ...bstractConfiguredSecurityBuilderTests.java |  26 +-
 ...RequestMatcherRegistryAnyMatcherTests.java |  27 +-
 .../web/configuration/Sec2515Tests.java       |  11 +-
 ...geSecurityMetadataSourceRegistryTests.java |   5 +-
 ...tionProviderBeanDefinitionParserTests.java |  22 +-
 .../UserServiceBeanDefinitionParserTests.java |  25 +-
 .../core/GrantedAuthorityDefaultsJcTests.java |   9 +-
 .../GrantedAuthorityDefaultsXmlTests.java     |   9 +-
 ...tadataSourceBeanDefinitionParserTests.java |  10 +-
 ...thodSecurityBeanDefinitionParserTests.java |  30 +-
 ...ptMethodsBeanDefinitionDecoratorTests.java |  14 +-
 ...tationDrivenBeanDefinitionParserTests.java |  11 +-
 .../config/method/PreAuthorizeTests.java      |  11 +-
 .../security/config/method/Sec2196Tests.java  |   6 +-
 ...tationDrivenBeanDefinitionParserTests.java |  18 +-
 .../security/config/method/SecuredTests.java  |   6 +-
 ...lobalMethodSecurityConfigurationTests.java |   5 +-
 .../server/AuthorizeExchangeSpecTests.java    |  25 +-
 ...SecurityInterceptorWithAopConfigTests.java |  10 +-
 ...ticationCredentialsNotFoundEventTests.java |  22 +-
 .../AuthorizationFailureEventTests.java       |  22 +-
 .../security/access/AuthorizedEventTests.java |  18 +-
 .../security/access/SecurityConfigTests.java  |  15 +-
 ...bstractSecurityExpressionHandlerTests.java |   5 +-
 ...tMethodSecurityExpressionHandlerTests.java |   5 +-
 ...pressionBasedPreInvocationAdviceTests.java |  26 +-
 .../method/MethodExpressionVoterTests.java    |  19 +-
 .../RoleHierarchyUtilsTests.java              |  30 +-
 .../AbstractSecurityInterceptorTests.java     |   9 +-
 .../RunAsImplAuthenticationProviderTests.java |  10 +-
 .../MethodSecurityInterceptorTests.java       |  51 +--
 .../access/vote/AffirmativeBasedTests.java    |  11 +-
 .../access/vote/ConsensusBasedTests.java      |  17 +-
 .../AbstractAuthenticationTokenTests.java     |   6 +-
 ...aultAuthenticationEventPublisherTests.java |  30 +-
 .../authentication/ProviderManagerTests.java  |  18 +-
 ...tiveAuthenticationManagerAdapterTests.java |   9 +-
 ...ailsServiceAuthenticationManagerTests.java |   7 +-
 ...oryReactiveAuthenticationManagerTests.java |  13 +-
 ...rnamePasswordAuthenticationTokenTests.java |   6 +-
 .../AnonymousAuthenticationTokenTests.java    |  14 +-
 ...efaultJaasAuthenticationProviderTests.java |   9 +-
 .../memory/InMemoryConfigurationTests.java    |  10 +-
 .../RemoteAuthenticationManagerImplTests.java |   6 +-
 ...rityReactiveAuthorizationManagerTests.java |  39 ++-
 ...ngSecurityContextExecutorServiceTests.java |   5 +-
 ...elegatingSecurityContextExecutorTests.java |   5 +-
 ...elegatingSecurityContextCallableTests.java |  36 ++-
 ...elegatingSecurityContextRunnableTests.java |  28 +-
 .../DelegatingApplicationListenerTests.java   |   5 +-
 ...ributes2GrantedAuthoritiesMapperTests.java |  26 +-
 .../mapping/SimpleAuthoritiesMapperTests.java |   7 +-
 .../core/token/DefaultTokenTests.java         |   5 +-
 .../KeyBasedPersistenceTokenServiceTests.java |  14 +-
 .../MapReactiveUserDetailsServiceTests.java   |  13 +-
 .../cache/EhCacheBasedUserCacheTests.java     |   7 +-
 .../cache/SpringCacheBasedUserCacheTests.java |   5 +-
 .../userdetails/jdbc/JdbcDaoImplTests.java    |   4 +-
 ...nonymousAuthenticationTokenMixinTests.java |   6 +-
 ...memberMeAuthenticationTokenMixinTests.java |  13 +-
 .../SimpleGrantedAuthorityMixinTests.java     |   6 +-
 .../jackson2/UserDeserializerTests.java       |  10 +-
 .../JdbcUserDetailsManagerTests.java          |   5 +-
 ...tingSecurityContextTaskSchedulerTests.java |   5 +-
 .../util/MethodInvocationUtilsTests.java      |   6 +-
 .../argon2/Argon2EncodingUtilsTests.java      |  66 ++--
 .../argon2/Argon2PasswordEncoderTests.java    |   5 +-
 .../bcrypt/BCryptPasswordEncoderTests.java    |  21 +-
 .../security/crypto/bcrypt/BCryptTests.java   |  46 +--
 .../security/crypto/codec/Base64Tests.java    |  10 +-
 .../BouncyCastleAesBytesEncryptorTests.java   |  12 +-
 .../keygen/Base64StringKeyGeneratorTests.java |  10 +-
 .../DelegatingPasswordEncoderTests.java       |  18 +-
 .../password/LdapShaPasswordEncoderTests.java |  10 +-
 .../MessageDigestPasswordEncoderTests.java    |   5 +-
 .../scrypt/SCryptPasswordEncoderTests.java    |  29 +-
 ...curityEvaluationContextExtensionTests.java |   5 +-
 .../HttpPathParameterStrippingTests.java      |  18 +-
 .../integration/MultiAnnotationTests.java     |  22 +-
 .../SEC936ApplicationContextTests.java        |   8 +-
 ...faultSpringSecurityContextSourceTests.java |  35 +--
 .../BindAuthenticatorTests.java               |   5 +-
 .../PasswordComparisonAuthenticatorTests.java |  10 +-
 .../FilterBasedLdapUserSearchTests.java       |  10 +-
 .../DefaultLdapAuthoritiesPopulatorTests.java |   5 +-
 .../LdapUserDetailsManagerTests.java          |  12 +-
 ...ringSecurityAuthenticationSourceTests.java |   5 +-
 .../LdapAuthenticationProviderTests.java      |   8 +-
 ...ectoryLdapAuthenticationProviderTests.java |  79 ++---
 ...PasswordPolicyAwareContextSourceTests.java |  11 +-
 .../LdapUserDetailsServiceTests.java          |  10 +-
 ...MessageSecurityExpressionHandlerTests.java |   5 +-
 ...MessageExpressionConfigAttributeTests.java |  10 +-
 .../MessageExpressionVoterTests.java          |   5 +-
 .../ChannelSecurityInterceptorTests.java      |  11 +-
 ...icationPrincipalArgumentResolverTests.java |  11 +-
 ...ecurityContextChannelInterceptorTests.java |   9 +-
 .../util/matcher/AndMessageMatcherTests.java  |  28 +-
 .../util/matcher/OrMessageMatcherTests.java   |  28 +-
 .../SimpDestinationMessageMatcherTests.java   |   5 +-
 .../matcher/SimpMessageTypeMatcherTests.java  |   5 +-
 .../web/csrf/CsrfChannelInterceptorTests.java |  22 +-
 ...oryOAuth2AuthorizedClientServiceTests.java |  34 +-
 .../client/OAuth2AuthorizedClientTests.java   |  16 +-
 .../OAuth2AuthenticationTokenTests.java       |  11 +-
 .../OAuth2LoginAuthenticationTokenTests.java  |  38 ++-
 ...th2AuthorizationCodeGrantRequestTests.java |  11 +-
 ...orizationCodeTokenResponseClientTests.java |   5 +-
 ...ntCredentialsTokenResponseClientTests.java |   5 +-
 .../registration/ClientRegistrationTests.java | 290 ++++++++++--------
 ...moryClientRegistrationRepositoryTests.java |  33 +-
 ...tiveClientRegistrationRepositoryTests.java |   6 +-
 .../DelegatingOAuth2UserServiceTests.java     |  14 +-
 ...h2AuthorizationRequestRepositoryTests.java |   5 +-
 .../core/AuthorizationGrantTypeTests.java     |   5 +-
 .../core/ClientAuthenticationMethodTests.java |   5 +-
 .../oauth2/core/OAuth2AccessTokenTests.java   |  21 +-
 .../oauth2/core/OAuth2ErrorTests.java         |   5 +-
 .../OAuth2AccessTokenResponseTests.java       |  25 +-
 .../OAuth2AuthorizationExchangeTests.java     |  11 +-
 .../OAuth2AuthorizationResponseTests.java     |  77 +++--
 .../oauth2/core/oidc/OidcIdTokenTests.java    |  12 +-
 .../oauth2/core/oidc/OidcUserInfoTests.java   |   5 +-
 .../core/oidc/user/DefaultOidcUserTests.java  |  13 +-
 .../oidc/user/OidcUserAuthorityTests.java     |   9 +-
 .../core/user/DefaultOAuth2UserTests.java     |  30 +-
 .../core/user/OAuth2UserAuthorityTests.java   |  14 +-
 .../security/oauth2/jwt/JwtTests.java         |  18 +-
 .../JwtGrantedAuthoritiesConverterTests.java  |   5 +-
 .../openid/OpenID4JavaConsumerTests.java      |  15 +-
 .../remoting/dns/JndiDnsResolverTests.java    |  15 +-
 .../context/showcase/WithMockUserTests.java   |   6 +-
 .../showcase/WithUserDetailsTests.java        |   6 +-
 ...thMockUserSecurityContextFactoryTests.java |  14 +-
 ...serDetailsSecurityContextFactoryTests.java |   9 +-
 ...MockMvcRequestPostProcessorsUserTests.java |   6 +-
 .../SecurityMockMvcResultMatchersTests.java   |  17 +-
 ...WithAuthoritiesMvcResultMatchersTests.java |   6 +-
 .../setup/SecurityMockMvcConfigurerTests.java |   5 +-
 .../web/DefaultRedirectStrategyTests.java     |   6 +-
 .../security/web/FilterChainProxyTests.java   |   5 +-
 .../security/web/FilterInvocationTests.java   |  21 +-
 .../ExceptionTranslationFilterTests.java      |  10 +-
 .../channel/ChannelProcessingFilterTests.java |  13 +-
 ...aultWebSecurityExpressionHandlerTests.java |   5 +-
 ...InvocationSecurityMetadataSourceTests.java |   8 +-
 ...InvocationSecurityMetadataSourceTests.java |   5 +-
 .../FilterSecurityInterceptorTests.java       |   9 +-
 ...ctAuthenticationProcessingFilterTests.java |   4 +-
 .../AnonymousAuthenticationFilterTests.java   |   9 +-
 ...rwardAuthenticaionSuccessHandlerTests.java |   9 +-
 ...wardAuthenticationFailureHandlerTests.java |   9 +-
 .../HttpStatusEntryPointTests.java            |   5 +-
 ...LoginUrlAuthenticationEntryPointTests.java |  17 +-
 .../CookieClearingLogoutHandlerTests.java     |   9 +-
 ...PreAuthenticatedProcessingFilterTests.java |   6 +-
 ...henticatedAuthenticationProviderTests.java |  10 +-
 ...tedAuthoritiesUserDetailsServiceTests.java |   9 +-
 ...estAttributeAuthenticationFilterTests.java |  11 +-
 ...equestHeaderAuthenticationFilterTests.java |  11 +-
 .../SubjectDnX509PrincipalExtractorTests.java |  12 +-
 .../AbstractRememberMeServicesTests.java      |  12 +-
 ...tentTokenBasedRememberMeServicesTests.java |  29 +-
 .../RememberMeAuthenticationFilterTests.java  |  11 +-
 .../TokenBasedRememberMeServicesTests.java    |   5 +-
 ...iteSessionAuthenticationStrategyTests.java |  15 +-
 ...ionControlAuthenticationStrategyTests.java |  15 +-
 ...terSessionAuthenticationStrategyTests.java |   5 +-
 .../switchuser/SwitchUserFilterTests.java     |  42 +--
 .../BasicAuthenticationConverterTests.java    |  13 +-
 .../www/BasicAuthenticationFilterTests.java   |   9 +-
 .../www/DigestAuthenticationFilterTests.java  |   9 +-
 ...icationPrincipalArgumentResolverTests.java |  11 +-
 .../ConcurrentSessionFilterTests.java         |  31 +-
 ...SessionSecurityContextRepositoryTests.java |  10 +-
 ...extCallableProcessingInterceptorTests.java |   5 +-
 .../csrf/CookieCsrfTokenRepositoryTests.java  |  13 +-
 .../csrf/CsrfAuthenticationStrategyTests.java |   5 +-
 .../security/web/csrf/CsrfFilterTests.java    |  13 +-
 .../web/csrf/CsrfLogoutHandlerTests.java      |   5 +-
 .../web/csrf/DefaultCsrfTokenTests.java       |  32 +-
 .../HttpSessionCsrfTokenRepositoryTests.java  |  17 +-
 .../csrf/LazyCsrfTokenRepositoryTests.java    |  10 +-
 .../firewall/DefaultHttpFirewallTests.java    |   8 +-
 .../web/firewall/StrictHttpFirewallTests.java | 177 ++++++-----
 .../web/header/HeaderWriterFilterTests.java   |  10 +-
 ...ontentSecurityPolicyHeaderWriterTests.java |   7 +-
 ...gatingRequestMatcherHeaderWriterTests.java |  11 +-
 .../header/writers/HpkpHeaderWriterTests.java |  14 +-
 .../header/writers/HstsHeaderWriterTests.java |   9 +-
 .../ReferrerPolicyHeaderWriterTests.java      |   5 +-
 .../writers/StaticHeaderWriterTests.java      |  21 +-
 .../XXssProtectionHeaderWriterTests.java      |   5 +-
 .../FrameOptionsHeaderWriterTests.java        |  14 +-
 .../RegExpAllowFromStrategyTests.java         |  10 +-
 .../WhiteListedAllowFromStrategyTests.java    |   9 +-
 .../jackson2/DefaultCsrfTokenMixinTests.java  |  11 +-
 ...icationPrincipalArgumentResolverTests.java |  11 +-
 .../SavedRequestAwareWrapperTests.java        |   5 +-
 .../DefaultServerRedirectStrategyTests.java   |  13 +-
 .../web/server/WebFilterExchangeTests.java    |  11 +-
 ...onverterServerWebExchangeMatcherTests.java |   6 +-
 .../AuthenticationWebFilterTests.java         |   5 +-
 ...icServerAuthenticationEntryPointTests.java |   5 +-
 ...thenticatedAuthenticationManagerTests.java |  26 +-
 ...ctServerAuthenticationEntryPointTests.java |   9 +-
 ...rverAuthenticationFailureHandlerTests.java |   9 +-
 ...rverAuthenticationSuccessHandlerTests.java |  13 +-
 ...ticationEntryPointFailureHandlerTests.java |   6 +-
 ...FormLoginAuthenticationConverterTests.java |   9 +-
 .../SwitchUserWebFilterTests.java             |  34 +-
 .../ExceptionTranslationWebFilterTests.java   |   9 +-
 ...pStatusServerAccessDeniedHandlerTests.java |   5 +-
 .../context/ReactorContextWebFilterTests.java |   6 +-
 .../DefaultCsrfServerTokenMixinTests.java     |  11 +-
 ...ediaTypeServerWebExchangeMatcherTests.java |  17 +-
 ...hMatcherServerWebExchangeMatcherTests.java |  11 +-
 .../HttpSessionEventPublisherTests.java       |  14 +-
 .../SessionInformationExpiredEventTests.java  |  19 +-
 .../session/SessionManagementFilterTests.java |   5 +-
 .../web/util/TextEscapeUtilsTests.java        |  13 +-
 .../util/matcher/AndRequestMatcherTests.java  |  28 +-
 .../matcher/MediaTypeRequestMatcherTests.java |  33 +-
 .../matcher/NegatedRequestMatcherTests.java   |   5 +-
 .../util/matcher/OrRequestMatcherTests.java   |  28 +-
 .../RequestHeaderRequestMatcherTests.java     |   9 +-
 243 files changed, 2125 insertions(+), 1601 deletions(-)

diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
index 9040547d6ad..4d14294b1a4 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
@@ -166,7 +166,7 @@ public void insertAceAddsElementAtCorrectIndex() {
 		assertThat(acl.getEntries().get(2).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST2"));
 	}
 
-	@Test(expected = NotFoundException.class)
+	@Test
 	public void insertAceFailsForNonExistentElement() {
 		MutableAcl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, true,
 				new PrincipalSid("joe"));
@@ -174,7 +174,8 @@ public void insertAceFailsForNonExistentElement() {
 		// Insert one permission
 		acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST1"), true);
 		service.updateAcl(acl);
-		acl.insertAce(55, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"), true);
+		assertThatExceptionOfType(NotFoundException.class)
+				.isThrownBy(() -> acl.insertAce(55, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"), true));
 	}
 
 	@Test
@@ -411,38 +412,40 @@ public void isSidLoadedBehavesAsExpected() {
 						.isFalse();
 	}
 
-	@Test(expected = NotFoundException.class)
+	@Test
 	public void insertAceRaisesNotFoundExceptionForIndexLessThanZero() {
 		AclImpl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, true,
 				new PrincipalSid("joe"));
-		acl.insertAce(-1, mock(Permission.class), mock(Sid.class), true);
+		assertThatExceptionOfType(NotFoundException.class)
+				.isThrownBy(() -> acl.insertAce(-1, mock(Permission.class), mock(Sid.class), true));
 	}
 
-	@Test(expected = NotFoundException.class)
+	@Test
 	public void deleteAceRaisesNotFoundExceptionForIndexLessThanZero() {
 		AclImpl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, true,
 				new PrincipalSid("joe"));
-		acl.deleteAce(-1);
+		assertThatExceptionOfType(NotFoundException.class).isThrownBy(() -> acl.deleteAce(-1));
 	}
 
-	@Test(expected = NotFoundException.class)
+	@Test
 	public void insertAceRaisesNotFoundExceptionForIndexGreaterThanSize() {
 		AclImpl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, true,
 				new PrincipalSid("joe"));
 		// Insert at zero, OK.
 		acl.insertAce(0, mock(Permission.class), mock(Sid.class), true);
 		// Size is now 1
-		acl.insertAce(2, mock(Permission.class), mock(Sid.class), true);
+		assertThatExceptionOfType(NotFoundException.class)
+				.isThrownBy(() -> acl.insertAce(2, mock(Permission.class), mock(Sid.class), true));
 	}
 
 	// SEC-1151
-	@Test(expected = NotFoundException.class)
+	@Test
 	public void deleteAceRaisesNotFoundExceptionForIndexEqualToSize() {
 		AclImpl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, true,
 				new PrincipalSid("joe"));
 		acl.insertAce(0, mock(Permission.class), mock(Sid.class), true);
 		// Size is now 1
-		acl.deleteAce(1);
+		assertThatExceptionOfType(NotFoundException.class).isThrownBy(() -> acl.deleteAce(1));
 	}
 
 	// SEC-1795
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java
index ca94695ac19..539fff692dd 100644
--- a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java
@@ -72,9 +72,9 @@ public void testGetIdMethodConstraints() {
 		assertThatNoException().isThrownBy(() -> new ObjectIdentityImpl(mockId));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorRejectsInvalidTypeParameter() {
-		new ObjectIdentityImpl("", 1L);
+		assertThatIllegalArgumentException().isThrownBy(() -> new ObjectIdentityImpl("", 1L));
 	}
 
 	@Test
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java
index 7a7e2f196d0..d1a20e63521 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java
@@ -54,6 +54,7 @@
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests {@link BasicLookupStrategy}
@@ -294,12 +295,13 @@ public void testReadAllObjectIdentitiesWhenLastElementIsAlreadyCached() {
 		assertThat(foundParent2Acl.isGranted(checkPermission, sids, false)).isTrue();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void nullOwnerIsNotSupported() {
 		String query = "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (6,2,104,null,null,1);";
 		getJdbcTemplate().execute(query);
 		ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS, 104L);
-		this.strategy.readAclsById(Arrays.asList(oid), Arrays.asList(BEN_SID));
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.strategy.readAclsById(Arrays.asList(oid), Arrays.asList(BEN_SID)));
 	}
 
 	@Test
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTests.java
index 99660737d72..49b4e12b1af 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTests.java
@@ -31,6 +31,7 @@
 import org.springframework.core.convert.ConversionService;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.BDDMockito.given;
 
 /**
@@ -125,14 +126,14 @@ public void shouldReturnStringWhenStringClassIdType() throws SQLException {
 		assertThat(newIdentifier).isEqualTo(identifier);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void shouldNotAcceptNullConversionServiceInConstruction() {
-		new AclClassIdUtils(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new AclClassIdUtils(null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void shouldNotAcceptNullConversionServiceInSetter() {
-		this.aclClassIdUtils.setConversionService(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.aclClassIdUtils.setConversionService(null));
 	}
 
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java
index 532304a57b8..2db9b656088 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java
@@ -37,6 +37,8 @@
 import org.springframework.security.acls.model.Acl;
 import org.springframework.security.acls.model.ObjectIdentity;
 
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+
 /**
  * Tests {@link BasicLookupStrategy} with Acl Class type id set to UUID.
  *
@@ -110,10 +112,11 @@ public void testReadObjectIdentityUsingLongTypeWithConversionServiceEnabled() {
 		Assert.assertNotNull(foundAcls.get(oid));
 	}
 
-	@Test(expected = ConversionFailedException.class)
+	@Test
 	public void testReadObjectIdentityUsingNonUuidInDatabase() {
 		ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS_WITH_UUID, OBJECT_IDENTITY_LONG_AS_UUID);
-		this.uuidEnabledStrategy.readAclsById(Arrays.asList(oid), Arrays.asList(BEN_SID));
+		assertThatExceptionOfType(ConversionFailedException.class)
+				.isThrownBy(() -> this.uuidEnabledStrategy.readAclsById(Arrays.asList(oid), Arrays.asList(BEN_SID)));
 	}
 
 }
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java
index 397a72cfcd8..8c2a3a46038 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java
@@ -94,10 +94,11 @@ public void cleanup() {
 		SecurityContextHolder.clearContext();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorRejectsNullParameters() {
-		new EhCacheBasedAclCache(null, new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()),
-				new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_USER")));
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new EhCacheBasedAclCache(null, new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()),
+						new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_USER"))));
 	}
 
 	@Test
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
index 49985c2d2e8..7894a6dce0f 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
@@ -44,6 +44,7 @@
 import org.springframework.security.acls.model.Sid;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyList;
 import static org.mockito.ArgumentMatchers.anyString;
@@ -95,13 +96,14 @@ public void tearDownEmbeddedDatabase() {
 	}
 
 	// SEC-1898
-	@Test(expected = NotFoundException.class)
+	@Test
 	public void readAclByIdMissingAcl() {
 		Map<ObjectIdentity, Acl> result = new HashMap<>();
 		given(this.lookupStrategy.readAclsById(anyList(), anyList())).willReturn(result);
 		ObjectIdentity objectIdentity = new ObjectIdentityImpl(Object.class, 1);
 		List<Sid> sids = Arrays.<Sid>asList(new PrincipalSid("user"));
-		this.aclService.readAclById(objectIdentity, sids);
+		assertThatExceptionOfType(NotFoundException.class)
+				.isThrownBy(() -> this.aclService.readAclById(objectIdentity, sids));
 	}
 
 	@Test
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java
index 9a3bd624002..aae99803625 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java
@@ -43,6 +43,7 @@
 import org.springframework.security.util.FieldUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests {@link org.springframework.security.acls.domain.SpringCacheBasedAclCache}
@@ -74,9 +75,9 @@ private Cache getCache() {
 		return cache;
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorRejectsNullParameters() {
-		new SpringCacheBasedAclCache(null, null, null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new SpringCacheBasedAclCache(null, null, null));
 	}
 
 	@SuppressWarnings("rawtypes")
diff --git a/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java b/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java
index 2bda2d7fac9..f67df408f75 100644
--- a/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java
+++ b/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java
@@ -98,9 +98,10 @@ public void securedInterfaceMethodAllowsAllAccess() {
 		this.secured.securedMethod();
 	}
 
-	@Test(expected = AuthenticationCredentialsNotFoundException.class)
+	@Test
 	public void securedClassMethodDeniesUnauthenticatedAccess() {
-		this.secured.securedClassMethod();
+		assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
+				.isThrownBy(() -> this.secured.securedClassMethod());
 	}
 
 	@Test
@@ -109,17 +110,17 @@ public void securedClassMethodAllowsAccessToRoleA() {
 		this.secured.securedClassMethod();
 	}
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void internalPrivateCallIsIntercepted() {
 		SecurityContextHolder.getContext().setAuthentication(this.anne);
 		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.secured.publicCallsPrivate());
-		this.securedSub.publicCallsPrivate();
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.securedSub.publicCallsPrivate());
 	}
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void protectedMethodIsIntercepted() {
 		SecurityContextHolder.getContext().setAuthentication(this.anne);
-		this.secured.protectedMethod();
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.secured.protectedMethod());
 	}
 
 	@Test
@@ -129,11 +130,11 @@ public void overriddenProtectedMethodIsNotIntercepted() {
 	}
 
 	// SEC-1262
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void denyAllPreAuthorizeDeniesAccess() {
 		configureForElAnnotations();
 		SecurityContextHolder.getContext().setAuthentication(this.anne);
-		this.prePostSecured.denyAllMethod();
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.prePostSecured::denyAllMethod);
 	}
 
 	@Test
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java
index 682aa886768..ef7a451d2e2 100644
--- a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java
@@ -41,6 +41,8 @@
 import org.springframework.security.web.authentication.WebAuthenticationDetails;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
 import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
@@ -199,7 +201,7 @@ public void authenticateAllAuthenticationIsSuccessful() throws Exception {
 		assertThatIllegalStateException().isThrownBy(() -> cap.authenticate(token));
 	}
 
-	@Test(expected = BadCredentialsException.class)
+	@Test
 	public void missingTicketIdIsDetected() throws Exception {
 		CasAuthenticationProvider cap = new CasAuthenticationProvider();
 		cap.setAuthenticationUserDetailsService(new MockAuthoritiesPopulator());
@@ -211,10 +213,10 @@ public void missingTicketIdIsDetected() throws Exception {
 		cap.afterPropertiesSet();
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
 				CasAuthenticationFilter.CAS_STATEFUL_IDENTIFIER, "");
-		cap.authenticate(token);
+		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> cap.authenticate(token));
 	}
 
-	@Test(expected = BadCredentialsException.class)
+	@Test
 	public void invalidKeyIsDetected() throws Exception {
 		final Assertion assertion = new AssertionImpl("test");
 		CasAuthenticationProvider cap = new CasAuthenticationProvider();
@@ -227,30 +229,30 @@ public void invalidKeyIsDetected() throws Exception {
 		cap.afterPropertiesSet();
 		CasAuthenticationToken token = new CasAuthenticationToken("WRONG_KEY", makeUserDetails(), "credentials",
 				AuthorityUtils.createAuthorityList("XX"), makeUserDetails(), assertion);
-		cap.authenticate(token);
+		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> cap.authenticate(token));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void detectsMissingAuthoritiesPopulator() throws Exception {
 		CasAuthenticationProvider cap = new CasAuthenticationProvider();
 		cap.setKey("qwerty");
 		cap.setStatelessTicketCache(new MockStatelessTicketCache());
 		cap.setTicketValidator(new MockTicketValidator(true));
 		cap.setServiceProperties(makeServiceProperties());
-		cap.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(() -> cap.afterPropertiesSet());
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void detectsMissingKey() throws Exception {
 		CasAuthenticationProvider cap = new CasAuthenticationProvider();
 		cap.setAuthenticationUserDetailsService(new MockAuthoritiesPopulator());
 		cap.setStatelessTicketCache(new MockStatelessTicketCache());
 		cap.setTicketValidator(new MockTicketValidator(true));
 		cap.setServiceProperties(makeServiceProperties());
-		cap.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(() -> cap.afterPropertiesSet());
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void detectsMissingStatelessTicketCache() throws Exception {
 		CasAuthenticationProvider cap = new CasAuthenticationProvider();
 		// set this explicitly to null to test failure
@@ -259,17 +261,17 @@ public void detectsMissingStatelessTicketCache() throws Exception {
 		cap.setKey("qwerty");
 		cap.setTicketValidator(new MockTicketValidator(true));
 		cap.setServiceProperties(makeServiceProperties());
-		cap.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(() -> cap.afterPropertiesSet());
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void detectsMissingTicketValidator() throws Exception {
 		CasAuthenticationProvider cap = new CasAuthenticationProvider();
 		cap.setAuthenticationUserDetailsService(new MockAuthoritiesPopulator());
 		cap.setKey("qwerty");
 		cap.setStatelessTicketCache(new MockStatelessTicketCache());
 		cap.setServiceProperties(makeServiceProperties());
-		cap.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(() -> cap.afterPropertiesSet());
 	}
 
 	@Test
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java
index 9102af096ea..6585c8c864a 100644
--- a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java
@@ -68,10 +68,11 @@ public void testConstructorRejectsNulls() {
 				"Password", AuthorityUtils.createAuthorityList("ROLE_1", null), makeUserDetails(), assertion));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenEmptyKeyThenThrowsException() {
-		new CasAuthenticationToken("", "user", "password", Collections.<GrantedAuthority>emptyList(),
-				new User("user", "password", Collections.<GrantedAuthority>emptyList()), null);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new CasAuthenticationToken("", "user", "password", Collections.<GrantedAuthority>emptyList(),
+						new User("user", "password", Collections.<GrantedAuthority>emptyList()), null));
 	}
 
 	@Test
diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCacheTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCacheTests.java
index 607ed392603..bc48f9ac27b 100644
--- a/cas/src/test/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCacheTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCacheTests.java
@@ -23,6 +23,7 @@
 import org.springframework.cache.concurrent.ConcurrentMapCacheManager;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests
@@ -56,9 +57,9 @@ public void testCacheOperation() throws Exception {
 		assertThat(cache.getByTicketId("UNKNOWN_SERVICE_TICKET")).isNull();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testStartupDetectsMissingCache() throws Exception {
-		new SpringCacheBasedTicketCache(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new SpringCacheBasedTicketCache(null));
 	}
 
 }
diff --git a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java
index e704ecd3ffb..f161e98473b 100644
--- a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java
@@ -36,6 +36,7 @@
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -76,13 +77,14 @@ public void testNormalOperation() throws Exception {
 		assertThat(result != null).isTrue();
 	}
 
-	@Test(expected = AuthenticationException.class)
+	@Test
 	public void testNullServiceTicketHandledGracefully() throws Exception {
 		CasAuthenticationFilter filter = new CasAuthenticationFilter();
 		filter.setAuthenticationManager((a) -> {
 			throw new BadCredentialsException("Rejected");
 		});
-		filter.attemptAuthentication(new MockHttpServletRequest(), new MockHttpServletResponse());
+		assertThatExceptionOfType(AuthenticationException.class).isThrownBy(
+				() -> filter.attemptAuthentication(new MockHttpServletRequest(), new MockHttpServletResponse()));
 	}
 
 	@Test
diff --git a/cas/src/test/java/org/springframework/security/cas/web/ServicePropertiesTests.java b/cas/src/test/java/org/springframework/security/cas/web/ServicePropertiesTests.java
index 8ec0b40af13..eba5b1f6671 100644
--- a/cas/src/test/java/org/springframework/security/cas/web/ServicePropertiesTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/web/ServicePropertiesTests.java
@@ -31,10 +31,10 @@
  */
 public class ServicePropertiesTests {
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void detectsMissingService() throws Exception {
 		ServiceProperties sp = new ServiceProperties();
-		sp.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(sp::afterPropertiesSet);
 	}
 
 	@Test
diff --git a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParserTests.java b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParserTests.java
index 01edcd9f477..1a6f26c4bca 100644
--- a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParserTests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParserTests.java
@@ -33,6 +33,7 @@
 import org.springframework.security.ldap.userdetails.InetOrgPersonContextMapper;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 public class LdapProviderBeanDefinitionParserTests {
 
@@ -73,10 +74,10 @@ public void multipleProvidersAreSupported() {
 				.containsExactly("member={0}", "uniqueMember={0}");
 	}
 
-	@Test(expected = ApplicationContextException.class)
+	@Test
 	public void missingServerEltCausesConfigException() {
-		new InMemoryXmlApplicationContext(
-				"<authentication-manager>" + "  <ldap-authentication-provider />" + "</authentication-manager>");
+		assertThatExceptionOfType(ApplicationContextException.class).isThrownBy(() -> new InMemoryXmlApplicationContext(
+				"<authentication-manager>" + "  <ldap-authentication-provider />" + "</authentication-manager>"));
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/InvalidConfigurationTests.java b/config/src/test/java/org/springframework/security/config/InvalidConfigurationTests.java
index 63fa324a885..8ae7e61db10 100644
--- a/config/src/test/java/org/springframework/security/config/InvalidConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/InvalidConfigurationTests.java
@@ -47,14 +47,16 @@ public void closeAppContext() {
 	}
 
 	// Parser should throw a SAXParseException
-	@Test(expected = XmlBeanDefinitionStoreException.class)
+	@Test
 	public void passwordEncoderCannotAppearAtTopLevel() {
-		setContext("<password-encoder hash='md5'/>");
+		assertThatExceptionOfType(XmlBeanDefinitionStoreException.class)
+				.isThrownBy(() -> setContext("<password-encoder hash='md5'/>"));
 	}
 
-	@Test(expected = XmlBeanDefinitionStoreException.class)
+	@Test
 	public void authenticationProviderCannotAppearAtTopLevel() {
-		setContext("<authentication-provider ref='blah'/>");
+		assertThatExceptionOfType(XmlBeanDefinitionStoreException.class)
+				.isThrownBy(() -> setContext("<authentication-provider ref='blah'/>"));
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/annotation/issue50/Issue50Tests.java b/config/src/test/java/org/springframework/security/config/annotation/issue50/Issue50Tests.java
index 647ca8f8346..2df6f1aecb4 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/issue50/Issue50Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/issue50/Issue50Tests.java
@@ -38,6 +38,7 @@
 import org.springframework.test.context.junit4.SpringRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * @author Rob Winch
@@ -71,15 +72,17 @@ public void loadWhenGlobalMethodSecurityConfigurationThenAuthenticationManagerLa
 		// no exception
 	}
 
-	@Test(expected = UsernameNotFoundException.class)
+	@Test
 	public void authenticateWhenMissingUserThenUsernameNotFoundException() {
-		this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("test", "password"));
+		assertThatExceptionOfType(UsernameNotFoundException.class).isThrownBy(() -> this.authenticationManager
+				.authenticate(new UsernamePasswordAuthenticationToken("test", "password")));
 	}
 
-	@Test(expected = BadCredentialsException.class)
+	@Test
 	public void authenticateWhenInvalidPasswordThenBadCredentialsException() {
 		this.userRepo.save(User.withUsernameAndPassword("test", "password"));
-		this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("test", "invalid"));
+		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.authenticationManager
+				.authenticate(new UsernamePasswordAuthenticationToken("test", "invalid")));
 	}
 
 	@Test
@@ -90,12 +93,12 @@ public void authenticateWhenValidUserThenAuthenticates() {
 		assertThat(result.getName()).isEqualTo("test");
 	}
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void globalMethodSecurityIsEnabledWhenNotAllowedThenAccessDenied() {
 		SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("test", null, "ROLE_USER"));
 		this.userRepo.save(User.withUsernameAndPassword("denied", "password"));
-		Authentication result = this.authenticationManager
-				.authenticate(new UsernamePasswordAuthenticationToken("test", "password"));
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.authenticationManager
+				.authenticate(new UsernamePasswordAuthenticationToken("test", "password")));
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractConfiguredSecurityBuilderTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractConfiguredSecurityBuilderTests.java
index 4c9eb0d3e36..0409acdfc51 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractConfiguredSecurityBuilderTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractConfiguredSecurityBuilderTests.java
@@ -27,6 +27,8 @@
 import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 
@@ -44,14 +46,14 @@ public void setUp() {
 		this.builder = new TestConfiguredSecurityBuilder(mock(ObjectPostProcessor.class));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenObjectPostProcessorIsNullThenThrowIllegalArgumentException() {
-		new TestConfiguredSecurityBuilder(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new TestConfiguredSecurityBuilder(null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void objectPostProcessorWhenNullThenThrowIllegalArgumentException() {
-		this.builder.objectPostProcessor(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.builder.objectPostProcessor(null));
 	}
 
 	@Test
@@ -61,15 +63,15 @@ public void applyWhenDuplicateConfigurerAddedThenDuplicateConfigurerRemoved() th
 		assertThat(this.builder.getConfigurers(TestSecurityConfigurer.class)).hasSize(1);
 	}
 
-	@Test(expected = IllegalStateException.class)
+	@Test
 	public void buildWhenBuildTwiceThenThrowIllegalStateException() throws Exception {
 		this.builder.build();
-		this.builder.build();
+		assertThatIllegalStateException().isThrownBy(() -> this.builder.build());
 	}
 
-	@Test(expected = IllegalStateException.class)
+	@Test
 	public void getObjectWhenNotBuiltThenThrowIllegalStateException() {
-		this.builder.getObject();
+		assertThatIllegalStateException().isThrownBy(this.builder::getObject);
 	}
 
 	@Test
@@ -81,22 +83,22 @@ public void buildWhenConfigurerAppliesAnotherConfigurerThenObjectStillBuilds() t
 		verify(DelegateSecurityConfigurer.CONFIGURER).configure(this.builder);
 	}
 
-	@Test(expected = IllegalStateException.class)
+	@Test
 	public void getConfigurerWhenMultipleConfigurersThenThrowIllegalStateException() throws Exception {
 		TestConfiguredSecurityBuilder builder = new TestConfiguredSecurityBuilder(mock(ObjectPostProcessor.class),
 				true);
 		builder.apply(new DelegateSecurityConfigurer());
 		builder.apply(new DelegateSecurityConfigurer());
-		builder.getConfigurer(DelegateSecurityConfigurer.class);
+		assertThatIllegalStateException().isThrownBy(() -> builder.getConfigurer(DelegateSecurityConfigurer.class));
 	}
 
-	@Test(expected = IllegalStateException.class)
+	@Test
 	public void removeConfigurerWhenMultipleConfigurersThenThrowIllegalStateException() throws Exception {
 		TestConfiguredSecurityBuilder builder = new TestConfiguredSecurityBuilder(mock(ObjectPostProcessor.class),
 				true);
 		builder.apply(new DelegateSecurityConfigurer());
 		builder.apply(new DelegateSecurityConfigurer());
-		builder.removeConfigurer(DelegateSecurityConfigurer.class);
+		assertThatIllegalStateException().isThrownBy(() -> builder.removeConfigurer(DelegateSecurityConfigurer.class));
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java
index 98232d5a6da..49688e9767b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java
@@ -26,6 +26,8 @@
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
 
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+
 /**
  * Tests for {@link AbstractRequestMatcherRegistry}.
  *
@@ -33,29 +35,34 @@
  */
 public class AbstractRequestMatcherRegistryAnyMatcherTests {
 
-	@Test(expected = BeanCreationException.class)
+	@Test
 	public void antMatchersCanNotWorkAfterAnyRequest() {
-		loadConfig(AntMatchersAfterAnyRequestConfig.class);
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> loadConfig(AntMatchersAfterAnyRequestConfig.class));
 	}
 
-	@Test(expected = BeanCreationException.class)
+	@Test
 	public void mvcMatchersCanNotWorkAfterAnyRequest() {
-		loadConfig(MvcMatchersAfterAnyRequestConfig.class);
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> loadConfig(MvcMatchersAfterAnyRequestConfig.class));
 	}
 
-	@Test(expected = BeanCreationException.class)
+	@Test
 	public void regexMatchersCanNotWorkAfterAnyRequest() {
-		loadConfig(RegexMatchersAfterAnyRequestConfig.class);
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> loadConfig(RegexMatchersAfterAnyRequestConfig.class));
 	}
 
-	@Test(expected = BeanCreationException.class)
+	@Test
 	public void anyRequestCanNotWorkAfterItself() {
-		loadConfig(AnyRequestAfterItselfConfig.class);
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> loadConfig(AnyRequestAfterItselfConfig.class));
 	}
 
-	@Test(expected = BeanCreationException.class)
+	@Test
 	public void requestMatchersCanNotWorkAfterAnyRequest() {
-		loadConfig(RequestMatchersAfterAnyRequestConfig.class);
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> loadConfig(RequestMatchersAfterAnyRequestConfig.class));
 	}
 
 	private void loadConfig(Class<?>... configs) {
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java
index 77ee64ea669..49a354caaa3 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java
@@ -30,6 +30,7 @@
 import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.Mockito.mock;
 
 /**
@@ -41,14 +42,16 @@ public class Sec2515Tests {
 	public final SpringTestRule spring = new SpringTestRule();
 
 	// SEC-2515
-	@Test(expected = FatalBeanException.class)
+	@Test
 	public void loadConfigWhenAuthenticationManagerNotConfiguredAndRegisterBeanThenThrowFatalBeanException() {
-		this.spring.register(StackOverflowSecurityConfig.class).autowire();
+		assertThatExceptionOfType(FatalBeanException.class)
+				.isThrownBy(() -> this.spring.register(StackOverflowSecurityConfig.class).autowire());
 	}
 
-	@Test(expected = FatalBeanException.class)
+	@Test
 	public void loadConfigWhenAuthenticationManagerNotConfiguredAndRegisterBeanCustomNameThenThrowFatalBeanException() {
-		this.spring.register(CustomBeanNameStackOverflowSecurityConfig.class).autowire();
+		assertThatExceptionOfType(FatalBeanException.class)
+				.isThrownBy(() -> this.spring.register(CustomBeanNameStackOverflowSecurityConfig.class).autowire());
 	}
 
 	// SEC-2549
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java
index 68d23d130e6..c6edb4b5d2b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java
@@ -34,6 +34,7 @@
 import org.springframework.util.AntPathMatcher;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.BDDMockito.given;
 
