diff --git a/pom.xml b/pom.xml
index ef824df64..387408f87 100644
--- a/pom.xml
+++ b/pom.xml
@@ -83,8 +83,8 @@ THE SOFTWARE.
     <dependency>
       <groupId>org.jenkins-ci.main</groupId>
       <artifactId>jenkins-war</artifactId>
-      <!--to have access to User.getById-->
-      <version>1.651.2</version>
+      <!--to have access to SECURITY-595 methods -->
+      <version>2.138.4</version>
       <type>executable-war</type>
       <exclusions>
         <exclusion>
diff --git a/src/main/java/org/jvnet/hudson/test/PluginAutomaticTestBuilder.java b/src/main/java/org/jvnet/hudson/test/PluginAutomaticTestBuilder.java
index 62e4770e0..db670d811 100644
--- a/src/main/java/org/jvnet/hudson/test/PluginAutomaticTestBuilder.java
+++ b/src/main/java/org/jvnet/hudson/test/PluginAutomaticTestBuilder.java
@@ -30,10 +30,12 @@
 import io.github.classgraph.ClassInfo;
 import io.github.classgraph.ScanResult;
 import jenkins.model.Jenkins;
+import jenkins.security.stapler.DoActionFilter;
 import junit.framework.TestCase;
 import junit.framework.TestSuite;
 import org.apache.commons.lang3.StringUtils;
 import org.junit.Assert;
+import org.kohsuke.stapler.Function;
 import org.kohsuke.stapler.WebMethod;
 import org.kohsuke.stapler.interceptor.InterceptorAnnotation;
 import org.kohsuke.stapler.interceptor.RequirePOST;
@@ -41,7 +43,6 @@
 
 import java.io.File;
 import java.lang.annotation.Annotation;
-import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.lang.reflect.Modifier;
 import java.util.ArrayList;
@@ -126,13 +127,10 @@ public void testPluginActive() {
             }
         }
 
-        public void testStaplerDispatches() throws InvocationTargetException, IllegalAccessException, NoSuchMethodException {
+        public void testStaplerDispatches() {
             List<String> methodsFound = new ArrayList<>();
 
-            Method isStaplerRoutableMethod = findIsRoutableMethod();
-            if (isStaplerRoutableMethod == null) {
-                return;
-            }
+            DoActionFilter filter = new DoActionFilter();
 
             PluginWrapper thisPlugin = determineCurrentPlugin();
             if (thisPlugin == null) {
@@ -147,7 +145,8 @@ public void testStaplerDispatches() throws InvocationTargetException, IllegalAcc
             for (ClassInfo classInfo : result.getAllClasses()) {
                 Class clazz = classInfo.loadClass();
                 for (Method m : clazz.getDeclaredMethods()) {
-                    if (isStaplerDispatchable(m) && (boolean)isStaplerRoutableMethod.invoke(null, m)) {
+                    Function f = new Function.InstanceFunction(m);
+                    if (isStaplerDispatchable(m) && filter.keep(f)) {
                         if (!hasStaplerVerbAnnotation(m)) {
                             methodsFound.add(clazz.getName() + "#" + m.getName());
                         }
@@ -157,18 +156,6 @@ public void testStaplerDispatches() throws InvocationTargetException, IllegalAcc
             Assert.assertThat("There should be no web methods that lack HTTP verb annotations like @RequirePOST, @GET, @POST, etc. -- see https://jenkins.io/redirect/developer/csrf-protection", methodsFound, is(empty()));
         }
 
-        private Method findIsRoutableMethod() throws NoSuchMethodException {
-            try {
-                Method method = Class.forName("jenkins.security.stapler.TypedFilter").getDeclaredMethod("isRoutableMethod", Method.class);
-                method.setAccessible(true);
-                return method;
-            } catch (ClassNotFoundException e) {
-                LOGGER.warning("This test requires Jenkins 2.154, Jenkins LTS 2.138.4, or newer to run, use e.g. -Djenkins.version=2.138.4");
-                // TODO add a fallback implementing similar code directly here
-                return null;
-            }
-        }
-
         private PluginWrapper determineCurrentPlugin() {
             String plugin = (String) params.get("artifactId");
             if (plugin != null) {
diff --git a/src/test/java/org/jvnet/hudson/test/JenkinsRuleTest.java b/src/test/java/org/jvnet/hudson/test/JenkinsRuleTest.java
index e2d4846a5..041dc41b8 100644
--- a/src/test/java/org/jvnet/hudson/test/JenkinsRuleTest.java
+++ b/src/test/java/org/jvnet/hudson/test/JenkinsRuleTest.java
@@ -4,6 +4,7 @@
 import com.gargoylesoftware.htmlunit.WebRequest;
 import hudson.model.User;
 import jenkins.security.ApiTokenProperty;
+import jenkins.security.apitoken.ApiTokenPropertyConfiguration;
 import net.sf.json.JSONObject;
 import org.junit.Rule;
 import org.junit.Test;
@@ -81,7 +82,7 @@ public void assertEqualDataBoundBeansWithSettersFailForField() throws Exception
     @Test
     public void testTokenHelperMethods() throws Exception {
         j.jenkins.setSecurityRealm(j.createDummySecurityRealm());
-        // Jenkins 2.129+: ApiTokenPropertyConfiguration.get().setTokenGenerationOnCreationEnabled(true);
+        ApiTokenPropertyConfiguration.get().setTokenGenerationOnCreationEnabled(true);
 
         JenkinsRule.WebClient wc = j.createWebClient();