 @RunWith(MockitoJUnitRunner.class)
@@ -96,9 +97,9 @@ public void simpDestMatchersCustomSetAfterMatchersDoesNotMatter() {
 		assertThat(getAttribute()).isEqualTo("permitAll");
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void pathMatcherNull() {
-		this.messages.simpDestPathMatcher(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.messages.simpDestPathMatcher(null));
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java
index b1e453d7081..fd4fc1f7625 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java
@@ -31,6 +31,8 @@
 import org.springframework.security.crypto.password.LdapShaPasswordEncoder;
 import org.springframework.security.crypto.password.MessageDigestPasswordEncoder;
 
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+
 /**
  * Tests for {@link AuthenticationProviderBeanDefinitionParser}.
  *
@@ -140,18 +142,20 @@ public void passwordIsBase64EncodedWhenBase64IsEnabled() {
 	}
 
 	// SEC-1466
-	@Test(expected = BeanDefinitionParsingException.class)
+	@Test
 	public void exernalProviderDoesNotSupportChildElements() {
+		assertThatExceptionOfType(BeanDefinitionParsingException.class).isThrownBy(() ->
 		// @formatter:off
-		this.appContext = new InMemoryXmlApplicationContext("    <authentication-manager>"
-				+ "      <authentication-provider ref='aProvider'> "
-				+ "        <password-encoder ref='customPasswordEncoder'/>"
-				+ "      </authentication-provider>"
-				+ "    </authentication-manager>"
-				+ "    <b:bean id='aProvider' class='org.springframework.security.authentication.TestingAuthenticationProvider'/>"
-				+ "    <b:bean id='customPasswordEncoder' "
-				+ "        class='org.springframework.security.authentication.encoding.Md5PasswordEncoder'/>");
+			this.appContext = new InMemoryXmlApplicationContext("    <authentication-manager>"
+					+ "      <authentication-provider ref='aProvider'> "
+					+ "        <password-encoder ref='customPasswordEncoder'/>"
+					+ "      </authentication-provider>"
+					+ "    </authentication-manager>"
+					+ "    <b:bean id='aProvider' class='org.springframework.security.authentication.TestingAuthenticationProvider'/>"
+					+ "    <b:bean id='customPasswordEncoder' "
+					+ "        class='org.springframework.security.authentication.encoding.Md5PasswordEncoder'/>")
 		// @formatter:on
+		);
 	}
 
 	private AuthenticationProvider getProvider() {
diff --git a/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java
index 239f1145cee..b5d636f8925 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java
@@ -26,6 +26,7 @@
 import org.springframework.security.core.userdetails.UserDetailsService;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * @author Luke Taylor
@@ -122,26 +123,28 @@ public void disabledAndEmbeddedFlagsAreSupported() {
 		assertThat(bob.isEnabled()).isFalse();
 	}
 
-	@Test(expected = FatalBeanException.class)
+	@Test
 	public void userWithBothPropertiesAndEmbeddedUsersThrowsException() {
+		assertThatExceptionOfType(FatalBeanException.class).isThrownBy(() ->
 		// @formatter:off
-		setContext("<user-service id='service' properties='doesntmatter.props'>"
-				+ "    <user name='joe' password='joespassword' authorities='ROLE_A'/>"
-				+ "</user-service>");
+			setContext("<user-service id='service' properties='doesntmatter.props'>"
+					+ "    <user name='joe' password='joespassword' authorities='ROLE_A'/>"
+					+ "</user-service>")
 		// @formatter:on
-		UserDetailsService userService = (UserDetailsService) this.appContext.getBean("service");
-		userService.loadUserByUsername("Joe");
+		);
 	}
 
-	@Test(expected = FatalBeanException.class)
+	@Test
 	public void multipleTopLevelUseWithoutIdThrowsException() {
-		setContext("<user-service properties='classpath:org/springframework/security/config/users.properties'/>"
-				+ "<user-service properties='classpath:org/springframework/security/config/users.properties'/>");
+		assertThatExceptionOfType(FatalBeanException.class).isThrownBy(() -> setContext(
+				"<user-service properties='classpath:org/springframework/security/config/users.properties'/>"
+						+ "<user-service properties='classpath:org/springframework/security/config/users.properties'/>"));
 	}
 
-	@Test(expected = FatalBeanException.class)
+	@Test
 	public void userServiceWithMissingPropertiesFileThrowsException() {
-		setContext("<user-service id='service' properties='classpath:doesntexist.properties'/>");
+		assertThatExceptionOfType(FatalBeanException.class).isThrownBy(
+				() -> setContext("<user-service id='service' properties='classpath:doesntexist.properties'/>"));
 	}
 
 	private void setContext(String context) {
diff --git a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
index 49025a33c39..3ffa7eec718 100644
--- a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
+++ b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
@@ -50,6 +50,7 @@
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration
@@ -110,16 +111,16 @@ public void jsrMessage() {
 		this.messageService.getJsrMessage();
 	}
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void messageDenied() {
 		setup("DENIED");
-		this.messageService.getMessage();
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.messageService::getMessage);
 	}
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void jsrMessageDenied() {
 		setup("DENIED");
-		this.messageService.getJsrMessage();
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.messageService::getJsrMessage);
 	}
 
 	// SEC-2926
diff --git a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java
index d8dad3d3086..bcd36eff3d2 100644
--- a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java
+++ b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java
@@ -43,6 +43,7 @@
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration
@@ -103,16 +104,16 @@ public void jsrMessage() {
 		this.messageService.getJsrMessage();
 	}
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void messageDenied() {
 		setup("DENIED");
-		this.messageService.getMessage();
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.messageService::getMessage);
 	}
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void jsrMessageDenied() {
 		setup("DENIED");
-		this.messageService.getJsrMessage();
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.messageService::getJsrMessage);
 	}
 
 	// SEC-2926
diff --git a/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java
index 503e0bd8030..e65f92cd59b 100644
--- a/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java
@@ -36,6 +36,7 @@
 import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * Tests for {@link FilterInvocationSecurityMetadataSourceParser}.
@@ -119,11 +120,12 @@ public void parsingWithinFilterSecurityInterceptorIsSuccessful() {
 		// @formatter:on
 	}
 
-	@Test(expected = BeanDefinitionParsingException.class)
+	@Test
 	public void parsingInterceptUrlServletPathFails() {
-		setContext("<filter-security-metadata-source id='fids' use-expressions='false'>"
-				+ "   <intercept-url pattern='/secure' access='ROLE_USER' servlet-path='/spring' />"
-				+ "</filter-security-metadata-source>");
+		assertThatExceptionOfType(BeanDefinitionParsingException.class)
+				.isThrownBy(() -> setContext("<filter-security-metadata-source id='fids' use-expressions='false'>"
+						+ "   <intercept-url pattern='/secure' access='ROLE_USER' servlet-path='/spring' />"
+						+ "</filter-security-metadata-source>"));
 	}
 
 	private FilterInvocation createFilterInvocation(String path, String method) {
diff --git a/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
index 87263447e1b..f4f3ee7ac2a 100644
--- a/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java
@@ -96,10 +96,11 @@ public void closeAppContext() {
 		this.target = null;
 	}
 
-	@Test(expected = AuthenticationCredentialsNotFoundException.class)
+	@Test
 	public void targetShouldPreventProtectedMethodInvocationWithNoContext() {
 		loadContext();
-		this.target.someUserMethod1();
+		assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
+				.isThrownBy(this.target::someUserMethod1);
 	}
 
 	@Test
@@ -114,13 +115,13 @@ public void targetShouldAllowProtectedMethodInvocationWithCorrectRole() {
 		assertThat(((MethodSecurityMetadataSourceAdvisor) advisors[0]).getOrder()).isEqualTo(1001);
 	}
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void targetShouldPreventProtectedMethodInvocationWithIncorrectRole() {
 		loadContext();
 		TestingAuthenticationToken token = new TestingAuthenticationToken("Test", "Password", "ROLE_SOMEOTHERROLE");
 		token.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(token);
-		this.target.someAdminMethod();
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.target::someAdminMethod);
 	}
 
 	@Test
@@ -138,7 +139,7 @@ public void doesntInterfereWithBeanPostProcessing() {
 		assertThat(service.getPostProcessorWasHere()).isEqualTo("Hello from the post processor!");
 	}
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void worksWithAspectJAutoproxy() {
 		// @formatter:off
 		setContext("<global-method-security>"
@@ -155,7 +156,7 @@ public void worksWithAspectJAutoproxy() {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
 		SecurityContextHolder.getContext().setAuthentication(token);
-		service.loadUserByUsername("notused");
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> service.loadUserByUsername("notused"));
 	}
 
 	@Test
@@ -201,13 +202,14 @@ public void supportsBooleanPointcutExpressions() {
 		this.target.someOther(0);
 	}
 
-	@Test(expected = BeanDefinitionParsingException.class)
+	@Test
 	public void duplicateElementCausesError() {
-		setContext("<global-method-security />" + "<global-method-security />");
+		assertThatExceptionOfType(BeanDefinitionParsingException.class)
+				.isThrownBy(() -> setContext("<global-method-security />" + "<global-method-security />"));
 	}
 
 	// SEC-936
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void worksWithoutTargetOrClass() {
 		// @formatter:off
 		setContext("<global-method-security secured-annotations='enabled'/>"
@@ -221,7 +223,7 @@ public void worksWithoutTargetOrClass() {
 				AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
 		SecurityContextHolder.getContext().setAuthentication(token);
 		this.target = (BusinessService) this.appContext.getBean("businessService");
-		this.target.someUserMethod1();
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.target::someUserMethod1);
 	}
 
 	// Expression configuration tests
@@ -242,7 +244,7 @@ public void expressionVoterAndAfterInvocationProviderUseSameExpressionHandlerIns
 				.isSameAs(FieldUtils.getFieldValue(aip, "postAdvice.expressionHandler"));
 	}
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void accessIsDeniedForHasRoleExpression() {
 		// @formatter:off
 		setContext("<global-method-security pre-post-annotations='enabled'/>"
@@ -251,7 +253,7 @@ public void accessIsDeniedForHasRoleExpression() {
 		// @formatter:on
 		SecurityContextHolder.getContext().setAuthentication(this.bob);
 		this.target = (BusinessService) this.appContext.getBean("target");
-		this.target.someAdminMethod();
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.target::someAdminMethod);
 	}
 
 	@Test
@@ -322,7 +324,7 @@ public void customPermissionEvaluatorIsSupported() {
 	}
 
 	// SEC-1450
-	@Test(expected = AuthenticationException.class)
+	@Test
 	@SuppressWarnings("unchecked")
 	public void genericsAreMatchedByProtectPointcut() {
 		// @formatter:off
@@ -334,7 +336,7 @@ public void genericsAreMatchedByProtectPointcut() {
 						+ ConfigTestUtils.AUTH_PROVIDER_XML);
 		// @formatter:on
 		Foo foo = (Foo) this.appContext.getBean("target");
-		foo.foo(new SecurityConfig("A"));
+		assertThatExceptionOfType(AuthenticationException.class).isThrownBy(() -> foo.foo(new SecurityConfig("A")));
 	}
 
 	// SEC-1448
diff --git a/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java b/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java
index 0316daf0fed..2fb131b8b91 100644
--- a/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java
@@ -40,6 +40,7 @@
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * @author Luke Taylor
@@ -82,9 +83,10 @@ public void targetShouldAllowUnprotectedMethodInvocationWithNoContext() {
 		this.target.unprotected();
 	}
 
-	@Test(expected = AuthenticationCredentialsNotFoundException.class)
+	@Test
 	public void targetShouldPreventProtectedMethodInvocationWithNoContext() {
-		this.target.doSomething();
+		assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
+				.isThrownBy(this.target::doSomething);
 	}
 
 	@Test
@@ -95,17 +97,17 @@ public void targetShouldAllowProtectedMethodInvocationWithCorrectRole() {
 		this.target.doSomething();
 	}
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void targetShouldPreventProtectedMethodInvocationWithIncorrectRole() {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
 		SecurityContextHolder.getContext().setAuthentication(token);
-		this.target.doSomething();
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.target::doSomething);
 	}
 
-	@Test(expected = AuthenticationException.class)
+	@Test
 	public void transactionalMethodsShouldBeSecured() {
-		this.transactionalTarget.doSomething();
+		assertThatExceptionOfType(AuthenticationException.class).isThrownBy(this.transactionalTarget::doSomething);
 	}
 
 	@Override
diff --git a/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java
index 571868f184b..9c43ad33ca0 100644
--- a/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java
@@ -29,6 +29,8 @@
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.context.SecurityContextHolder;
 
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+
 /**
  * @author Luke Taylor
  */
@@ -57,9 +59,10 @@ public void closeAppContext() {
 		SecurityContextHolder.clearContext();
 	}
 
-	@Test(expected = AuthenticationCredentialsNotFoundException.class)
+	@Test
 	public void targetShouldPreventProtectedMethodInvocationWithNoContext() {
-		this.target.someUserMethod1();
+		assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
+				.isThrownBy(() -> this.target.someUserMethod1());
 	}
 
 	@Test
@@ -78,12 +81,12 @@ public void targetShouldAllowProtectedMethodInvocationWithCorrectRole() {
 		this.target.someUserMethod1();
 	}
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void targetShouldPreventProtectedMethodInvocationWithIncorrectRole() {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
 		SecurityContextHolder.getContext().setAuthentication(token);
-		this.target.someAdminMethod();
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.target::someAdminMethod);
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/method/PreAuthorizeTests.java b/config/src/test/java/org/springframework/security/config/method/PreAuthorizeTests.java
index 91c10958e3f..9a4e5cdea04 100644
--- a/config/src/test/java/org/springframework/security/config/method/PreAuthorizeTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/PreAuthorizeTests.java
@@ -27,6 +27,8 @@
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+
 /**
  * @author Rob Winch
  *
@@ -43,11 +45,11 @@ public void cleanup() {
 		SecurityContextHolder.clearContext();
 	}
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void preAuthorizeAdminRoleDenied() {
 		SecurityContextHolder.getContext()
 				.setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_USER"));
-		this.service.preAuthorizeAdminRole();
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.service::preAuthorizeAdminRole);
 	}
 
 	@Test
@@ -64,11 +66,12 @@ public void preAuthorizeContactPermissionGranted() {
 		this.service.contactPermission(new Contact("user"));
 	}
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void preAuthorizeContactPermissionDenied() {
 		SecurityContextHolder.getContext()
 				.setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN"));
-		this.service.contactPermission(new Contact("admin"));
+		assertThatExceptionOfType(AccessDeniedException.class)
+				.isThrownBy(() -> this.service.contactPermission(new Contact("admin")));
 	}
 
 }
diff --git a/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java b/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java
index 7814a7f7d6f..fa1067e63ad 100644
--- a/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java
+++ b/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java
@@ -26,6 +26,8 @@
 import org.springframework.security.config.util.InMemoryXmlApplicationContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+
 /**
  * @author Rob Winch
  *
@@ -34,14 +36,14 @@ public class Sec2196Tests {
 
 	private ConfigurableApplicationContext context;
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void genericMethodsProtected() {
 		loadContext("<global-method-security secured-annotations=\"enabled\" pre-post-annotations=\"enabled\"/>"
 				+ "<b:bean class='" + Service.class.getName() + "'/>");
 		SecurityContextHolder.getContext()
 				.setAuthentication(new TestingAuthenticationToken("test", "pass", "ROLE_USER"));
 		Service service = this.context.getBean(Service.class);
-		service.save(new User());
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> service.save(new User()));
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java
index 75961648ddd..ceb72bdc059 100644
--- a/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java
@@ -65,9 +65,10 @@ public void closeAppContext() {
 		SecurityContextHolder.clearContext();
 	}
 
-	@Test(expected = AuthenticationCredentialsNotFoundException.class)
+	@Test
 	public void targetShouldPreventProtectedMethodInvocationWithNoContext() {
-		this.target.someUserMethod1();
+		assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
+				.isThrownBy(this.target::someUserMethod1);
 	}
 
 	@Test
@@ -78,28 +79,29 @@ public void targetShouldAllowProtectedMethodInvocationWithCorrectRole() {
 		this.target.someUserMethod1();
 	}
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void targetShouldPreventProtectedMethodInvocationWithIncorrectRole() {
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_SOMEOTHER"));
 		SecurityContextHolder.getContext().setAuthentication(token);
-		this.target.someAdminMethod();
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.target::someAdminMethod);
 	}
 
 	// SEC-1387
-	@Test(expected = AuthenticationCredentialsNotFoundException.class)
+	@Test
 	public void targetIsSerializableBeforeUse() throws Exception {
 		BusinessService chompedTarget = (BusinessService) serializeAndDeserialize(this.target);
-		chompedTarget.someAdminMethod();
+		assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
+				.isThrownBy(chompedTarget::someAdminMethod);
 	}
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void targetIsSerializableAfterUse() throws Exception {
 		assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
 				.isThrownBy(this.target::someAdminMethod);
 		SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("u", "p", "ROLE_A"));
 		BusinessService chompedTarget = (BusinessService) serializeAndDeserialize(this.target);
-		chompedTarget.someAdminMethod();
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(chompedTarget::someAdminMethod);
 	}
 
 	private Object serializeAndDeserialize(Object o) throws IOException, ClassNotFoundException {
diff --git a/config/src/test/java/org/springframework/security/config/method/SecuredTests.java b/config/src/test/java/org/springframework/security/config/method/SecuredTests.java
index 607b164c678..1a2504f32ce 100644
--- a/config/src/test/java/org/springframework/security/config/method/SecuredTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/SecuredTests.java
@@ -27,6 +27,8 @@
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+
 /**
  * @author Rob Winch
  *
@@ -43,11 +45,11 @@ public void cleanup() {
 		SecurityContextHolder.clearContext();
 	}
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void securedAdminRoleDenied() {
 		SecurityContextHolder.getContext()
 				.setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_USER"));
-		this.service.securedAdminRole();
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.service::securedAdminRole);
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/method/configuration/Gh4020GlobalMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/method/configuration/Gh4020GlobalMethodSecurityConfigurationTests.java
index ac1bc7b8145..3d1da6e0aea 100644
--- a/config/src/test/java/org/springframework/security/config/method/configuration/Gh4020GlobalMethodSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/method/configuration/Gh4020GlobalMethodSecurityConfigurationTests.java
@@ -31,6 +31,7 @@
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.Mockito.mock;
 
 /**
@@ -44,9 +45,9 @@ public class Gh4020GlobalMethodSecurityConfigurationTests {
 	DenyAllService denyAll;
 
 	// gh-4020
-	@Test(expected = AuthenticationCredentialsNotFoundException.class)
+	@Test
 	public void denyAll() {
-		this.denyAll.denyAll();
+		assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class).isThrownBy(this.denyAll::denyAll);
 	}
 
 	@Configuration
diff --git a/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java
index 99fe4a2c1ae..0559e635c28 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java
@@ -23,6 +23,8 @@
 import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
 import org.springframework.test.web.reactive.server.WebTestClient;
 
+import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
+
 /**
  * @author Rob Winch
  * @since 5.0
@@ -105,31 +107,34 @@ public void antMatchersWhenPatternsInLambdaThenAnyMethod() {
 		// @formatter:on
 	}
 
-	@Test(expected = IllegalStateException.class)
+	@Test
 	public void antMatchersWhenNoAccessAndAnotherMatcherThenThrowsException() {
 		this.http.authorizeExchange().pathMatchers("/incomplete");
-		this.http.authorizeExchange().pathMatchers("/throws-exception");
+		assertThatIllegalStateException()
+				.isThrownBy(() -> this.http.authorizeExchange().pathMatchers("/throws-exception"));
 	}
 
-	@Test(expected = IllegalStateException.class)
+	@Test
 	public void anyExchangeWhenFollowedByMatcherThenThrowsException() {
+		assertThatIllegalStateException().isThrownBy(() ->
 		// @formatter:off
-		this.http.authorizeExchange()
-				.anyExchange().denyAll()
-				.pathMatchers("/never-reached");
+			this.http.authorizeExchange()
+					.anyExchange().denyAll()
+					.pathMatchers("/never-reached")
 		// @formatter:on
+		);
 	}
 
-	@Test(expected = IllegalStateException.class)
+	@Test
 	public void buildWhenMatcherDefinedWithNoAccessThenThrowsException() {
 		this.http.authorizeExchange().pathMatchers("/incomplete");
-		this.http.build();
+		assertThatIllegalStateException().isThrownBy(this.http::build);
 	}
 
-	@Test(expected = IllegalStateException.class)
+	@Test
 	public void buildWhenMatcherDefinedWithNoAccessInLambdaThenThrowsException() {
 		this.http.authorizeExchange((exchanges) -> exchanges.pathMatchers("/incomplete"));
-		this.http.build();
+		assertThatIllegalStateException().isThrownBy(this.http::build);
 	}
 
 	private WebTestClient buildClient() {
diff --git a/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java b/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java
index b4992795abf..7aa9c239142 100644
--- a/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java
+++ b/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java
@@ -84,7 +84,7 @@ public void closeAppContext() {
 		}
 	}
 
-	@Test(expected = AuthenticationCredentialsNotFoundException.class)
+	@Test
 	public void securityInterceptorIsAppliedWhenUsedWithAopConfig() {
 		// @formatter:off
 		setContext("<aop:config>"
@@ -99,10 +99,11 @@ public void securityInterceptorIsAppliedWhenUsedWithAopConfig() {
 		// Check both against interface and class
 		assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
 				.isThrownBy(() -> target.makeLowerCase("TEST"));
-		target.makeUpperCase("test");
+		assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
+				.isThrownBy(() -> target.makeUpperCase("test"));
 	}
 
-	@Test(expected = AuthenticationCredentialsNotFoundException.class)
+	@Test
 	public void securityInterceptorIsAppliedWhenUsedWithBeanNameAutoProxyCreator() {
 		// @formatter:off
 		setContext("<b:bean id='autoProxyCreator' class='org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator'>"
@@ -126,7 +127,8 @@ public void securityInterceptorIsAppliedWhenUsedWithBeanNameAutoProxyCreator() {
 		ITargetObject target = (ITargetObject) this.appContext.getBean("target");
 		assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
 				.isThrownBy(() -> target.makeLowerCase("TEST"));
-		target.makeUpperCase("test");
+		assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
+				.isThrownBy(() -> target.makeUpperCase("test"));
 	}
 
 	private void setContext(String context) {
diff --git a/core/src/test/java/org/springframework/security/access/AuthenticationCredentialsNotFoundEventTests.java b/core/src/test/java/org/springframework/security/access/AuthenticationCredentialsNotFoundEventTests.java
index e694b06466d..61476b5c6f7 100644
--- a/core/src/test/java/org/springframework/security/access/AuthenticationCredentialsNotFoundEventTests.java
+++ b/core/src/test/java/org/springframework/security/access/AuthenticationCredentialsNotFoundEventTests.java
@@ -22,6 +22,8 @@
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.util.SimpleMethodInvocation;
 
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+
 /**
  * Tests {@link AuthenticationCredentialsNotFoundEvent}.
  *
@@ -29,22 +31,24 @@
  */
 public class AuthenticationCredentialsNotFoundEventTests {
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testRejectsNulls() {
-		new AuthenticationCredentialsNotFoundEvent(null, SecurityConfig.createList("TEST"),
-				new AuthenticationCredentialsNotFoundException("test"));
+		assertThatIllegalArgumentException().isThrownBy(() -> new AuthenticationCredentialsNotFoundEvent(null,
+				SecurityConfig.createList("TEST"), new AuthenticationCredentialsNotFoundException("test")));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testRejectsNulls2() {
-		new AuthenticationCredentialsNotFoundEvent(new SimpleMethodInvocation(), null,
-				new AuthenticationCredentialsNotFoundException("test"));
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new AuthenticationCredentialsNotFoundEvent(new SimpleMethodInvocation(), null,
+						new AuthenticationCredentialsNotFoundException("test")));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testRejectsNulls3() {
-		new AuthenticationCredentialsNotFoundEvent(new SimpleMethodInvocation(), SecurityConfig.createList("TEST"),
-				null);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new AuthenticationCredentialsNotFoundEvent(new SimpleMethodInvocation(),
+						SecurityConfig.createList("TEST"), null));
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java b/core/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java
index b6f5766cfe3..94af492ae98 100644
--- a/core/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java
+++ b/core/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java
@@ -25,6 +25,7 @@
 import org.springframework.security.util.SimpleMethodInvocation;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests {@link AuthorizationFailureEvent}.
@@ -39,24 +40,29 @@ public class AuthorizationFailureEventTests {
 
 	private AccessDeniedException exception = new AuthorizationServiceException("error", new Throwable());
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void rejectsNullSecureObject() {
-		new AuthorizationFailureEvent(null, this.attributes, this.foo, this.exception);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new AuthorizationFailureEvent(null, this.attributes, this.foo, this.exception));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void rejectsNullAttributesList() {
-		new AuthorizationFailureEvent(new SimpleMethodInvocation(), null, this.foo, this.exception);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new AuthorizationFailureEvent(new SimpleMethodInvocation(), null, this.foo, this.exception));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void rejectsNullAuthentication() {
-		new AuthorizationFailureEvent(new SimpleMethodInvocation(), this.attributes, null, this.exception);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new AuthorizationFailureEvent(new SimpleMethodInvocation(), this.attributes, null,
+						this.exception));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void rejectsNullException() {
-		new AuthorizationFailureEvent(new SimpleMethodInvocation(), this.attributes, this.foo, null);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new AuthorizationFailureEvent(new SimpleMethodInvocation(), this.attributes, this.foo, null));
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/access/AuthorizedEventTests.java b/core/src/test/java/org/springframework/security/access/AuthorizedEventTests.java
index 9b6fee171eb..370252a06ca 100644
--- a/core/src/test/java/org/springframework/security/access/AuthorizedEventTests.java
+++ b/core/src/test/java/org/springframework/security/access/AuthorizedEventTests.java
@@ -22,6 +22,8 @@
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.util.SimpleMethodInvocation;
 
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+
 /**
  * Tests {@link AuthorizedEvent}.
  *
@@ -29,20 +31,22 @@
  */
 public class AuthorizedEventTests {
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testRejectsNulls() {
-		new AuthorizedEvent(null, SecurityConfig.createList("TEST"),
-				new UsernamePasswordAuthenticationToken("foo", "bar"));
+		assertThatIllegalArgumentException().isThrownBy(() -> new AuthorizedEvent(null,
+				SecurityConfig.createList("TEST"), new UsernamePasswordAuthenticationToken("foo", "bar")));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testRejectsNulls2() {
-		new AuthorizedEvent(new SimpleMethodInvocation(), null, new UsernamePasswordAuthenticationToken("foo", "bar"));
+		assertThatIllegalArgumentException().isThrownBy(() -> new AuthorizedEvent(new SimpleMethodInvocation(), null,
+				new UsernamePasswordAuthenticationToken("foo", "bar")));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testRejectsNulls3() {
-		new AuthorizedEvent(new SimpleMethodInvocation(), SecurityConfig.createList("TEST"), null);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new AuthorizedEvent(new SimpleMethodInvocation(), SecurityConfig.createList("TEST"), null));
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java b/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java
index 7cc22aff201..9551051bb89 100644
--- a/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java
+++ b/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java
@@ -19,6 +19,8 @@
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests {@link SecurityConfig}.
@@ -33,19 +35,20 @@ public void testHashCode() {
 		assertThat(config.hashCode()).isEqualTo("TEST".hashCode());
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testCannotConstructWithNullAttribute() {
-		new SecurityConfig(null); // SEC-727
+		assertThatIllegalArgumentException().isThrownBy(() -> new SecurityConfig(null)); // SEC-727
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testCannotConstructWithEmptyAttribute() {
-		new SecurityConfig(""); // SEC-727
+		assertThatIllegalArgumentException().isThrownBy(() -> new SecurityConfig("")); // SEC-727
 	}
 
-	@Test(expected = NoSuchMethodException.class)
+	@Test
 	public void testNoArgConstructorDoesntExist() throws Exception {
-		SecurityConfig.class.getDeclaredConstructor((Class[]) null);
+		assertThatExceptionOfType(NoSuchMethodException.class)
+				.isThrownBy(() -> SecurityConfig.class.getDeclaredConstructor((Class[]) null));
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java b/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java
index f8c6b653a22..c326f86c904 100644
--- a/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java
@@ -27,6 +27,7 @@
 import org.springframework.security.core.Authentication;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.Mockito.mock;
 
 /**
@@ -57,9 +58,9 @@ public void beanNamesAreCorrectlyResolved() {
 				.isEqualTo(true);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setExpressionParserNull() {
-		this.handler.setExpressionParser(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.handler.setExpressionParser(null));
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java b/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java
index 0cc3343ca55..a1686fdeb1d 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java
@@ -37,6 +37,7 @@
 import org.springframework.security.core.context.SecurityContextHolder;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.doReturn;
@@ -69,9 +70,9 @@ public void cleanup() {
 		SecurityContextHolder.clearContext();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setTrustResolverNull() {
-		this.handler.setTrustResolver(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.handler.setTrustResolver(null));
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java b/core/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java
index 8f942bb3300..29aab692cdb 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java
@@ -30,6 +30,7 @@
 import org.springframework.security.core.Authentication;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests {@link ExpressionBasedPreInvocationAdvice}
@@ -50,21 +51,23 @@ public void setUp() {
 		this.expressionBasedPreInvocationAdvice = new ExpressionBasedPreInvocationAdvice();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void findFilterTargetNameProvidedButNotMatch() throws Exception {
 		PreInvocationAttribute attribute = new PreInvocationExpressionAttribute("true", "filterTargetDoesNotMatch",
 				null);
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomethingCollection", new Class[] { List.class }, new Object[] { new ArrayList<>() });
-		this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation, attribute);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation, attribute));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void findFilterTargetNameProvidedArrayUnsupported() throws Exception {
 		PreInvocationAttribute attribute = new PreInvocationExpressionAttribute("true", "param", null);
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomethingArray", new Class[] { String[].class }, new Object[] { new String[0] });
-		this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation, attribute);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation, attribute));
 	}
 
 	@Test
@@ -77,12 +80,13 @@ public void findFilterTargetNameProvided() throws Exception {
 		assertThat(result).isTrue();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void findFilterTargetNameNotProvidedArrayUnsupported() throws Exception {
 		PreInvocationAttribute attribute = new PreInvocationExpressionAttribute("true", "", null);
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomethingArray", new Class[] { String[].class }, new Object[] { new String[0] });
-		this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation, attribute);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation, attribute));
 	}
 
 	@Test
@@ -95,21 +99,23 @@ public void findFilterTargetNameNotProvided() throws Exception {
 		assertThat(result).isTrue();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void findFilterTargetNameNotProvidedTypeNotSupported() throws Exception {
 		PreInvocationAttribute attribute = new PreInvocationExpressionAttribute("true", "", null);
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomethingString", new Class[] { String.class }, new Object[] { "param" });
-		this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation, attribute);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation, attribute));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void findFilterTargetNameNotProvidedMethodAcceptMoreThenOneArgument() throws Exception {
 		PreInvocationAttribute attribute = new PreInvocationExpressionAttribute("true", "", null);
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomethingTwoArgs", new Class[] { String.class, List.class },
 				new Object[] { "param", new ArrayList<>() });
-		this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation, attribute);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation, attribute));
 	}
 
 	private class TestClass {
diff --git a/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java b/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java
index d409c4054db..e3e0bfcf354 100644
--- a/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java
@@ -32,6 +32,7 @@
 import org.springframework.security.util.SimpleMethodInvocation;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 @SuppressWarnings("unchecked")
 public class MethodExpressionVoterTests {
@@ -86,28 +87,28 @@ public void collectionPreFilteringIsSuccessful() throws Exception {
 		assertThat(arg).containsExactly("joe", "sam");
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void arraysCannotBePrefiltered() throws Exception {
 		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAnArray(),
 				createArrayArg("sam", "joe"));
-		this.am.vote(this.joe, mi,
-				createAttributes(new PreInvocationExpressionAttribute("(filterObject == 'jim')", "someArray", null)));
+		assertThatIllegalArgumentException().isThrownBy(() -> this.am.vote(this.joe, mi,
+				createAttributes(new PreInvocationExpressionAttribute("(filterObject == 'jim')", "someArray", null))));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void incorrectFilterTargetNameIsRejected() throws Exception {
 		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingACollection(),
 				createCollectionArg("joe", "bob"));
-		this.am.vote(this.joe, mi,
-				createAttributes(new PreInvocationExpressionAttribute("(filterObject == 'joe')", "collcetion", null)));
+		assertThatIllegalArgumentException().isThrownBy(() -> this.am.vote(this.joe, mi,
+				createAttributes(new PreInvocationExpressionAttribute("(filterObject == 'joe')", "collcetion", null))));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void nullNamedFilterTargetIsRejected() throws Exception {
 		MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingACollection(),
 				new Object[] { null });
-		this.am.vote(this.joe, mi,
-				createAttributes(new PreInvocationExpressionAttribute("(filterObject == 'joe')", "collection", null)));
+		assertThatIllegalArgumentException().isThrownBy(() -> this.am.vote(this.joe, mi,
+				createAttributes(new PreInvocationExpressionAttribute("(filterObject == 'joe')", "collection", null))));
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java
index ae08fd1249e..8230e3c0a95 100644
--- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java
+++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java
@@ -26,6 +26,7 @@
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link RoleHierarchyUtils}.
@@ -52,42 +53,47 @@ public void roleHierarchyFromMapWhenMapValidThenConvertsCorrectly() {
 		assertThat(roleHierarchy).isEqualTo(expectedRoleHierarchy);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void roleHierarchyFromMapWhenMapNullThenThrowsIllegalArgumentException() {
-		RoleHierarchyUtils.roleHierarchyFromMap(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> RoleHierarchyUtils.roleHierarchyFromMap(null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void roleHierarchyFromMapWhenMapEmptyThenThrowsIllegalArgumentException() {
-		RoleHierarchyUtils.roleHierarchyFromMap(Collections.<String, List<String>>emptyMap());
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> RoleHierarchyUtils.roleHierarchyFromMap(Collections.<String, List<String>>emptyMap()));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void roleHierarchyFromMapWhenRoleNullThenThrowsIllegalArgumentException() {
 		Map<String, List<String>> roleHierarchyMap = new HashMap<>();
 		roleHierarchyMap.put(null, Arrays.asList("ROLE_B", "ROLE_C"));
-		RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void roleHierarchyFromMapWhenRoleEmptyThenThrowsIllegalArgumentException() {
 		Map<String, List<String>> roleHierarchyMap = new HashMap<>();
 		roleHierarchyMap.put("", Arrays.asList("ROLE_B", "ROLE_C"));
-		RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void roleHierarchyFromMapWhenImpliedRolesNullThenThrowsIllegalArgumentException() {
 		Map<String, List<String>> roleHierarchyMap = new HashMap<>();
 		roleHierarchyMap.put("ROLE_A", null);
-		RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void roleHierarchyFromMapWhenImpliedRolesEmptyThenThrowsIllegalArgumentException() {
 		Map<String, List<String>> roleHierarchyMap = new HashMap<>();
 		roleHierarchyMap.put("ROLE_A", Collections.<String>emptyList());
-		RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap));
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java
index 6a4047cbae5..d2bf49792de 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java
@@ -23,6 +23,7 @@
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.util.SimpleMethodInvocation;
 
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.Mockito.mock;
 
 /**
@@ -33,7 +34,7 @@
  */
 public class AbstractSecurityInterceptorTests {
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void detectsIfInvocationPassedIncompatibleSecureObject() {
 		MockSecurityInterceptorWhichOnlySupportsStrings si = new MockSecurityInterceptorWhichOnlySupportsStrings();
 		si.setRunAsManager(mock(RunAsManager.class));
@@ -41,10 +42,10 @@ public void detectsIfInvocationPassedIncompatibleSecureObject() {
 		si.setAfterInvocationManager(mock(AfterInvocationManager.class));
 		si.setAccessDecisionManager(mock(AccessDecisionManager.class));
 		si.setSecurityMetadataSource(mock(SecurityMetadataSource.class));
-		si.beforeInvocation(new SimpleMethodInvocation());
+		assertThatIllegalArgumentException().isThrownBy(() -> si.beforeInvocation(new SimpleMethodInvocation()));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void detectsViolationOfGetSecureObjectClassMethod() throws Exception {
 		MockSecurityInterceptorReturnsNull si = new MockSecurityInterceptorReturnsNull();
 		si.setRunAsManager(mock(RunAsManager.class));
@@ -52,7 +53,7 @@ public void detectsViolationOfGetSecureObjectClassMethod() throws Exception {
 		si.setAfterInvocationManager(mock(AfterInvocationManager.class));
 		si.setAccessDecisionManager(mock(AccessDecisionManager.class));
 		si.setSecurityMetadataSource(mock(SecurityMetadataSource.class));
-		si.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(si::afterPropertiesSet);
 	}
 
 	private class MockSecurityInterceptorReturnsNull extends AbstractSecurityInterceptor {
diff --git a/core/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java
index 620806f5ffb..64a1f731581 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java
@@ -26,19 +26,21 @@
 import org.springframework.security.core.authority.AuthorityUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests {@link RunAsImplAuthenticationProvider}.
  */
 public class RunAsImplAuthenticationProviderTests {
 
-	@Test(expected = BadCredentialsException.class)
+	@Test
 	public void testAuthenticationFailDueToWrongKey() {
 		RunAsUserToken token = new RunAsUserToken("wrong_key", "Test", "Password",
 				AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), UsernamePasswordAuthenticationToken.class);
 		RunAsImplAuthenticationProvider provider = new RunAsImplAuthenticationProvider();
 		provider.setKey("hello_world");
-		provider.authenticate(token);
+		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> provider.authenticate(token));
 	}
 
 	@Test
@@ -53,10 +55,10 @@ public void testAuthenticationSuccess() {
 		assertThat(resultCast.getKeyHash()).isEqualTo("my_password".hashCode());
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testStartupFailsIfNoKey() throws Exception {
 		RunAsImplAuthenticationProvider provider = new RunAsImplAuthenticationProvider();
-		provider.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(provider::afterPropertiesSet);
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java
index 01ae098bda3..2447e49bc19 100644
--- a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java
+++ b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java
@@ -48,6 +48,7 @@
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
@@ -124,63 +125,63 @@ public void gettersReturnExpectedData() {
 		assertThat(this.interceptor.getAfterInvocationManager()).isEqualTo(aim);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void missingAccessDecisionManagerIsDetected() throws Exception {
 		this.interceptor.setAccessDecisionManager(null);
-		this.interceptor.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(() -> this.interceptor.afterPropertiesSet());
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void missingAuthenticationManagerIsDetected() throws Exception {
 		this.interceptor.setAuthenticationManager(null);
-		this.interceptor.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(() -> this.interceptor.afterPropertiesSet());
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void missingMethodSecurityMetadataSourceIsRejected() throws Exception {
 		this.interceptor.setSecurityMetadataSource(null);
-		this.interceptor.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(() -> this.interceptor.afterPropertiesSet());
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void missingRunAsManagerIsRejected() throws Exception {
 		this.interceptor.setRunAsManager(null);
-		this.interceptor.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(() -> this.interceptor.afterPropertiesSet());
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void initializationRejectsSecurityMetadataSourceThatDoesNotSupportMethodInvocation() throws Throwable {
 		given(this.mds.supports(MethodInvocation.class)).willReturn(false);
-		this.interceptor.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(() -> this.interceptor.afterPropertiesSet());
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void initializationRejectsAccessDecisionManagerThatDoesNotSupportMethodInvocation() throws Exception {
 		given(this.mds.supports(MethodInvocation.class)).willReturn(true);
 		given(this.adm.supports(MethodInvocation.class)).willReturn(false);
-		this.interceptor.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(() -> this.interceptor.afterPropertiesSet());
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void intitalizationRejectsRunAsManagerThatDoesNotSupportMethodInvocation() throws Exception {
 		final RunAsManager ram = mock(RunAsManager.class);
 		given(ram.supports(MethodInvocation.class)).willReturn(false);
 		this.interceptor.setRunAsManager(ram);
-		this.interceptor.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(() -> this.interceptor.afterPropertiesSet());
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void intitalizationRejectsAfterInvocationManagerThatDoesNotSupportMethodInvocation() throws Exception {
 		final AfterInvocationManager aim = mock(AfterInvocationManager.class);
 		given(aim.supports(MethodInvocation.class)).willReturn(false);
 		this.interceptor.setAfterInvocationManager(aim);
-		this.interceptor.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(() -> this.interceptor.afterPropertiesSet());
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void initializationFailsIfAccessDecisionManagerRejectsConfigAttributes() throws Exception {
 		given(this.adm.supports(any(ConfigAttribute.class))).willReturn(false);
-		this.interceptor.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(() -> this.interceptor.afterPropertiesSet());
 	}
 
 	@Test
@@ -219,13 +220,14 @@ public void callingAPublicMethodWhenPresentingAnAuthenticationObjectDoesntChange
 		assertThat(!this.token.isAuthenticated()).isTrue();
 	}
 
-	@Test(expected = AuthenticationException.class)
+	@Test
 	public void callIsntMadeWhenAuthenticationManagerRejectsAuthentication() {
 		final TestingAuthenticationToken token = new TestingAuthenticationToken("Test", "Password");
 		SecurityContextHolder.getContext().setAuthentication(token);
 		mdsReturnsUserRole();
 		given(this.authman.authenticate(token)).willThrow(new BadCredentialsException("rejected"));
-		this.advisedTarget.makeLowerCase("HELLO");
+		assertThatExceptionOfType(AuthenticationException.class)
+				.isThrownBy(() -> this.advisedTarget.makeLowerCase("HELLO"));
 	}
 
 	@Test
@@ -256,9 +258,9 @@ public void callIsntMadeWhenAccessDecisionManagerRejectsAccess() {
 		verify(this.eventPublisher).publishEvent(any(AuthorizationFailureEvent.class));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void rejectsNullSecuredObjects() throws Throwable {
-		this.interceptor.invoke(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.interceptor.invoke(null));
 	}
 
 	@Test
@@ -299,10 +301,11 @@ public void runAsReplacementCleansAfterException() {
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.token);
 	}
 
-	@Test(expected = AuthenticationCredentialsNotFoundException.class)
+	@Test
 	public void emptySecurityContextIsRejected() {
 		mdsReturnsUserRole();
-		this.advisedTarget.makeUpperCase("hello");
+		assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
+				.isThrownBy(() -> this.advisedTarget.makeUpperCase("hello"));
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java b/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java
index d11135de93d..d9058c8f27d 100644
--- a/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java
@@ -30,6 +30,7 @@
 import org.springframework.security.core.Authentication;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -89,19 +90,21 @@ public void oneAffirmativeVoteTwoAbstainVotesGrantsAccess() {
 		this.mgr.decide(this.user, new Object(), this.attrs);
 	}
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void oneDenyVoteTwoAbstainVotesDeniesAccess() {
 		this.mgr = new AffirmativeBased(
 				Arrays.<AccessDecisionVoter<? extends Object>>asList(this.deny, this.abstain, this.abstain));
-		this.mgr.decide(this.user, new Object(), this.attrs);
+		assertThatExceptionOfType(AccessDeniedException.class)
+				.isThrownBy(() -> this.mgr.decide(this.user, new Object(), this.attrs));
 	}
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void onlyAbstainVotesDeniesAccessWithDefault() {
 		this.mgr = new AffirmativeBased(
 				Arrays.<AccessDecisionVoter<? extends Object>>asList(this.abstain, this.abstain, this.abstain));
 		assertThat(!this.mgr.isAllowIfAllAbstainDecisions()).isTrue(); // check default
-		this.mgr.decide(this.user, new Object(), this.attrs);
+		assertThatExceptionOfType(AccessDeniedException.class)
+				.isThrownBy(() -> this.mgr.decide(this.user, new Object(), this.attrs));
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java b/core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java
index 647387d2aad..160313d5ff0 100644
--- a/core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java
@@ -28,7 +28,7 @@
 import org.springframework.security.authentication.TestingAuthenticationToken;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.fail;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * Tests {@link ConsensusBased}.
@@ -37,14 +37,14 @@
  */
 public class ConsensusBasedTests {
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteDeniesAccessWithoutDefault() {
 		TestingAuthenticationToken auth = makeTestToken();
 		ConsensusBased mgr = makeDecisionManager();
 		mgr.setAllowIfEqualGrantedDeniedDecisions(false);
 		assertThat(!mgr.isAllowIfEqualGrantedDeniedDecisions()).isTrue(); // check changed
 		List<ConfigAttribute> config = SecurityConfig.createList("ROLE_1", "DENY_FOR_SURE");
-		mgr.decide(auth, new Object(), config);
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> mgr.decide(auth, new Object(), config));
 	}
 
 	@Test
@@ -63,20 +63,21 @@ public void testOneAffirmativeVoteTwoAbstainVotesGrantsAccess() {
 		mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_2"));
 	}
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void testOneDenyVoteTwoAbstainVotesDeniesAccess() {
 		TestingAuthenticationToken auth = makeTestToken();
 		ConsensusBased mgr = makeDecisionManager();
-		mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_WE_DO_NOT_HAVE"));
-		fail("Should have thrown AccessDeniedException");
+		assertThatExceptionOfType(AccessDeniedException.class)
+				.isThrownBy(() -> mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_WE_DO_NOT_HAVE")));
 	}
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void testThreeAbstainVotesDeniesAccessWithDefault() {
 		TestingAuthenticationToken auth = makeTestToken();
 		ConsensusBased mgr = makeDecisionManager();
 		assertThat(!mgr.isAllowIfAllAbstainDecisions()).isTrue(); // check default
-		mgr.decide(auth, new Object(), SecurityConfig.createList("IGNORED_BY_ALL"));
+		assertThatExceptionOfType(AccessDeniedException.class)
+				.isThrownBy(() -> mgr.decide(auth, new Object(), SecurityConfig.createList("IGNORED_BY_ALL")));
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java
index 7329158a9ed..cbd33ad0554 100644
--- a/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java
@@ -27,6 +27,7 @@
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
@@ -46,12 +47,13 @@ public final void setUp() {
 		this.authorities = AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO");
 	}
 
-	@Test(expected = UnsupportedOperationException.class)
+	@Test
 	public void testAuthoritiesAreImmutable() {
 		MockAuthenticationImpl token = new MockAuthenticationImpl("Test", "Password", this.authorities);
 		List<GrantedAuthority> gotAuthorities = (List<GrantedAuthority>) token.getAuthorities();
 		assertThat(gotAuthorities).isNotSameAs(this.authorities);
-		gotAuthorities.set(0, new SimpleGrantedAuthority("ROLE_SUPER_USER"));
+		assertThatExceptionOfType(UnsupportedOperationException.class)
+				.isThrownBy(() -> gotAuthorities.set(0, new SimpleGrantedAuthority("ROLE_SUPER_USER")));
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java b/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java
index 6a7ac10f3e5..134b3620e6d 100644
--- a/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java
@@ -36,6 +36,8 @@
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.isA;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.reset;
@@ -111,12 +113,13 @@ public void additionalExceptionMappingsAreSupported() {
 		verify(appPublisher).publishEvent(isA(AuthenticationFailureDisabledEvent.class));
 	}
 
-	@Test(expected = RuntimeException.class)
+	@Test
 	public void missingEventClassExceptionCausesException() {
 		this.publisher = new DefaultAuthenticationEventPublisher();
 		Properties p = new Properties();
 		p.put(MockAuthenticationException.class.getName(), "NoSuchClass");
-		this.publisher.setAdditionalExceptionMappings(p);
+		assertThatExceptionOfType(RuntimeException.class)
+				.isThrownBy(() -> this.publisher.setAdditionalExceptionMappings(p));
 	}
 
 	@Test
@@ -132,27 +135,27 @@ public void unknownFailureExceptionIsIgnored() {
 		verifyZeroInteractions(appPublisher);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void emptyMapCausesException() {
 		Map<Class<? extends AuthenticationException>, Class<? extends AbstractAuthenticationFailureEvent>> mappings = new HashMap<>();
 		this.publisher = new DefaultAuthenticationEventPublisher();
-		this.publisher.setAdditionalExceptionMappings(mappings);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.publisher.setAdditionalExceptionMappings(mappings));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void missingExceptionClassCausesException() {
 		Map<Class<? extends AuthenticationException>, Class<? extends AbstractAuthenticationFailureEvent>> mappings = new HashMap<>();
 		mappings.put(null, AuthenticationFailureLockedEvent.class);
 		this.publisher = new DefaultAuthenticationEventPublisher();
-		this.publisher.setAdditionalExceptionMappings(mappings);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.publisher.setAdditionalExceptionMappings(mappings));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void missingEventClassAsMapValueCausesException() {
 		Map<Class<? extends AuthenticationException>, Class<? extends AbstractAuthenticationFailureEvent>> mappings = new HashMap<>();
 		mappings.put(LockedException.class, null);
 		this.publisher = new DefaultAuthenticationEventPublisher();
-		this.publisher.setAdditionalExceptionMappings(mappings);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.publisher.setAdditionalExceptionMappings(mappings));
 	}
 
 	@Test
@@ -168,10 +171,11 @@ public void additionalExceptionMappingsUsingMapAreSupported() {
 		verify(appPublisher).publishEvent(isA(AuthenticationFailureDisabledEvent.class));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void defaultAuthenticationFailureEventClassSetNullThen() {
 		this.publisher = new DefaultAuthenticationEventPublisher();
-		this.publisher.setDefaultAuthenticationFailureEvent(null);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.publisher.setDefaultAuthenticationFailureEvent(null));
 	}
 
 	@Test
@@ -185,11 +189,11 @@ public void defaultAuthenticationFailureEventIsPublished() {
 		verify(appPublisher).publishEvent(isA(AuthenticationFailureBadCredentialsEvent.class));
 	}
 
-	@Test(expected = RuntimeException.class)
+	@Test
 	public void defaultAuthenticationFailureEventMissingAppropriateConstructorThen() {
 		this.publisher = new DefaultAuthenticationEventPublisher();
-		this.publisher
-				.setDefaultAuthenticationFailureEvent(AuthenticationFailureEventWithoutAppropriateConstructor.class);
+		assertThatExceptionOfType(RuntimeException.class).isThrownBy(() -> this.publisher
+				.setDefaultAuthenticationFailureEvent(AuthenticationFailureEventWithoutAppropriateConstructor.class));
 	}
 
 	private static final class AuthenticationFailureEventWithoutAppropriateConstructor
diff --git a/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java b/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java
index 987dc5b63ac..4d9f6c80552 100644
--- a/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java
@@ -29,6 +29,7 @@
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@@ -45,7 +46,7 @@
  */
 public class ProviderManagerTests {
 
-	@Test(expected = ProviderNotFoundException.class)
+	@Test
 	public void authenticationFailsWithUnsupportedToken() {
 		Authentication token = new AbstractAuthenticationToken(null) {
 			@Override
@@ -60,7 +61,7 @@ public Object getPrincipal() {
 		};
 		ProviderManager mgr = makeProviderManager();
 		mgr.setMessageSource(mock(MessageSource.class));
-		mgr.authenticate(token);
+		assertThatExceptionOfType(ProviderNotFoundException.class).isThrownBy(() -> mgr.authenticate(token));
 	}
 
 	@Test
@@ -98,19 +99,20 @@ public void authenticationSucceedsWhenFirstProviderReturnsNullButSecondAuthentic
 		verify(publisher).publishAuthenticationSuccess(result);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testStartupFailsIfProvidersNotSetAsList() {
-		new ProviderManager((List<AuthenticationProvider>) null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new ProviderManager((List<AuthenticationProvider>) null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testStartupFailsIfProvidersNotSetAsVarargs() {
-		new ProviderManager((AuthenticationProvider) null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new ProviderManager((AuthenticationProvider) null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testStartupFailsIfProvidersContainNullElement() {
-		new ProviderManager(Arrays.asList(mock(AuthenticationProvider.class), null));
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new ProviderManager(Arrays.asList(mock(AuthenticationProvider.class), null)));
 	}
 
 	// gh-8689
diff --git a/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java b/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java
index 7dc48107fc5..2c706dc7c32 100644
--- a/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java
@@ -27,6 +27,7 @@
 import org.springframework.security.core.Authentication;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 
@@ -50,14 +51,14 @@ public void setup() {
 		this.manager = new ReactiveAuthenticationManagerAdapter(this.delegate);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullAuthenticationManager() {
-		new ReactiveAuthenticationManagerAdapter(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new ReactiveAuthenticationManagerAdapter(null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setSchedulerNull() {
-		this.manager.setScheduler(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.manager.setScheduler(null));
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java
index 7aaac05a446..5a4b9466e98 100644
--- a/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java
@@ -33,6 +33,7 @@
 import org.springframework.security.crypto.password.PasswordEncoder;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 
@@ -62,10 +63,10 @@ public void setup() {
 		this.password = "pass";
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullUserDetailsService() {
-		ReactiveUserDetailsService userDetailsService = null;
-		new UserDetailsRepositoryReactiveAuthenticationManager(userDetailsService);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new UserDetailsRepositoryReactiveAuthenticationManager(null));
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java
index 7cd80768dc8..06630e17f31 100644
--- a/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java
@@ -165,7 +165,7 @@ public void authenticateWhenPostAuthenticationChecksNotSet() {
 		verifyZeroInteractions(this.postAuthenticationChecks);
 	}
 
-	@Test(expected = AccountExpiredException.class)
+	@Test
 	public void authenticateWhenAccountExpiredThenException() {
 		this.manager.setPasswordEncoder(this.encoder);
 		// @formatter:off
@@ -178,10 +178,11 @@ public void authenticateWhenAccountExpiredThenException() {
 		given(this.userDetailsService.findByUsername(any())).willReturn(Mono.just(expiredUser));
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(expiredUser,
 				expiredUser.getPassword());
-		this.manager.authenticate(token).block();
+		assertThatExceptionOfType(AccountExpiredException.class)
+				.isThrownBy(() -> this.manager.authenticate(token).block());
 	}
 
-	@Test(expected = LockedException.class)
+	@Test
 	public void authenticateWhenAccountLockedThenException() {
 		this.manager.setPasswordEncoder(this.encoder);
 		// @formatter:off
@@ -194,10 +195,10 @@ public void authenticateWhenAccountLockedThenException() {
 		given(this.userDetailsService.findByUsername(any())).willReturn(Mono.just(lockedUser));
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(lockedUser,
 				lockedUser.getPassword());
-		this.manager.authenticate(token).block();
+		assertThatExceptionOfType(LockedException.class).isThrownBy(() -> this.manager.authenticate(token).block());
 	}
 
-	@Test(expected = DisabledException.class)
+	@Test
 	public void authenticateWhenAccountDisabledThenException() {
 		this.manager.setPasswordEncoder(this.encoder);
 		// @formatter:off
@@ -210,7 +211,7 @@ public void authenticateWhenAccountDisabledThenException() {
 		given(this.userDetailsService.findByUsername(any())).willReturn(Mono.just(disabledUser));
 		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(disabledUser,
 				disabledUser.getPassword());
-		this.manager.authenticate(token).block();
+		assertThatExceptionOfType(DisabledException.class).isThrownBy(() -> this.manager.authenticate(token).block());
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java
index 5f1b830fee6..5aca7699892 100644
--- a/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java
@@ -21,6 +21,7 @@
 import org.springframework.security.core.authority.AuthorityUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
@@ -63,10 +64,11 @@ public void gettersReturnCorrectData() {
 		assertThat(AuthorityUtils.authorityListToSet(token.getAuthorities())).contains("ROLE_TWO");
 	}
 
-	@Test(expected = NoSuchMethodException.class)
+	@Test
 	public void testNoArgConstructorDoesntExist() throws Exception {
 		Class<?> clazz = UsernamePasswordAuthenticationToken.class;
-		clazz.getDeclaredConstructor((Class[]) null);
+		assertThatExceptionOfType(NoSuchMethodException.class)
+				.isThrownBy(() -> clazz.getDeclaredConstructor((Class[]) null));
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java
index 1debbc4981c..22d9bfafbda 100644
--- a/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java
@@ -101,19 +101,21 @@ public void testSetAuthenticatedIgnored() {
 		assertThat(!token.isAuthenticated()).isTrue();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenNullAuthoritiesThenThrowIllegalArgumentException() {
-		new AnonymousAuthenticationToken("key", "principal", null);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new AnonymousAuthenticationToken("key", "principal", null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenEmptyAuthoritiesThenThrowIllegalArgumentException() {
-		new AnonymousAuthenticationToken("key", "principal", Collections.<GrantedAuthority>emptyList());
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new AnonymousAuthenticationToken("key", "principal", Collections.<GrantedAuthority>emptyList()));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenPrincipalIsEmptyStringThenThrowIllegalArgumentException() {
-		new AnonymousAuthenticationToken("key", "", ROLES_12);
+		assertThatIllegalArgumentException().isThrownBy(() -> new AnonymousAuthenticationToken("key", "", ROLES_12));
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java
index 217daa7d530..fa25cd84949 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java
@@ -45,6 +45,7 @@
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.ArgumentMatchers.isA;
@@ -82,16 +83,16 @@ public void setUp() throws Exception {
 		ReflectionTestUtils.setField(this.provider, "log", this.log);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void afterPropertiesSetNullConfiguration() throws Exception {
 		this.provider.setConfiguration(null);
-		this.provider.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(this.provider::afterPropertiesSet);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void afterPropertiesSetNullAuthorityGranters() throws Exception {
 		this.provider.setAuthorityGranters(null);
-		this.provider.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(this.provider::afterPropertiesSet);
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/memory/InMemoryConfigurationTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/memory/InMemoryConfigurationTests.java
index c1f4f8be7fe..ab53c91c229 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/memory/InMemoryConfigurationTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/memory/InMemoryConfigurationTests.java
@@ -29,6 +29,7 @@
 import org.springframework.security.authentication.jaas.TestLoginModule;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests {@link InMemoryConfiguration}.
@@ -55,9 +56,10 @@ public void constructorNullDefault() {
 		assertThat(new InMemoryConfiguration((AppConfigurationEntry[]) null).getAppConfigurationEntry("name")).isNull();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullMapped() {
-		new InMemoryConfiguration((Map<String, AppConfigurationEntry[]>) null);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new InMemoryConfiguration((Map<String, AppConfigurationEntry[]>) null));
 	}
 
 	@Test
@@ -72,9 +74,9 @@ public void constructorEmptyMapNullDefault() {
 				.getAppConfigurationEntry("name")).isNull();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullMapNullDefault() {
-		new InMemoryConfiguration(null, null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new InMemoryConfiguration(null, null));
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java
index d279a30e074..8fd7fe26ec1 100644
--- a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java
@@ -23,6 +23,7 @@
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
@@ -35,13 +36,14 @@
  */
 public class RemoteAuthenticationManagerImplTests {
 
-	@Test(expected = RemoteAuthenticationException.class)
+	@Test
 	public void testFailedAuthenticationReturnsRemoteAuthenticationException() {
 		RemoteAuthenticationManagerImpl manager = new RemoteAuthenticationManagerImpl();
 		AuthenticationManager am = mock(AuthenticationManager.class);
 		given(am.authenticate(any(Authentication.class))).willThrow(new BadCredentialsException(""));
 		manager.setAuthenticationManager(am);
-		manager.attemptAuthentication("rod", "password");
+		assertThatExceptionOfType(RemoteAuthenticationException.class)
+				.isThrownBy(() -> manager.attemptAuthentication("rod", "password"));
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java
index 1ed793a989f..7066a98268d 100644
--- a/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java
@@ -29,6 +29,7 @@
 import org.springframework.security.core.Authentication;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.BDDMockito.given;
 
 /**
@@ -120,42 +121,40 @@ public void checkWhenHasAnyRoleAndNotAuthorizedThenReturnFalse() {
 		assertThat(granted).isFalse();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void hasRoleWhenNullThenException() {
-		String role = null;
-		AuthorityReactiveAuthorizationManager.hasRole(role);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> AuthorityReactiveAuthorizationManager.hasRole((String) null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void hasAuthorityWhenNullThenException() {
-		String authority = null;
-		AuthorityReactiveAuthorizationManager.hasAuthority(authority);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> AuthorityReactiveAuthorizationManager.hasAuthority((String) null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void hasAnyRoleWhenNullThenException() {
-		String role = null;
-		AuthorityReactiveAuthorizationManager.hasAnyRole(role);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> AuthorityReactiveAuthorizationManager.hasAnyRole((String) null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void hasAnyAuthorityWhenNullThenException() {
-		String authority = null;
-		AuthorityReactiveAuthorizationManager.hasAnyAuthority(authority);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> AuthorityReactiveAuthorizationManager.hasAnyAuthority((String) null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void hasAnyRoleWhenOneIsNullThenException() {
-		String role1 = "ROLE_ADMIN";
-		String role2 = null;
-		AuthorityReactiveAuthorizationManager.hasAnyRole(role1, role2);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> AuthorityReactiveAuthorizationManager.hasAnyRole("ROLE_ADMIN", (String) null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void hasAnyAuthorityWhenOneIsNullThenException() {
-		String authority1 = "ADMIN";
-		String authority2 = null;
-		AuthorityReactiveAuthorizationManager.hasAnyAuthority(authority1, authority2);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> AuthorityReactiveAuthorizationManager.hasAnyAuthority("ADMIN", (String) null));
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorServiceTests.java
index f8fcbc48cbb..bb1867b5c25 100644
--- a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorServiceTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorServiceTests.java
@@ -27,6 +27,7 @@
 import org.mockito.Mock;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
 
@@ -57,9 +58,9 @@ public final void setUpExecutorService() {
 	}
 
 	@Override
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullDelegate() {
-		new DelegatingSecurityContextExecutorService(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new DelegatingSecurityContextExecutorService(null));
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorTests.java b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorTests.java
index 073670a93d3..0c54307dbe2 100644
--- a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorTests.java
@@ -22,6 +22,7 @@
 import org.junit.Test;
 import org.mockito.Mock;
 
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.Mockito.verify;
 
 /**
@@ -42,9 +43,9 @@ public abstract class AbstractDelegatingSecurityContextExecutorTests
 
 	private DelegatingSecurityContextExecutor executor;
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullDelegate() {
-		new DelegatingSecurityContextExecutor(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new DelegatingSecurityContextExecutor(null));
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java
index 1783ee48066..e3122a3ac7e 100644
--- a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java
@@ -34,6 +34,7 @@
 import org.springframework.security.core.context.SecurityContextHolder;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
 
@@ -79,24 +80,26 @@ public void tearDown() {
 		SecurityContextHolder.clearContext();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullDelegate() {
-		new DelegatingSecurityContextCallable<>(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new DelegatingSecurityContextCallable<>(null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullDelegateNonNullSecurityContext() {
-		new DelegatingSecurityContextCallable<>(null, this.securityContext);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new DelegatingSecurityContextCallable<>(null, this.securityContext));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullDelegateAndSecurityContext() {
-		new DelegatingSecurityContextCallable<>(null, null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new DelegatingSecurityContextCallable<>(null, null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullSecurityContext() {
-		new DelegatingSecurityContextCallable<>(this.delegate, null);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new DelegatingSecurityContextCallable<>(this.delegate, null));
 	}
 
 	@Test
@@ -109,8 +112,8 @@ public void call() throws Exception {
 	public void callDefaultSecurityContext() throws Exception {
 		SecurityContextHolder.setContext(this.securityContext);
 		this.callable = new DelegatingSecurityContextCallable<>(this.delegate);
-		SecurityContextHolder.clearContext(); // ensure callable is what sets up the
-												// SecurityContextHolder
+		// ensure callable is what sets up the SecurityContextHolder
+		SecurityContextHolder.clearContext();
 		assertWrapped(this.callable);
 	}
 
@@ -123,22 +126,23 @@ public void callOnSameThread() throws Exception {
 		assertWrapped(this.callable.call());
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void createNullDelegate() {
-		DelegatingSecurityContextCallable.create(null, this.securityContext);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> DelegatingSecurityContextCallable.create(null, this.securityContext));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void createNullDelegateAndSecurityContext() {
-		DelegatingSecurityContextRunnable.create(null, null);
+		assertThatIllegalArgumentException().isThrownBy(() -> DelegatingSecurityContextRunnable.create(null, null));
 	}
 
 	@Test
 	public void createNullSecurityContext() throws Exception {
 		SecurityContextHolder.setContext(this.securityContext);
 		this.callable = DelegatingSecurityContextCallable.create(this.delegate, null);
-		SecurityContextHolder.clearContext(); // ensure callable is what sets up the
-												// SecurityContextHolder
+		// ensure callable is what sets up the SecurityContextHolder
+		SecurityContextHolder.clearContext();
 		assertWrapped(this.callable);
 	}
 
diff --git a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java
index 3c47bc64162..5f13ce3da07 100644
--- a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java
+++ b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java
@@ -34,6 +34,7 @@
 import org.springframework.security.core.context.SecurityContextHolder;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.BDDMockito.willAnswer;
 import static org.mockito.Mockito.verify;
 
@@ -74,24 +75,26 @@ public void tearDown() {
 		SecurityContextHolder.clearContext();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullDelegate() {
-		new DelegatingSecurityContextRunnable(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new DelegatingSecurityContextRunnable(null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullDelegateNonNullSecurityContext() {
-		new DelegatingSecurityContextRunnable(null, this.securityContext);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new DelegatingSecurityContextRunnable(null, this.securityContext));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullDelegateAndSecurityContext() {
-		new DelegatingSecurityContextRunnable(null, null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new DelegatingSecurityContextRunnable(null, null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullSecurityContext() {
-		new DelegatingSecurityContextRunnable(this.delegate, null);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new DelegatingSecurityContextRunnable(this.delegate, null));
 	}
 
 	@Test
@@ -119,14 +122,15 @@ public void callOnSameThread() throws Exception {
 		assertWrapped(this.runnable);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void createNullDelegate() {
-		DelegatingSecurityContextRunnable.create(null, this.securityContext);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> DelegatingSecurityContextRunnable.create(null, this.securityContext));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void createNullDelegateAndSecurityContext() {
-		DelegatingSecurityContextRunnable.create(null, null);
+		assertThatIllegalArgumentException().isThrownBy(() -> DelegatingSecurityContextRunnable.create(null, null));
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java b/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java
index 86d242ad662..8d66830b523 100644
--- a/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java
+++ b/core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java
@@ -25,6 +25,7 @@
 import org.springframework.context.ApplicationEvent;
 import org.springframework.context.event.SmartApplicationListener;
 
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.never;
@@ -75,9 +76,9 @@ public void processEventSourceTypeNotSupported() {
 		verify(this.delegate, never()).onApplicationEvent(any(ApplicationEvent.class));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void addNull() {
-		this.listener.addListener(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.listener.addListener(null));
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapperTests.java b/core/src/test/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapperTests.java
index b57bbc38010..73c39acfdda 100644
--- a/core/src/test/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapperTests.java
+++ b/core/src/test/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapperTests.java
@@ -28,6 +28,7 @@
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Ruud Senden
@@ -35,44 +36,41 @@
 @SuppressWarnings("unchecked")
 public class MapBasedAttributes2GrantedAuthoritiesMapperTests {
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testAfterPropertiesSetNoMap() throws Exception {
 		MapBasedAttributes2GrantedAuthoritiesMapper mapper = new MapBasedAttributes2GrantedAuthoritiesMapper();
-		mapper.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(mapper::afterPropertiesSet);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testAfterPropertiesSetEmptyMap() throws Exception {
 		MapBasedAttributes2GrantedAuthoritiesMapper mapper = new MapBasedAttributes2GrantedAuthoritiesMapper();
-		mapper.setAttributes2grantedAuthoritiesMap(new HashMap());
-		mapper.afterPropertiesSet();
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> mapper.setAttributes2grantedAuthoritiesMap(new HashMap()));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testAfterPropertiesSetInvalidKeyTypeMap() throws Exception {
 		MapBasedAttributes2GrantedAuthoritiesMapper mapper = new MapBasedAttributes2GrantedAuthoritiesMapper();
 		HashMap m = new HashMap();
 		m.put(new Object(), "ga1");
-		mapper.setAttributes2grantedAuthoritiesMap(m);
-		mapper.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(() -> mapper.setAttributes2grantedAuthoritiesMap(m));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testAfterPropertiesSetInvalidValueTypeMap1() throws Exception {
 		MapBasedAttributes2GrantedAuthoritiesMapper mapper = new MapBasedAttributes2GrantedAuthoritiesMapper();
 		HashMap m = new HashMap();
 		m.put("role1", new Object());
-		mapper.setAttributes2grantedAuthoritiesMap(m);
-		mapper.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(() -> mapper.setAttributes2grantedAuthoritiesMap(m));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testAfterPropertiesSetInvalidValueTypeMap2() throws Exception {
 		MapBasedAttributes2GrantedAuthoritiesMapper mapper = new MapBasedAttributes2GrantedAuthoritiesMapper();
 		HashMap m = new HashMap();
 		m.put("role1", new Object[] { new String[] { "ga1", "ga2" }, new Object() });
-		mapper.setAttributes2grantedAuthoritiesMap(m);
-		mapper.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(() -> mapper.setAttributes2grantedAuthoritiesMap(m));
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java
index 35781b5f306..61ff94419da 100644
--- a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java
+++ b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java
@@ -25,18 +25,19 @@
 import org.springframework.security.core.authority.AuthorityUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Luke Taylor
  */
 public class SimpleAuthoritiesMapperTests {
 
-	@Test(expected = IllegalArgumentException.class)
-	public void rejectsInvalidCaseConversionFlags() throws Exception {
+	@Test
+	public void rejectsInvalidCaseConversionFlags() {
 		SimpleAuthorityMapper mapper = new SimpleAuthorityMapper();
 		mapper.setConvertToLowerCase(true);
 		mapper.setConvertToUpperCase(true);
-		mapper.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(mapper::afterPropertiesSet);
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/core/token/DefaultTokenTests.java b/core/src/test/java/org/springframework/security/core/token/DefaultTokenTests.java
index 1dc583b84b1..4c41fed858d 100644
--- a/core/src/test/java/org/springframework/security/core/token/DefaultTokenTests.java
+++ b/core/src/test/java/org/springframework/security/core/token/DefaultTokenTests.java
@@ -21,6 +21,7 @@
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests {@link DefaultToken}.
@@ -40,11 +41,11 @@ public void testEquality() {
 		assertThat(t2).isEqualTo(t1);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testRejectsNullExtendedInformation() {
 		String key = "key";
 		long created = new Date().getTime();
-		new DefaultToken(key, created, null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new DefaultToken(key, created, null));
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/core/token/KeyBasedPersistenceTokenServiceTests.java b/core/src/test/java/org/springframework/security/core/token/KeyBasedPersistenceTokenServiceTests.java
index fd4efeebb9e..ed092bcacb3 100644
--- a/core/src/test/java/org/springframework/security/core/token/KeyBasedPersistenceTokenServiceTests.java
+++ b/core/src/test/java/org/springframework/security/core/token/KeyBasedPersistenceTokenServiceTests.java
@@ -22,12 +22,12 @@
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests {@link KeyBasedPersistenceTokenService}.
  *
  * @author Ben Alex
- *
  */
 public class KeyBasedPersistenceTokenServiceTests {
 
@@ -80,20 +80,22 @@ public void testOperationWithNoExtendedInformation() {
 		assertThat(result).isEqualTo(token);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testOperationWithMissingKey() {
 		KeyBasedPersistenceTokenService service = getService();
-		Token token = new DefaultToken("", new Date().getTime(), "");
-		service.verifyToken(token.getKey());
+		assertThatIllegalArgumentException().isThrownBy(() -> {
+			Token token = new DefaultToken("", new Date().getTime(), "");
+			service.verifyToken(token.getKey());
+		});
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testOperationWithTamperedKey() {
 		KeyBasedPersistenceTokenService service = getService();
 		Token goodToken = service.allocateToken("");
 		String fake = goodToken.getKey().toUpperCase();
 		Token token = new DefaultToken(fake, new Date().getTime(), "");
-		service.verifyToken(token.getKey());
+		assertThatIllegalArgumentException().isThrownBy(() -> service.verifyToken(token.getKey()));
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java b/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java
index a6f87608716..75abac7178f 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java
@@ -24,6 +24,7 @@
 import reactor.core.publisher.Mono;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 public class MapReactiveUserDetailsServiceTests {
 
@@ -35,16 +36,16 @@ public class MapReactiveUserDetailsServiceTests {
 	// @formatter:on
 	private MapReactiveUserDetailsService users = new MapReactiveUserDetailsService(Arrays.asList(USER_DETAILS));
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullUsers() {
-		Collection<UserDetails> users = null;
-		new MapReactiveUserDetailsService(users);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new MapReactiveUserDetailsService((Collection<UserDetails>) null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorEmptyUsers() {
-		Collection<UserDetails> users = Collections.emptyList();
-		new MapReactiveUserDetailsService(users);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new MapReactiveUserDetailsService(Collections.emptyList()));
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java b/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java
index 45f18878532..28a828e21bd 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCacheTests.java
@@ -27,7 +27,7 @@
 import org.springframework.security.core.userdetails.User;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.fail;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests {@link EhCacheBasedUserCache}.
@@ -77,11 +77,10 @@ public void cacheOperationsAreSuccessful() throws Exception {
 		assertThat(cache.getUserFromCache("UNKNOWN_USER")).isNull();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void startupDetectsMissingCache() throws Exception {
 		EhCacheBasedUserCache cache = new EhCacheBasedUserCache();
-		cache.afterPropertiesSet();
-		fail("Should have thrown IllegalArgumentException");
+		assertThatIllegalArgumentException().isThrownBy(cache::afterPropertiesSet);
 		Ehcache myCache = getCache();
 		cache.setCache(myCache);
 		assertThat(cache.getCache()).isEqualTo(myCache);
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCacheTests.java b/core/src/test/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCacheTests.java
index 44bf44bade5..c42020a0733 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCacheTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/cache/SpringCacheBasedUserCacheTests.java
@@ -27,6 +27,7 @@
 import org.springframework.security.core.userdetails.User;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests
@@ -75,9 +76,9 @@ public void cacheOperationsAreSuccessful() throws Exception {
 		assertThat(cache.getUserFromCache("UNKNOWN_USER")).isNull();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void startupDetectsMissingCache() throws Exception {
-		new SpringCacheBasedUserCache(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new SpringCacheBasedUserCache(null));
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImplTests.java b/core/src/test/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImplTests.java
index f933024e337..b1d4d559a1f 100644
--- a/core/src/test/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImplTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImplTests.java
@@ -156,10 +156,10 @@ public void testStartupFailsIfUserMapSetToNull() {
 		});
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setMessageSourceWhenNullThenThrowsException() {
 		JdbcDaoImpl dao = new JdbcDaoImpl();
-		dao.setMessageSource(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> dao.setMessageSource(null));
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java
index 924364f352b..387f1576a19 100644
--- a/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java
@@ -29,6 +29,7 @@
 import org.springframework.security.core.userdetails.User;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * @author Jitendra Singh
@@ -64,12 +65,13 @@ public void deserializeAnonymousAuthenticationTokenTest() throws IOException {
 		assertThat(token.getAuthorities()).isNotNull().hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER"));
 	}
 
-	@Test(expected = JsonMappingException.class)
+	@Test
 	public void deserializeAnonymousAuthenticationTokenWithoutAuthoritiesTest() throws IOException {
 		String jsonString = "{\"@class\": \"org.springframework.security.authentication.AnonymousAuthenticationToken\", \"details\": null,"
 				+ "\"principal\": \"user\", \"authenticated\": true, \"keyHash\": " + HASH_KEY.hashCode() + ","
 				+ "\"authorities\": [\"java.util.ArrayList\", []]}";
-		this.mapper.readValue(jsonString, AnonymousAuthenticationToken.class);
+		assertThatExceptionOfType(JsonMappingException.class)
+				.isThrownBy(() -> this.mapper.readValue(jsonString, AnonymousAuthenticationToken.class));
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java
index 85b05860e8d..9d5a1a6fdd1 100644
--- a/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java
@@ -30,6 +30,7 @@
 import org.springframework.security.core.userdetails.User;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Jitendra Singh
@@ -48,6 +49,7 @@ public class RememberMeAuthenticationTokenMixinTests extends AbstractMixinTests
 		+ "\"authorities\": " + SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON
 	+ "}";
 	// @formatter:on
+
 	// @formatter:off
 	private static final String REMEMBERME_AUTH_STRINGPRINCIPAL_JSON = "{"
 		+ "\"@class\": \"org.springframework.security.authentication.RememberMeAuthenticationToken\","
@@ -58,14 +60,17 @@ public class RememberMeAuthenticationTokenMixinTests extends AbstractMixinTests
 		+ "\"authorities\": " + SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON
 	+ "}";
 	// @formatter:on
-	@Test(expected = IllegalArgumentException.class)
+
+	@Test
 	public void testWithNullPrincipal() {
-		new RememberMeAuthenticationToken("key", null, Collections.<GrantedAuthority>emptyList());
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new RememberMeAuthenticationToken("key", null, Collections.<GrantedAuthority>emptyList()));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testWithNullKey() {
-		new RememberMeAuthenticationToken(null, "principal", Collections.<GrantedAuthority>emptyList());
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new RememberMeAuthenticationToken(null, "principal", Collections.<GrantedAuthority>emptyList()));
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java
index 05d67d73235..e146a827e98 100644
--- a/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java
@@ -27,6 +27,7 @@
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * @author Jitendra Singh
@@ -56,10 +57,11 @@ public void deserializeGrantedAuthorityTest() throws IOException {
 		assertThat(authority.getAuthority()).isNotNull().isEqualTo("ROLE_USER");
 	}
 
-	@Test(expected = JsonMappingException.class)
+	@Test
 	public void deserializeGrantedAuthorityWithoutRoleTest() throws IOException {
 		String json = "{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\"}";
-		this.mapper.readValue(json, SimpleGrantedAuthority.class);
+		assertThatExceptionOfType(JsonMappingException.class)
+				.isThrownBy(() -> this.mapper.readValue(json, SimpleGrantedAuthority.class));
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java b/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java
index 299b4f90265..0f084396217 100644
--- a/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java
@@ -32,6 +32,7 @@
 import org.springframework.security.core.userdetails.User;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Jitendra Singh
@@ -67,11 +68,12 @@ public void serializeUserWithoutAuthority() throws JsonProcessingException, JSON
 		JSONAssert.assertEquals(userWithNoAuthoritiesJson(), userJson, true);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void deserializeUserWithNullPasswordEmptyAuthorityTest() throws IOException {
 		String userJsonWithoutPasswordString = USER_JSON.replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_SET_JSON,
 				"[]");
-		this.mapper.readValue(userJsonWithoutPasswordString, User.class);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.mapper.readValue(userJsonWithoutPasswordString, User.class));
 	}
 
 	@Test
@@ -85,11 +87,11 @@ public void deserializeUserWithNullPasswordNoAuthorityTest() throws Exception {
 		assertThat(user.isEnabled()).isEqualTo(true);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void deserializeUserWithNoClassIdInAuthoritiesTest() throws Exception {
 		String userJson = USER_JSON.replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_SET_JSON,
 				"[{\"authority\": \"ROLE_USER\"}]");
-		this.mapper.readValue(userJson, User.class);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.mapper.readValue(userJson, User.class));
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java b/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java
index 54a24a39bc3..b24123905e8 100644
--- a/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java
+++ b/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java
@@ -189,9 +189,10 @@ public void userExistsReturnsTrueForExistingUsername() {
 		assertThat(this.cache.getUserMap().containsKey("joe")).isTrue();
 	}
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void changePasswordFailsForUnauthenticatedUser() {
-		this.manager.changePassword("password", "newPassword");
+		assertThatExceptionOfType(AccessDeniedException.class)
+				.isThrownBy(() -> this.manager.changePassword("password", "newPassword"));
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskSchedulerTests.java b/core/src/test/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskSchedulerTests.java
index d52d530956a..30dfff81806 100644
--- a/core/src/test/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskSchedulerTests.java
+++ b/core/src/test/java/org/springframework/security/scheduling/DelegatingSecurityContextTaskSchedulerTests.java
@@ -29,6 +29,7 @@
 import org.springframework.scheduling.TaskScheduler;
 import org.springframework.scheduling.Trigger;
 
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.ArgumentMatchers.isA;
@@ -65,9 +66,9 @@ public void cleanup() {
 		this.delegatingSecurityContextTaskScheduler = null;
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testSchedulerIsNotNull() {
-		this.delegatingSecurityContextTaskScheduler = new DelegatingSecurityContextTaskScheduler(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new DelegatingSecurityContextTaskScheduler(null));
 	}
 
 	@Test
diff --git a/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java b/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java
index 7bc823f2bb3..3901e63ec16 100644
--- a/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java
+++ b/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java
@@ -25,6 +25,7 @@
 import org.springframework.security.access.annotation.BusinessServiceImpl;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Luke Taylor
@@ -44,9 +45,10 @@ public void createFromClassReturnsMethodIfArgInfoOmittedAndMethodNameIsUnique()
 		assertThat(mi).isNotNull();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void exceptionIsRaisedIfArgInfoOmittedAndMethodNameIsNotUnique() {
-		MethodInvocationUtils.createFromClass(BusinessServiceImpl.class, "methodReturningAList");
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> MethodInvocationUtils.createFromClass(BusinessServiceImpl.class, "methodReturningAList"));
 	}
 
 	@Test
diff --git a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java
index 5bab1e821fe..f69b9d479d1 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java
@@ -22,6 +22,7 @@
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Simeon Macke
@@ -66,69 +67,70 @@ public void encodeWhenValidArgumentsWithID2ThenEncodeToCorrectHash() {
 				this.testDataEntry2.decoded.getParameters())).isEqualTo(this.testDataEntry2.encoded);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void encodeWhenNonexistingAlgorithmThenThrowException() {
-		Argon2EncodingUtils.encode(new byte[] { 0, 1, 2, 3 }, (new Argon2Parameters.Builder(3)).withVersion(19)
-				.withMemoryAsKB(333).withIterations(5).withParallelism(2).build());
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> Argon2EncodingUtils.encode(new byte[] { 0, 1, 2, 3 }, (new Argon2Parameters.Builder(3))
+						.withVersion(19).withMemoryAsKB(333).withIterations(5).withParallelism(2).build()));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void decodeWhenNotAnArgon2HashThenThrowException() {
-		Argon2EncodingUtils.decode("notahash");
+		assertThatIllegalArgumentException().isThrownBy(() -> Argon2EncodingUtils.decode("notahash"));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void decodeWhenNonexistingAlgorithmThenThrowException() {
-		Argon2EncodingUtils.decode(
-				"$argon2x$v=19$m=1024,t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs");
+		assertThatIllegalArgumentException().isThrownBy(() -> Argon2EncodingUtils.decode(
+				"$argon2x$v=19$m=1024,t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs"));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void decodeWhenIllegalVersionParameterThenThrowException() {
-		Argon2EncodingUtils.decode(
-				"$argon2i$v=x$m=1024,t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs");
+		assertThatIllegalArgumentException().isThrownBy(() -> Argon2EncodingUtils.decode(
+				"$argon2i$v=x$m=1024,t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs"));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void decodeWhenIllegalMemoryParameterThenThrowException() {
-		Argon2EncodingUtils
-				.decode("$argon2i$v=19$m=x,t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs");
+		assertThatIllegalArgumentException().isThrownBy(() -> Argon2EncodingUtils.decode(
+				"$argon2i$v=19$m=x,t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs"));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void decodeWhenIllegalIterationsParameterThenThrowException() {
-		Argon2EncodingUtils.decode(
-				"$argon2i$v=19$m=1024,t=x,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs");
+		assertThatIllegalArgumentException().isThrownBy(() -> Argon2EncodingUtils.decode(
+				"$argon2i$v=19$m=1024,t=x,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs"));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void decodeWhenIllegalParallelityParameterThenThrowException() {
-		Argon2EncodingUtils.decode(
-				"$argon2i$v=19$m=1024,t=3,p=x$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs");
+		assertThatIllegalArgumentException().isThrownBy(() -> Argon2EncodingUtils.decode(
+				"$argon2i$v=19$m=1024,t=3,p=x$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs"));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void decodeWhenMissingVersionParameterThenThrowException() {
-		Argon2EncodingUtils
-				.decode("$argon2i$m=1024,t=3,p=x$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs");
+		assertThatIllegalArgumentException().isThrownBy(() -> Argon2EncodingUtils
+				.decode("$argon2i$m=1024,t=3,p=x$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs"));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void decodeWhenMissingMemoryParameterThenThrowException() {
-		Argon2EncodingUtils
-				.decode("$argon2i$v=19$t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs");
+		assertThatIllegalArgumentException().isThrownBy(() -> Argon2EncodingUtils
+				.decode("$argon2i$v=19$t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs"));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void decodeWhenMissingIterationsParameterThenThrowException() {
-		Argon2EncodingUtils
-				.decode("$argon2i$v=19$m=1024,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs");
+		assertThatIllegalArgumentException().isThrownBy(() -> Argon2EncodingUtils
+				.decode("$argon2i$v=19$m=1024,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs"));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void decodeWhenMissingParallelityParameterThenThrowException() {
-		Argon2EncodingUtils
-				.decode("$argon2i$v=19$m=1024,t=3$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs");
+		assertThatIllegalArgumentException().isThrownBy(() -> Argon2EncodingUtils
+				.decode("$argon2i$v=19$m=1024,t=3$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs"));
 	}
 
 	private void assertArgon2HashEquals(Argon2EncodingUtils.Argon2Hash expected,
diff --git a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java
index 23fde399547..72eda1f8179 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java
@@ -28,6 +28,7 @@
 import org.springframework.security.crypto.keygen.BytesKeyGenerator;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Simeon Macke
@@ -181,9 +182,9 @@ public void upgradeEncodingWhenEncodedPassIsEmptyThenFalse() {
 		assertThat(this.encoder.upgradeEncoding("")).isFalse();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void upgradeEncodingWhenEncodedPassIsBogusThenThrowException() {
-		this.encoder.upgradeEncoding("thisIsNoValidHash");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.encoder.upgradeEncoding("thisIsNoValidHash"));
 	}
 
 	private void injectPredictableSaltGen() throws Exception {
diff --git a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java
index b9c9c1072fd..9039dc9657f 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java
@@ -21,6 +21,7 @@
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Dave Syer
@@ -129,14 +130,14 @@ public void emptyRawPasswordDoesNotMatchPassword() {
 		assertThat(encoder.matches("password", result)).isTrue();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void badLowCustomStrength() {
-		new BCryptPasswordEncoder(3);
+		assertThatIllegalArgumentException().isThrownBy(() -> new BCryptPasswordEncoder(3));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void badHighCustomStrength() {
-		new BCryptPasswordEncoder(32);
+		assertThatIllegalArgumentException().isThrownBy(() -> new BCryptPasswordEncoder(32));
 	}
 
 	@Test
@@ -189,22 +190,22 @@ public void upgradeFromNullOrEmpty() {
 	 * @see <a href=
 	 * "https://github.com/spring-projects/spring-security/pull/7042#issuecomment-506755496">https://github.com/spring-projects/spring-security/pull/7042#issuecomment-506755496</a>
 	 */
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void upgradeFromNonBCrypt() {
 		BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
-		encoder.upgradeEncoding("not-a-bcrypt-password");
+		assertThatIllegalArgumentException().isThrownBy(() -> encoder.upgradeEncoding("not-a-bcrypt-password"));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void encodeNullRawPassword() {
 		BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
-		encoder.encode(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> encoder.encode(null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void matchNullRawPassword() {
 		BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
-		encoder.matches(null, "does-not-matter");
+		assertThatIllegalArgumentException().isThrownBy(() -> encoder.matches(null, "does-not-matter"));
 	}
 
 }
diff --git a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java
index 010c1e9c8ea..2e11b0fe4e5 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java
@@ -21,6 +21,7 @@
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * JUnit unit tests for BCrypt routines
@@ -328,19 +329,21 @@ public void roundsForDoesNotOverflow() {
 		assertThat(BCrypt.roundsForLogRounds(31)).isEqualTo(0x80000000L);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void emptyByteArrayCannotBeEncoded() {
-		BCrypt.encode_base64(new byte[0], 0, new StringBuilder());
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> BCrypt.encode_base64(new byte[0], 0, new StringBuilder()));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void moreBytesThanInTheArrayCannotBeEncoded() {
-		BCrypt.encode_base64(new byte[1], 2, new StringBuilder());
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> BCrypt.encode_base64(new byte[1], 2, new StringBuilder()));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void decodingMustRequestMoreThanZeroBytes() {
-		BCrypt.decode_base64("", 0);
+		assertThatIllegalArgumentException().isThrownBy(() -> BCrypt.decode_base64("", 0));
 	}
 
 	private static String encode_base64(byte d[], int len) throws IllegalArgumentException {
@@ -394,14 +397,14 @@ public void testBase64EncodeDecode() {
 		}
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void genSaltFailsWithTooFewRounds() {
-		BCrypt.gensalt(3);
+		assertThatIllegalArgumentException().isThrownBy(() -> BCrypt.gensalt(3));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void genSaltFailsWithTooManyRounds() {
-		BCrypt.gensalt(32);
+		assertThatIllegalArgumentException().isThrownBy(() -> BCrypt.gensalt(32));
 	}
 
 	@Test
@@ -410,24 +413,26 @@ public void genSaltGeneratesCorrectSaltPrefix() {
 		assertThat(BCrypt.gensalt(31)).startsWith("$2a$31$");
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void hashpwFailsWhenSaltIsNull() {
-		BCrypt.hashpw("password", null);
+		assertThatIllegalArgumentException().isThrownBy(() -> BCrypt.hashpw("password", null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void hashpwFailsWhenSaltSpecifiesTooFewRounds() {
-		BCrypt.hashpw("password", "$2a$03$......................");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> BCrypt.hashpw("password", "$2a$03$......................"));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void hashpwFailsWhenSaltSpecifiesTooManyRounds() {
-		BCrypt.hashpw("password", "$2a$32$......................");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> BCrypt.hashpw("password", "$2a$32$......................"));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void saltLengthIsChecked() {
-		BCrypt.hashpw("", "");
+		assertThatIllegalArgumentException().isThrownBy(() -> BCrypt.hashpw("", ""));
 	}
 
 	@Test
@@ -436,9 +441,10 @@ public void hashpwWorksWithOldRevision() {
 				.isEqualTo("$2$05$......................bvpG2UfzdyW/S0ny/4YyEZrmczoJfVm");
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void hashpwFailsWhenSaltIsTooShort() {
-		BCrypt.hashpw("password", "$2a$10$123456789012345678901");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> BCrypt.hashpw("password", "$2a$10$123456789012345678901"));
 	}
 
 	@Test
diff --git a/crypto/src/test/java/org/springframework/security/crypto/codec/Base64Tests.java b/crypto/src/test/java/org/springframework/security/crypto/codec/Base64Tests.java
index 6518c4b007e..40017d52794 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/codec/Base64Tests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/codec/Base64Tests.java
@@ -19,6 +19,8 @@
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Luke Taylor
@@ -37,14 +39,14 @@ public void isBase64ReturnsFalseForInvalidBase64() {
 		assertThat(Base64.isBase64(new byte[] { (byte) 'A', (byte) 'B', (byte) 'C', (byte) '`' })).isFalse();
 	}
 
-	@Test(expected = NullPointerException.class)
+	@Test
 	public void isBase64RejectsNull() {
-		Base64.isBase64(null);
+		assertThatExceptionOfType(NullPointerException.class).isThrownBy(() -> Base64.isBase64(null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void isBase64RejectsInvalidLength() {
-		Base64.isBase64(new byte[] { (byte) 'A' });
+		assertThatIllegalArgumentException().isThrownBy(() -> Base64.isBase64(new byte[] { (byte) 'A' }));
 	}
 
 }
diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorTests.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorTests.java
index 88d0712c5c2..6286b2767db 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorTests.java
@@ -27,6 +27,8 @@
 import org.springframework.security.crypto.codec.Hex;
 import org.springframework.security.crypto.keygen.KeyGenerators;
 
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+
 public class BouncyCastleAesBytesEncryptorTests {
 
 	private byte[] testData;
@@ -69,14 +71,16 @@ private void generatesDifferentCipherTexts(BytesEncryptor bcEncryptor) {
 		Assert.assertArrayEquals(this.testData, decrypted2);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void bcCbcWithWrongLengthIv() {
-		new BouncyCastleAesCbcBytesEncryptor(this.password, this.salt, KeyGenerators.secureRandom(8));
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new BouncyCastleAesCbcBytesEncryptor(this.password, this.salt, KeyGenerators.secureRandom(8)));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void bcGcmWithWrongLengthIv() {
-		new BouncyCastleAesGcmBytesEncryptor(this.password, this.salt, KeyGenerators.secureRandom(8));
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new BouncyCastleAesGcmBytesEncryptor(this.password, this.salt, KeyGenerators.secureRandom(8)));
 	}
 
 }
diff --git a/crypto/src/test/java/org/springframework/security/crypto/keygen/Base64StringKeyGeneratorTests.java b/crypto/src/test/java/org/springframework/security/crypto/keygen/Base64StringKeyGeneratorTests.java
index ca108238b1a..c451b4954b2 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/keygen/Base64StringKeyGeneratorTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/keygen/Base64StringKeyGeneratorTests.java
@@ -21,6 +21,7 @@
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Rob Winch
@@ -28,15 +29,14 @@
  */
 public class Base64StringKeyGeneratorTests {
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorIntWhenLessThan32ThenIllegalArgumentException() {
-		new Base64StringKeyGenerator(31);
+		assertThatIllegalArgumentException().isThrownBy(() -> new Base64StringKeyGenerator(31));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorEncoderWhenEncoderNullThenThrowsIllegalArgumentException() {
-		Base64.Encoder encoder = null;
-		new Base64StringKeyGenerator(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new Base64StringKeyGenerator(null));
 	}
 
 	@Test
diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java
index e123f27c5fa..a04cec7c2f1 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java
@@ -72,19 +72,21 @@ public void setup() {
 		this.passwordEncoder = new DelegatingPasswordEncoder(this.bcryptId, this.delegates);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenIdForEncodeNullThenIllegalArgumentException() {
-		new DelegatingPasswordEncoder(null, this.delegates);
+		assertThatIllegalArgumentException().isThrownBy(() -> new DelegatingPasswordEncoder(null, this.delegates));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenIdForEncodeDoesNotExistThenIllegalArgumentException() {
-		new DelegatingPasswordEncoder(this.bcryptId + "INVALID", this.delegates);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new DelegatingPasswordEncoder(this.bcryptId + "INVALID", this.delegates));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setDefaultPasswordEncoderForMatchesWhenNullThenIllegalArgumentException() {
-		this.passwordEncoder.setDefaultPasswordEncoderForMatches(null);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.passwordEncoder.setDefaultPasswordEncoderForMatches(null));
 	}
 
 	@Test
@@ -180,9 +182,9 @@ public void matchesWhenNullIdThenDelegatesToInvalidId() {
 		verifyZeroInteractions(this.bcrypt, this.noop);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void matchesWhenRawPasswordNotNullAndEncodedPasswordNullThenThrowsIllegalArgumentException() {
-		this.passwordEncoder.matches(this.rawPassword, null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, null));
 	}
 
 	@Test
diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java
index c2ba10087ff..a24ae4be919 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java
@@ -21,6 +21,7 @@
 import org.springframework.security.crypto.keygen.KeyGenerators;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests {@link LdapShaPasswordEncoder}.
@@ -92,15 +93,16 @@ public void correctPrefixCaseIsUsed() {
 		assertThat(this.sha.encode("somepassword").startsWith("{SSHA}"));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void invalidPrefixIsRejected() {
-		this.sha.matches("somepassword", "{MD9}xxxxxxxxxx");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.sha.matches("somepassword", "{MD9}xxxxxxxxxx"));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void malformedPrefixIsRejected() {
 		// No right brace
-		this.sha.matches("somepassword", "{SSHA25ro4PKC8jhQZ26jVsozhX/xaP0suHgX");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.sha.matches("somepassword", "{SSHA25ro4PKC8jhQZ26jVsozhX/xaP0suHgX"));
 	}
 
 }
diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoderTests.java
index 057545ca41b..a08ea0d77b7 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoderTests.java
@@ -19,6 +19,7 @@
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
 
 /**
  * <p>
@@ -112,9 +113,9 @@ public void test256() {
 		assertThat(pe.matches(raw, "{THIS_IS_A_SALT}4b79b7de23eb23b78cc5ede227d532b8a51f89b2ec166f808af76b0dbedc47d7"));
 	}
 
-	@Test(expected = IllegalStateException.class)
+	@Test
 	public void testInvalidStrength() {
-		new MessageDigestPasswordEncoder("SHA-666");
+		assertThatIllegalStateException().isThrownBy(() -> new MessageDigestPasswordEncoder("SHA-666"));
 	}
 
 }
diff --git a/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java
index 6dcd99865a5..3c4eb04a9ba 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java
@@ -19,6 +19,7 @@
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Shazin Sadakath
@@ -91,29 +92,32 @@ public void doesntMatchBogusEncodedValue() {
 		assertThat(encoder.matches("password", "012345678901234567890123456789")).isFalse();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void invalidCpuCostParameter() {
-		new SCryptPasswordEncoder(Integer.MIN_VALUE, 16, 2, 32, 16);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new SCryptPasswordEncoder(Integer.MIN_VALUE, 16, 2, 32, 16));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void invalidMemoryCostParameter() {
-		new SCryptPasswordEncoder(2, Integer.MAX_VALUE, 2, 32, 16);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new SCryptPasswordEncoder(2, Integer.MAX_VALUE, 2, 32, 16));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void invalidParallelizationParameter() {
-		new SCryptPasswordEncoder(2, 8, Integer.MAX_VALUE, 32, 16);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new SCryptPasswordEncoder(2, 8, Integer.MAX_VALUE, 32, 16));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void invalidSaltLengthParameter() {
-		new SCryptPasswordEncoder(2, 8, 1, 16, -1);
+		assertThatIllegalArgumentException().isThrownBy(() -> new SCryptPasswordEncoder(2, 8, 1, 16, -1));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void invalidKeyLengthParameter() {
-		new SCryptPasswordEncoder(2, 8, 1, -1, 16);
+		assertThatIllegalArgumentException().isThrownBy(() -> new SCryptPasswordEncoder(2, 8, 1, -1, 16));
 	}
 
 	@Test
@@ -153,9 +157,10 @@ public void upgradeEncodingWhenStrongerToWeakerThenTrue() {
 		assertThat(strongEncoder.upgradeEncoding(weakPassword)).isTrue();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void upgradeEncodingWhenInvalidInputThenException() {
-		new SCryptPasswordEncoder().upgradeEncoding("not-a-scrypt-password");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new SCryptPasswordEncoder().upgradeEncoding("not-a-scrypt-password"));
 	}
 
 }
diff --git a/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java b/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java
index b4937afebbd..5283ee77599 100644
--- a/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java
+++ b/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java
@@ -25,6 +25,7 @@
 import org.springframework.security.core.context.SecurityContextHolder;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 public class SecurityEvaluationContextExtensionTests {
 
@@ -40,9 +41,9 @@ public void cleanup() {
 		SecurityContextHolder.clearContext();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void getRootObjectSecurityContextHolderAuthenticationNull() {
-		getRoot().getAuthentication();
+		assertThatIllegalArgumentException().isThrownBy(() -> getRoot().getAuthentication());
 	}
 
 	@Test
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/HttpPathParameterStrippingTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/HttpPathParameterStrippingTests.java
index eebe083e15e..9f7770003e9 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/HttpPathParameterStrippingTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/HttpPathParameterStrippingTests.java
@@ -34,7 +34,7 @@
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
-import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 @ContextConfiguration(locations = { "/http-path-param-stripping-app-context.xml" })
 @RunWith(SpringJUnit4ClassRunner.class)
@@ -43,33 +43,35 @@ public class HttpPathParameterStrippingTests {
 	@Autowired
 	private FilterChainProxy fcp;
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void securedFilterChainCannotBeBypassedByAddingPathParameters() throws Exception {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setPathInfo("/secured;x=y/admin.html");
 		request.setSession(createAuthenticatedSession("ROLE_USER"));
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		this.fcp.doFilter(request, response, new MockFilterChain());
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.fcp.doFilter(request, response, new MockFilterChain()));
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void adminFilePatternCannotBeBypassedByAddingPathParameters() throws Exception {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setServletPath("/secured/admin.html;x=user.html");
 		request.setSession(createAuthenticatedSession("ROLE_USER"));
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		this.fcp.doFilter(request, response, new MockFilterChain());
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.fcp.doFilter(request, response, new MockFilterChain()));
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void adminFilePatternCannotBeBypassedByAddingPathParametersWithPathInfo() throws Exception {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setServletPath("/secured");
 		request.setPathInfo("/admin.html;x=user.html");
 		request.setSession(createAuthenticatedSession("ROLE_USER"));
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		this.fcp.doFilter(request, response, new MockFilterChain());
-		assertThat(response.getStatus()).isEqualTo(403);
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.fcp.doFilter(request, response, new MockFilterChain()));
 	}
 
 	public HttpSession createAuthenticatedSession(String... roles) {
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/MultiAnnotationTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/MultiAnnotationTests.java
index 90fe40b4644..50813ce4aa4 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/MultiAnnotationTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/MultiAnnotationTests.java
@@ -31,6 +31,8 @@
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+
 /**
  * @author Luke Taylor
  */
@@ -57,16 +59,16 @@ public void clearContext() {
 		SecurityContextHolder.clearContext();
 	}
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void preAuthorizeDeniedIsDenied() {
 		SecurityContextHolder.getContext().setAuthentication(this.joe_a);
-		this.service.preAuthorizeDenyAllMethod();
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.service::preAuthorizeDenyAllMethod);
 	}
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void preAuthorizeRoleAIsDeniedIfRoleMissing() {
 		SecurityContextHolder.getContext().setAuthentication(this.joe_b);
-		this.service.preAuthorizeHasRoleAMethod();
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.service::preAuthorizeHasRoleAMethod);
 	}
 
 	@Test
@@ -81,10 +83,10 @@ public void securedAnonymousIsAllowed() {
 		this.service.securedAnonymousMethod();
 	}
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void securedRoleAIsDeniedIfRoleMissing() {
 		SecurityContextHolder.getContext().setAuthentication(this.joe_b);
-		this.service.securedRoleAMethod();
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.service::securedRoleAMethod);
 	}
 
 	@Test
@@ -93,16 +95,16 @@ public void securedRoleAIsAllowedIfRolePresent() {
 		this.service.securedRoleAMethod();
 	}
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void preAuthorizedOnlyServiceDeniesIfRoleMissing() {
 		SecurityContextHolder.getContext().setAuthentication(this.joe_b);
-		this.preService.preAuthorizedMethod();
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.preService::preAuthorizedMethod);
 	}
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void securedOnlyRoleAServiceDeniesIfRoleMissing() {
 		SecurityContextHolder.getContext().setAuthentication(this.joe_b);
-		this.secService.securedMethod();
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.secService::securedMethod);
 	}
 
 }
diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/SEC936ApplicationContextTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/SEC936ApplicationContextTests.java
index 03414f32eac..66e82b0f284 100644
--- a/itest/context/src/integration-test/java/org/springframework/security/integration/SEC936ApplicationContextTests.java
+++ b/itest/context/src/integration-test/java/org/springframework/security/integration/SEC936ApplicationContextTests.java
@@ -27,6 +27,8 @@
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+
 /**
  * @author Luke Taylor
  * @since 2.0
@@ -35,17 +37,17 @@
 @RunWith(SpringJUnit4ClassRunner.class)
 public class SEC936ApplicationContextTests {
 
-	@Autowired
 	/**
 	 * SessionRegistry is used as the test service interface (nothing to do with the test)
 	 */
+	@Autowired
 	private SessionRegistry sessionRegistry;
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void securityInterceptorHandlesCallWithNoTargetObject() {
 		SecurityContextHolder.getContext()
 				.setAuthentication(new UsernamePasswordAuthenticationToken("bob", "bobspassword"));
-		this.sessionRegistry.getAllPrincipals();
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.sessionRegistry::getAllPrincipals);
 	}
 
 }
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java
index 85d9c99e9fe..2158d7636a1 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java
@@ -20,8 +20,6 @@
 import java.util.Hashtable;
 import java.util.List;
 
-import javax.naming.directory.DirContext;
-
 import org.junit.Test;
 import org.junit.runner.RunWith;
 
@@ -32,6 +30,8 @@
 import org.springframework.test.context.junit4.SpringRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Luke Taylor
@@ -80,21 +80,14 @@ public void poolingFlagIsNotSetWhenAuthenticationDnIsNotManagerUserDn() {
 	}
 
 	// SEC-1145. Confirms that there is no issue here with pooling.
-	@Test(expected = AuthenticationException.class)
+	@Test
 	public void cantBindWithWrongPasswordImmediatelyAfterSuccessfulBind() throws Exception {
-		DirContext ctx = null;
-		try {
-			ctx = this.contextSource.getContext("uid=Bob,ou=people,dc=springframework,dc=org", "bobspassword");
-		}
-		catch (Exception ex) {
-		}
-		assertThat(ctx).isNotNull();
+		this.contextSource.getContext("uid=Bob,ou=people,dc=springframework,dc=org", "bobspassword").close();
 		// com.sun.jndi.ldap.LdapPoolManager.showStats(System.out);
-		ctx.close();
 		// com.sun.jndi.ldap.LdapPoolManager.showStats(System.out);
 		// Now get it gain, with wrong password. Should fail.
-		ctx = this.contextSource.getContext("uid=Bob,ou=people,dc=springframework,dc=org", "wrongpassword");
-		ctx.close();
+		assertThatExceptionOfType(AuthenticationException.class).isThrownBy(() -> this.contextSource
+				.getContext("uid=Bob,ou=people,dc=springframework,dc=org", "wrongpassword").close());
 	}
 
 	@Test
@@ -105,12 +98,14 @@ public void serverUrlWithSpacesIsSupported() {
 		contextSource.getContext("uid=space cadet,ou=space cadets,dc=springframework,dc=org", "spacecadetspassword");
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void instantiationFailsWithEmptyServerList() {
 		List<String> serverUrls = new ArrayList<>();
-		DefaultSpringSecurityContextSource ctxSrc = new DefaultSpringSecurityContextSource(serverUrls,
-				"dc=springframework,dc=org");
-		ctxSrc.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(() -> {
+			DefaultSpringSecurityContextSource ctxSrc = new DefaultSpringSecurityContextSource(serverUrls,
+					"dc=springframework,dc=org");
+			ctxSrc.afterPropertiesSet();
+		});
 	}
 
 	@Test
@@ -140,15 +135,15 @@ public void instantiationSuceedsWithEmtpyBaseDn() {
 		assertThat(ctxSrc.isPooled()).isTrue();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void instantiationFailsWithIncorrectServerUrl() {
 		List<String> serverUrls = new ArrayList<>();
 		// a simple trailing slash should be ok
 		serverUrls.add("ldaps://blah:636/");
 		// this url should be rejected because the root DN goes into a separate parameter
 		serverUrls.add("ldap://bar:389/dc=foobar,dc=org");
-		DefaultSpringSecurityContextSource ctxSrc = new DefaultSpringSecurityContextSource(serverUrls,
-				"dc=springframework,dc=org");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new DefaultSpringSecurityContextSource(serverUrls, "dc=springframework,dc=org"));
 	}
 
 	static class EnvExposingDefaultSpringSecurityContextSource extends DefaultSpringSecurityContextSource {
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/BindAuthenticatorTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/BindAuthenticatorTests.java
index 577fb9a1696..47151dfac79 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/BindAuthenticatorTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/BindAuthenticatorTests.java
@@ -60,9 +60,10 @@ public void setUp() {
 
 	}
 
-	@Test(expected = BadCredentialsException.class)
+	@Test
 	public void emptyPasswordIsRejected() {
-		this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("jen", ""));
+		assertThatExceptionOfType(BadCredentialsException.class)
+				.isThrownBy(() -> this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("jen", "")));
 	}
 
 	@Test
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorTests.java
index 44c9311fdef..bced081eec4 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorTests.java
@@ -37,6 +37,7 @@
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link PasswordComparisonAuthenticator}.
@@ -84,11 +85,12 @@ public void testFailedSearchGivesUserNotFoundException() throws Exception {
 				() -> this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("Joe", "pass")));
 	}
 
-	@Test(expected = BadCredentialsException.class)
+	@Test
 	public void testLdapPasswordCompareFailsWithWrongPassword() {
 		// Don't retrieve the password
 		this.authenticator.setUserAttributes(new String[] { "uid", "cn", "sn" });
-		this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("bob", "wrongpass"));
+		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(
+				() -> this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("bob", "wrongpass")));
 	}
 
 	@Test
@@ -121,9 +123,9 @@ public void testLdapCompareSucceedsWithShaEncodedPassword() {
 		this.authenticator.authenticate(this.ben);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testPasswordEncoderCantBeNull() {
-		this.authenticator.setPasswordEncoder(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authenticator.setPasswordEncoder(null));
 	}
 
 	@Test
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearchTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearchTests.java
index 517a4f67cf9..bcdf501b753 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearchTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearchTests.java
@@ -31,6 +31,7 @@
 import org.springframework.test.context.junit4.SpringRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * Tests for FilterBasedLdapUserSearch.
@@ -81,16 +82,17 @@ public void extraFilterPartToExcludeBob() {
 		assertThat(ben.getStringAttribute("cn")).isEqualTo("Ben Alex");
 	}
 
-	@Test(expected = IncorrectResultSizeDataAccessException.class)
+	@Test
 	public void searchFailsOnMultipleMatches() {
 		FilterBasedLdapUserSearch locator = new FilterBasedLdapUserSearch("ou=people", "(cn=*)", this.contextSource);
-		locator.searchForUser("Ignored");
+		assertThatExceptionOfType(IncorrectResultSizeDataAccessException.class)
+				.isThrownBy(() -> locator.searchForUser("Ignored"));
 	}
 
-	@Test(expected = UsernameNotFoundException.class)
+	@Test
 	public void searchForInvalidUserFails() {
 		FilterBasedLdapUserSearch locator = new FilterBasedLdapUserSearch("ou=people", "(uid={0})", this.contextSource);
-		locator.searchForUser("Joe");
+		assertThatExceptionOfType(UsernameNotFoundException.class).isThrownBy(() -> locator.searchForUser("Joe"));
 	}
 
 	@Test
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorTests.java
index 37cb58cc029..c28438478e8 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorTests.java
@@ -37,6 +37,7 @@
 import org.springframework.test.context.junit4.SpringRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Luke Taylor
@@ -198,9 +199,9 @@ public void customAuthoritiesMappingFunction() {
 		assertThat(authorities).allMatch(LdapAuthority.class::isInstance);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void customAuthoritiesMappingFunctionThrowsIfNull() {
-		this.populator.setAuthorityMapper(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.populator.setAuthorityMapper(null));
 	}
 
 }
diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerTests.java
index fdcbf7ba8e2..ad49af13caf 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerTests.java
@@ -118,9 +118,9 @@ public void testLoadUserByUsernameReturnsCorrectData() {
 		assertThat(bob.getAuthorities()).hasSize(1);
 	}
 
-	@Test(expected = UsernameNotFoundException.class)
+	@Test
 	public void testLoadingInvalidUsernameThrowsUsernameNotFoundException() {
-		this.mgr.loadUserByUsername("jim");
+		assertThatExceptionOfType(UsernameNotFoundException.class).isThrownBy(() -> this.mgr.loadUserByUsername("jim"));
 	}
 
 	@Test
@@ -201,7 +201,7 @@ public void testPasswordChangeWithCorrectOldPasswordSucceeds() {
 				.isTrue();
 	}
 
-	@Test(expected = BadCredentialsException.class)
+	@Test
 	public void testPasswordChangeWithWrongOldPasswordFails() {
 		InetOrgPerson.Essence p = new InetOrgPerson.Essence();
 		p.setDn("whocares");
@@ -210,13 +210,11 @@ public void testPasswordChangeWithWrongOldPasswordFails() {
 		p.setUid("johnyossarian");
 		p.setPassword("yossarianspassword");
 		p.setAuthorities(TEST_AUTHORITIES);
-
 		this.mgr.createUser(p.createUserDetails());
-
 		SecurityContextHolder.getContext().setAuthentication(
 				new UsernamePasswordAuthenticationToken("johnyossarian", "yossarianspassword", TEST_AUTHORITIES));
-
-		this.mgr.changePassword("wrongpassword", "yossariansnewpassword");
+		assertThatExceptionOfType(BadCredentialsException.class)
+				.isThrownBy(() -> this.mgr.changePassword("wrongpassword", "yossariansnewpassword"));
 	}
 
 }
diff --git a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java
index 1b8f25afad4..9eab38ef2ec 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java
@@ -30,6 +30,7 @@
 import org.springframework.security.ldap.userdetails.LdapUserDetailsImpl;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Luke Taylor
@@ -57,11 +58,11 @@ public void principalIsEmptyForAnonymousUser() {
 		assertThat(source.getPrincipal()).isEqualTo("");
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void getPrincipalRejectsNonLdapUserDetailsObject() {
 		AuthenticationSource source = new SpringSecurityAuthenticationSource();
 		SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new Object(), "password"));
-		source.getPrincipal();
+		assertThatIllegalArgumentException().isThrownBy(source::getPrincipal);
 	}
 
 	@Test
diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java
index 7b083051aa5..2c1a498de5e 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java
@@ -73,23 +73,23 @@ public void testEmptyOrNullUserNameThrowsException() {
 				() -> ldapProvider.authenticate(new UsernamePasswordAuthenticationToken("", "bobspassword")));
 	}
 
-	@Test(expected = BadCredentialsException.class)
+	@Test
 	public void usernameNotFoundExceptionIsHiddenByDefault() {
 		final LdapAuthenticator authenticator = mock(LdapAuthenticator.class);
 		final UsernamePasswordAuthenticationToken joe = new UsernamePasswordAuthenticationToken("joe", "password");
 		given(authenticator.authenticate(joe)).willThrow(new UsernameNotFoundException("nobody"));
 		LdapAuthenticationProvider provider = new LdapAuthenticationProvider(authenticator);
-		provider.authenticate(joe);
+		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> provider.authenticate(joe));
 	}
 
-	@Test(expected = UsernameNotFoundException.class)
+	@Test
 	public void usernameNotFoundExceptionIsNotHiddenIfConfigured() {
 		final LdapAuthenticator authenticator = mock(LdapAuthenticator.class);
 		final UsernamePasswordAuthenticationToken joe = new UsernamePasswordAuthenticationToken("joe", "password");
 		given(authenticator.authenticate(joe)).willThrow(new UsernameNotFoundException("nobody"));
 		LdapAuthenticationProvider provider = new LdapAuthenticationProvider(authenticator);
 		provider.setHideUserNotFoundExceptions(false);
-		provider.authenticate(joe);
+		assertThatExceptionOfType(UsernameNotFoundException.class).isThrownBy(() -> provider.authenticate(joe));
 	}
 
 	@Test
diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
index 72846149c21..d39d75efde0 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
@@ -49,6 +49,7 @@
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@@ -140,14 +141,14 @@ public void bindPrincipalAndUsernameUsed() throws Exception {
 		assertThat(result.isAuthenticated()).isTrue();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setSearchFilterNull() {
-		this.provider.setSearchFilter(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.provider.setSearchFilter(null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setSearchFilterEmpty() {
-		this.provider.setSearchFilter(" ");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.provider.setSearchFilter(" "));
 	}
 
 	@Test
@@ -164,35 +165,36 @@ public void nullDomainIsSupportedIfAuthenticatingWithFullUserPrincipal() throws
 		this.provider.authenticate(new UsernamePasswordAuthenticationToken("joe@mydomain.eu", "password"));
 	}
 
-	@Test(expected = BadCredentialsException.class)
+	@Test
 	public void failedUserSearchCausesBadCredentials() throws Exception {
 		DirContext ctx = mock(DirContext.class);
 		given(ctx.getNameInNamespace()).willReturn("");
 		given(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class)))
 				.willThrow(new NameNotFoundException());
 		this.provider.contextFactory = createContextFactoryReturning(ctx);
-		this.provider.authenticate(this.joe);
+		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.provider.authenticate(this.joe));
 	}
 
 	// SEC-2017
-	@Test(expected = BadCredentialsException.class)
+	@Test
 	public void noUserSearchCausesUsernameNotFound() throws Exception {
 		DirContext ctx = mock(DirContext.class);
 		given(ctx.getNameInNamespace()).willReturn("");
 		given(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class)))
 				.willReturn(new EmptyEnumeration<>());
 		this.provider.contextFactory = createContextFactoryReturning(ctx);
-		this.provider.authenticate(this.joe);
+		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.provider.authenticate(this.joe));
 	}
 
 	// SEC-2500
-	@Test(expected = BadCredentialsException.class)
+	@Test
 	public void sec2500PreventAnonymousBind() {
-		this.provider.authenticate(new UsernamePasswordAuthenticationToken("rwinch", ""));
+		assertThatExceptionOfType(BadCredentialsException.class)
+				.isThrownBy(() -> this.provider.authenticate(new UsernamePasswordAuthenticationToken("rwinch", "")));
 	}
 
+	@Test
 	@SuppressWarnings("unchecked")
-	@Test(expected = IncorrectResultSizeDataAccessException.class)
 	public void duplicateUserSearchCausesError() throws Exception {
 		DirContext ctx = mock(DirContext.class);
 		given(ctx.getNameInNamespace()).willReturn("");
@@ -204,30 +206,31 @@ public void duplicateUserSearchCausesError() throws Exception {
 		given(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class)))
 				.willReturn(searchResults);
 		this.provider.contextFactory = createContextFactoryReturning(ctx);
-		this.provider.authenticate(this.joe);
+		assertThatExceptionOfType(IncorrectResultSizeDataAccessException.class)
+				.isThrownBy(() -> this.provider.authenticate(this.joe));
 	}
 
 	static final String msg = "[LDAP: error code 49 - 80858585: LdapErr: DSID-DECAFF0, comment: AcceptSecurityContext error, data ";
 
-	@Test(expected = BadCredentialsException.class)
+	@Test
 	public void userNotFoundIsCorrectlyMapped() {
 		this.provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "525, xxxx]"));
 		this.provider.setConvertSubErrorCodesToExceptions(true);
-		this.provider.authenticate(this.joe);
+		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.provider.authenticate(this.joe));
 	}
 
-	@Test(expected = BadCredentialsException.class)
+	@Test
 	public void incorrectPasswordIsCorrectlyMapped() {
 		this.provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "52e, xxxx]"));
 		this.provider.setConvertSubErrorCodesToExceptions(true);
-		this.provider.authenticate(this.joe);
+		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.provider.authenticate(this.joe));
 	}
 
-	@Test(expected = BadCredentialsException.class)
+	@Test
 	public void notPermittedIsCorrectlyMapped() {
 		this.provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "530, xxxx]"));
 		this.provider.setConvertSubErrorCodesToExceptions(true);
-		this.provider.authenticate(this.joe);
+		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.provider.authenticate(this.joe));
 	}
 
 	@Test
@@ -242,47 +245,48 @@ public void passwordNeedsResetIsCorrectlyMapped() {
 						.isEqualTo(dataCode));
 	}
 
-	@Test(expected = CredentialsExpiredException.class)
+	@Test
 	public void expiredPasswordIsCorrectlyMapped() {
 		this.provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "532, xxxx]"));
 		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.provider.authenticate(this.joe));
 		this.provider.setConvertSubErrorCodesToExceptions(true);
-		this.provider.authenticate(this.joe);
+		assertThatExceptionOfType(CredentialsExpiredException.class)
+				.isThrownBy(() -> this.provider.authenticate(this.joe));
 	}
 
-	@Test(expected = DisabledException.class)
+	@Test
 	public void accountDisabledIsCorrectlyMapped() {
 		this.provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "533, xxxx]"));
 		this.provider.setConvertSubErrorCodesToExceptions(true);
-		this.provider.authenticate(this.joe);
+		assertThatExceptionOfType(DisabledException.class).isThrownBy(() -> this.provider.authenticate(this.joe));
 	}
 
-	@Test(expected = AccountExpiredException.class)
+	@Test
 	public void accountExpiredIsCorrectlyMapped() {
 		this.provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "701, xxxx]"));
 		this.provider.setConvertSubErrorCodesToExceptions(true);
-		this.provider.authenticate(this.joe);
+		assertThatExceptionOfType(AccountExpiredException.class).isThrownBy(() -> this.provider.authenticate(this.joe));
 	}
 
-	@Test(expected = LockedException.class)
+	@Test
 	public void accountLockedIsCorrectlyMapped() {
 		this.provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "775, xxxx]"));
 		this.provider.setConvertSubErrorCodesToExceptions(true);
-		this.provider.authenticate(this.joe);
+		assertThatExceptionOfType(LockedException.class).isThrownBy(() -> this.provider.authenticate(this.joe));
 	}
 
-	@Test(expected = BadCredentialsException.class)
+	@Test
 	public void unknownErrorCodeIsCorrectlyMapped() {
 		this.provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg + "999, xxxx]"));
 		this.provider.setConvertSubErrorCodesToExceptions(true);
-		this.provider.authenticate(this.joe);
+		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.provider.authenticate(this.joe));
 	}
 
-	@Test(expected = BadCredentialsException.class)
+	@Test
 	public void errorWithNoSubcodeIsHandledCleanly() {
 		this.provider.contextFactory = createContextFactoryThrowing(new AuthenticationException(msg));
 		this.provider.setConvertSubErrorCodesToExceptions(true);
-		this.provider.authenticate(this.joe);
+		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.provider.authenticate(this.joe));
 	}
 
 	@Test
@@ -293,13 +297,15 @@ public void nonAuthenticationExceptionIsConvertedToSpringLdapException() throws
 		}).withCauseInstanceOf(org.springframework.ldap.CommunicationException.class);
 	}
 
-	@Test(expected = org.springframework.security.authentication.InternalAuthenticationServiceException.class)
+	@Test
 	public void connectionExceptionIsWrappedInInternalException() throws Exception {
 		ActiveDirectoryLdapAuthenticationProvider noneReachableProvider = new ActiveDirectoryLdapAuthenticationProvider(
 				"mydomain.eu", NON_EXISTING_LDAP_PROVIDER, "dc=ad,dc=eu,dc=mydomain");
 		noneReachableProvider
 				.setContextEnvironmentProperties(Collections.singletonMap("com.sun.jndi.ldap.connect.timeout", "5"));
-		noneReachableProvider.doAuthentication(this.joe);
+		assertThatExceptionOfType(
+				org.springframework.security.authentication.InternalAuthenticationServiceException.class)
+						.isThrownBy(() -> noneReachableProvider.doAuthentication(this.joe));
 	}
 
 	@Test
@@ -309,14 +315,15 @@ public void rootDnProvidedSeparatelyFromDomainAlsoWorks() throws Exception {
 		checkAuthentication("dc=ad,dc=eu,dc=mydomain", provider);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setContextEnvironmentPropertiesNull() {
-		this.provider.setContextEnvironmentProperties(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.provider.setContextEnvironmentProperties(null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setContextEnvironmentPropertiesEmpty() {
-		this.provider.setContextEnvironmentProperties(new Hashtable<>());
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.provider.setContextEnvironmentProperties(new Hashtable<>()));
 	}
 
 	@Test
diff --git a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java
index 84cc77f851f..3ad5e279e03 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java
@@ -30,6 +30,7 @@
 import org.springframework.ldap.UncategorizedLdapException;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.BDDMockito.willThrow;
@@ -67,18 +68,20 @@ public void contextIsReturnedWhenNoControlsAreSetAndReconnectIsSuccessful() {
 		assertThat(this.ctxSource.getContext("user", "ignored")).isNotNull();
 	}
 
-	@Test(expected = UncategorizedLdapException.class)
+	@Test
 	public void standardExceptionIsPropagatedWhenExceptionRaisedAndNoControlsAreSet() throws Exception {
 		willThrow(new NamingException("some LDAP exception")).given(this.ctx).reconnect(any(Control[].class));
-		this.ctxSource.getContext("user", "ignored");
+		assertThatExceptionOfType(UncategorizedLdapException.class)
+				.isThrownBy(() -> this.ctxSource.getContext("user", "ignored"));
 	}
 
-	@Test(expected = PasswordPolicyException.class)
+	@Test
 	public void lockedPasswordPolicyControlRaisesPasswordPolicyException() throws Exception {
 		given(this.ctx.getResponseControls()).willReturn(new Control[] {
 				new PasswordPolicyResponseControl(PasswordPolicyResponseControlTests.OPENLDAP_LOCKED_CTRL) });
 		willThrow(new NamingException("locked message")).given(this.ctx).reconnect(any(Control[].class));
-		this.ctxSource.getContext("user", "ignored");
+		assertThatExceptionOfType(PasswordPolicyException.class)
+				.isThrownBy(() -> this.ctxSource.getContext("user", "ignored"));
 	}
 
 }
diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java
index 3dfd7c53dd9..8db2b98c57e 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java
@@ -31,6 +31,7 @@
 import org.springframework.security.ldap.authentication.NullLdapAuthoritiesPopulator;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link LdapUserDetailsService}
@@ -39,14 +40,15 @@
  */
 public class LdapUserDetailsServiceTests {
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void rejectsNullSearchObject() {
-		new LdapUserDetailsService(null, new NullLdapAuthoritiesPopulator());
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new LdapUserDetailsService(null, new NullLdapAuthoritiesPopulator()));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void rejectsNullAuthoritiesPopulator() {
-		new LdapUserDetailsService(new MockUserSearch(), null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new LdapUserDetailsService(new MockUserSearch(), null));
 	}
 
 	@Test
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java
index 13277bc7373..6cae7045d56 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java
@@ -36,6 +36,7 @@
 import org.springframework.security.core.authority.AuthorityUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.BDDMockito.given;
 
 @RunWith(MockitoJUnitRunner.class)
@@ -69,9 +70,9 @@ public void trustResolverPopulated() {
 		assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isFalse();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void trustResolverNull() {
-		this.handler.setTrustResolver(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.handler.setTrustResolver(null));
 	}
 
 	@Test
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java
index 5a12f89ea97..02113a6251e 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java
@@ -31,6 +31,7 @@
 import org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
@@ -51,14 +52,15 @@ public void setup() {
 		this.attribute = new MessageExpressionConfigAttribute(this.expression, this.matcher);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullExpression() {
-		new MessageExpressionConfigAttribute(null, this.matcher);
+		assertThatIllegalArgumentException().isThrownBy(() -> new MessageExpressionConfigAttribute(null, this.matcher));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullMatcher() {
-		new MessageExpressionConfigAttribute(this.expression, null);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new MessageExpressionConfigAttribute(this.expression, null));
 	}
 
 	@Test
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java
index 700e2714cb0..270ea4dc7a8 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java
@@ -36,6 +36,7 @@
 import org.springframework.security.messaging.util.matcher.MessageMatcher;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@@ -115,9 +116,9 @@ public void supportsMessageExpressionConfigAttributeTrue() {
 		assertThat(this.voter.supports(new MessageExpressionConfigAttribute(this.expression, this.matcher))).isTrue();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setExpressionHandlerNull() {
-		this.voter.setExpressionHandler(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.voter.setExpressionHandler(null));
 	}
 
 	@Test
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java
index 94d546c32ed..3e8356cd988 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java
@@ -39,6 +39,8 @@
 import org.springframework.security.core.context.SecurityContextHolder;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@@ -86,9 +88,9 @@ public void cleanup() {
 		SecurityContextHolder.clearContext();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorMessageSecurityMetadataSourceNull() {
-		new ChannelSecurityInterceptor(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new ChannelSecurityInterceptor(null));
 	}
 
 	@Test
@@ -113,12 +115,13 @@ public void preSendGrant() {
 		assertThat(result).isSameAs(this.message);
 	}
 
-	@Test(expected = AccessDeniedException.class)
+	@Test
 	public void preSendDeny() {
 		given(this.source.getAttributes(this.message)).willReturn(this.attrs);
 		willThrow(new AccessDeniedException("")).given(this.accessDecisionManager).decide(any(Authentication.class),
 				eq(this.message), eq(this.attrs));
-		this.interceptor.preSend(this.message, this.channel);
+		assertThatExceptionOfType(AccessDeniedException.class)
+				.isThrownBy(() -> this.interceptor.preSend(this.message, this.channel));
 	}
 
 	@SuppressWarnings("unchecked")
diff --git a/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java b/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java
index fe3e6c23235..c8700c7cced 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java
@@ -36,6 +36,7 @@
 import org.springframework.util.ReflectionUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * @author Rob Winch
@@ -138,16 +139,18 @@ public void resolveArgumentNullOnInvalidType() throws Exception {
 		assertThat(this.resolver.resolveArgument(showUserAnnotationString(), null)).isNull();
 	}
 
-	@Test(expected = ClassCastException.class)
+	@Test
 	public void resolveArgumentErrorOnInvalidType() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		this.resolver.resolveArgument(showUserAnnotationErrorOnInvalidType(), null);
+		assertThatExceptionOfType(ClassCastException.class)
+				.isThrownBy(() -> this.resolver.resolveArgument(showUserAnnotationErrorOnInvalidType(), null));
 	}
 
-	@Test(expected = ClassCastException.class)
+	@Test
 	public void resolveArgumentCustomserErrorOnInvalidType() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		this.resolver.resolveArgument(showUserAnnotationCurrentUserErrorOnInvalidType(), null);
+		assertThatExceptionOfType(ClassCastException.class).isThrownBy(
+				() -> this.resolver.resolveArgument(showUserAnnotationCurrentUserErrorOnInvalidType(), null));
 	}
 
 	@Test
diff --git a/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java
index c11683c3218..7f6c93a1aa5 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptorTests.java
@@ -36,6 +36,7 @@
 import org.springframework.security.core.context.SecurityContextHolder;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 @RunWith(MockitoJUnitRunner.class)
 public class SecurityContextChannelInterceptorTests {
@@ -71,9 +72,9 @@ public void cleanup() {
 		SecurityContextHolder.clearContext();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullHeader() {
-		new SecurityContextChannelInterceptor(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new SecurityContextChannelInterceptor(null));
 	}
 
 	@Test
@@ -92,9 +93,9 @@ public void preSendUserSet() {
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.authentication);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setAnonymousAuthenticationNull() {
-		this.interceptor.setAnonymousAuthentication(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.interceptor.setAnonymousAuthentication(null));
 	}
 
 	@Test
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java
index 368b50d8392..0b352d7f71a 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java
@@ -28,6 +28,8 @@
 import org.springframework.messaging.Message;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.assertj.core.api.Assertions.assertThatNullPointerException;
 import static org.mockito.BDDMockito.given;
 
 @RunWith(MockitoJUnitRunner.class)
@@ -44,35 +46,37 @@ public class AndMessageMatcherTests {
 
 	private MessageMatcher<Object> matcher;
 
-	@Test(expected = NullPointerException.class)
+	@Test
 	public void constructorNullArray() {
-		new AndMessageMatcher<>((MessageMatcher<Object>[]) null);
+		assertThatNullPointerException().isThrownBy(() -> new AndMessageMatcher<>((MessageMatcher<Object>[]) null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorArrayContainsNull() {
-		new AndMessageMatcher<>((MessageMatcher<Object>) null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new AndMessageMatcher<>((MessageMatcher<Object>) null));
 	}
 
+	@Test
 	@SuppressWarnings("unchecked")
-	@Test(expected = IllegalArgumentException.class)
 	public void constructorEmptyArray() {
-		new AndMessageMatcher<>(new MessageMatcher[0]);
+		assertThatIllegalArgumentException().isThrownBy(() -> new AndMessageMatcher<>(new MessageMatcher[0]));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullList() {
-		new AndMessageMatcher<>((List<MessageMatcher<Object>>) null);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new AndMessageMatcher<>((List<MessageMatcher<Object>>) null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorListContainsNull() {
-		new AndMessageMatcher<>(Arrays.asList((MessageMatcher<Object>) null));
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new AndMessageMatcher<>(Arrays.asList((MessageMatcher<Object>) null)));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorEmptyList() {
-		new AndMessageMatcher<>(Collections.emptyList());
+		assertThatIllegalArgumentException().isThrownBy(() -> new AndMessageMatcher<>(Collections.emptyList()));
 	}
 
 	@Test
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java
index 51aa9f30407..ddf6c198df9 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java
@@ -28,6 +28,8 @@
 import org.springframework.messaging.Message;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.assertj.core.api.Assertions.assertThatNullPointerException;
 import static org.mockito.BDDMockito.given;
 
 @RunWith(MockitoJUnitRunner.class)
@@ -44,35 +46,37 @@ public class OrMessageMatcherTests {
 
 	private MessageMatcher<Object> matcher;
 
-	@Test(expected = NullPointerException.class)
+	@Test
 	public void constructorNullArray() {
-		new OrMessageMatcher<>((MessageMatcher<Object>[]) null);
+		assertThatNullPointerException().isThrownBy(() -> new OrMessageMatcher<>((MessageMatcher<Object>[]) null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorArrayContainsNull() {
-		new OrMessageMatcher<>((MessageMatcher<Object>) null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new OrMessageMatcher<>((MessageMatcher<Object>) null));
 	}
 
+	@Test
 	@SuppressWarnings("unchecked")
-	@Test(expected = IllegalArgumentException.class)
 	public void constructorEmptyArray() {
-		new OrMessageMatcher<>(new MessageMatcher[0]);
+		assertThatIllegalArgumentException().isThrownBy(() -> new OrMessageMatcher<>(new MessageMatcher[0]));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullList() {
-		new OrMessageMatcher<>((List<MessageMatcher<Object>>) null);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OrMessageMatcher<>((List<MessageMatcher<Object>>) null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorListContainsNull() {
-		new OrMessageMatcher<>(Arrays.asList((MessageMatcher<Object>) null));
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OrMessageMatcher<>(Arrays.asList((MessageMatcher<Object>) null)));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorEmptyList() {
-		new OrMessageMatcher<>(Collections.emptyList());
+		assertThatIllegalArgumentException().isThrownBy(() -> new OrMessageMatcher<>(Collections.emptyList()));
 	}
 
 	@Test
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java
index 9161a95ff84..7f856c55a90 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcherTests.java
@@ -26,6 +26,7 @@
 import org.springframework.util.PathMatcher;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 public class SimpDestinationMessageMatcherTests {
 
@@ -42,9 +43,9 @@ public void setup() {
 		this.pathMatcher = new AntPathMatcher();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorPatternNull() {
-		new SimpDestinationMessageMatcher(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new SimpDestinationMessageMatcher(null));
 	}
 
 	public void constructorOnlyPathNoError() {
diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java
index 1f7f9c562c9..438a59fb41c 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcherTests.java
@@ -25,6 +25,7 @@
 import org.springframework.messaging.support.MessageBuilder;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 public class SimpMessageTypeMatcherTests {
 
@@ -35,9 +36,9 @@ public void setup() {
 		this.matcher = new SimpMessageTypeMatcher(SimpMessageType.MESSAGE);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullType() {
-		new SimpMessageTypeMatcher(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new SimpMessageTypeMatcher(null));
 	}
 
 	@Test
diff --git a/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java
index f7d1e6d76cd..91b59bb2516 100644
--- a/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java
@@ -35,6 +35,8 @@
 import org.springframework.security.web.csrf.InvalidCsrfTokenException;
 import org.springframework.security.web.csrf.MissingCsrfTokenException;
 
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+
 @RunWith(MockitoJUnitRunner.class)
 public class CsrfChannelInterceptorTests {
 
@@ -110,28 +112,32 @@ public void preSendIgnoresUnsubscribe() {
 		this.interceptor.preSend(message(), this.channel);
 	}
 
-	@Test(expected = InvalidCsrfTokenException.class)
+	@Test
 	public void preSendNoToken() {
 		this.messageHeaders.removeNativeHeader(this.token.getHeaderName());
-		this.interceptor.preSend(message(), this.channel);
+		assertThatExceptionOfType(InvalidCsrfTokenException.class)
+				.isThrownBy(() -> this.interceptor.preSend(message(), this.channel));
 	}
 
-	@Test(expected = InvalidCsrfTokenException.class)
+	@Test
 	public void preSendInvalidToken() {
 		this.messageHeaders.setNativeHeader(this.token.getHeaderName(), this.token.getToken() + "invalid");
-		this.interceptor.preSend(message(), this.channel);
+		assertThatExceptionOfType(InvalidCsrfTokenException.class)
+				.isThrownBy(() -> this.interceptor.preSend(message(), this.channel));
 	}
 
-	@Test(expected = MissingCsrfTokenException.class)
+	@Test
 	public void preSendMissingToken() {
 		this.messageHeaders.getSessionAttributes().clear();
-		this.interceptor.preSend(message(), this.channel);
+		assertThatExceptionOfType(MissingCsrfTokenException.class)
+				.isThrownBy(() -> this.interceptor.preSend(message(), this.channel));
 	}
 
-	@Test(expected = MissingCsrfTokenException.class)
+	@Test
 	public void preSendMissingTokenNullSessionAttributes() {
 		this.messageHeaders.setSessionAttributes(null);
-		this.interceptor.preSend(message(), this.channel);
+		assertThatExceptionOfType(MissingCsrfTokenException.class)
+				.isThrownBy(() -> this.interceptor.preSend(message(), this.channel));
 	}
 
 	private Message<String> message() {
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
index 6dbeffd490d..0afeaf067e8 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
@@ -60,9 +60,9 @@ public class InMemoryOAuth2AuthorizedClientServiceTests {
 	private InMemoryOAuth2AuthorizedClientService authorizedClientService = new InMemoryOAuth2AuthorizedClientService(
 			this.clientRegistrationRepository);
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() {
-		new InMemoryOAuth2AuthorizedClientService(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new InMemoryOAuth2AuthorizedClientService(null));
 	}
 
 	@Test
@@ -87,14 +87,16 @@ public void constructorWhenAuthorizedClientsProvidedThenUseProvidedAuthorizedCli
 		assertThatObject(authorizedClientService.loadAuthorizedClient(registrationId, this.principalName1)).isNotNull();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void loadAuthorizedClientWhenClientRegistrationIdIsNullThenThrowIllegalArgumentException() {
-		this.authorizedClientService.loadAuthorizedClient(null, this.principalName1);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientService.loadAuthorizedClient(null, this.principalName1));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void loadAuthorizedClientWhenPrincipalNameIsNullThenThrowIllegalArgumentException() {
-		this.authorizedClientService.loadAuthorizedClient(this.registration1.getRegistrationId(), null);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> this.authorizedClientService.loadAuthorizedClient(this.registration1.getRegistrationId(), null));
 	}
 
 	@Test
@@ -123,14 +125,16 @@ public void loadAuthorizedClientWhenClientRegistrationFoundAndAssociatedToPrinci
 		assertThat(loadedAuthorizedClient).isEqualTo(authorizedClient);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void saveAuthorizedClientWhenAuthorizedClientIsNullThenThrowIllegalArgumentException() {
-		this.authorizedClientService.saveAuthorizedClient(null, mock(Authentication.class));
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientService.saveAuthorizedClient(null, mock(Authentication.class)));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void saveAuthorizedClientWhenPrincipalIsNullThenThrowIllegalArgumentException() {
-		this.authorizedClientService.saveAuthorizedClient(mock(OAuth2AuthorizedClient.class), null);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> this.authorizedClientService.saveAuthorizedClient(mock(OAuth2AuthorizedClient.class), null));
 	}
 
 	@Test
@@ -145,14 +149,16 @@ public void saveAuthorizedClientWhenSavedThenCanLoad() {
 		assertThat(loadedAuthorizedClient).isEqualTo(authorizedClient);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void removeAuthorizedClientWhenClientRegistrationIdIsNullThenThrowIllegalArgumentException() {
-		this.authorizedClientService.removeAuthorizedClient(null, this.principalName2);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizedClientService.removeAuthorizedClient(null, this.principalName2));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void removeAuthorizedClientWhenPrincipalNameIsNullThenThrowIllegalArgumentException() {
-		this.authorizedClientService.removeAuthorizedClient(this.registration3.getRegistrationId(), null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientService
+				.removeAuthorizedClient(this.registration3.getRegistrationId(), null));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java
index a91d541770d..91ad10b9465 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java
@@ -25,6 +25,7 @@
 import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link OAuth2AuthorizedClient}.
@@ -46,19 +47,22 @@ public void setUp() {
 		this.accessToken = TestOAuth2AccessTokens.noScopes();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenClientRegistrationIsNullThenThrowIllegalArgumentException() {
-		new OAuth2AuthorizedClient(null, this.principalName, this.accessToken);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2AuthorizedClient(null, this.principalName, this.accessToken));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenPrincipalNameIsNullThenThrowIllegalArgumentException() {
-		new OAuth2AuthorizedClient(this.clientRegistration, null, this.accessToken);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2AuthorizedClient(this.clientRegistration, null, this.accessToken));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenAccessTokenIsNullThenThrowIllegalArgumentException() {
-		new OAuth2AuthorizedClient(this.clientRegistration, this.principalName, null);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2AuthorizedClient(this.clientRegistration, this.principalName, null));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java
index c250c84f06f..2610078fab0 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java
@@ -26,6 +26,7 @@
 import org.springframework.security.oauth2.core.user.OAuth2User;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.Mockito.mock;
 
 /**
@@ -48,9 +49,10 @@ public void setUp() {
 		this.authorizedClientRegistrationId = "client-registration-1";
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenPrincipalIsNullThenThrowIllegalArgumentException() {
-		new OAuth2AuthenticationToken(null, this.authorities, this.authorizedClientRegistrationId);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new OAuth2AuthenticationToken(null, this.authorities, this.authorizedClientRegistrationId));
 	}
 
 	@Test
@@ -63,9 +65,10 @@ public void constructorWhenAuthoritiesIsEmptyThenCreated() {
 		new OAuth2AuthenticationToken(this.principal, Collections.emptyList(), this.authorizedClientRegistrationId);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenAuthorizedClientRegistrationIdIsNullThenThrowIllegalArgumentException() {
-		new OAuth2AuthenticationToken(this.principal, this.authorities, null);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2AuthenticationToken(this.principal, this.authorities, null));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java
index cb83eef68b5..3c26b7b14eb 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java
@@ -33,6 +33,7 @@
 import org.springframework.security.oauth2.core.user.OAuth2User;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.Mockito.mock;
 
 /**
@@ -62,14 +63,16 @@ public void setUp() {
 		this.accessToken = TestOAuth2AccessTokens.noScopes();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorAuthorizationRequestResponseWhenClientRegistrationIsNullThenThrowIllegalArgumentException() {
-		new OAuth2LoginAuthenticationToken(null, this.authorizationExchange);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2LoginAuthenticationToken(null, this.authorizationExchange));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorAuthorizationRequestResponseWhenAuthorizationExchangeIsNullThenThrowIllegalArgumentException() {
-		new OAuth2LoginAuthenticationToken(this.clientRegistration, null);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2LoginAuthenticationToken(this.clientRegistration, null));
 	}
 
 	@Test
@@ -85,22 +88,24 @@ public void constructorAuthorizationRequestResponseWhenAllParametersProvidedAndV
 		assertThat(authentication.isAuthenticated()).isEqualTo(false);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorTokenRequestResponseWhenClientRegistrationIsNullThenThrowIllegalArgumentException() {
-		new OAuth2LoginAuthenticationToken(null, this.authorizationExchange, this.principal, this.authorities,
-				this.accessToken);
+		assertThatIllegalArgumentException().isThrownBy(() -> new OAuth2LoginAuthenticationToken(null,
+				this.authorizationExchange, this.principal, this.authorities, this.accessToken));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorTokenRequestResponseWhenAuthorizationExchangeIsNullThenThrowIllegalArgumentException() {
-		new OAuth2LoginAuthenticationToken(this.clientRegistration, null, this.principal, this.authorities,
-				this.accessToken);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2LoginAuthenticationToken(this.clientRegistration, null, this.principal,
+						this.authorities, this.accessToken));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorTokenRequestResponseWhenPrincipalIsNullThenThrowIllegalArgumentException() {
-		new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange, null, this.authorities,
-				this.accessToken);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2LoginAuthenticationToken(this.clientRegistration,
+						this.authorizationExchange, null, this.authorities, this.accessToken));
 	}
 
 	@Test
@@ -115,10 +120,11 @@ public void constructorTokenRequestResponseWhenAuthoritiesIsEmptyThenCreated() {
 				Collections.emptyList(), this.accessToken);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorTokenRequestResponseWhenAccessTokenIsNullThenThrowIllegalArgumentException() {
-		new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange, this.principal,
-				this.authorities, null);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2LoginAuthenticationToken(this.clientRegistration,
+						this.authorizationExchange, this.principal, this.authorities, null));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java
index 28c625f8411..19efce989a6 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java
@@ -26,6 +26,7 @@
 import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationExchanges;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link OAuth2AuthorizationCodeGrantRequest}.
@@ -44,14 +45,16 @@ public void setUp() {
 		this.authorizationExchange = TestOAuth2AuthorizationExchanges.success();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenClientRegistrationIsNullThenThrowIllegalArgumentException() {
-		new OAuth2AuthorizationCodeGrantRequest(null, this.authorizationExchange);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2AuthorizationCodeGrantRequest(null, this.authorizationExchange));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenAuthorizationExchangeIsNullThenThrowIllegalArgumentException() {
-		new OAuth2AuthorizationCodeGrantRequest(this.clientRegistration, null);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2AuthorizationCodeGrantRequest(this.clientRegistration, null));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
index 8617afe6000..f875b8e2185 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
@@ -42,6 +42,7 @@
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.atLeastOnce;
 import static org.mockito.Mockito.mock;
@@ -268,9 +269,9 @@ private MockResponse jsonResponse(String json) {
 		return new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(json);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setWebClientNullThenIllegalArgumentException() {
-		this.tokenResponseClient.setWebClient(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.setWebClient(null));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java
index a07e59979d5..5021c34d600 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java
@@ -35,6 +35,7 @@
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.atLeastOnce;
 import static org.mockito.Mockito.mock;
@@ -127,9 +128,9 @@ public void getTokenResponseWhenNoScopeThenClientRegistrationScopesDefaulted() {
 		assertThat(response.getAccessToken().getScopes()).isEqualTo(registration.getScopes());
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setWebClientNullThenIllegalArgumentException() {
-		this.client.setWebClient(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.client.setWebClient(null));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java
index fba7dfd338c..a571dcbf75c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java
@@ -70,23 +70,25 @@ private static Map<String, Object> createProviderConfigurationMetadata() {
 		return configurationMetadata;
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void buildWhenAuthorizationGrantTypeIsNullThenThrowIllegalArgumentException() {
-		// @formatter:off
-		ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID)
-				.clientSecret(CLIENT_SECRET)
-				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(null)
-				.redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0]))
-				.authorizationUri(AUTHORIZATION_URI)
-				.tokenUri(TOKEN_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-				.jwkSetUri(JWK_SET_URI)
-				.clientName(CLIENT_NAME)
-				.build();
+		assertThatIllegalArgumentException().isThrownBy(() ->
+		// @formatter:off
+			ClientRegistration.withRegistrationId(REGISTRATION_ID)
+					.clientId(CLIENT_ID)
+					.clientSecret(CLIENT_SECRET)
+					.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+					.authorizationGrantType(null)
+					.redirectUri(REDIRECT_URI)
+					.scope(SCOPES.toArray(new String[0]))
+					.authorizationUri(AUTHORIZATION_URI)
+					.tokenUri(TOKEN_URI)
+					.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+					.jwkSetUri(JWK_SET_URI)
+					.clientName(CLIENT_NAME)
+					.build()
 		// @formatter:on
+		);
 	}
 
 	@Test
@@ -126,42 +128,46 @@ public void buildWhenAuthorizationCodeGrantAllAttributesProvidedThenAllAttribute
 		assertThat(registration.getClientName()).isEqualTo(CLIENT_NAME);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void buildWhenAuthorizationCodeGrantRegistrationIdIsNullThenThrowIllegalArgumentException() {
-		// @formatter:off
-		ClientRegistration.withRegistrationId(null)
-				.clientId(CLIENT_ID)
-				.clientSecret(CLIENT_SECRET)
-				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0]))
-				.authorizationUri(AUTHORIZATION_URI)
-				.tokenUri(TOKEN_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-				.jwkSetUri(JWK_SET_URI)
-				.clientName(CLIENT_NAME)
-				.build();
+		assertThatIllegalArgumentException().isThrownBy(() ->
+		// @formatter:off
+			ClientRegistration.withRegistrationId(null)
+					.clientId(CLIENT_ID)
+					.clientSecret(CLIENT_SECRET)
+					.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+					.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+					.redirectUri(REDIRECT_URI)
+					.scope(SCOPES.toArray(new String[0]))
+					.authorizationUri(AUTHORIZATION_URI)
+					.tokenUri(TOKEN_URI)
+					.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+					.jwkSetUri(JWK_SET_URI)
+					.clientName(CLIENT_NAME)
+					.build()
 		// @formatter:on
+		);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void buildWhenAuthorizationCodeGrantClientIdIsNullThenThrowIllegalArgumentException() {
-		// @formatter:off
-		ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(null)
-				.clientSecret(CLIENT_SECRET)
-				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0]))
-				.authorizationUri(AUTHORIZATION_URI)
-				.tokenUri(TOKEN_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-				.jwkSetUri(JWK_SET_URI)
-				.clientName(CLIENT_NAME)
-				.build();
-		// @formatter:on
+		assertThatIllegalArgumentException().isThrownBy(() ->
+		// @formatter:off
+			ClientRegistration.withRegistrationId(REGISTRATION_ID)
+					.clientId(null)
+					.clientSecret(CLIENT_SECRET)
+					.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+					.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+					.redirectUri(REDIRECT_URI)
+					.scope(SCOPES.toArray(new String[0]))
+					.authorizationUri(AUTHORIZATION_URI)
+					.tokenUri(TOKEN_URI)
+					.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+					.jwkSetUri(JWK_SET_URI)
+					.clientName(CLIENT_NAME)
+					.build()
+			// @formatter:on
+		);
 	}
 
 	@Test
@@ -242,23 +248,25 @@ public void buildWhenAuthorizationCodeGrantClientAuthenticationMethodNotProvided
 		assertThat(clientRegistration.getClientSecret()).isEqualTo("");
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void buildWhenAuthorizationCodeGrantRedirectUriIsNullThenThrowIllegalArgumentException() {
-		// @formatter:off
-		ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID)
-				.clientSecret(CLIENT_SECRET)
-				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUri(null)
-				.scope(SCOPES.toArray(new String[0]))
-				.authorizationUri(AUTHORIZATION_URI)
-				.tokenUri(TOKEN_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-				.jwkSetUri(JWK_SET_URI)
-				.clientName(CLIENT_NAME)
-				.build();
+		assertThatIllegalArgumentException().isThrownBy(() ->
+		// @formatter:off
+			ClientRegistration.withRegistrationId(REGISTRATION_ID)
+					.clientId(CLIENT_ID)
+					.clientSecret(CLIENT_SECRET)
+					.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+					.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+					.redirectUri(null)
+					.scope(SCOPES.toArray(new String[0]))
+					.authorizationUri(AUTHORIZATION_URI)
+					.tokenUri(TOKEN_URI)
+					.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+					.jwkSetUri(JWK_SET_URI)
+					.clientName(CLIENT_NAME)
+					.build()
 		// @formatter:on
+		);
 	}
 
 	// gh-5494
@@ -281,42 +289,46 @@ public void buildWhenAuthorizationCodeGrantScopeIsNullThenScopeNotRequired() {
 		// @formatter:on
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void buildWhenAuthorizationCodeGrantAuthorizationUriIsNullThenThrowIllegalArgumentException() {
-		// @formatter:off
-		ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID)
-				.clientSecret(CLIENT_SECRET)
-				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0]))
-				.authorizationUri(null)
-				.tokenUri(TOKEN_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-				.jwkSetUri(JWK_SET_URI)
-				.clientName(CLIENT_NAME)
-				.build();
+		assertThatIllegalArgumentException().isThrownBy(() ->
+		// @formatter:off
+			ClientRegistration.withRegistrationId(REGISTRATION_ID)
+					.clientId(CLIENT_ID)
+					.clientSecret(CLIENT_SECRET)
+					.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+					.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+					.redirectUri(REDIRECT_URI)
+					.scope(SCOPES.toArray(new String[0]))
+					.authorizationUri(null)
+					.tokenUri(TOKEN_URI)
+					.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+					.jwkSetUri(JWK_SET_URI)
+					.clientName(CLIENT_NAME)
+					.build()
 		// @formatter:on
+		);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void buildWhenAuthorizationCodeGrantTokenUriIsNullThenThrowIllegalArgumentException() {
-		// @formatter:off
-		ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID)
-				.clientSecret(CLIENT_SECRET)
-				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0]))
-				.authorizationUri(AUTHORIZATION_URI)
-				.tokenUri(null)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-				.jwkSetUri(JWK_SET_URI)
-				.clientName(CLIENT_NAME)
-				.build();
+		assertThatIllegalArgumentException().isThrownBy(() ->
+		// @formatter:off
+			ClientRegistration.withRegistrationId(REGISTRATION_ID)
+					.clientId(CLIENT_ID)
+					.clientSecret(CLIENT_SECRET)
+					.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+					.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+					.redirectUri(REDIRECT_URI)
+					.scope(SCOPES.toArray(new String[0]))
+					.authorizationUri(AUTHORIZATION_URI)
+					.tokenUri(null)
+					.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+					.jwkSetUri(JWK_SET_URI)
+					.clientName(CLIENT_NAME)
+					.build()
 		// @formatter:on
+		);
 	}
 
 	@Test
@@ -441,49 +453,55 @@ public void buildWhenImplicitGrantAllAttributesProvidedThenAllAttributesAreSet()
 		assertThat(registration.getClientName()).isEqualTo(CLIENT_NAME);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void buildWhenImplicitGrantRegistrationIdIsNullThenThrowIllegalArgumentException() {
-		// @formatter:off
-		ClientRegistration.withRegistrationId(null)
-				.clientId(CLIENT_ID)
-				.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
-				.redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0]))
-				.authorizationUri(AUTHORIZATION_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-				.clientName(CLIENT_NAME)
-				.build();
+		assertThatIllegalArgumentException().isThrownBy(() ->
+		// @formatter:off
+			ClientRegistration.withRegistrationId(null)
+					.clientId(CLIENT_ID)
+					.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
+					.redirectUri(REDIRECT_URI)
+					.scope(SCOPES.toArray(new String[0]))
+					.authorizationUri(AUTHORIZATION_URI)
+					.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+					.clientName(CLIENT_NAME)
+					.build()
 		// @formatter:on
+		);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void buildWhenImplicitGrantClientIdIsNullThenThrowIllegalArgumentException() {
-		// @formatter:off
-		ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(null)
-				.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
-				.redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0]))
-				.authorizationUri(AUTHORIZATION_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-				.clientName(CLIENT_NAME)
-				.build();
+		assertThatIllegalArgumentException().isThrownBy(() ->
+		// @formatter:off
+			ClientRegistration.withRegistrationId(REGISTRATION_ID)
+					.clientId(null)
+					.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
+					.redirectUri(REDIRECT_URI)
+					.scope(SCOPES.toArray(new String[0]))
+					.authorizationUri(AUTHORIZATION_URI)
+					.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+					.clientName(CLIENT_NAME)
+					.build()
 		// @formatter:on
+		);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void buildWhenImplicitGrantRedirectUriIsNullThenThrowIllegalArgumentException() {
-		// @formatter:off
-		ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID)
-				.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
-				.redirectUri(null)
-				.scope(SCOPES.toArray(new String[0]))
-				.authorizationUri(AUTHORIZATION_URI)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-				.clientName(CLIENT_NAME)
-				.build();
+		assertThatIllegalArgumentException().isThrownBy(() ->
+		// @formatter:off
+			ClientRegistration.withRegistrationId(REGISTRATION_ID)
+					.clientId(CLIENT_ID)
+					.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
+					.redirectUri(null)
+					.scope(SCOPES.toArray(new String[0]))
+					.authorizationUri(AUTHORIZATION_URI)
+					.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+					.clientName(CLIENT_NAME)
+					.build()
 		// @formatter:on
+		);
 	}
 
 	// gh-5494
@@ -502,19 +520,21 @@ public void buildWhenImplicitGrantScopeIsNullThenScopeNotRequired() {
 		// @formatter:on
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void buildWhenImplicitGrantAuthorizationUriIsNullThenThrowIllegalArgumentException() {
-		// @formatter:off
-		ClientRegistration.withRegistrationId(REGISTRATION_ID)
-				.clientId(CLIENT_ID)
-				.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
-				.redirectUri(REDIRECT_URI)
-				.scope(SCOPES.toArray(new String[0]))
-				.authorizationUri(null)
-				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
-				.clientName(CLIENT_NAME)
-				.build();
+		assertThatIllegalArgumentException().isThrownBy(() ->
+		// @formatter:off
+			ClientRegistration.withRegistrationId(REGISTRATION_ID)
+					.clientId(CLIENT_ID)
+					.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
+					.redirectUri(REDIRECT_URI)
+					.scope(SCOPES.toArray(new String[0]))
+					.authorizationUri(null)
+					.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
+					.clientName(CLIENT_NAME)
+					.build()
 		// @formatter:on
+		);
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepositoryTests.java
index e222dd63fdf..ccdbadc198c 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepositoryTests.java
@@ -25,6 +25,9 @@
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
 
 /**
  * Tests for {@link InMemoryClientRegistrationRepository}.
@@ -39,21 +42,22 @@ public class InMemoryClientRegistrationRepositoryTests {
 
 	private InMemoryClientRegistrationRepository clients = new InMemoryClientRegistrationRepository(this.registration);
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorListClientRegistrationWhenNullThenIllegalArgumentException() {
-		List<ClientRegistration> registrations = null;
-		new InMemoryClientRegistrationRepository(registrations);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new InMemoryClientRegistrationRepository((List<ClientRegistration>) null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorListClientRegistrationWhenEmptyThenIllegalArgumentException() {
-		List<ClientRegistration> registrations = Collections.emptyList();
-		new InMemoryClientRegistrationRepository(registrations);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new InMemoryClientRegistrationRepository(Collections.emptyList()));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorMapClientRegistrationWhenNullThenIllegalArgumentException() {
-		new InMemoryClientRegistrationRepository((Map<String, ClientRegistration>) null);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new InMemoryClientRegistrationRepository((Map<String, ClientRegistration>) null));
 	}
 
 	@Test
@@ -62,10 +66,10 @@ public void constructorMapClientRegistrationWhenEmptyMapThenRepositoryIsEmpty()
 		assertThat(clients).isEmpty();
 	}
 
-	@Test(expected = IllegalStateException.class)
+	@Test
 	public void constructorListClientRegistrationWhenDuplicateIdThenIllegalArgumentException() {
 		List<ClientRegistration> registrations = Arrays.asList(this.registration, this.registration);
-		new InMemoryClientRegistrationRepository(registrations);
+		assertThatIllegalStateException().isThrownBy(() -> new InMemoryClientRegistrationRepository(registrations));
 	}
 
 	@Test
@@ -80,15 +84,14 @@ public void findByRegistrationIdWhenNotFoundThenNull() {
 		assertThat(this.clients.findByRegistrationId(id)).isNull();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void findByRegistrationIdWhenNullIdThenIllegalArgumentException() {
-		String id = null;
-		assertThat(this.clients.findByRegistrationId(id));
+		assertThatIllegalArgumentException().isThrownBy(() -> this.clients.findByRegistrationId(null));
 	}
 
-	@Test(expected = UnsupportedOperationException.class)
+	@Test
 	public void iteratorWhenRemoveThenThrowsUnsupportedOperationException() {
-		this.clients.iterator().remove();
+		assertThatExceptionOfType(UnsupportedOperationException.class).isThrownBy(this.clients.iterator()::remove);
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepositoryTests.java
index 43dbefe7822..e4ec77190ea 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepositoryTests.java
@@ -25,6 +25,7 @@
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
 
 /**
  * @author Rob Winch
@@ -60,10 +61,11 @@ public void constructorWhenClientRegistrationListThenIllegalArgumentException()
 				.isThrownBy(() -> new InMemoryReactiveClientRegistrationRepository(registrations));
 	}
 
-	@Test(expected = IllegalStateException.class)
+	@Test
 	public void constructorListClientRegistrationWhenDuplicateIdThenIllegalArgumentException() {
 		List<ClientRegistration> registrations = Arrays.asList(this.registration, this.registration);
-		new InMemoryReactiveClientRegistrationRepository(registrations);
+		assertThatIllegalStateException()
+				.isThrownBy(() -> new InMemoryReactiveClientRegistrationRepository(registrations));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java
index f259c60ddf3..ba78eca2fec 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java
@@ -24,6 +24,7 @@
 import org.springframework.security.oauth2.core.user.OAuth2User;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -35,23 +36,24 @@
  */
 public class DelegatingOAuth2UserServiceTests {
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenUserServicesIsNullThenThrowIllegalArgumentException() {
-		new DelegatingOAuth2UserService<>(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new DelegatingOAuth2UserService<>(null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenUserServicesIsEmptyThenThrowIllegalArgumentException() {
-		new DelegatingOAuth2UserService<>(Collections.emptyList());
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new DelegatingOAuth2UserService<>(Collections.emptyList()));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	@SuppressWarnings("unchecked")
 	public void loadUserWhenUserRequestIsNullThenThrowIllegalArgumentException() {
 		OAuth2UserService<OAuth2UserRequest, OAuth2User> userService = mock(OAuth2UserService.class);
 		DelegatingOAuth2UserService<OAuth2UserRequest, OAuth2User> delegatingUserService = new DelegatingOAuth2UserService<>(
 				Arrays.asList(userService, userService));
-		delegatingUserService.loadUser(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> delegatingUserService.loadUser(null));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java
index ba329f42e94..66d6e1d90dc 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java
@@ -42,9 +42,10 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
 
 	private HttpSessionOAuth2AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionOAuth2AuthorizationRequestRepository();
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void loadAuthorizationRequestWhenHttpServletRequestIsNullThenThrowIllegalArgumentException() {
-		this.authorizationRequestRepository.loadAuthorizationRequest(null);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.authorizationRequestRepository.loadAuthorizationRequest(null));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthorizationGrantTypeTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthorizationGrantTypeTests.java
index d8b5aa6cd11..4aae548f074 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthorizationGrantTypeTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthorizationGrantTypeTests.java
@@ -19,6 +19,7 @@
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link AuthorizationGrantType}.
@@ -27,9 +28,9 @@
  */
 public class AuthorizationGrantTypeTests {
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenValueIsNullThenThrowIllegalArgumentException() {
-		new AuthorizationGrantType(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new AuthorizationGrantType(null));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClientAuthenticationMethodTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClientAuthenticationMethodTests.java
index e514bf4c2ef..78816f928ce 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClientAuthenticationMethodTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClientAuthenticationMethodTests.java
@@ -19,6 +19,7 @@
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link ClientAuthenticationMethod}.
@@ -27,9 +28,9 @@
  */
 public class ClientAuthenticationMethodTests {
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenValueIsNullThenThrowIllegalArgumentException() {
-		new ClientAuthenticationMethod(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new ClientAuthenticationMethod(null));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java
index 984c1b78044..13fb265cf65 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java
@@ -26,6 +26,7 @@
 import org.springframework.util.SerializationUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link OAuth2AccessToken}.
@@ -49,24 +50,28 @@ public void tokenTypeGetValueWhenTokenTypeBearerThenReturnBearer() {
 		assertThat(OAuth2AccessToken.TokenType.BEARER.getValue()).isEqualTo("Bearer");
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenTokenTypeIsNullThenThrowIllegalArgumentException() {
-		new OAuth2AccessToken(null, TOKEN_VALUE, ISSUED_AT, EXPIRES_AT);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2AccessToken(null, TOKEN_VALUE, ISSUED_AT, EXPIRES_AT));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenTokenValueIsNullThenThrowIllegalArgumentException() {
-		new OAuth2AccessToken(TOKEN_TYPE, null, ISSUED_AT, EXPIRES_AT);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2AccessToken(TOKEN_TYPE, null, ISSUED_AT, EXPIRES_AT));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenIssuedAtAfterExpiresAtThenThrowIllegalArgumentException() {
-		new OAuth2AccessToken(TOKEN_TYPE, TOKEN_VALUE, Instant.from(EXPIRES_AT).plusSeconds(1), EXPIRES_AT);
+		assertThatIllegalArgumentException().isThrownBy(() -> new OAuth2AccessToken(TOKEN_TYPE, TOKEN_VALUE,
+				Instant.from(EXPIRES_AT).plusSeconds(1), EXPIRES_AT));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenExpiresAtBeforeIssuedAtThenThrowIllegalArgumentException() {
-		new OAuth2AccessToken(TOKEN_TYPE, TOKEN_VALUE, ISSUED_AT, Instant.from(ISSUED_AT).minusSeconds(1));
+		assertThatIllegalArgumentException().isThrownBy(() -> new OAuth2AccessToken(TOKEN_TYPE, TOKEN_VALUE, ISSUED_AT,
+				Instant.from(ISSUED_AT).minusSeconds(1)));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2ErrorTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2ErrorTests.java
index fab4afdc2cb..e54ae5419f3 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2ErrorTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2ErrorTests.java
@@ -19,6 +19,7 @@
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link OAuth2Error}.
@@ -33,9 +34,9 @@ public class OAuth2ErrorTests {
 
 	private static final String ERROR_URI = "error-uri";
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenErrorCodeIsNullThenThrowIllegalArgumentException() {
-		new OAuth2Error(null, ERROR_DESCRIPTION, ERROR_URI);
+		assertThatIllegalArgumentException().isThrownBy(() -> new OAuth2Error(null, ERROR_DESCRIPTION, ERROR_URI));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java
index 1d1974f8e48..8783e29aa38 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java
@@ -28,6 +28,7 @@
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link OAuth2AccessTokenResponse}.
@@ -43,24 +44,28 @@ public class OAuth2AccessTokenResponseTests {
 
 	private static final long EXPIRES_IN = Instant.now().plusSeconds(5).toEpochMilli();
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void buildWhenTokenValueIsNullThenThrowIllegalArgumentException() {
+		assertThatIllegalArgumentException().isThrownBy(() ->
 		// @formatter:off
-		OAuth2AccessTokenResponse.withToken(null)
-				.tokenType(OAuth2AccessToken.TokenType.BEARER)
-				.expiresIn(EXPIRES_IN)
-				.build();
+			OAuth2AccessTokenResponse.withToken(null)
+					.tokenType(OAuth2AccessToken.TokenType.BEARER)
+					.expiresIn(EXPIRES_IN)
+					.build()
 		// @formatter:on
+		);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void buildWhenTokenTypeIsNullThenThrowIllegalArgumentException() {
+		assertThatIllegalArgumentException().isThrownBy(() ->
 		// @formatter:off
-		OAuth2AccessTokenResponse.withToken(TOKEN_VALUE)
-				.tokenType(null)
-				.expiresIn(EXPIRES_IN)
-				.build();
+			OAuth2AccessTokenResponse.withToken(TOKEN_VALUE)
+					.tokenType(null)
+					.expiresIn(EXPIRES_IN)
+					.build()
 		// @formatter:on
+		);
 	}
 
 	@Test
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchangeTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchangeTests.java
index bd134c245b4..6224249d424 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchangeTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchangeTests.java
@@ -19,6 +19,7 @@
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link OAuth2AuthorizationExchange}.
@@ -27,14 +28,16 @@
  */
 public class OAuth2AuthorizationExchangeTests {
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenAuthorizationRequestIsNullThenThrowIllegalArgumentException() {
-		new OAuth2AuthorizationExchange(null, TestOAuth2AuthorizationResponses.success().build());
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new OAuth2AuthorizationExchange(null, TestOAuth2AuthorizationResponses.success().build()));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenAuthorizationResponseIsNullThenThrowIllegalArgumentException() {
-		new OAuth2AuthorizationExchange(TestOAuth2AuthorizationRequests.request().build(), null);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new OAuth2AuthorizationExchange(TestOAuth2AuthorizationRequests.request().build(), null));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTests.java
index 413fb236cd6..93dbea3424e 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTests.java
@@ -19,6 +19,7 @@
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link OAuth2AuthorizationResponse}.
@@ -39,24 +40,28 @@ public class OAuth2AuthorizationResponseTests {
 
 	private static final String ERROR_URI = "error-uri";
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void buildSuccessResponseWhenAuthCodeIsNullThenThrowIllegalArgumentException() {
+		assertThatIllegalArgumentException().isThrownBy(() ->
 		// @formatter:off
-		OAuth2AuthorizationResponse.success(null)
-				.redirectUri(REDIRECT_URI)
-				.state(STATE)
-				.build();
+			OAuth2AuthorizationResponse.success(null)
+					.redirectUri(REDIRECT_URI)
+					.state(STATE)
+					.build()
 		// @formatter:on
+		);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void buildSuccessResponseWhenRedirectUriIsNullThenThrowIllegalArgumentException() {
+		assertThatIllegalArgumentException().isThrownBy(() ->
 		// @formatter:off
-		OAuth2AuthorizationResponse.success(AUTH_CODE)
-				.redirectUri(null)
-				.state(STATE)
-				.build();
+			OAuth2AuthorizationResponse.success(AUTH_CODE)
+					.redirectUri(null)
+					.state(STATE)
+					.build()
 		// @formatter:on
+		);
 	}
 
 	@Test
@@ -85,35 +90,41 @@ public void buildSuccessResponseWhenAllAttributesProvidedThenAllAttributesAreSet
 		// @formatter:on
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void buildSuccessResponseWhenErrorCodeIsSetThenThrowIllegalArgumentException() {
+		assertThatIllegalArgumentException().isThrownBy(() ->
 		// @formatter:off
-		OAuth2AuthorizationResponse.success(AUTH_CODE)
-				.redirectUri(REDIRECT_URI)
-				.state(STATE)
-				.errorCode(ERROR_CODE)
-				.build();
+			OAuth2AuthorizationResponse.success(AUTH_CODE)
+					.redirectUri(REDIRECT_URI)
+					.state(STATE)
+					.errorCode(ERROR_CODE)
+					.build()
 		// @formatter:on
+		);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void buildErrorResponseWhenErrorCodeIsNullThenThrowIllegalArgumentException() {
+		assertThatIllegalArgumentException().isThrownBy(() ->
 		// @formatter:off
-		OAuth2AuthorizationResponse.error(null)
-				.redirectUri(REDIRECT_URI)
-				.state(STATE)
-				.build();
+			OAuth2AuthorizationResponse.error(null)
+					.redirectUri(REDIRECT_URI)
+					.state(STATE)
+					.build()
 		// @formatter:on
+		);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void buildErrorResponseWhenRedirectUriIsNullThenThrowIllegalArgumentException() {
+		assertThatIllegalArgumentException().isThrownBy(() ->
 		// @formatter:off
-		OAuth2AuthorizationResponse.error(ERROR_CODE)
-				.redirectUri(null)
-				.state(STATE)
-				.build();
+			OAuth2AuthorizationResponse.error(ERROR_CODE)
+					.redirectUri(null)
+					.state(STATE)
+					.build()
 		// @formatter:on
+		);
 	}
 
 	@Test
@@ -148,15 +159,17 @@ public void buildErrorResponseWhenAllAttributesProvidedThenAllAttributesAreSet()
 		// @formatter:on
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void buildErrorResponseWhenAuthCodeIsSetThenThrowIllegalArgumentException() {
+		assertThatIllegalArgumentException().isThrownBy(() ->
 		// @formatter:off
-		OAuth2AuthorizationResponse.error(ERROR_CODE)
-				.redirectUri(REDIRECT_URI)
-				.state(STATE)
-				.code(AUTH_CODE)
-				.build();
+			OAuth2AuthorizationResponse.error(ERROR_CODE)
+					.redirectUri(REDIRECT_URI)
+					.state(STATE)
+					.code(AUTH_CODE)
+					.build()
 		// @formatter:on
+		);
 	}
 
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenTests.java
index 4f795c6f95a..aa4d5ad6043 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenTests.java
@@ -26,6 +26,7 @@
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link OidcIdToken}.
@@ -101,15 +102,16 @@ public class OidcIdTokenTests {
 		CLAIMS.put(C_HASH_CLAIM, C_HASH_VALUE);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenTokenValueIsNullThenThrowIllegalArgumentException() {
-		new OidcIdToken(null, Instant.ofEpochMilli(IAT_VALUE), Instant.ofEpochMilli(EXP_VALUE), CLAIMS);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new OidcIdToken(null, Instant.ofEpochMilli(IAT_VALUE), Instant.ofEpochMilli(EXP_VALUE), CLAIMS));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenClaimsIsEmptyThenThrowIllegalArgumentException() {
-		new OidcIdToken(ID_TOKEN_VALUE, Instant.ofEpochMilli(IAT_VALUE), Instant.ofEpochMilli(EXP_VALUE),
-				Collections.emptyMap());
+		assertThatIllegalArgumentException().isThrownBy(() -> new OidcIdToken(ID_TOKEN_VALUE,
+				Instant.ofEpochMilli(IAT_VALUE), Instant.ofEpochMilli(EXP_VALUE), Collections.emptyMap()));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java
index 53fe17d28d9..31d8ecd0642 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcUserInfoTests.java
@@ -24,6 +24,7 @@
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link OidcUserInfo}.
@@ -149,9 +150,9 @@ public class OidcUserInfoTests {
 		CLAIMS.put(UPDATED_AT_CLAIM, UPDATED_AT_VALUE);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenClaimsIsEmptyThenThrowIllegalArgumentException() {
-		new OidcUserInfo(Collections.emptyMap());
+		assertThatIllegalArgumentException().isThrownBy(() -> new OidcUserInfo(Collections.emptyMap()));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java
index 78dd8b494f7..a7f21a50986 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java
@@ -32,6 +32,7 @@
 import org.springframework.security.oauth2.core.oidc.StandardClaimNames;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link DefaultOidcUser}.
@@ -65,19 +66,19 @@ public class DefaultOidcUserTests {
 
 	private static final OidcUserInfo USER_INFO = new OidcUserInfo(USER_INFO_CLAIMS);
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenAuthoritiesIsNullThenThrowIllegalArgumentException() {
-		new DefaultOidcUser(null, ID_TOKEN);
+		assertThatIllegalArgumentException().isThrownBy(() -> new DefaultOidcUser(null, ID_TOKEN));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenIdTokenIsNullThenThrowIllegalArgumentException() {
-		new DefaultOidcUser(AUTHORITIES, null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new DefaultOidcUser(AUTHORITIES, null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenNameAttributeKeyInvalidThenThrowIllegalArgumentException() {
-		new DefaultOidcUser(AUTHORITIES, ID_TOKEN, "invalid");
+		assertThatIllegalArgumentException().isThrownBy(() -> new DefaultOidcUser(AUTHORITIES, ID_TOKEN, "invalid"));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java
index f139e6c1679..16ca01f0f61 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthorityTests.java
@@ -28,6 +28,7 @@
 import org.springframework.security.oauth2.core.oidc.StandardClaimNames;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link OidcUserAuthority}.
@@ -58,9 +59,9 @@ public class OidcUserAuthorityTests {
 
 	private static final OidcUserInfo USER_INFO = new OidcUserInfo(USER_INFO_CLAIMS);
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenIdTokenIsNullThenThrowIllegalArgumentException() {
-		new OidcUserAuthority(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new OidcUserAuthority(null));
 	}
 
 	@Test
@@ -68,9 +69,9 @@ public void constructorWhenUserInfoIsNullThenDoesNotThrowAnyException() {
 		new OidcUserAuthority(ID_TOKEN, null);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenAuthorityIsNullThenThrowIllegalArgumentException() {
-		new OidcUserAuthority(null, ID_TOKEN, USER_INFO);
+		assertThatIllegalArgumentException().isThrownBy(() -> new OidcUserAuthority(null, ID_TOKEN, USER_INFO));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java
index c1643e86d5a..9d0e5abce13 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java
@@ -27,6 +27,7 @@
 import org.springframework.util.SerializationUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link DefaultOAuth2User}.
@@ -46,34 +47,39 @@ public class DefaultOAuth2UserTests {
 
 	private static final Map<String, Object> ATTRIBUTES = Collections.singletonMap(ATTRIBUTE_NAME_KEY, USERNAME);
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenAuthoritiesIsNullThenThrowIllegalArgumentException() {
-		new DefaultOAuth2User(null, ATTRIBUTES, ATTRIBUTE_NAME_KEY);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new DefaultOAuth2User(null, ATTRIBUTES, ATTRIBUTE_NAME_KEY));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenAuthoritiesIsEmptyThenThrowIllegalArgumentException() {
-		new DefaultOAuth2User(Collections.emptySet(), ATTRIBUTES, ATTRIBUTE_NAME_KEY);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new DefaultOAuth2User(Collections.emptySet(), ATTRIBUTES, ATTRIBUTE_NAME_KEY));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenAttributesIsNullThenThrowIllegalArgumentException() {
-		new DefaultOAuth2User(AUTHORITIES, null, ATTRIBUTE_NAME_KEY);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new DefaultOAuth2User(AUTHORITIES, null, ATTRIBUTE_NAME_KEY));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenAttributesIsEmptyThenThrowIllegalArgumentException() {
-		new DefaultOAuth2User(AUTHORITIES, Collections.emptyMap(), ATTRIBUTE_NAME_KEY);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new DefaultOAuth2User(AUTHORITIES, Collections.emptyMap(), ATTRIBUTE_NAME_KEY));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenNameAttributeKeyIsNullThenThrowIllegalArgumentException() {
-		new DefaultOAuth2User(AUTHORITIES, ATTRIBUTES, null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new DefaultOAuth2User(AUTHORITIES, ATTRIBUTES, null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenNameAttributeKeyIsInvalidThenThrowIllegalArgumentException() {
-		new DefaultOAuth2User(AUTHORITIES, ATTRIBUTES, "invalid");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new DefaultOAuth2User(AUTHORITIES, ATTRIBUTES, "invalid"));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java
index b7b22d55415..b3abe28ae15 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java
@@ -22,6 +22,7 @@
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link OAuth2UserAuthority}.
@@ -34,19 +35,20 @@ public class OAuth2UserAuthorityTests {
 
 	private static final Map<String, Object> ATTRIBUTES = Collections.singletonMap("username", "test");
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenAuthorityIsNullThenThrowIllegalArgumentException() {
-		new OAuth2UserAuthority(null, ATTRIBUTES);
+		assertThatIllegalArgumentException().isThrownBy(() -> new OAuth2UserAuthority(null, ATTRIBUTES));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenAttributesIsNullThenThrowIllegalArgumentException() {
-		new OAuth2UserAuthority(AUTHORITY, null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new OAuth2UserAuthority(AUTHORITY, null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenAttributesIsEmptyThenThrowIllegalArgumentException() {
-		new OAuth2UserAuthority(AUTHORITY, Collections.emptyMap());
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OAuth2UserAuthority(AUTHORITY, Collections.emptyMap()));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTests.java
index cc2e99e3732..7a55920883e 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTests.java
@@ -28,6 +28,7 @@
 import org.springframework.security.oauth2.jose.jws.JwsAlgorithms;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link Jwt}.
@@ -82,21 +83,22 @@ public class JwtTests {
 		CLAIMS.put(JTI_CLAIM, JTI_VALUE);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenTokenValueIsNullThenThrowIllegalArgumentException() {
-		new Jwt(null, Instant.ofEpochMilli(IAT_VALUE), Instant.ofEpochMilli(EXP_VALUE), HEADERS, CLAIMS);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new Jwt(null, Instant.ofEpochMilli(IAT_VALUE), Instant.ofEpochMilli(EXP_VALUE), HEADERS, CLAIMS));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenHeadersIsEmptyThenThrowIllegalArgumentException() {
-		new Jwt(JWT_TOKEN_VALUE, Instant.ofEpochMilli(IAT_VALUE), Instant.ofEpochMilli(EXP_VALUE),
-				Collections.emptyMap(), CLAIMS);
+		assertThatIllegalArgumentException().isThrownBy(() -> new Jwt(JWT_TOKEN_VALUE, Instant.ofEpochMilli(IAT_VALUE),
+				Instant.ofEpochMilli(EXP_VALUE), Collections.emptyMap(), CLAIMS));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenClaimsIsEmptyThenThrowIllegalArgumentException() {
-		new Jwt(JWT_TOKEN_VALUE, Instant.ofEpochMilli(IAT_VALUE), Instant.ofEpochMilli(EXP_VALUE), HEADERS,
-				Collections.emptyMap());
+		assertThatIllegalArgumentException().isThrownBy(() -> new Jwt(JWT_TOKEN_VALUE, Instant.ofEpochMilli(IAT_VALUE),
+				Instant.ofEpochMilli(EXP_VALUE), HEADERS, Collections.emptyMap()));
 	}
 
 	@Test
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverterTests.java
index b0de546d85d..d34c2e29e5e 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverterTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverterTests.java
@@ -28,6 +28,7 @@
 import org.springframework.security.oauth2.jwt.TestJwts;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests for {@link JwtGrantedAuthoritiesConverter}
@@ -37,10 +38,10 @@
  */
 public class JwtGrantedAuthoritiesConverterTests {
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setAuthorityPrefixWithNullThenException() {
 		JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
-		jwtGrantedAuthoritiesConverter.setAuthorityPrefix(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> jwtGrantedAuthoritiesConverter.setAuthorityPrefix(null));
 	}
 
 	@Test
diff --git a/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java b/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java
index 554807ce193..fcda3df4f1b 100644
--- a/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java
+++ b/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java
@@ -76,12 +76,13 @@ public void beginConsumptionCreatesExpectedSessionData() throws Exception {
 		consumer.beginConsumption(request, "", "", "");
 	}
 
-	@Test(expected = OpenIDConsumerException.class)
+	@Test
 	public void discoveryExceptionRaisesOpenIDException() throws Exception {
 		ConsumerManager mgr = mock(ConsumerManager.class);
 		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory());
 		given(mgr.discover(any())).willThrow(new DiscoveryException("msg"));
-		consumer.beginConsumption(new MockHttpServletRequest(), "", "", "");
+		assertThatExceptionOfType(OpenIDConsumerException.class)
+				.isThrownBy(() -> consumer.beginConsumption(new MockHttpServletRequest(), "", "", ""));
 	}
 
 	@Test
@@ -154,7 +155,7 @@ public void fetchAttributesReturnsExpectedValues() throws Exception {
 		assertThat(fetched.get(0).getValues()).hasSize(2);
 	}
 
-	@Test(expected = OpenIDConsumerException.class)
+	@Test
 	public void messageExceptionFetchingAttributesRaisesOpenIDException() throws Exception {
 		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(new NullAxFetchListFactory());
 		Message msg = mock(Message.class);
@@ -162,13 +163,15 @@ public void messageExceptionFetchingAttributesRaisesOpenIDException() throws Exc
 		given(msg.hasExtension(AxMessage.OPENID_NS_AX)).willReturn(true);
 		given(msg.getExtension(AxMessage.OPENID_NS_AX)).willThrow(new MessageException(""));
 		given(fr.getAttributeValues("a")).willReturn(Arrays.asList("x", "y"));
-		consumer.fetchAxAttributes(msg, this.attributes);
+		assertThatExceptionOfType(OpenIDConsumerException.class)
+				.isThrownBy(() -> consumer.fetchAxAttributes(msg, this.attributes));
 	}
 
-	@Test(expected = OpenIDConsumerException.class)
+	@Test
 	public void missingDiscoveryInformationThrowsException() throws Exception {
 		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(new NullAxFetchListFactory());
-		consumer.endConsumption(new MockHttpServletRequest());
+		assertThatExceptionOfType(OpenIDConsumerException.class)
+				.isThrownBy(() -> consumer.endConsumption(new MockHttpServletRequest()));
 	}
 
 	@Test
diff --git a/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java b/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java
index 9dc14e37e9a..c66f25013bc 100644
--- a/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java
+++ b/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java
@@ -27,6 +27,7 @@
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -60,11 +61,12 @@ public void testResolveIpAddress() throws Exception {
 		assertThat(ipAddress).isEqualTo("63.246.7.80");
 	}
 
-	@Test(expected = DnsEntryNotFoundException.class)
+	@Test
 	public void testResolveIpAddressNotExisting() throws Exception {
 		given(this.context.getAttributes(any(String.class), any(String[].class)))
 				.willThrow(new NameNotFoundException("not found"));
-		this.dnsResolver.resolveIpAddress("notexisting.ansdansdugiuzgguzgioansdiandwq.foo");
+		assertThatExceptionOfType(DnsEntryNotFoundException.class)
+				.isThrownBy(() -> this.dnsResolver.resolveIpAddress("notexisting.ansdansdugiuzgguzgioansdiandwq.foo"));
 	}
 
 	@Test
@@ -75,11 +77,12 @@ public void testResolveServiceEntry() throws Exception {
 		assertThat(hostname).isEqualTo("kdc.springsource.com");
 	}
 
-	@Test(expected = DnsEntryNotFoundException.class)
+	@Test
 	public void testResolveServiceEntryNotExisting() throws Exception {
 		given(this.context.getAttributes(any(String.class), any(String[].class)))
 				.willThrow(new NameNotFoundException("not found"));
-		this.dnsResolver.resolveServiceEntry("wrong", "secpod.de");
+		assertThatExceptionOfType(DnsEntryNotFoundException.class)
+				.isThrownBy(() -> this.dnsResolver.resolveServiceEntry("wrong", "secpod.de"));
 	}
 
 	@Test
@@ -92,11 +95,11 @@ public void testResolveServiceIpAddress() throws Exception {
 		assertThat(ipAddress).isEqualTo("63.246.7.80");
 	}
 
-	@Test(expected = DnsLookupException.class)
+	@Test
 	public void testUnknowError() throws Exception {
 		given(this.context.getAttributes(any(String.class), any(String[].class)))
 				.willThrow(new NamingException("error"));
-		this.dnsResolver.resolveIpAddress("");
+		assertThatExceptionOfType(DnsLookupException.class).isThrownBy(() -> this.dnsResolver.resolveIpAddress(""));
 	}
 
 	private BasicAttributes createSrvRecords() {
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java
index b14a95a33f1..23f956e6271 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java
@@ -31,6 +31,7 @@
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * @author Rob Winch
@@ -42,9 +43,10 @@ public class WithMockUserTests {
 	@Autowired
 	private MessageService messageService;
 
-	@Test(expected = AuthenticationCredentialsNotFoundException.class)
+	@Test
 	public void getMessageUnauthenticated() {
-		this.messageService.getMessage();
+		assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
+				.isThrownBy(() -> this.messageService.getMessage());
 	}
 
 	@Test
diff --git a/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java b/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
index cfd2a040c7f..6188f54db1c 100644
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
@@ -36,6 +36,7 @@
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * @author Rob Winch
@@ -47,9 +48,10 @@ public class WithUserDetailsTests {
 	@Autowired
 	private MessageService messageService;
 
-	@Test(expected = AuthenticationCredentialsNotFoundException.class)
+	@Test
 	public void getMessageUnauthenticated() {
-		this.messageService.getMessage();
+		assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
+				.isThrownBy(() -> this.messageService.getMessage());
 	}
 
 	@Test
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java
index 56b90ca9fe0..9398fa33d7f 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java
@@ -23,6 +23,8 @@
 import org.mockito.junit.MockitoJUnitRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
 import static org.mockito.BDDMockito.given;
 
 @RunWith(MockitoJUnitRunner.class)
@@ -38,9 +40,9 @@ public void setup() {
 		this.factory = new WithMockUserSecurityContextFactory();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void usernameNull() {
-		this.factory.createSecurityContext(this.withUser);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.factory.createSecurityContext(this.withUser));
 	}
 
 	@Test
@@ -83,20 +85,20 @@ public void authoritiesWorks() {
 				.extracting("authority").containsOnly("USER", "CUSTOM");
 	}
 
-	@Test(expected = IllegalStateException.class)
+	@Test
 	public void authoritiesAndRolesInvalid() {
 		given(this.withUser.value()).willReturn("valueUser");
 		given(this.withUser.roles()).willReturn(new String[] { "CUSTOM" });
 		given(this.withUser.authorities()).willReturn(new String[] { "USER", "CUSTOM" });
-		this.factory.createSecurityContext(this.withUser);
+		assertThatIllegalStateException().isThrownBy(() -> this.factory.createSecurityContext(this.withUser));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void rolesWithRolePrefixFails() {
 		given(this.withUser.value()).willReturn("valueUser");
 		given(this.withUser.roles()).willReturn(new String[] { "ROLE_FAIL" });
 		given(this.withUser.authorities()).willReturn(new String[] {});
-		this.factory.createSecurityContext(this.withUser);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.factory.createSecurityContext(this.withUser));
 	}
 
 }
diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java
index 5a2d7106990..716b05f6949 100644
--- a/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/support/WithUserDetailsSecurityContextFactoryTests.java
@@ -33,6 +33,7 @@
 import org.springframework.security.core.userdetails.UserDetailsService;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
 
@@ -61,15 +62,15 @@ public void setup() {
 		this.factory = new WithUserDetailsSecurityContextFactory(this.beans);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void createSecurityContextNullValue() {
-		this.factory.createSecurityContext(this.withUserDetails);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.factory.createSecurityContext(this.withUserDetails));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void createSecurityContextEmptyValue() {
 		given(this.withUserDetails.value()).willReturn("");
-		this.factory.createSecurityContext(this.withUserDetails);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.factory.createSecurityContext(this.withUserDetails));
 	}
 
 	@Test
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java
index 1c6fb346788..08b1205bc45 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java
@@ -42,6 +42,7 @@
 import org.springframework.security.web.context.SecurityContextRepository;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.verify;
@@ -116,9 +117,10 @@ public void userCustomAuthoritiesVarargs() {
 				this.authority2);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void userRolesWithRolePrefixErrors() {
-		user("user").roles("ROLE_INVALID").postProcessRequest(this.request);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> user("user").roles("ROLE_INVALID").postProcessRequest(this.request));
 	}
 
 	@Test
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java
index 3441b8cbe8b..336206077ca 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java
@@ -40,6 +40,7 @@
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
 import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
 import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
@@ -70,10 +71,10 @@ public void withAuthenticationWhenMatchesThenSuccess() throws Exception {
 				(auth) -> assertThat(auth).isInstanceOf(UsernamePasswordAuthenticationToken.class)));
 	}
 
-	@Test(expected = AssertionError.class)
+	@Test
 	public void withAuthenticationWhenNotMatchesThenFails() throws Exception {
-		this.mockMvc.perform(formLogin()).andExpect(
-				authenticated().withAuthentication((auth) -> assertThat(auth.getName()).isEqualTo("notmatch")));
+		assertThatExceptionOfType(AssertionError.class).isThrownBy(() -> this.mockMvc.perform(formLogin()).andExpect(
+				authenticated().withAuthentication((auth) -> assertThat(auth.getName()).isEqualTo("notmatch"))));
 	}
 
 	// SEC-2719
@@ -87,13 +88,15 @@ public void withRolesNotOrderSensitive() throws Exception {
 		// @formatter:on
 	}
 
-	@Test(expected = AssertionError.class)
+	@Test
 	public void withRolesFailsIfNotAllRoles() throws Exception {
+		assertThatExceptionOfType(AssertionError.class).isThrownBy(() ->
 		// @formatter:off
-		this.mockMvc
-			.perform(formLogin())
-			.andExpect(authenticated().withRoles("USER"));
+			this.mockMvc
+				.perform(formLogin())
+				.andExpect(authenticated().withRoles("USER"))
 		// @formatter:on
+		);
 	}
 
 	@EnableWebSecurity
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java
index 82335524fb2..3341b83972f 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java
@@ -42,6 +42,7 @@
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
 import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
 import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
@@ -69,11 +70,12 @@ public void withAuthoritiesNotOrderSensitive() throws Exception {
 		this.mockMvc.perform(formLogin()).andExpect(authenticated().withAuthorities(grantedAuthorities));
 	}
 
-	@Test(expected = AssertionError.class)
+	@Test
 	public void withAuthoritiesFailsIfNotAllRoles() throws Exception {
 		List<SimpleGrantedAuthority> grantedAuthorities = new ArrayList<>();
 		grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
-		this.mockMvc.perform(formLogin()).andExpect(authenticated().withAuthorities(grantedAuthorities));
+		assertThatExceptionOfType(AssertionError.class).isThrownBy(
+				() -> this.mockMvc.perform(formLogin()).andExpect(authenticated().withAuthorities(grantedAuthorities)));
 	}
 
 	@EnableWebSecurity
diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java
index 675a57dba22..86f5fd2d4f1 100644
--- a/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurerTests.java
@@ -31,6 +31,7 @@
 import org.springframework.web.context.WebApplicationContext;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@@ -86,11 +87,11 @@ public void beforeMockMvcCreatedNoBean() throws Exception {
 		assertFilterAdded(this.filter);
 	}
 
-	@Test(expected = IllegalStateException.class)
+	@Test
 	public void beforeMockMvcCreatedNoFilter() {
 		SecurityMockMvcConfigurer configurer = new SecurityMockMvcConfigurer();
 		configurer.afterConfigurerAdded(this.builder);
-		configurer.beforeMockMvcCreated(this.builder, this.context);
+		assertThatIllegalStateException().isThrownBy(() -> configurer.beforeMockMvcCreated(this.builder, this.context));
 	}
 
 	private void assertFilterAdded(Filter filter) {
diff --git a/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java b/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java
index ff368d2d494..0de7aa003a6 100644
--- a/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java
@@ -22,6 +22,7 @@
 import org.springframework.mock.web.MockHttpServletResponse;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Luke Taylor
@@ -52,14 +53,15 @@ public void contextRelativeUrlWithMultipleSchemesInHostnameIsHandledCorrectly()
 		assertThat(response.getRedirectedUrl()).isEqualTo("remainder");
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void contextRelativeShouldThrowExceptionIfURLDoesNotContainContextPath() throws Exception {
 		DefaultRedirectStrategy rds = new DefaultRedirectStrategy();
 		rds.setContextRelative(true);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setContextPath("/context");
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		rds.sendRedirect(request, response, "https://redirectme.somewhere.else");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> rds.sendRedirect(request, response, "https://redirectme.somewhere.else"));
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java b/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java
index 6495b2c5bb1..e41de62297b 100644
--- a/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java
+++ b/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java
@@ -44,6 +44,7 @@
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@@ -234,9 +235,9 @@ public void doFilterClearsSecurityContextHolderOnceOnForwards() throws Exception
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setRequestRejectedHandlerDoesNotAcceptNull() {
-		this.fcp.setRequestRejectedHandler(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.fcp.setRequestRejectedHandler(null));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java b/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java
index 1e96bba4c08..5f1ceed22c3 100644
--- a/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java
+++ b/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java
@@ -28,6 +28,8 @@
 import org.springframework.security.web.util.UrlUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.Mockito.mock;
 
 /**
@@ -61,23 +63,25 @@ public void testGettersAndStringMethods() {
 		assertThat(fi.getFullRequestUrl()).isEqualTo("http://localhost/mycontext/HelloWorld/some/more/segments.html");
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testRejectsNullFilterChain() {
 		MockHttpServletRequest request = new MockHttpServletRequest(null, null);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		new FilterInvocation(request, response, null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new FilterInvocation(request, response, null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testRejectsNullServletRequest() {
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		new FilterInvocation(null, response, mock(FilterChain.class));
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new FilterInvocation(null, response, mock(FilterChain.class)));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testRejectsNullServletResponse() {
 		MockHttpServletRequest request = new MockHttpServletRequest(null, null);
-		new FilterInvocation(request, null, mock(FilterChain.class));
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new FilterInvocation(request, null, mock(FilterChain.class)));
 	}
 
 	@Test
@@ -113,9 +117,10 @@ public void testStringMethodsWithoutAnyQueryString() {
 		assertThat(fi.getFullRequestUrl()).isEqualTo("http://localhost/mycontext/HelloWorld");
 	}
 
-	@Test(expected = UnsupportedOperationException.class)
+	@Test
 	public void dummyChainRejectsInvocation() throws Exception {
-		FilterInvocation.DUMMY_CHAIN.doFilter(mock(HttpServletRequest.class), mock(HttpServletResponse.class));
+		assertThatExceptionOfType(UnsupportedOperationException.class).isThrownBy(() -> FilterInvocation.DUMMY_CHAIN
+				.doFilter(mock(HttpServletRequest.class), mock(HttpServletResponse.class)));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java b/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
index a0b7f8db426..77b35604808 100644
--- a/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
@@ -48,6 +48,7 @@
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.willThrow;
 import static org.mockito.Mockito.mock;
@@ -230,14 +231,15 @@ public void redirectedToLoginFormAndSessionShowsOriginalTargetWithExoticPortWhen
 		assertThat(getSavedRequestUrl(request)).isEqualTo("http://localhost:8080/mycontext/secure/page.html");
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void startupDetectsMissingAuthenticationEntryPoint() {
-		new ExceptionTranslationFilter(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new ExceptionTranslationFilter(null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void startupDetectsMissingRequestCache() {
-		new ExceptionTranslationFilter(this.mockEntryPoint, null);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new ExceptionTranslationFilter(this.mockEntryPoint, null));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
index 76ff193adfb..a436f3fdfa1 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
@@ -31,6 +31,7 @@
 import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.Mockito.mock;
 
 /**
@@ -40,19 +41,19 @@
  */
 public class ChannelProcessingFilterTests {
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testDetectsMissingChannelDecisionManager() {
 		ChannelProcessingFilter filter = new ChannelProcessingFilter();
 		MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true, "MOCK");
 		filter.setSecurityMetadataSource(fids);
-		filter.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(filter::afterPropertiesSet);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testDetectsMissingFilterInvocationSecurityMetadataSource() {
 		ChannelProcessingFilter filter = new ChannelProcessingFilter();
 		filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "MOCK"));
-		filter.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(filter::afterPropertiesSet);
 	}
 
 	@Test
@@ -65,14 +66,14 @@ public void testDetectsSupportedConfigAttribute() {
 		filter.afterPropertiesSet();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testDetectsUnsupportedConfigAttribute() {
 		ChannelProcessingFilter filter = new ChannelProcessingFilter();
 		filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "SUPPORTS_MOCK_ONLY"));
 		MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true,
 				"SUPPORTS_MOCK_ONLY", "INVALID_ATTRIBUTE");
 		filter.setSecurityMetadataSource(fids);
-		filter.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(filter::afterPropertiesSet);
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandlerTests.java b/web/src/test/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandlerTests.java
index b23e67c89fe..88998fd95f8 100644
--- a/web/src/test/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandlerTests.java
@@ -35,6 +35,7 @@
 import org.springframework.security.web.FilterInvocation;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 
@@ -76,9 +77,9 @@ public void expressionPropertiesAreResolvedAgainstAppContextBeans() {
 		assertThat(parser.parseExpression("@role.attribute == 'ROLE_A'").getValue(ctx, Boolean.class)).isTrue();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setTrustResolverNull() {
-		this.handler.setTrustResolver(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.handler.setTrustResolver(null));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSourceTests.java b/web/src/test/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSourceTests.java
index 15192459729..e4d292cbc9a 100644
--- a/web/src/test/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSourceTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSourceTests.java
@@ -28,6 +28,7 @@
 import org.springframework.security.web.util.matcher.RequestMatcher;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Luke Taylor
@@ -50,12 +51,13 @@ public void expectedAttributeIsReturned() {
 		assertThat(attribute.toString()).isEqualTo(expression);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void invalidExpressionIsRejected() {
 		LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = new LinkedHashMap<>();
 		requestMap.put(AnyRequestMatcher.INSTANCE, SecurityConfig.createList("hasRole('X'"));
-		ExpressionBasedFilterInvocationSecurityMetadataSource mds = new ExpressionBasedFilterInvocationSecurityMetadataSource(
-				requestMap, new DefaultWebSecurityExpressionHandler());
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new ExpressionBasedFilterInvocationSecurityMetadataSource(requestMap,
+						new DefaultWebSecurityExpressionHandler()));
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java
index c054e9a4839..56da271c95a 100644
--- a/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java
@@ -32,6 +32,7 @@
 import org.springframework.security.web.util.matcher.RequestMatcher;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.Mockito.mock;
 
 /**
@@ -87,9 +88,9 @@ public void lookupRequiringExactMatchWithAdditionalSlashesIsSuccessful() {
 								// sign).isEqualTo(def)
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void unknownHttpMethodIsRejected() {
-		createFids("/someAdminPage.html**", "UNKNOWN");
+		assertThatIllegalArgumentException().isThrownBy(() -> createFids("/someAdminPage.html**", "UNKNOWN"));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java
index 2fc0f1269da..72b1bdee094 100644
--- a/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java
@@ -43,6 +43,7 @@
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyCollection;
 import static org.mockito.ArgumentMatchers.eq;
@@ -95,16 +96,16 @@ public void tearDown() {
 		SecurityContextHolder.clearContext();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testEnsuresAccessDecisionManagerSupportsFilterInvocationClass() throws Exception {
 		given(this.adm.supports(FilterInvocation.class)).willReturn(true);
-		this.interceptor.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(this.interceptor::afterPropertiesSet);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testEnsuresRunAsManagerSupportsFilterInvocationClass() throws Exception {
 		given(this.adm.supports(FilterInvocation.class)).willReturn(false);
-		this.interceptor.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(this.interceptor::afterPropertiesSet);
 	}
 
 	/**
diff --git a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java
index d72b04cc08e..2ba221c1a5a 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java
@@ -398,10 +398,10 @@ public void loginErrorWithInternAuthenticationServiceExceptionLogsError() throws
 	/**
 	 * https://github.com/spring-projects/spring-security/pull/3905
 	 */
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setRememberMeServicesShouldntAllowNulls() {
 		AbstractAuthenticationProcessingFilter filter = new MockAuthenticationFilter();
-		filter.setRememberMeServices(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> filter.setRememberMeServices(null));
 	}
 
 	private class MockAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
diff --git a/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java
index e0e18ff2c55..6dc8ec5f8c7 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilterTests.java
@@ -37,6 +37,7 @@
 import org.springframework.security.core.context.SecurityContextHolder;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.Mockito.mock;
 
@@ -59,14 +60,14 @@ public void clearContext() {
 		SecurityContextHolder.clearContext();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testDetectsMissingKey() {
-		new AnonymousAuthenticationFilter(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new AnonymousAuthenticationFilter(null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testDetectsUserAttribute() {
-		new AnonymousAuthenticationFilter("qwerty", null, null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new AnonymousAuthenticationFilter("qwerty", null, null));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticaionSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticaionSuccessHandlerTests.java
index 7fa410ecbb6..77d3517211d 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticaionSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticaionSuccessHandlerTests.java
@@ -23,6 +23,7 @@
 import org.springframework.security.core.Authentication;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.Mockito.mock;
 
 /**
@@ -35,14 +36,14 @@
  */
 public class ForwardAuthenticaionSuccessHandlerTests {
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void invalidForwardUrl() {
-		new ForwardAuthenticationSuccessHandler("aaa");
+		assertThatIllegalArgumentException().isThrownBy(() -> new ForwardAuthenticationSuccessHandler("aaa"));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void emptyForwardUrl() {
-		new ForwardAuthenticationSuccessHandler("");
+		assertThatIllegalArgumentException().isThrownBy(() -> new ForwardAuthenticationSuccessHandler(""));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java
index 343726228ac..c9e1cf10cab 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java
@@ -24,6 +24,7 @@
 import org.springframework.security.web.WebAttributes;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.Mockito.mock;
 
 /**
@@ -35,14 +36,14 @@
  */
 public class ForwardAuthenticationFailureHandlerTests {
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void invalidForwardUrl() {
-		new ForwardAuthenticationFailureHandler("aaa");
+		assertThatIllegalArgumentException().isThrownBy(() -> new ForwardAuthenticationFailureHandler("aaa"));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void emptyForwardUrl() {
-		new ForwardAuthenticationFailureHandler("");
+		assertThatIllegalArgumentException().isThrownBy(() -> new ForwardAuthenticationFailureHandler(""));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java
index 150c4e1951d..110fb984551 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java
@@ -25,6 +25,7 @@
 import org.springframework.security.core.AuthenticationException;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Rob Winch
@@ -50,9 +51,9 @@ public void setup() {
 		this.entryPoint = new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullStatus() {
-		new HttpStatusEntryPoint(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new HttpStatusEntryPoint(null));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java
index 72d6942ac35..8f097f69ed0 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java
@@ -27,6 +27,7 @@
 import org.springframework.security.web.PortMapperImpl;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Tests {@link LoginUrlAuthenticationEntryPoint}.
@@ -36,21 +37,21 @@
  */
 public class LoginUrlAuthenticationEntryPointTests {
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testDetectsMissingLoginFormUrl() {
-		new LoginUrlAuthenticationEntryPoint(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new LoginUrlAuthenticationEntryPoint(null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testDetectsMissingPortMapper() {
 		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/login");
-		ep.setPortMapper(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> ep.setPortMapper(null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testDetectsMissingPortResolver() {
 		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/login");
-		ep.setPortResolver(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> ep.setPortResolver(null));
 	}
 
 	@Test
@@ -222,12 +223,12 @@ public void absoluteLoginFormUrlIsSupported() throws Exception {
 		assertThat(response.getRedirectedUrl()).isEqualTo(loginFormUrl);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void absoluteLoginFormUrlCantBeUsedWithForwarding() throws Exception {
 		final String loginFormUrl = "https://somesite.com/login";
 		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("https://somesite.com/login");
 		ep.setUseForward(true);
-		ep.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(ep::afterPropertiesSet);
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandlerTests.java
index 64b4f073c5c..4db405ae4b7 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandlerTests.java
@@ -25,6 +25,7 @@
 import org.springframework.security.core.Authentication;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.Mockito.mock;
 
 /**
@@ -107,16 +108,12 @@ public void passedInCookiesAreCleared() {
 		}
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void invalidAge() {
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.setContextPath("/foo/bar");
 		Cookie cookie1 = new Cookie("my_cookie", null);
 		cookie1.setPath("/foo");
 		cookie1.setMaxAge(100);
-		CookieClearingLogoutHandler handler = new CookieClearingLogoutHandler(cookie1);
-		handler.logout(request, response, mock(Authentication.class));
+		assertThatIllegalArgumentException().isThrownBy(() -> new CookieClearingLogoutHandler(cookie1));
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
index 239dbd2c5f3..bf851de2aeb 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
@@ -42,6 +42,7 @@
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
@@ -90,7 +91,7 @@ public void filterChainProceedsOnFailedAuthenticationByDefault() throws Exceptio
 	}
 
 	/* SEC-881 */
-	@Test(expected = BadCredentialsException.class)
+	@Test
 	public void exceptionIsThrownOnFailedAuthenticationIfContinueFilterChainOnUnsuccessfulAuthenticationSetToFalse()
 			throws Exception {
 		AuthenticationManager am = mock(AuthenticationManager.class);
@@ -98,7 +99,8 @@ public void exceptionIsThrownOnFailedAuthenticationIfContinueFilterChainOnUnsucc
 		this.filter.setContinueFilterChainOnUnsuccessfulAuthentication(false);
 		this.filter.setAuthenticationManager(am);
 		this.filter.afterPropertiesSet();
-		this.filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), mock(FilterChain.class));
+		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.filter
+				.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), mock(FilterChain.class)));
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java
index 19d682a8520..33b19d7ba63 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationProviderTests.java
@@ -27,6 +27,8 @@
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author TSARDD
@@ -34,10 +36,10 @@
  */
 public class PreAuthenticatedAuthenticationProviderTests {
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public final void afterPropertiesSet() {
 		PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider();
-		provider.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(provider::afterPropertiesSet);
 	}
 
 	@Test
@@ -79,12 +81,12 @@ public final void authenticateIgnoreCredentials() throws Exception {
 		// @TODO: Add more asserts?
 	}
 
-	@Test(expected = UsernameNotFoundException.class)
+	@Test
 	public final void authenticateUnknownUserThrowsException() throws Exception {
 		UserDetails ud = new User("dummyUser1", "dummyPwd", true, true, true, true, AuthorityUtils.NO_AUTHORITIES);
 		PreAuthenticatedAuthenticationProvider provider = getProvider(ud);
 		Authentication request = new PreAuthenticatedAuthenticationToken("dummyUser2", "dummyPwd");
-		provider.authenticate(request);
+		assertThatExceptionOfType(UsernameNotFoundException.class).isThrownBy(() -> provider.authenticate(request));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java
index 6f66962c714..504b3a4e191 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java
@@ -26,6 +26,7 @@
 import org.springframework.security.core.userdetails.UserDetails;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author TSARDD
@@ -33,20 +34,20 @@
  */
 public class PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests {
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testGetUserDetailsInvalidType() {
 		PreAuthenticatedGrantedAuthoritiesUserDetailsService svc = new PreAuthenticatedGrantedAuthoritiesUserDetailsService();
 		PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken("dummy", "dummy");
 		token.setDetails(new Object());
-		svc.loadUserDetails(token);
+		assertThatIllegalArgumentException().isThrownBy(() -> svc.loadUserDetails(token));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testGetUserDetailsNoDetails() {
 		PreAuthenticatedGrantedAuthoritiesUserDetailsService svc = new PreAuthenticatedGrantedAuthoritiesUserDetailsService();
 		PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken("dummy", "dummy");
 		token.setDetails(null);
-		svc.loadUserDetails(token);
+		assertThatIllegalArgumentException().isThrownBy(() -> svc.loadUserDetails(token));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java
index be8e7da2660..54093811373 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java
@@ -29,6 +29,7 @@
 import org.springframework.security.core.context.SecurityContextHolder;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -44,13 +45,14 @@ public void clearContext() {
 		SecurityContextHolder.clearContext();
 	}
 
-	@Test(expected = PreAuthenticatedCredentialsNotFoundException.class)
+	@Test
 	public void rejectsMissingHeader() throws Exception {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
 		RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
-		filter.doFilter(request, response, chain);
+		assertThatExceptionOfType(PreAuthenticatedCredentialsNotFoundException.class)
+				.isThrownBy(() -> filter.doFilter(request, response, chain));
 	}
 
 	@Test
@@ -119,14 +121,15 @@ public void userIsReauthenticatedIfPrincipalChangesAndCheckForPrincipalChangesIs
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(dog);
 	}
 
-	@Test(expected = PreAuthenticatedCredentialsNotFoundException.class)
+	@Test
 	public void missingHeaderCausesException() throws Exception {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
 		RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
 		filter.setAuthenticationManager(createAuthenticationManager());
-		filter.doFilter(request, response, chain);
+		assertThatExceptionOfType(PreAuthenticatedCredentialsNotFoundException.class)
+				.isThrownBy(() -> filter.doFilter(request, response, chain));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java
index 9742f2675b4..8c449384c19 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java
@@ -31,6 +31,7 @@
 import org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -46,13 +47,14 @@ public void clearContext() {
 		SecurityContextHolder.clearContext();
 	}
 
-	@Test(expected = PreAuthenticatedCredentialsNotFoundException.class)
+	@Test
 	public void rejectsMissingHeader() throws Exception {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
 		RequestHeaderAuthenticationFilter filter = new RequestHeaderAuthenticationFilter();
-		filter.doFilter(request, response, chain);
+		assertThatExceptionOfType(PreAuthenticatedCredentialsNotFoundException.class)
+				.isThrownBy(() -> filter.doFilter(request, response, chain));
 	}
 
 	@Test
@@ -120,14 +122,15 @@ public void userIsReauthenticatedIfPrincipalChangesAndCheckForPrincipalChangesIs
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(dog);
 	}
 
-	@Test(expected = PreAuthenticatedCredentialsNotFoundException.class)
+	@Test
 	public void missingHeaderCausesException() throws Exception {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
 		RequestHeaderAuthenticationFilter filter = new RequestHeaderAuthenticationFilter();
 		filter.setAuthenticationManager(createAuthenticationManager());
-		filter.doFilter(request, response, chain);
+		assertThatExceptionOfType(PreAuthenticatedCredentialsNotFoundException.class)
+				.isThrownBy(() -> filter.doFilter(request, response, chain));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractorTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractorTests.java
index 5d8e963c55d..11c92891a14 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractorTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractorTests.java
@@ -23,6 +23,8 @@
 import org.springframework.security.core.SpringSecurityMessageSource;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Luke Taylor
@@ -37,9 +39,10 @@ public void setUp() {
 		this.extractor.setMessageSource(new SpringSecurityMessageSource());
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void invalidRegexFails() {
-		this.extractor.setSubjectDnRegex("CN=(.*?,"); // missing closing bracket on group
+		// missing closing bracket on group
+		assertThatIllegalArgumentException().isThrownBy(() -> this.extractor.setSubjectDnRegex("CN=(.*?,"));
 	}
 
 	@Test
@@ -55,10 +58,11 @@ public void matchOnEmailReturnsExpectedPrincipal() throws Exception {
 		assertThat(principal).isEqualTo("luke@monkeymachine");
 	}
 
-	@Test(expected = BadCredentialsException.class)
+	@Test
 	public void matchOnShoeSizeThrowsBadCredentials() throws Exception {
 		this.extractor.setSubjectDnRegex("shoeSize=(.*?),");
-		this.extractor.extractPrincipal(X509TestUtils.buildTestCertificate());
+		assertThatExceptionOfType(BadCredentialsException.class)
+				.isThrownBy(() -> this.extractor.extractPrincipal(X509TestUtils.buildTestCertificate()));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
index 91607d8d6d7..038c3cd1635 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
@@ -43,6 +43,7 @@
 import org.springframework.util.StringUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * @author Luke Taylor
@@ -62,9 +63,10 @@ public void setup() {
 		this.uds = new MockUserDetailsService(joe, false);
 	}
 
-	@Test(expected = InvalidCookieException.class)
+	@Test
 	public void nonBase64CookieShouldBeDetected() {
-		new MockRememberMeServices(this.uds).decodeCookie("nonBase64CookieValue%");
+		assertThatExceptionOfType(InvalidCookieException.class)
+				.isThrownBy(() -> new MockRememberMeServices(this.uds).decodeCookie("nonBase64CookieValue%"));
 	}
 
 	@Test
@@ -265,19 +267,21 @@ public void cancelledCookieShouldUseRequestIsSecure() {
 		assertThat(returnedCookie.getSecure()).isEqualTo(true);
 	}
 
-	@Test(expected = CookieTheftException.class)
+	@Test
 	public void cookieTheftExceptionShouldBeRethrown() {
 		MockRememberMeServices services = new MockRememberMeServices(this.uds) {
+
 			@Override
 			protected UserDetails processAutoLoginCookie(String[] cookieTokens, HttpServletRequest request,
 					HttpServletResponse response) {
 				throw new CookieTheftException("Pretending cookie was stolen");
 			}
+
 		};
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(createLoginCookie("cookie:1:2"));
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		services.autoLogin(request, response);
+		assertThatExceptionOfType(CookieTheftException.class).isThrownBy(() -> services.autoLogin(request, response));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java
index d9796b9089d..e4b36130728 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java
@@ -30,6 +30,7 @@
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * @author Luke Taylor
@@ -51,33 +52,37 @@ public void setUpData() throws Exception {
 		this.services.afterPropertiesSet();
 	}
 
-	@Test(expected = InvalidCookieException.class)
+	@Test
 	public void loginIsRejectedWithWrongNumberOfCookieTokens() {
-		this.services.processAutoLoginCookie(new String[] { "series", "token", "extra" }, new MockHttpServletRequest(),
-				new MockHttpServletResponse());
+		assertThatExceptionOfType(InvalidCookieException.class)
+				.isThrownBy(() -> this.services.processAutoLoginCookie(new String[] { "series", "token", "extra" },
+						new MockHttpServletRequest(), new MockHttpServletResponse()));
 	}
 
-	@Test(expected = RememberMeAuthenticationException.class)
+	@Test
 	public void loginIsRejectedWhenNoTokenMatchingSeriesIsFound() {
 		this.services = create(null);
-		this.services.processAutoLoginCookie(new String[] { "series", "token" }, new MockHttpServletRequest(),
-				new MockHttpServletResponse());
+		assertThatExceptionOfType(RememberMeAuthenticationException.class)
+				.isThrownBy(() -> this.services.processAutoLoginCookie(new String[] { "series", "token" },
+						new MockHttpServletRequest(), new MockHttpServletResponse()));
 	}
 
-	@Test(expected = RememberMeAuthenticationException.class)
+	@Test
 	public void loginIsRejectedWhenTokenIsExpired() {
 		this.services = create(new PersistentRememberMeToken("joe", "series", "token",
 				new Date(System.currentTimeMillis() - TimeUnit.SECONDS.toMillis(1) - 100)));
 		this.services.setTokenValiditySeconds(1);
-		this.services.processAutoLoginCookie(new String[] { "series", "token" }, new MockHttpServletRequest(),
-				new MockHttpServletResponse());
+		assertThatExceptionOfType(RememberMeAuthenticationException.class)
+				.isThrownBy(() -> this.services.processAutoLoginCookie(new String[] { "series", "token" },
+						new MockHttpServletRequest(), new MockHttpServletResponse()));
 	}
 
-	@Test(expected = CookieTheftException.class)
+	@Test
 	public void cookieTheftIsDetectedWhenSeriesAndTokenDontMatch() {
 		this.services = create(new PersistentRememberMeToken("joe", "series", "wrongtoken", new Date()));
-		this.services.processAutoLoginCookie(new String[] { "series", "token" }, new MockHttpServletRequest(),
-				new MockHttpServletResponse());
+		assertThatExceptionOfType(CookieTheftException.class)
+				.isThrownBy(() -> this.services.processAutoLoginCookie(new String[] { "series", "token" },
+						new MockHttpServletRequest(), new MockHttpServletResponse()));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java
index 124ff6ecbae..77dfd356a8f 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java
@@ -38,6 +38,7 @@
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -63,14 +64,16 @@ public void tearDown() {
 		SecurityContextHolder.clearContext();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testDetectsAuthenticationManagerProperty() {
-		new RememberMeAuthenticationFilter(null, new NullRememberMeServices());
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new RememberMeAuthenticationFilter(null, new NullRememberMeServices()));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testDetectsRememberMeServicesProperty() {
-		new RememberMeAuthenticationFilter(mock(AuthenticationManager.class), null);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new RememberMeAuthenticationFilter(mock(AuthenticationManager.class), null));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
index d6b32b0ae43..d118b0f8fa3 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
@@ -37,6 +37,7 @@
 import org.springframework.util.StringUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -200,7 +201,7 @@ public void autoLoginClearsCookieIfUserNotFound() {
 		assertThat(returnedCookie.getMaxAge()).isZero();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void autoLoginClearsCookieIfUserServiceMisconfigured() {
 		udsWillReturnNull();
 		Cookie cookie = new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
@@ -209,7 +210,7 @@ public void autoLoginClearsCookieIfUserServiceMisconfigured() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setCookies(cookie);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		this.services.autoLogin(request, response);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.services.autoLogin(request, response));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java
index a407dc5962e..9660bc7ddac 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java
@@ -30,6 +30,7 @@
 import org.springframework.security.core.Authentication;
 
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.BDDMockito.willThrow;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
@@ -56,19 +57,21 @@ public class CompositeSessionAuthenticationStrategyTests {
 	@Mock
 	private HttpServletResponse response;
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullDelegates() {
-		new CompositeSessionAuthenticationStrategy(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new CompositeSessionAuthenticationStrategy(null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorEmptyDelegates() {
-		new CompositeSessionAuthenticationStrategy(Collections.<SessionAuthenticationStrategy>emptyList());
+		assertThatIllegalArgumentException().isThrownBy(() -> new CompositeSessionAuthenticationStrategy(
+				Collections.<SessionAuthenticationStrategy>emptyList()));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorDelegatesContainNull() {
-		new CompositeSessionAuthenticationStrategy(Collections.<SessionAuthenticationStrategy>singletonList(null));
+		assertThatIllegalArgumentException().isThrownBy(() -> new CompositeSessionAuthenticationStrategy(
+				Collections.<SessionAuthenticationStrategy>singletonList(null)));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java
index 7e69cbfd5db..a96e81ce512 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java
@@ -36,6 +36,8 @@
 import org.springframework.security.core.session.SessionRegistry;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyBoolean;
 import static org.mockito.BDDMockito.given;
@@ -70,9 +72,9 @@ public void setup() {
 		this.strategy = new ConcurrentSessionControlAuthenticationStrategy(this.sessionRegistry);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullRegistry() {
-		new ConcurrentSessionControlAuthenticationStrategy(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new ConcurrentSessionControlAuthenticationStrategy(null));
 	}
 
 	@Test
@@ -97,13 +99,14 @@ public void maxSessionsSameSessionId() {
 		// no exception
 	}
 
-	@Test(expected = SessionAuthenticationException.class)
+	@Test
 	public void maxSessionsWithException() {
 		given(this.sessionRegistry.getAllSessions(any(), anyBoolean()))
 				.willReturn(Collections.<SessionInformation>singletonList(this.sessionInformation));
 		this.strategy.setMaximumSessions(1);
 		this.strategy.setExceptionIfMaximumExceeded(true);
-		this.strategy.onAuthentication(this.authentication, this.request, this.response);
+		assertThatExceptionOfType(SessionAuthenticationException.class)
+				.isThrownBy(() -> this.strategy.onAuthentication(this.authentication, this.request, this.response));
 	}
 
 	@Test
@@ -141,9 +144,9 @@ public void onAuthenticationWhenMaxSessionsExceededByTwoThenTwoSessionsExpired()
 		assertThat(this.sessionInformation.isExpired()).isFalse();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setMessageSourceNull() {
-		this.strategy.setMessageSource(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.strategy.setMessageSource(null));
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java
index 34d88f80ae2..20d0432d383 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/session/RegisterSessionAuthenticationStrategyTests.java
@@ -28,6 +28,7 @@
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.session.SessionRegistry;
 
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.Mockito.verify;
 
 /**
@@ -56,9 +57,9 @@ public void setup() {
 		this.response = new MockHttpServletResponse();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullRegistry() {
-		new RegisterSessionAuthenticationStrategy(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new RegisterSessionAuthenticationStrategy(null));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
index 18ee35abdfc..27f90723eff 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
@@ -47,6 +47,7 @@
 import org.springframework.security.web.util.matcher.AnyRequestMatcher;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
@@ -181,33 +182,33 @@ public void requiresSwitchUserWhenMatcherThenWorks() {
 		assertThat(filter.requiresSwitchUser(request)).isTrue();
 	}
 
-	@Test(expected = UsernameNotFoundException.class)
+	@Test
 	public void attemptSwitchToUnknownUserFails() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "user-that-doesnt-exist");
 		SwitchUserFilter filter = new SwitchUserFilter();
 		filter.setUserDetailsService(new MockUserDetailsService());
-		filter.attemptSwitchUser(request);
+		assertThatExceptionOfType(UsernameNotFoundException.class).isThrownBy(() -> filter.attemptSwitchUser(request));
 	}
 
-	@Test(expected = DisabledException.class)
+	@Test
 	public void attemptSwitchToUserThatIsDisabledFails() {
-		switchToUser("mcgarrett");
+		assertThatExceptionOfType(DisabledException.class).isThrownBy(() -> switchToUser("mcgarrett"));
 	}
 
-	@Test(expected = AccountExpiredException.class)
+	@Test
 	public void attemptSwitchToUserWithAccountExpiredFails() {
-		switchToUser("wofat");
+		assertThatExceptionOfType(AccountExpiredException.class).isThrownBy(() -> switchToUser("wofat"));
 	}
 
-	@Test(expected = CredentialsExpiredException.class)
+	@Test
 	public void attemptSwitchToUserWithExpiredCredentialsFails() {
-		switchToUser("steve");
+		assertThatExceptionOfType(CredentialsExpiredException.class).isThrownBy(() -> switchToUser("steve"));
 	}
 
-	@Test(expected = UsernameNotFoundException.class)
+	@Test
 	public void switchUserWithNullUsernameThrowsException() {
-		switchToUser(null);
+		assertThatExceptionOfType(UsernameNotFoundException.class).isThrownBy(() -> switchToUser(null));
 	}
 
 	@Test
@@ -246,22 +247,22 @@ public void switchToLockedAccountCausesRedirectToSwitchFailureUrl() throws Excep
 		assertThat(FieldUtils.getFieldValue(filter, "switchFailureUrl")).isEqualTo("/switchfailed");
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void configMissingUserDetailsServiceFails() {
 		SwitchUserFilter filter = new SwitchUserFilter();
 		filter.setSwitchUserUrl("/login/impersonate");
 		filter.setExitUserUrl("/logout/impersonate");
 		filter.setTargetUrl("/main.jsp");
-		filter.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(filter::afterPropertiesSet);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testBadConfigMissingTargetUrl() {
 		SwitchUserFilter filter = new SwitchUserFilter();
 		filter.setUserDetailsService(new MockUserDetailsService());
 		filter.setSwitchUserUrl("/login/impersonate");
 		filter.setExitUserUrl("/logout/impersonate");
-		filter.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(filter::afterPropertiesSet);
 	}
 
 	@Test
@@ -304,7 +305,7 @@ public void exitUserJackLordToDanoSucceeds() throws Exception {
 		assertThat(targetAuth.getPrincipal()).isEqualTo("dano");
 	}
 
-	@Test(expected = AuthenticationException.class)
+	@Test
 	public void exitUserWithNoCurrentUserFails() throws Exception {
 		// no current user in secure context
 		SecurityContextHolder.clearContext();
@@ -317,7 +318,8 @@ public void exitUserWithNoCurrentUserFails() throws Exception {
 		// run 'exit', expect fail due to no current user
 		FilterChain chain = mock(FilterChain.class);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		filter.doFilter(request, response, chain);
+		assertThatExceptionOfType(AuthenticationException.class)
+				.isThrownBy(() -> filter.doFilter(request, response, chain));
 		verify(chain, never()).doFilter(request, response);
 	}
 
@@ -459,16 +461,16 @@ public void switchAuthorityRoleCanBeChanged() {
 		assertThat(switchAuthorityRole).isEqualTo(switchedFrom.getAuthority());
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setSwitchFailureUrlWhenNullThenThrowException() {
 		SwitchUserFilter filter = new SwitchUserFilter();
-		filter.setSwitchFailureUrl(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> filter.setSwitchFailureUrl(null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setSwitchFailureUrlWhenEmptyThenThrowException() {
 		SwitchUserFilter filter = new SwitchUserFilter();
-		filter.setSwitchFailureUrl("");
+		assertThatIllegalArgumentException().isThrownBy(() -> filter.setSwitchFailureUrl(""));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java
index ab86511eb73..461c795118c 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverterTests.java
@@ -31,6 +31,7 @@
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
@@ -83,19 +84,19 @@ public void testWhenUnsupportedAuthorizationHeaderThenIgnored() {
 		assertThat(authentication).isNull();
 	}
 
-	@Test(expected = BadCredentialsException.class)
+	@Test
 	public void testWhenInvalidBasicAuthorizationTokenThenError() {
 		String token = "NOT_A_VALID_TOKEN_AS_MISSING_COLON";
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes())));
-		this.converter.convert(request);
+		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.converter.convert(request));
 	}
 
-	@Test(expected = BadCredentialsException.class)
+	@Test
 	public void testWhenInvalidBase64ThenError() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Basic NOT_VALID_BASE64");
-		this.converter.convert(request);
+		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.converter.convert(request));
 	}
 
 	@Test
@@ -110,11 +111,11 @@ public void convertWhenEmptyPassword() {
 		assertThat(authentication.getCredentials()).isEqualTo("");
 	}
 
-	@Test(expected = BadCredentialsException.class)
+	@Test
 	public void requestWhenEmptyBasicAuthorizationHeaderTokenThenError() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("Authorization", "Basic ");
-		this.converter.convert(request);
+		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.converter.convert(request));
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java
index d31d44ffe96..c94e1520d55 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java
@@ -41,6 +41,7 @@
 import org.springframework.web.util.WebUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.AdditionalMatchers.not;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
@@ -182,14 +183,14 @@ public void testOtherAuthorizationSchemeIsIgnored() throws Exception {
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testStartupDetectsMissingAuthenticationEntryPoint() {
-		new BasicAuthenticationFilter(this.manager, null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new BasicAuthenticationFilter(this.manager, null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void testStartupDetectsMissingAuthenticationManager() {
-		BasicAuthenticationFilter filter = new BasicAuthenticationFilter(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new BasicAuthenticationFilter(null));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java
index f716b3991df..f12b6d89165 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java
@@ -43,6 +43,7 @@
 import org.springframework.util.StringUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
@@ -290,18 +291,18 @@ public void otherAuthorizationSchemeIsIgnored() throws Exception {
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void startupDetectsMissingAuthenticationEntryPoint() {
 		DigestAuthenticationFilter filter = new DigestAuthenticationFilter();
 		filter.setUserDetailsService(mock(UserDetailsService.class));
-		filter.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(filter::afterPropertiesSet);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void startupDetectsMissingUserDetailsService() {
 		DigestAuthenticationFilter filter = new DigestAuthenticationFilter();
 		filter.setAuthenticationEntryPoint(new DigestAuthenticationEntryPoint());
-		filter.afterPropertiesSet();
+		assertThatIllegalArgumentException().isThrownBy(filter::afterPropertiesSet);
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolverTests.java
index 675e68db6ed..2dabd20b2eb 100644
--- a/web/src/test/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolverTests.java
@@ -36,6 +36,7 @@
 import org.springframework.util.ReflectionUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * @author Rob Winch
@@ -125,16 +126,18 @@ public void resolveArgumentNullOnInvalidType() throws Exception {
 		assertThat(this.resolver.resolveArgument(showUserAnnotationString(), null, null, null)).isNull();
 	}
 
-	@Test(expected = ClassCastException.class)
+	@Test
 	public void resolveArgumentErrorOnInvalidType() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		this.resolver.resolveArgument(showUserAnnotationErrorOnInvalidType(), null, null, null);
+		assertThatExceptionOfType(ClassCastException.class).isThrownBy(
+				() -> this.resolver.resolveArgument(showUserAnnotationErrorOnInvalidType(), null, null, null));
 	}
 
-	@Test(expected = ClassCastException.class)
+	@Test
 	public void resolveArgumentCustomserErrorOnInvalidType() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		this.resolver.resolveArgument(showUserAnnotationCurrentUserErrorOnInvalidType(), null, null, null);
+		assertThatExceptionOfType(ClassCastException.class).isThrownBy(() -> this.resolver
+				.resolveArgument(showUserAnnotationCurrentUserErrorOnInvalidType(), null, null, null));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java b/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java
index fef74d42e1f..61a529be93b 100644
--- a/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java
@@ -41,6 +41,7 @@
 import org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
@@ -63,26 +64,28 @@ public void cleanup() {
 		SecurityContextHolder.clearContext();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorSessionRegistryWhenSessionRegistryNullThenExceptionThrown() {
-		new ConcurrentSessionFilter(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new ConcurrentSessionFilter(null));
 	}
 
+	@Test
 	@SuppressWarnings("deprecation")
-	@Test(expected = IllegalArgumentException.class)
 	public void constructorSessionRegistryExpiresUrlWhenInvalidUrlThenExceptionThrown() {
-		new ConcurrentSessionFilter(new SessionRegistryImpl(), "oops");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new ConcurrentSessionFilter(new SessionRegistryImpl(), "oops"));
 	}
 
+	@Test
 	@SuppressWarnings("deprecation")
-	@Test(expected = IllegalArgumentException.class)
 	public void constructorSessionRegistryExpiresUrlWhenSessionRegistryNullThenExceptionThrown() {
-		new ConcurrentSessionFilter(null, "/expired");
+		assertThatIllegalArgumentException().isThrownBy(() -> new ConcurrentSessionFilter(null, "/expired"));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorSessionRegistrySessionInformationExpiredStrategyWhenStrategyIsNullThenThrowsException() {
-		new ConcurrentSessionFilter(new SessionRegistryImpl(), (SessionInformationExpiredStrategy) null);
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new ConcurrentSessionFilter(new SessionRegistryImpl(), (SessionInformationExpiredStrategy) null));
 	}
 
 	@Test
@@ -127,9 +130,9 @@ public void returnsExpectedMessageWhenNoExpiredUrlSet() throws Exception {
 						+ "attempted as the same user).");
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void detectsMissingSessionRegistry() {
-		new ConcurrentSessionFilter(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new ConcurrentSessionFilter(null));
 	}
 
 	@Test
@@ -264,16 +267,16 @@ public void doFilterWhenCustomLogoutHandlersThenHandlersUsed() throws Exception
 		verify(handler).logout(eq(request), eq(response), any());
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setLogoutHandlersWhenNullThenThrowsException() {
 		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(new SessionRegistryImpl());
-		filter.setLogoutHandlers((List<LogoutHandler>) null);
+		assertThatIllegalArgumentException().isThrownBy(() -> filter.setLogoutHandlers((List<LogoutHandler>) null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setLogoutHandlersWhenEmptyThenThrowsException() {
 		ConcurrentSessionFilter filter = new ConcurrentSessionFilter(new SessionRegistryImpl());
-		filter.setLogoutHandlers(new LogoutHandler[0]);
+		assertThatIllegalArgumentException().isThrownBy(() -> filter.setLogoutHandlers(new LogoutHandler[0]));
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java b/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java
index c3ef02ed5fa..aea6eca5029 100644
--- a/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java
@@ -44,6 +44,8 @@
 import org.springframework.security.core.context.SecurityContextHolder;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
 import static org.mockito.ArgumentMatchers.anyBoolean;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -499,10 +501,10 @@ public void saveContextCustomTrustResolver() {
 		verify(trustResolver).isAnonymous(contextToSave.getAuthentication());
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setTrustResolverNull() {
 		HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
-		repo.setTrustResolver(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> repo.setTrustResolver(null));
 	}
 
 	// SEC-2578
@@ -523,14 +525,14 @@ public void traverseWrappedRequests() {
 				.isEqualTo(context);
 	}
 
-	@Test(expected = IllegalStateException.class)
+	@Test
 	public void failsWithStandardResponse() {
 		HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		SecurityContext context = SecurityContextHolder.createEmptyContext();
 		context.setAuthentication(this.testToken);
-		repo.saveContext(context, request, response);
+		assertThatIllegalStateException().isThrownBy(() -> repo.saveContext(context, request, response));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java b/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java
index 7a27f811b39..9281ccca24d 100644
--- a/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptorTests.java
@@ -29,6 +29,7 @@
 import org.springframework.web.context.request.NativeWebRequest;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Rob Winch
@@ -51,9 +52,9 @@ public void clearSecurityContext() {
 		SecurityContextHolder.clearContext();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNull() {
-		new SecurityContextCallableProcessingInterceptor(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new SecurityContextCallableProcessingInterceptor(null));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java
index ffd64a0ff37..e204be126b1 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java
@@ -25,6 +25,7 @@
 import org.springframework.mock.web.MockHttpServletResponse;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Rob Winch
@@ -235,19 +236,19 @@ public void loadTokenCustom() {
 		assertThat(loadToken.getToken()).isEqualTo(value);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setCookieNameNullIllegalArgumentException() {
-		this.repository.setCookieName(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.repository.setCookieName(null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setParameterNameNullIllegalArgumentException() {
-		this.repository.setParameterName(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.repository.setParameterName(null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setHeaderNameNullIllegalArgumentException() {
-		this.repository.setHeaderName(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.repository.setHeaderName(null));
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java
index d8057e2d9e0..92392722d80 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java
@@ -30,6 +30,7 @@
 import org.springframework.security.authentication.TestingAuthenticationToken;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@@ -66,9 +67,9 @@ public void setup() {
 		this.generatedToken = new DefaultCsrfToken("_csrf", "_csrf", "2");
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullCsrfTokenRepository() {
-		new CsrfAuthenticationStrategy(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new CsrfAuthenticationStrategy(null));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
index a0b619209ff..e94eb34a87f 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
@@ -39,6 +39,7 @@
 import org.springframework.security.web.util.matcher.RequestMatcher;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@@ -95,9 +96,9 @@ private void resetRequestResponse() {
 		this.response = new MockHttpServletResponse();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullRepository() {
-		new CsrfFilter(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new CsrfFilter(null));
 	}
 
 	// SEC-2276
@@ -319,14 +320,14 @@ public void doFilterWhenSkipRequestInvokedThenSkips() throws Exception {
 		verifyZeroInteractions(repository);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setRequireCsrfProtectionMatcherNull() {
-		this.filter.setRequireCsrfProtectionMatcher(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.filter.setRequireCsrfProtectionMatcher(null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setAccessDeniedHandlerNull() {
-		this.filter.setAccessDeniedHandler(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.filter.setAccessDeniedHandler(null));
 	}
 
 	private static CsrfTokenAssert assertToken(Object token) {
diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java
index 3e187126d45..6ac8eae22c6 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfLogoutHandlerTests.java
@@ -26,6 +26,7 @@
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.Mockito.verify;
 
 /**
@@ -51,9 +52,9 @@ public void setup() {
 		this.handler = new CsrfLogoutHandler(this.csrfTokenRepository);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullCsrfTokenRepository() {
-		new CsrfLogoutHandler(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new CsrfLogoutHandler(null));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/csrf/DefaultCsrfTokenTests.java b/web/src/test/java/org/springframework/security/web/csrf/DefaultCsrfTokenTests.java
index 3ece0e164e0..dffe2ee8d38 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/DefaultCsrfTokenTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/DefaultCsrfTokenTests.java
@@ -18,6 +18,8 @@
 
 import org.junit.Test;
 
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+
 /**
  * @author Rob Winch
  *
@@ -30,34 +32,40 @@ public class DefaultCsrfTokenTests {
 
 	private final String tokenValue = "tokenValue";
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullHeaderName() {
-		new DefaultCsrfToken(null, this.parameterName, this.tokenValue);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new DefaultCsrfToken(null, this.parameterName, this.tokenValue));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorEmptyHeaderName() {
-		new DefaultCsrfToken("", this.parameterName, this.tokenValue);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new DefaultCsrfToken("", this.parameterName, this.tokenValue));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullParameterName() {
-		new DefaultCsrfToken(this.headerName, null, this.tokenValue);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new DefaultCsrfToken(this.headerName, null, this.tokenValue));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorEmptyParameterName() {
-		new DefaultCsrfToken(this.headerName, "", this.tokenValue);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new DefaultCsrfToken(this.headerName, "", this.tokenValue));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullTokenValue() {
-		new DefaultCsrfToken(this.headerName, this.parameterName, null);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new DefaultCsrfToken(this.headerName, this.parameterName, null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorEmptyTokenValue() {
-		new DefaultCsrfToken(this.headerName, this.parameterName, "");
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new DefaultCsrfToken(this.headerName, this.parameterName, ""));
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java
index 7470c047275..3f91b5a2e5d 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepositoryTests.java
@@ -23,6 +23,7 @@
 import org.springframework.mock.web.MockHttpServletResponse;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Rob Winch
@@ -116,24 +117,24 @@ public void saveTokenNullTokenWhenSessionNotExists() {
 		assertThat(this.request.getSession(false)).isNull();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setSessionAttributeNameEmpty() {
-		this.repo.setSessionAttributeName("");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.repo.setSessionAttributeName(""));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setSessionAttributeNameNull() {
-		this.repo.setSessionAttributeName(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.repo.setSessionAttributeName(null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setParameterNameEmpty() {
-		this.repo.setParameterName("");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.repo.setParameterName(""));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setParameterNameNull() {
-		this.repo.setParameterName(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.repo.setParameterName(null));
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java
index f7dc6895ec6..4aca691447a 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java
@@ -27,6 +27,7 @@
 import org.mockito.junit.MockitoJUnitRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
@@ -59,14 +60,15 @@ public void setup() {
 		given(this.request.getAttribute(HttpServletResponse.class.getName())).willReturn(this.response);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructNullDelegateThrowsIllegalArgumentException() {
-		new LazyCsrfTokenRepository(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new LazyCsrfTokenRepository(null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void generateTokenNullResponseAttribute() {
-		this.repository.generateToken(mock(HttpServletRequest.class));
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.repository.generateToken(mock(HttpServletRequest.class)));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/firewall/DefaultHttpFirewallTests.java b/web/src/test/java/org/springframework/security/web/firewall/DefaultHttpFirewallTests.java
index cbc09f48b96..51507e24046 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/DefaultHttpFirewallTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/DefaultHttpFirewallTests.java
@@ -49,7 +49,7 @@ public void unnormalizedPathsAreRejected() {
 	 * because the pathInfo is /a/b;/1/c which ends up being /a/b/1/c while Spring MVC
 	 * will strip the ; content from requestURI before the path is URL decoded.
 	 */
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestWhenLowercaseEncodedPathThenException() {
 		DefaultHttpFirewall fw = new DefaultHttpFirewall();
 		MockHttpServletRequest request = new MockHttpServletRequest();
@@ -57,10 +57,10 @@ public void getFirewalledRequestWhenLowercaseEncodedPathThenException() {
 		request.setContextPath("/context-root");
 		request.setServletPath("");
 		request.setPathInfo("/a/b;/1/c"); // URL decoded requestURI
-		fw.getFirewalledRequest(request);
+		assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(() -> fw.getFirewalledRequest(request));
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestWhenUppercaseEncodedPathThenException() {
 		DefaultHttpFirewall fw = new DefaultHttpFirewall();
 		MockHttpServletRequest request = new MockHttpServletRequest();
@@ -68,7 +68,7 @@ public void getFirewalledRequestWhenUppercaseEncodedPathThenException() {
 		request.setContextPath("/context-root");
 		request.setServletPath("");
 		request.setPathInfo("/a/b;/1/c"); // URL decoded requestURI
-		fw.getFirewalledRequest(request);
+		assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(() -> fw.getFirewalledRequest(request));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java b/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java
index 9ae4704b486..a553597e79c 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java
@@ -128,76 +128,88 @@ public void getFirewalledRequestWhenPathInfoNotNormalizedThenThrowsRequestReject
 		}
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestWhenSemicolonInContextPathThenThrowsRequestRejectedException() {
 		this.request.setContextPath(";/context");
-		this.firewall.getFirewalledRequest(this.request);
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestWhenSemicolonInServletPathThenThrowsRequestRejectedException() {
 		this.request.setServletPath("/spring;/");
-		this.firewall.getFirewalledRequest(this.request);
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestWhenSemicolonInPathInfoThenThrowsRequestRejectedException() {
 		this.request.setPathInfo("/path;/");
-		this.firewall.getFirewalledRequest(this.request);
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestWhenSemicolonInRequestUriThenThrowsRequestRejectedException() {
 		this.request.setRequestURI("/path;/");
-		this.firewall.getFirewalledRequest(this.request);
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestWhenEncodedSemicolonInContextPathThenThrowsRequestRejectedException() {
 		this.request.setContextPath("%3B/context");
-		this.firewall.getFirewalledRequest(this.request);
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestWhenEncodedSemicolonInServletPathThenThrowsRequestRejectedException() {
 		this.request.setServletPath("/spring%3B/");
-		this.firewall.getFirewalledRequest(this.request);
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestWhenEncodedSemicolonInPathInfoThenThrowsRequestRejectedException() {
 		this.request.setPathInfo("/path%3B/");
-		this.firewall.getFirewalledRequest(this.request);
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestWhenEncodedSemicolonInRequestUriThenThrowsRequestRejectedException() {
 		this.request.setRequestURI("/path%3B/");
-		this.firewall.getFirewalledRequest(this.request);
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestWhenLowercaseEncodedSemicolonInContextPathThenThrowsRequestRejectedException() {
 		this.request.setContextPath("%3b/context");
-		this.firewall.getFirewalledRequest(this.request);
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestWhenLowercaseEncodedSemicolonInServletPathThenThrowsRequestRejectedException() {
 		this.request.setServletPath("/spring%3b/");
-		this.firewall.getFirewalledRequest(this.request);
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestWhenLowercaseEncodedSemicolonInPathInfoThenThrowsRequestRejectedException() {
 		this.request.setPathInfo("/path%3b/");
-		this.firewall.getFirewalledRequest(this.request);
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestWhenLowercaseEncodedSemicolonInRequestUriThenThrowsRequestRejectedException() {
 		this.request.setRequestURI("/path%3b/");
-		this.firewall.getFirewalledRequest(this.request);
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
 	}
 
 	@Test
@@ -290,16 +302,18 @@ public void getFirewalledRequestWhenLowercaseEncodedSemicolonInRequestUriAndAllo
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestWhenEncodedPeriodInThenThrowsRequestRejectedException() {
 		this.request.setRequestURI("/%2E/");
-		this.firewall.getFirewalledRequest(this.request);
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestWhenLowercaseEncodedPeriodInThenThrowsRequestRejectedException() {
 		this.request.setRequestURI("/%2e/");
-		this.firewall.getFirewalledRequest(this.request);
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
 	}
 
 	@Test
@@ -309,10 +323,11 @@ public void getFirewalledRequestWhenAllowEncodedPeriodAndEncodedPeriodInThenNoEx
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestWhenExceedsLowerboundAsciiThenException() {
 		this.request.setRequestURI("/\u0019");
-		this.firewall.getFirewalledRequest(this.request);
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
 	}
 
 	@Test
@@ -327,22 +342,25 @@ public void getFirewalledRequestWhenContainsUpperboundAsciiThenNoException() {
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestWhenExceedsUpperboundAsciiThenException() {
 		this.request.setRequestURI("/\u007f");
-		this.firewall.getFirewalledRequest(this.request);
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestWhenContainsNullThenException() {
 		this.request.setRequestURI("/\0");
-		this.firewall.getFirewalledRequest(this.request);
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestWhenContainsEncodedNullThenException() {
 		this.request.setRequestURI("/something%00/");
-		this.firewall.getFirewalledRequest(this.request);
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
 	}
 
 	/**
@@ -350,22 +368,24 @@ public void getFirewalledRequestWhenContainsEncodedNullThenException() {
 	 * because the pathInfo is /a/b;/1/c which ends up being /a/b/1/c while Spring MVC
 	 * will strip the ; content from requestURI before the path is URL decoded.
 	 */
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestWhenLowercaseEncodedPathThenException() {
 		this.request.setRequestURI("/context-root/a/b;%2f1/c");
 		this.request.setContextPath("/context-root");
 		this.request.setServletPath("");
 		this.request.setPathInfo("/a/b;/1/c"); // URL decoded requestURI
-		this.firewall.getFirewalledRequest(this.request);
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestWhenUppercaseEncodedPathThenException() {
 		this.request.setRequestURI("/context-root/a/b;%2F1/c");
 		this.request.setContextPath("/context-root");
 		this.request.setServletPath("");
 		this.request.setPathInfo("/a/b;/1/c"); // URL decoded requestURI
-		this.firewall.getFirewalledRequest(this.request);
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
 	}
 
 	@Test
@@ -536,133 +556,138 @@ public void getFirewalledRequestWhenTrustedDomainThenNoException() {
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestWhenUntrustedDomainThenException() {
 		this.request.addHeader("Host", "example.org");
 		this.firewall.setAllowedHostnames((hostname) -> hostname.equals("myexample.org"));
-		this.firewall.getFirewalledRequest(this.request);
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestGetHeaderWhenNotAllowedHeaderNameThenException() {
 		this.firewall.setAllowedHeaderNames((name) -> !name.equals("bad name"));
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
-		request.getHeader("bad name");
+		assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(() -> request.getHeader("bad name"));
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestGetHeaderWhenNotAllowedHeaderValueThenException() {
 		this.request.addHeader("good name", "bad value");
 		this.firewall.setAllowedHeaderValues((value) -> !value.equals("bad value"));
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
-		request.getHeader("good name");
+		assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(() -> request.getHeader("good name"));
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestGetDateHeaderWhenControlCharacterInHeaderNameThenException() {
 		this.request.addHeader("Bad\0Name", "some value");
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
-		request.getDateHeader("Bad\0Name");
+		assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(() -> request.getDateHeader("Bad\0Name"));
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestGetIntHeaderWhenControlCharacterInHeaderNameThenException() {
 		this.request.addHeader("Bad\0Name", "some value");
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
-		request.getIntHeader("Bad\0Name");
+		assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(() -> request.getIntHeader("Bad\0Name"));
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestGetHeaderWhenControlCharacterInHeaderNameThenException() {
 		this.request.addHeader("Bad\0Name", "some value");
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
-		request.getHeader("Bad\0Name");
+		assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(() -> request.getHeader("Bad\0Name"));
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestGetHeaderWhenUndefinedCharacterInHeaderNameThenException() {
 		this.request.addHeader("Bad\uFFFEName", "some value");
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
-		request.getHeader("Bad\uFFFEName");
+		assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(() -> request.getHeader("Bad\uFFFEName"));
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestGetHeadersWhenControlCharacterInHeaderNameThenException() {
 		this.request.addHeader("Bad\0Name", "some value");
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
-		request.getHeaders("Bad\0Name");
+		assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(() -> request.getHeaders("Bad\0Name"));
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestGetHeaderNamesWhenControlCharacterInHeaderNameThenException() {
 		this.request.addHeader("Bad\0Name", "some value");
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
-		request.getHeaderNames().nextElement();
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> request.getHeaderNames().nextElement());
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestGetHeaderWhenControlCharacterInHeaderValueThenException() {
 		this.request.addHeader("Something", "bad\0value");
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
-		request.getHeader("Something");
+		assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(() -> request.getHeader("Something"));
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestGetHeaderWhenUndefinedCharacterInHeaderValueThenException() {
 		this.request.addHeader("Something", "bad\uFFFEvalue");
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
-		request.getHeader("Something");
+		assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(() -> request.getHeader("Something"));
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestGetHeadersWhenControlCharacterInHeaderValueThenException() {
 		this.request.addHeader("Something", "bad\0value");
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
-		request.getHeaders("Something").nextElement();
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> request.getHeaders("Something").nextElement());
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestGetParameterWhenControlCharacterInParameterNameThenException() {
 		this.request.addParameter("Bad\0Name", "some value");
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
-		request.getParameter("Bad\0Name");
+		assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(() -> request.getParameter("Bad\0Name"));
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestGetParameterMapWhenControlCharacterInParameterNameThenException() {
 		this.request.addParameter("Bad\0Name", "some value");
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
-		request.getParameterMap();
+		assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(request::getParameterMap);
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestGetParameterNamesWhenControlCharacterInParameterNameThenException() {
 		this.request.addParameter("Bad\0Name", "some value");
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
-		request.getParameterNames().nextElement();
+		assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(request.getParameterNames()::nextElement);
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestGetParameterNamesWhenUndefinedCharacterInParameterNameThenException() {
 		this.request.addParameter("Bad\uFFFEName", "some value");
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
-		request.getParameterNames().nextElement();
+		assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(request.getParameterNames()::nextElement);
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestGetParameterValuesWhenNotAllowedInParameterValueThenException() {
 		this.firewall.setAllowedParameterValues((value) -> !value.equals("bad value"));
 		this.request.addParameter("Something", "bad value");
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
-		request.getParameterValues("Something");
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> request.getParameterValues("Something"));
 	}
 
-	@Test(expected = RequestRejectedException.class)
+	@Test
 	public void getFirewalledRequestGetParameterValuesWhenNotAllowedInParameterNameThenException() {
 		this.firewall.setAllowedParameterNames((value) -> !value.equals("bad name"));
 		this.request.addParameter("bad name", "good value");
 		HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
-		request.getParameterValues("bad name");
+		assertThatExceptionOfType(RequestRejectedException.class)
+				.isThrownBy(() -> request.getParameterValues("bad name"));
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java b/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java
index 6da7e6a2b71..76ce8510e25 100644
--- a/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java
@@ -34,6 +34,7 @@
 import org.springframework.mock.web.MockHttpServletResponse;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
@@ -55,15 +56,14 @@ public class HeaderWriterFilterTests {
 	@Mock
 	private HeaderWriter writer2;
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void noHeadersConfigured() {
-		List<HeaderWriter> headerWriters = new ArrayList<>();
-		new HeaderWriterFilter(headerWriters);
+		assertThatIllegalArgumentException().isThrownBy(() -> new HeaderWriterFilter(new ArrayList<>()));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullWriters() {
-		new HeaderWriterFilter(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new HeaderWriterFilter(null));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java
index 2aebd2af5b5..45d18315ab7 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java
@@ -23,6 +23,7 @@
 import org.springframework.mock.web.MockHttpServletResponse;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Joe Grandja
@@ -102,10 +103,10 @@ public void writeHeadersContentSecurityPolicyReportOnlyCustom() {
 		assertThat(this.response.getHeader("Content-Security-Policy-Report-Only")).isEqualTo(policyDirectives);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void writeHeadersContentSecurityPolicyInvalid() {
-		this.writer = new ContentSecurityPolicyHeaderWriter("");
-		this.writer = new ContentSecurityPolicyHeaderWriter(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new ContentSecurityPolicyHeaderWriter(""));
+		assertThatIllegalArgumentException().isThrownBy(() -> new ContentSecurityPolicyHeaderWriter(null));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java
index 8e4124f983a..7e375b890c1 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java
@@ -27,6 +27,7 @@
 import org.springframework.security.web.header.HeaderWriter;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
@@ -57,14 +58,16 @@ public void setup() {
 		this.headerWriter = new DelegatingRequestMatcherHeaderWriter(this.matcher, this.delegate);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullRequestMatcher() {
-		new DelegatingRequestMatcherHeaderWriter(null, this.delegate);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new DelegatingRequestMatcherHeaderWriter(null, this.delegate));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullDelegate() {
-		new DelegatingRequestMatcherHeaderWriter(this.matcher, null);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new DelegatingRequestMatcherHeaderWriter(this.matcher, null));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java
index 537a65a2b8c..362891a84d8 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java
@@ -29,6 +29,7 @@
 import org.springframework.mock.web.MockHttpServletResponse;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Tim Ysewyn
@@ -166,19 +167,20 @@ public void writeHeadersInsecureRequestDoesNotWriteHeader() {
 		assertThat(this.response.getHeaderNames()).isEmpty();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setMaxAgeInSecondsToNegative() {
-		this.writer.setMaxAgeInSeconds(-1);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.writer.setMaxAgeInSeconds(-1));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void addSha256PinsWithNullPin() {
-		this.writer.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=", null);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.writer.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=", null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setIncorrectReportUri() {
-		this.writer.setReportUri("some url here...");
+		assertThatIllegalArgumentException().isThrownBy(() -> this.writer.setReportUri("some url here..."));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java
index dd006b845df..8b7ea413ef9 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java
@@ -24,6 +24,7 @@
 import org.springframework.security.web.util.matcher.AnyRequestMatcher;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Rob Winch
@@ -124,14 +125,14 @@ public void writeHeadersAnyRequestMatcher() {
 				.isEqualTo("max-age=31536000 ; includeSubDomains");
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setMaxAgeInSecondsToNegative() {
-		this.writer.setMaxAgeInSeconds(-1);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.writer.setMaxAgeInSeconds(-1));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setRequestMatcherToNull() {
-		this.writer.setRequestMatcher(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.writer.setRequestMatcher(null));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java
index b11c344fc39..2d5f6a7b404 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/ReferrerPolicyHeaderWriterTests.java
@@ -24,6 +24,7 @@
 import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Eddú Meléndez
@@ -64,9 +65,9 @@ public void writeHeadersReferrerPolicyCustom() {
 		assertThat(this.response.getHeader("Referrer-Policy")).isEqualTo("same-origin");
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void writeHeaderReferrerPolicyInvalid() {
-		this.writer = new ReferrerPolicyHeaderWriter(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new ReferrerPolicyHeaderWriter(null));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/StaticHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/StaticHeaderWriterTests.java
index 33c077d51d2..863e0f4f296 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/StaticHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/StaticHeaderWriterTests.java
@@ -27,6 +27,7 @@
 import org.springframework.security.web.header.Header;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Test for the {@code StaticHeadersWriter}
@@ -48,29 +49,29 @@ public void setup() {
 		this.response = new MockHttpServletResponse();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullHeaders() {
-		new StaticHeadersWriter(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new StaticHeadersWriter(null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorEmptyHeaders() {
-		new StaticHeadersWriter(Collections.<Header>emptyList());
+		assertThatIllegalArgumentException().isThrownBy(() -> new StaticHeadersWriter(Collections.<Header>emptyList()));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullHeaderName() {
-		new StaticHeadersWriter(null, "value1");
+		assertThatIllegalArgumentException().isThrownBy(() -> new StaticHeadersWriter(null, "value1"));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullHeaderValues() {
-		new StaticHeadersWriter("name", (String[]) null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new StaticHeadersWriter("name", (String[]) null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorContainsNullHeaderValue() {
-		new StaticHeadersWriter("name", "value1", null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new StaticHeadersWriter("name", "value1", null));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java
index c4525989d4c..3bbba80c859 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java
@@ -23,6 +23,7 @@
 import org.springframework.mock.web.MockHttpServletResponse;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Rob Winch
@@ -78,11 +79,11 @@ public void setEnabledFalseWithBlockTrue() {
 		assertThat(this.response.getHeaderValues("X-XSS-Protection")).containsOnly("0");
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setBlockTrueWithEnabledFalse() {
 		this.writer.setBlock(false);
 		this.writer.setEnabled(false);
-		this.writer.setBlock(true);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.writer.setBlock(true));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java
index 2bf5e2abdb6..3e3079df1ad 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java
@@ -27,6 +27,7 @@
 import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.BDDMockito.given;
 
 /**
@@ -51,19 +52,20 @@ public void setup() {
 		this.response = new MockHttpServletResponse();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullMode() {
-		new XFrameOptionsHeaderWriter((XFrameOptionsMode) null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new XFrameOptionsHeaderWriter((XFrameOptionsMode) null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorAllowFromNoAllowFromStrategy() {
-		new XFrameOptionsHeaderWriter(XFrameOptionsMode.ALLOW_FROM);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new XFrameOptionsHeaderWriter(XFrameOptionsMode.ALLOW_FROM));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullAllowFromStrategy() {
-		new XFrameOptionsHeaderWriter((AllowFromStrategy) null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new XFrameOptionsHeaderWriter((AllowFromStrategy) null));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java
index 95dc5791c9b..bfdc47fde45 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java
@@ -23,20 +23,22 @@
 import org.springframework.mock.web.MockHttpServletRequest;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Marten Deinum
  */
 public class RegExpAllowFromStrategyTests {
 
-	@Test(expected = PatternSyntaxException.class)
+	@Test
 	public void invalidRegularExpressionShouldLeadToException() {
-		new RegExpAllowFromStrategy("[a-z");
+		assertThatExceptionOfType(PatternSyntaxException.class).isThrownBy(() -> new RegExpAllowFromStrategy("[a-z"));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void nullRegularExpressionShouldLeadToException() {
-		new RegExpAllowFromStrategy(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new RegExpAllowFromStrategy(null));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java
index 3ccc08ed730..ca93c8d3b46 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java
@@ -24,6 +24,7 @@
 import org.springframework.mock.web.MockHttpServletRequest;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * Test for the {@code WhiteListedAllowFromStrategy}.
@@ -33,14 +34,14 @@
  */
 public class WhiteListedAllowFromStrategyTests {
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void emptyListShouldThrowException() {
-		new WhiteListedAllowFromStrategy(new ArrayList<>());
+		assertThatIllegalArgumentException().isThrownBy(() -> new WhiteListedAllowFromStrategy(new ArrayList<>()));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void nullListShouldThrowException() {
-		new WhiteListedAllowFromStrategy(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new WhiteListedAllowFromStrategy(null));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java
index f6ec0dedc56..d14dc83e3a1 100644
--- a/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java
@@ -27,6 +27,7 @@
 import org.springframework.security.web.csrf.DefaultCsrfToken;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * @author Jitendra Singh
@@ -58,16 +59,18 @@ public void defaultCsrfTokenDeserializeTest() throws IOException {
 		assertThat(token.getToken()).isEqualTo("1");
 	}
 
-	@Test(expected = JsonMappingException.class)
+	@Test
 	public void defaultCsrfTokenDeserializeWithoutClassTest() throws IOException {
 		String tokenJson = "{\"headerName\": \"csrf-header\", \"parameterName\": \"_csrf\", \"token\": \"1\"}";
-		this.mapper.readValue(tokenJson, DefaultCsrfToken.class);
+		assertThatExceptionOfType(JsonMappingException.class)
+				.isThrownBy(() -> this.mapper.readValue(tokenJson, DefaultCsrfToken.class));
 	}
 
-	@Test(expected = JsonMappingException.class)
+	@Test
 	public void defaultCsrfTokenDeserializeNullValuesTest() throws IOException {
 		String tokenJson = "{\"@class\": \"org.springframework.security.web.csrf.DefaultCsrfToken\", \"headerName\": \"\", \"parameterName\": null, \"token\": \"1\"}";
-		this.mapper.readValue(tokenJson, DefaultCsrfToken.class);
+		assertThatExceptionOfType(JsonMappingException.class)
+				.isThrownBy(() -> this.mapper.readValue(tokenJson, DefaultCsrfToken.class));
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
index 31b97dc1455..dfd3d504ca7 100644
--- a/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
+++ b/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
@@ -36,6 +36,7 @@
 import org.springframework.util.ReflectionUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * @author Rob Winch
@@ -141,16 +142,18 @@ public void resolveArgumentNullOnInvalidType() throws Exception {
 		assertThat(this.resolver.resolveArgument(showUserAnnotationString(), null, null, null)).isNull();
 	}
 
-	@Test(expected = ClassCastException.class)
+	@Test
 	public void resolveArgumentErrorOnInvalidType() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		this.resolver.resolveArgument(showUserAnnotationErrorOnInvalidType(), null, null, null);
+		assertThatExceptionOfType(ClassCastException.class).isThrownBy(
+				() -> this.resolver.resolveArgument(showUserAnnotationErrorOnInvalidType(), null, null, null));
 	}
 
-	@Test(expected = ClassCastException.class)
+	@Test
 	public void resolveArgumentCustomserErrorOnInvalidType() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
-		this.resolver.resolveArgument(showUserAnnotationCurrentUserErrorOnInvalidType(), null, null, null);
+		assertThatExceptionOfType(ClassCastException.class).isThrownBy(() -> this.resolver
+				.resolveArgument(showUserAnnotationCurrentUserErrorOnInvalidType(), null, null, null));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java
index b1d0d23a457..1463067b4e7 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapperTests.java
@@ -29,6 +29,7 @@
 import org.springframework.security.web.PortResolverImpl;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 public class SavedRequestAwareWrapperTests {
 
@@ -144,12 +145,12 @@ public void expecteDateHeaderIsReturnedFromSavedRequest() throws Exception {
 		assertThat(wrapper.getDateHeader("nonexistent")).isEqualTo(-1L);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void invalidDateHeaderIsRejected() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.addHeader("header", "notadate");
 		SavedRequestAwareWrapper wrapper = createWrapper(request, new MockHttpServletRequest());
-		wrapper.getDateHeader("header");
+		assertThatIllegalArgumentException().isThrownBy(() -> wrapper.getDateHeader("header"));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java b/web/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java
index eaf5c1ece7e..9b6d03637e6 100644
--- a/web/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java
@@ -29,6 +29,7 @@
 import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.Mockito.verifyZeroInteractions;
 
 /**
@@ -45,14 +46,14 @@ public class DefaultServerRedirectStrategyTests {
 
 	private DefaultServerRedirectStrategy strategy = new DefaultServerRedirectStrategy();
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void sendRedirectWhenLocationNullThenException() {
-		this.strategy.sendRedirect(this.exchange, null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.strategy.sendRedirect(this.exchange, null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void sendRedirectWhenExchangeNullThenException() {
-		this.strategy.sendRedirect(null, this.location);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.strategy.sendRedirect(null, this.location));
 	}
 
 	@Test
@@ -106,9 +107,9 @@ public void sendRedirectWhenCustomStatusThenStatusSet() {
 		assertThat(this.exchange.getResponse().getHeaders().getLocation()).hasPath(this.location.getPath());
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setHttpStatusWhenNullThenException() {
-		this.strategy.setHttpStatus(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.strategy.setHttpStatus(null));
 	}
 
 	private static MockServerWebExchange exchange(MockServerHttpRequest.BaseBuilder<?> request) {
diff --git a/web/src/test/java/org/springframework/security/web/server/WebFilterExchangeTests.java b/web/src/test/java/org/springframework/security/web/server/WebFilterExchangeTests.java
index b896310add1..7ee9c3a83db 100644
--- a/web/src/test/java/org/springframework/security/web/server/WebFilterExchangeTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/WebFilterExchangeTests.java
@@ -25,6 +25,7 @@
 import org.springframework.web.server.WebFilterChain;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Rob Winch
@@ -39,16 +40,14 @@ public class WebFilterExchangeTests {
 	@Mock
 	private WebFilterChain chain;
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorServerWebExchangeWebFilterChainWhenExchangeNullThenException() {
-		this.exchange = null;
-		new WebFilterExchange(this.exchange, this.chain);
+		assertThatIllegalArgumentException().isThrownBy(() -> new WebFilterExchange(null, this.chain));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorServerWebExchangeWebFilterChainWhenChainNullThenException() {
-		this.chain = null;
-		new WebFilterExchange(this.exchange, this.chain);
+		assertThatIllegalArgumentException().isThrownBy(() -> new WebFilterExchange(this.exchange, null));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java
index 314dff71077..ee694ac81db 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java
@@ -30,6 +30,7 @@
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.assertj.core.api.Assertions.assertThatNullPointerException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
@@ -57,9 +58,10 @@ public void setup() {
 		this.matcher = new AuthenticationConverterServerWebExchangeMatcher(this.converter);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorConverterWhenConverterNullThenThrowsException() {
-		new AuthenticationConverterServerWebExchangeMatcher(null);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new AuthenticationConverterServerWebExchangeMatcher(null));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java
index 863cc1183ae..55986a3565a 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java
@@ -36,6 +36,7 @@
 import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@@ -235,9 +236,9 @@ public void filterWhenConvertAndAuthenticationExceptionThenServerError() {
 		verifyZeroInteractions(this.successHandler, this.failureHandler);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setRequiresAuthenticationMatcherWhenNullThenException() {
-		this.filter.setRequiresAuthenticationMatcher(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.filter.setRequiresAuthenticationMatcher(null));
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java
index 43c8828e483..5c93b432411 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java
@@ -29,6 +29,7 @@
 import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.Mockito.verifyZeroInteractions;
 
 /**
@@ -70,9 +71,9 @@ public void commenceWhenCustomRealmThenStatusAndHeaderSet() {
 				.containsOnly("Basic realm=\"Custom\"");
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setRealmWhenNullThenException() {
-		this.entryPoint.setRealm(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.entryPoint.setRealm(null));
 	}
 
 	private static MockServerWebExchange exchange(MockServerHttpRequest.BaseBuilder<?> request) {
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java
index 2fb7ea2f878..8f4c0015585 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java
@@ -32,6 +32,7 @@
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -68,35 +69,40 @@ public void returnsAuthenticatedTokenForValidAccount() {
 		assertThat(authentication.isAuthenticated()).isEqualTo(true);
 	}
 
-	@Test(expected = UsernameNotFoundException.class)
+	@Test
 	public void returnsNullForNonExistingAccount() {
 		given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.empty());
-		this.manager.authenticate(tokenForUser(this.nonExistingAccount.getUsername())).block();
+		assertThatExceptionOfType(UsernameNotFoundException.class).isThrownBy(
+				() -> this.manager.authenticate(tokenForUser(this.nonExistingAccount.getUsername())).block());
 	}
 
-	@Test(expected = LockedException.class)
+	@Test
 	public void throwsExceptionForLockedAccount() {
 		given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.just(this.lockedAccount));
-		this.manager.authenticate(tokenForUser(this.lockedAccount.getUsername())).block();
+		assertThatExceptionOfType(LockedException.class)
+				.isThrownBy(() -> this.manager.authenticate(tokenForUser(this.lockedAccount.getUsername())).block());
 	}
 
-	@Test(expected = DisabledException.class)
+	@Test
 	public void throwsExceptionForDisabledAccount() {
 		given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.just(this.disabledAccount));
-		this.manager.authenticate(tokenForUser(this.disabledAccount.getUsername())).block();
+		assertThatExceptionOfType(DisabledException.class)
+				.isThrownBy(() -> this.manager.authenticate(tokenForUser(this.disabledAccount.getUsername())).block());
 	}
 
-	@Test(expected = AccountExpiredException.class)
+	@Test
 	public void throwsExceptionForExpiredAccount() {
 		given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.just(this.expiredAccount));
-		this.manager.authenticate(tokenForUser(this.expiredAccount.getUsername())).block();
+		assertThatExceptionOfType(AccountExpiredException.class)
+				.isThrownBy(() -> this.manager.authenticate(tokenForUser(this.expiredAccount.getUsername())).block());
 	}
 
-	@Test(expected = CredentialsExpiredException.class)
+	@Test
 	public void throwsExceptionForAccountWithExpiredCredentials() {
 		given(this.mockUserDetailsService.findByUsername(anyString()))
 				.willReturn(Mono.just(this.accountWithExpiredCredentials));
-		this.manager.authenticate(tokenForUser(this.accountWithExpiredCredentials.getUsername())).block();
+		assertThatExceptionOfType(CredentialsExpiredException.class).isThrownBy(() -> this.manager
+				.authenticate(tokenForUser(this.accountWithExpiredCredentials.getUsername())).block());
 	}
 
 	private Authentication tokenForUser(String username) {
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java
index d48160c43f0..8e46b77c621 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPointTests.java
@@ -31,6 +31,7 @@
 import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 
@@ -55,9 +56,9 @@ public class RedirectServerAuthenticationEntryPointTests {
 	private AuthenticationException exception = new AuthenticationCredentialsNotFoundException(
 			"Authentication Required");
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorStringWhenNullLocationThenException() {
-		new RedirectServerAuthenticationEntryPoint(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new RedirectServerAuthenticationEntryPoint(null));
 	}
 
 	@Test
@@ -86,9 +87,9 @@ public void commenceWhenCustomServerRedirectStrategyThenCustomServerRedirectStra
 		redirectResult.assertWasSubscribed();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setRedirectStrategyWhenNullThenException() {
-		this.entryPoint.setRedirectStrategy(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.entryPoint.setRedirectStrategy(null));
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java
index 6f0cb185a0a..ba12f17c666 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java
@@ -33,6 +33,7 @@
 import org.springframework.web.server.handler.DefaultWebFilterChain;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 
@@ -56,9 +57,9 @@ public class RedirectServerAuthenticationFailureHandlerTests {
 	private AuthenticationException exception = new AuthenticationCredentialsNotFoundException(
 			"Authentication Required");
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorStringWhenNullLocationThenException() {
-		new RedirectServerAuthenticationEntryPoint(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new RedirectServerAuthenticationEntryPoint(null));
 	}
 
 	@Test
@@ -87,9 +88,9 @@ public void commenceWhenCustomServerRedirectStrategyThenCustomServerRedirectStra
 		redirectResult.assertWasSubscribed();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setRedirectStrategyWhenNullThenException() {
-		this.handler.setRedirectStrategy(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.handler.setRedirectStrategy(null));
 	}
 
 	private WebFilterExchange createExchange() {
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java
index 6a4054b6202..7178642c563 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java
@@ -34,6 +34,7 @@
 import org.springframework.web.server.WebFilterChain;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@@ -62,9 +63,9 @@ public class RedirectServerAuthenticationSuccessHandlerTests {
 
 	private RedirectServerAuthenticationSuccessHandler handler = new RedirectServerAuthenticationSuccessHandler();
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorStringWhenNullLocationThenException() {
-		new RedirectServerAuthenticationEntryPoint(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new RedirectServerAuthenticationEntryPoint(null));
 	}
 
 	@Test
@@ -96,14 +97,14 @@ public void successWhenCustomLocationThenCustomLocationUsed() {
 		verify(this.redirectStrategy).sendRedirect(any(), eq(this.location));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setRedirectStrategyWhenNullThenException() {
-		this.handler.setRedirectStrategy(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.handler.setRedirectStrategy(null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setLocationWhenNullThenException() {
-		this.handler.setLocation(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.handler.setLocation(null));
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandlerTests.java
index ffa96d4e383..45b4fa5b627 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandlerTests.java
@@ -30,6 +30,7 @@
 import org.springframework.web.server.WebFilterChain;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.BDDMockito.given;
 
 /**
@@ -54,10 +55,9 @@ public class ServerAuthenticationEntryPointFailureHandlerTests {
 	@InjectMocks
 	private ServerAuthenticationEntryPointFailureHandler handler;
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenNullEntryPointThenException() {
-		this.authenticationEntryPoint = null;
-		new ServerAuthenticationEntryPointFailureHandler(this.authenticationEntryPoint);
+		assertThatIllegalArgumentException().isThrownBy(() -> new ServerAuthenticationEntryPointFailureHandler(null));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java
index 49d6866fde4..2d9b33ac187 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java
@@ -29,6 +29,7 @@
 import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.BDDMockito.given;
 
 /**
@@ -86,14 +87,14 @@ public void applyWhenNoDataThenCreatesTokenSuccess() {
 		assertThat(authentication.getAuthorities()).isEmpty();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setUsernameParameterWhenNullThenIllegalArgumentException() {
-		this.converter.setUsernameParameter(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.converter.setUsernameParameter(null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setPasswordParameterWhenNullThenIllegalArgumentException() {
-		this.converter.setPasswordParameter(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.converter.setPasswordParameter(null));
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java
index c15a8de07b2..898d543c2c8 100644
--- a/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java
@@ -26,6 +26,7 @@
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 import reactor.core.publisher.Mono;
+import reactor.util.context.Context;
 
 import org.springframework.http.HttpMethod;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
@@ -179,12 +180,11 @@ public void switchUserWhenUsernameIsMissingThenThrowException() {
 				.from(MockServerHttpRequest.post("/login/impersonate"));
 		final WebFilterChain chain = mock(WebFilterChain.class);
 		final SecurityContextImpl securityContext = new SecurityContextImpl(mock(Authentication.class));
-		assertThatIllegalArgumentException()
-				.isThrownBy(() -> this.switchUserWebFilter.filter(exchange, chain)
-						.subscriberContext(
-								ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
-						.block())
-				.withMessage("The userName can not be null.");
+		assertThatIllegalArgumentException().isThrownBy(() -> {
+			Context securityContextHolder = ReactiveSecurityContextHolder
+					.withSecurityContext(Mono.just(securityContext));
+			this.switchUserWebFilter.filter(exchange, chain).subscriberContext(securityContextHolder).block();
+		}).withMessage("The userName can not be null.");
 		verifyNoInteractions(chain);
 	}
 
@@ -216,12 +216,11 @@ public void switchUserWhenFailureHandlerNotDefinedThenReturnError() {
 		final SecurityContextImpl securityContext = new SecurityContextImpl(mock(Authentication.class));
 		final UserDetails switchUserDetails = switchUserDetails(targetUsername, false);
 		given(this.userDetailsService.findByUsername(any(String.class))).willReturn(Mono.just(switchUserDetails));
-		assertThatExceptionOfType(DisabledException.class)
-				.isThrownBy(
-						() -> this.switchUserWebFilter.filter(exchange, chain)
-								.subscriberContext(
-										ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
-								.block());
+		assertThatExceptionOfType(DisabledException.class).isThrownBy(() -> {
+			Context securityContextHolder = ReactiveSecurityContextHolder
+					.withSecurityContext(Mono.just(securityContext));
+			this.switchUserWebFilter.filter(exchange, chain).subscriberContext(securityContextHolder).block();
+		});
 		verifyNoInteractions(chain);
 	}
 
@@ -264,12 +263,11 @@ public void exitSwitchWhenUserNotSwitchedThenThrowError() {
 				"origCredentials");
 		final WebFilterChain chain = mock(WebFilterChain.class);
 		final SecurityContextImpl securityContext = new SecurityContextImpl(originalAuthentication);
-		assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
-				.isThrownBy(() -> this.switchUserWebFilter.filter(exchange, chain)
-						.subscriberContext(
-								ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
-						.block())
-				.withMessage("Could not find original Authentication object");
+		assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class).isThrownBy(() -> {
+			Context securityContextHolder = ReactiveSecurityContextHolder
+					.withSecurityContext(Mono.just(securityContext));
+			this.switchUserWebFilter.filter(exchange, chain).subscriberContext(securityContextHolder).block();
+		}).withMessage("Could not find original Authentication object");
 		verifyNoInteractions(chain);
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java
index 4e6a9c7285c..847edc204a8 100644
--- a/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java
@@ -35,6 +35,7 @@
 import org.springframework.web.server.WebFilterChain;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 
@@ -128,14 +129,14 @@ public void filterWhenAccessDeniedExceptionAndAuthenticatedThenHandled() {
 		this.entryPointPublisher.assertWasNotSubscribed();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setAccessDeniedHandlerWhenNullThenException() {
-		this.filter.setAccessDeniedHandler(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.filter.setAccessDeniedHandler(null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setAuthenticationEntryPointWhenNullThenException() {
-		this.filter.setAuthenticationEntryPoint(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> this.filter.setAuthenticationEntryPoint(null));
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandlerTests.java
index 08cde18541d..ade1054efa1 100644
--- a/web/src/test/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandlerTests.java
@@ -28,6 +28,7 @@
 import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.Mockito.verifyZeroInteractions;
 
 /**
@@ -46,9 +47,9 @@ public class HttpStatusServerAccessDeniedHandlerTests {
 
 	private AccessDeniedException exception = new AccessDeniedException("Forbidden");
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorHttpStatusWhenNullThenException() {
-		new HttpStatusServerAccessDeniedHandler(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new HttpStatusServerAccessDeniedHandler(null));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java
index ccc686bf6c1..b03bcc4705b 100644
--- a/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java
@@ -38,6 +38,7 @@
 import org.springframework.web.server.handler.DefaultWebFilterChain;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 
@@ -69,10 +70,9 @@ public void setup() {
 		given(this.repository.load(any())).willReturn(this.securityContext.mono());
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullSecurityContextRepository() {
-		ServerSecurityContextRepository repository = null;
-		new ReactorContextWebFilter(repository);
+		assertThatIllegalArgumentException().isThrownBy(() -> new ReactorContextWebFilter(null));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java b/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java
index 3a1a9f246e8..54c3e41275c 100644
--- a/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java
@@ -28,6 +28,7 @@
 import org.springframework.security.web.server.csrf.DefaultCsrfToken;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * @author Boris Finkelshteyn
@@ -59,16 +60,18 @@ public void defaultCsrfTokenDeserializeTest() throws IOException {
 		assertThat(token.getToken()).isEqualTo("1");
 	}
 
-	@Test(expected = JsonMappingException.class)
+	@Test
 	public void defaultCsrfTokenDeserializeWithoutClassTest() throws IOException {
 		String tokenJson = "{\"headerName\": \"csrf-header\", \"parameterName\": \"_csrf\", \"token\": \"1\"}";
-		this.mapper.readValue(tokenJson, DefaultCsrfToken.class);
+		assertThatExceptionOfType(JsonMappingException.class)
+				.isThrownBy(() -> this.mapper.readValue(tokenJson, DefaultCsrfToken.class));
 	}
 
-	@Test(expected = JsonMappingException.class)
+	@Test
 	public void defaultCsrfTokenDeserializeNullValuesTest() throws IOException {
 		String tokenJson = "{\"@class\": \"org.springframework.security.web.server.csrf.DefaultCsrfToken\", \"headerName\": \"\", \"parameterName\": null, \"token\": \"1\"}";
-		this.mapper.readValue(tokenJson, DefaultCsrfToken.class);
+		assertThatExceptionOfType(JsonMappingException.class)
+				.isThrownBy(() -> this.mapper.readValue(tokenJson, DefaultCsrfToken.class));
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcherTests.java
index 57b0fa3ba12..3b651accce2 100644
--- a/web/src/test/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcherTests.java
@@ -27,6 +27,7 @@
 import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Rob Winch
@@ -36,28 +37,28 @@ public class MediaTypeServerWebExchangeMatcherTests {
 
 	private MediaTypeServerWebExchangeMatcher matcher;
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorMediaTypeArrayWhenNullThenThrowsIllegalArgumentException() {
 		MediaType[] types = null;
-		new MediaTypeServerWebExchangeMatcher(types);
+		assertThatIllegalArgumentException().isThrownBy(() -> new MediaTypeServerWebExchangeMatcher(types));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorMediaTypeArrayWhenContainsNullThenThrowsIllegalArgumentException() {
 		MediaType[] types = { null };
-		new MediaTypeServerWebExchangeMatcher(types);
+		assertThatIllegalArgumentException().isThrownBy(() -> new MediaTypeServerWebExchangeMatcher(types));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorMediaTypeListWhenNullThenThrowsIllegalArgumentException() {
 		List<MediaType> types = null;
-		new MediaTypeServerWebExchangeMatcher(types);
+		assertThatIllegalArgumentException().isThrownBy(() -> new MediaTypeServerWebExchangeMatcher(types));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorMediaTypeListWhenContainsNullThenThrowsIllegalArgumentException() {
 		List<MediaType> types = Collections.singletonList(null);
-		new MediaTypeServerWebExchangeMatcher(types);
+		assertThatIllegalArgumentException().isThrownBy(() -> new MediaTypeServerWebExchangeMatcher(types));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java
index 3bf61f4487b..517919ec01f 100644
--- a/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java
@@ -32,6 +32,7 @@
 import org.springframework.web.util.pattern.PathPattern;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verifyZeroInteractions;
@@ -65,14 +66,16 @@ public void setup() {
 		this.matcher = new PathPatternParserServerWebExchangeMatcher(this.pattern);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorPatternWhenPatternNullThenThrowsException() {
-		new PathPatternParserServerWebExchangeMatcher((PathPattern) null);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new PathPatternParserServerWebExchangeMatcher((PathPattern) null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorPatternAndMethodWhenPatternNullThenThrowsException() {
-		new PathPatternParserServerWebExchangeMatcher((PathPattern) null, HttpMethod.GET);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new PathPatternParserServerWebExchangeMatcher((PathPattern) null, HttpMethod.GET));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java b/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java
index be04e536eb0..effa61b2079 100644
--- a/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java
+++ b/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java
@@ -26,6 +26,7 @@
 import org.springframework.web.context.support.StaticWebApplicationContext;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
 
 /**
  * The HttpSessionEventPublisher tests
@@ -94,32 +95,31 @@ public void publishedEventIsReceivedbyListenerChildContext() {
 	}
 
 	// SEC-2599
-	@Test(expected = IllegalStateException.class)
+	@Test
 	public void sessionCreatedNullApplicationContext() {
 		HttpSessionEventPublisher publisher = new HttpSessionEventPublisher();
 		MockServletContext servletContext = new MockServletContext();
 		MockHttpSession session = new MockHttpSession(servletContext);
 		HttpSessionEvent event = new HttpSessionEvent(session);
-		publisher.sessionCreated(event);
+		assertThatIllegalStateException().isThrownBy(() -> publisher.sessionCreated(event));
 	}
 
-	// SEC-2599
-	@Test(expected = IllegalStateException.class)
+	@Test // SEC-2599
 	public void sessionDestroyedNullApplicationContext() {
 		HttpSessionEventPublisher publisher = new HttpSessionEventPublisher();
 		MockServletContext servletContext = new MockServletContext();
 		MockHttpSession session = new MockHttpSession(servletContext);
 		HttpSessionEvent event = new HttpSessionEvent(session);
-		publisher.sessionDestroyed(event);
+		assertThatIllegalStateException().isThrownBy(() -> publisher.sessionDestroyed(event));
 	}
 
-	@Test(expected = IllegalStateException.class)
+	@Test
 	public void sessionIdChangeNullApplicationContext() {
 		HttpSessionEventPublisher publisher = new HttpSessionEventPublisher();
 		MockServletContext servletContext = new MockServletContext();
 		MockHttpSession session = new MockHttpSession(servletContext);
 		HttpSessionEvent event = new HttpSessionEvent(session);
-		publisher.sessionIdChanged(event, "oldSessionId");
+		assertThatIllegalStateException().isThrownBy(() -> publisher.sessionIdChanged(event, "oldSessionId"));
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/session/SessionInformationExpiredEventTests.java b/web/src/test/java/org/springframework/security/web/session/SessionInformationExpiredEventTests.java
index 51fcf650e30..0ec42fcff45 100644
--- a/web/src/test/java/org/springframework/security/web/session/SessionInformationExpiredEventTests.java
+++ b/web/src/test/java/org/springframework/security/web/session/SessionInformationExpiredEventTests.java
@@ -24,27 +24,30 @@
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.core.session.SessionInformation;
 
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+
 /**
  * @author Rob Winch
  * @since 4.2
  */
 public class SessionInformationExpiredEventTests {
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenSessionInformationNullThenThrowsException() {
-		new SessionInformationExpiredEvent(null, new MockHttpServletRequest(), new MockHttpServletResponse());
+		assertThatIllegalArgumentException().isThrownBy(() -> new SessionInformationExpiredEvent(null,
+				new MockHttpServletRequest(), new MockHttpServletResponse()));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenRequestNullThenThrowsException() {
-		new SessionInformationExpiredEvent(new SessionInformation("fake", "sessionId", new Date()), null,
-				new MockHttpServletResponse());
+		assertThatIllegalArgumentException().isThrownBy(() -> new SessionInformationExpiredEvent(
+				new SessionInformation("fake", "sessionId", new Date()), null, new MockHttpServletResponse()));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenResponseNullThenThrowsException() {
-		new SessionInformationExpiredEvent(new SessionInformation("fake", "sessionId", new Date()),
-				new MockHttpServletRequest(), null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new SessionInformationExpiredEvent(
+				new SessionInformation("fake", "sessionId", new Date()), new MockHttpServletRequest(), null));
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java b/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java
index ad25c72ab3b..7d5cc504a10 100644
--- a/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java
@@ -36,6 +36,7 @@
 import org.springframework.security.web.context.SecurityContextRepository;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.BDDMockito.willThrow;
@@ -161,11 +162,11 @@ public void customAuthenticationTrustResolver() throws Exception {
 		verify(trustResolver).isAnonymous(any(Authentication.class));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setTrustResolverNull() {
 		SecurityContextRepository repo = mock(SecurityContextRepository.class);
 		SessionManagementFilter filter = new SessionManagementFilter(repo);
-		filter.setTrustResolver(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> filter.setTrustResolver(null));
 	}
 
 	private void authenticateUser() {
diff --git a/web/src/test/java/org/springframework/security/web/util/TextEscapeUtilsTests.java b/web/src/test/java/org/springframework/security/web/util/TextEscapeUtilsTests.java
index c3be88a3ede..b5d045b4ca6 100644
--- a/web/src/test/java/org/springframework/security/web/util/TextEscapeUtilsTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/TextEscapeUtilsTests.java
@@ -19,6 +19,7 @@
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 public class TextEscapeUtilsTests {
 
@@ -36,19 +37,19 @@ public void nullOrEmptyStringIsHandled() {
 		assertThat(TextEscapeUtils.escapeEntities(null)).isNull();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void invalidLowSurrogateIsDetected() {
-		TextEscapeUtils.escapeEntities("abc\uDCCCdef");
+		assertThatIllegalArgumentException().isThrownBy(() -> TextEscapeUtils.escapeEntities("abc\uDCCCdef"));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void missingLowSurrogateIsDetected() {
-		TextEscapeUtils.escapeEntities("abc\uD888a");
+		assertThatIllegalArgumentException().isThrownBy(() -> TextEscapeUtils.escapeEntities("abc\uD888a"));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void highSurrogateAtEndOfStringIsRejected() {
-		TextEscapeUtils.escapeEntities("abc\uD888");
+		assertThatIllegalArgumentException().isThrownBy(() -> TextEscapeUtils.escapeEntities("abc\uD888"));
 	}
 
 	/**
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java
index a10b26b3e47..08a2f851d16 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java
@@ -28,6 +28,8 @@
 import org.mockito.junit.MockitoJUnitRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.assertj.core.api.Assertions.assertThatNullPointerException;
 import static org.mockito.BDDMockito.given;
 
 /**
@@ -48,34 +50,36 @@ public class AndRequestMatcherTests {
 
 	private RequestMatcher matcher;
 
-	@Test(expected = NullPointerException.class)
+	@Test
 	public void constructorNullArray() {
-		new AndRequestMatcher((RequestMatcher[]) null);
+		assertThatNullPointerException().isThrownBy(() -> new AndRequestMatcher((RequestMatcher[]) null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorArrayContainsNull() {
-		new AndRequestMatcher((RequestMatcher) null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new AndRequestMatcher((RequestMatcher) null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorEmptyArray() {
-		new AndRequestMatcher(new RequestMatcher[0]);
+		assertThatIllegalArgumentException().isThrownBy(() -> new AndRequestMatcher(new RequestMatcher[0]));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullList() {
-		new AndRequestMatcher((List<RequestMatcher>) null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new AndRequestMatcher((List<RequestMatcher>) null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorListContainsNull() {
-		new AndRequestMatcher(Arrays.asList((RequestMatcher) null));
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new AndRequestMatcher(Arrays.asList((RequestMatcher) null)));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorEmptyList() {
-		new AndRequestMatcher(Collections.<RequestMatcher>emptyList());
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new AndRequestMatcher(Collections.<RequestMatcher>emptyList()));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java
index 7a9fe12bfa3..1c3a60220d1 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java
@@ -33,6 +33,7 @@
 import org.springframework.web.context.request.NativeWebRequest;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 
@@ -55,41 +56,45 @@ public void setup() {
 		this.request = new MockHttpServletRequest();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenNullCNSThenIAE() {
 		ContentNegotiationStrategy c = null;
-		new MediaTypeRequestMatcher(c, MediaType.ALL);
+		assertThatIllegalArgumentException().isThrownBy(() -> new MediaTypeRequestMatcher(c, MediaType.ALL));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullCNSSet() {
-		new MediaTypeRequestMatcher(null, Collections.singleton(MediaType.ALL));
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new MediaTypeRequestMatcher(null, Collections.singleton(MediaType.ALL)));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNoVarargs() {
-		new MediaTypeRequestMatcher(this.negotiationStrategy);
+		assertThatIllegalArgumentException().isThrownBy(() -> new MediaTypeRequestMatcher(this.negotiationStrategy));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullMediaTypes() {
 		Collection<MediaType> mediaTypes = null;
-		new MediaTypeRequestMatcher(this.negotiationStrategy, mediaTypes);
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new MediaTypeRequestMatcher(this.negotiationStrategy, mediaTypes));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorEmtpyMediaTypes() {
-		new MediaTypeRequestMatcher(this.negotiationStrategy, Collections.<MediaType>emptyList());
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new MediaTypeRequestMatcher(this.negotiationStrategy, Collections.<MediaType>emptyList()));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenEmptyMediaTypeThenIAE() {
-		new MediaTypeRequestMatcher();
+		assertThatIllegalArgumentException().isThrownBy(() -> new MediaTypeRequestMatcher());
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenEmptyMediaTypeCollectionThenIAE() {
-		new MediaTypeRequestMatcher(Collections.<MediaType>emptyList());
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new MediaTypeRequestMatcher(Collections.<MediaType>emptyList()));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java
index 1a738c4a42c..39fae1ed4c0 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/NegatedRequestMatcherTests.java
@@ -24,6 +24,7 @@
 import org.mockito.junit.MockitoJUnitRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.BDDMockito.given;
 
 /**
@@ -41,9 +42,9 @@ public class NegatedRequestMatcherTests {
 
 	private RequestMatcher matcher;
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNull() {
-		new NegatedRequestMatcher(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new NegatedRequestMatcher(null));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java
index 291b97c2fb0..c67b961de5c 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java
@@ -28,6 +28,8 @@
 import org.mockito.junit.MockitoJUnitRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.assertj.core.api.Assertions.assertThatNullPointerException;
 import static org.mockito.BDDMockito.given;
 
 /**
@@ -48,34 +50,36 @@ public class OrRequestMatcherTests {
 
 	private RequestMatcher matcher;
 
-	@Test(expected = NullPointerException.class)
+	@Test
 	public void constructorNullArray() {
-		new OrRequestMatcher((RequestMatcher[]) null);
+		assertThatNullPointerException().isThrownBy(() -> new OrRequestMatcher((RequestMatcher[]) null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorArrayContainsNull() {
-		new OrRequestMatcher((RequestMatcher) null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new OrRequestMatcher((RequestMatcher) null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorEmptyArray() {
-		new OrRequestMatcher(new RequestMatcher[0]);
+		assertThatIllegalArgumentException().isThrownBy(() -> new OrRequestMatcher(new RequestMatcher[0]));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullList() {
-		new OrRequestMatcher((List<RequestMatcher>) null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new OrRequestMatcher((List<RequestMatcher>) null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorListContainsNull() {
-		new OrRequestMatcher(Arrays.asList((RequestMatcher) null));
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OrRequestMatcher(Arrays.asList((RequestMatcher) null)));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorEmptyList() {
-		new OrRequestMatcher(Collections.<RequestMatcher>emptyList());
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new OrRequestMatcher(Collections.<RequestMatcher>emptyList()));
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcherTests.java
index e677059a9b5..b27767f1c37 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/RequestHeaderRequestMatcherTests.java
@@ -22,6 +22,7 @@
 import org.springframework.mock.web.MockHttpServletRequest;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
 /**
  * @author Rob Winch
@@ -40,14 +41,14 @@ public void setup() {
 		this.request = new MockHttpServletRequest();
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullHeaderName() {
-		new RequestHeaderRequestMatcher(null);
+		assertThatIllegalArgumentException().isThrownBy(() -> new RequestHeaderRequestMatcher(null));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullHeaderNameNonNullHeaderValue() {
-		new RequestHeaderRequestMatcher(null, "v");
+		assertThatIllegalArgumentException().isThrownBy(() -> new RequestHeaderRequestMatcher(null, "v"));
 	}
 
 	@Test