Manual URL Cleanup

config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java

@@ -119,7 +119,7 @@ public class OpenIDConfigTests {
 
 		OpenIDAuthenticationFilter openIDFilter = getFilter(OpenIDAuthenticationFilter.class);
 
-		String openIdEndpointUrl = "http://testopenid.com?openid.return_to=";
+		String openIdEndpointUrl = "https://testopenid.com?openid.return_to=";
 		Set<String> returnToUrlParameters = new HashSet<>();
 		returnToUrlParameters.add(AbstractRememberMeServices.DEFAULT_PARAMETER);
 		openIDFilter.setReturnToUrlParameters(returnToUrlParameters);
@@ -142,7 +142,7 @@ public class OpenIDConfigTests {
 				.andExpect(content().string(containsString(AbstractRememberMeServices.DEFAULT_PARAMETER)));
 
 		this.mvc.perform(get("/login/openid")
-				.param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, "http://ww1.openid.com")
+				.param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, "https://ww1.openid.com")
 				.param(AbstractRememberMeServices.DEFAULT_PARAMETER, "on"))
 				.andExpect(status().isFound())
 				.andExpect(redirectedUrl(openIdEndpointUrl + expectedReturnTo));

crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java

@@ -44,8 +44,8 @@ public final class Base64 {
 	/**
 	 * Encode using Base64-like encoding that is URL- and Filename-safe as described in
 	 * Section 4 of RFC3548: <a
-	 * href="http://www.faqs.org/rfcs/rfc3548.html">https://www.faqs
-	 * .org/rfcs/rfc3548.html</a>. It is important to note that data encoded this way is
+	 * href="https://tools.ietf.org/html/rfc3548">https://tools.ietf.org/html/rfc3548</a>.
+	 * It is important to note that data encoded this way is
 	 * <em>not</em> officially valid Base64, or at the very least should not be called
 	 * Base64 without also specifying that is was encoded using the URL- and Filename-safe
 	 * dialect.
@@ -53,9 +53,7 @@ public final class Base64 {
 	public final static int URL_SAFE = 16;
 
 	/**
-	 * Encode using the special "ordered" dialect of Base64 described here: <a
-	 * href="http://www.faqs.org/qa/rfcc-1940.html"
-	 * >http://www.faqs.org/qa/rfcc-1940.html</a>.
+	 * Encode using the special "ordered" dialect of Base64.
 	 */
 	public final static int ORDERED = 32;
 
@@ -131,7 +129,7 @@ public final class Base64 {
 	/**
 	 * Used in the URL- and Filename-safe dialect described in Section 4 of RFC3548: <a
 	 * href
-	 * ="http://www.faqs.org/rfcs/rfc3548.html">http://www.faqs.org/rfcs/rfc3548.html</a>.
+	 * ="https://tools.ietf.org/html/rfc3548">https://tools.ietf.org/html/rfc3548</a>.
 	 * Notice that the last two bytes become "hyphen" and "underscore" instead of "plus"
 	 * and "slash."
 	 */
@@ -191,12 +189,6 @@ public final class Base64 {
 
 	/* ******** O R D E R E D B A S E 6 4 A L P H A B E T ******** */
 
-	/**
-	 * I don't get the point of this technique, but someone requested it, and it is
-	 * described here: <a
-	 * href="http://www.faqs.org/qa/rfcc-1940.html">http://www.faqs.org/faqs/
-	 * qa/rfcc-1940.html</a>.
-	 */
 	private final static byte[] _ORDERED_ALPHABET = { (byte) '-', (byte) '0', (byte) '1',
 			(byte) '2', (byte) '3', (byte) '4', (byte) '5', (byte) '6', (byte) '7',
 			(byte) '8', (byte) '9', (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D',

docs/manual/src/docs/asciidoc/_includes/servlet/web/csrf.adoc

@@ -257,7 +257,7 @@ $(document).ajaxSend(function(e, xhr, options) {
 });
 ----
 
-As an alternative to jQuery, we recommend using http://cujojs.com/[cujoJS's] rest.js.
+As an alternative to jQuery, we recommend using https://github.com/cujojs[cujoJS's] rest.js.
 The https://github.com/cujojs/rest[rest.js] module provides advanced support for working with HTTP requests and responses in RESTful ways.
 A core capability is the ability to contextualize the HTTP client adding behavior as needed by chaining interceptors on to the client.
 

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java

@@ -163,7 +163,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setScheme("http");
-		request.setServerName("example.com");
+		request.setServerName("localhost");
 		request.setServerPort(80);
 		request.setServletPath(requestUri);
 
@@ -172,7 +172,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 				.matches("https://example.com/login/oauth/authorize\\?" +
 						"response_type=code&client_id=client-id&" +
 						"scope=read:user&state=.{15,}&" +
-						"redirect_uri=http://example.com/login/oauth2/code/registration-id");
+						"redirect_uri=http://localhost/login/oauth2/code/registration-id");
 	}
 
 	@Test

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java

@@ -308,7 +308,7 @@ public class OAuth2LoginAuthenticationFilterTests {
 		String state = "state";
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setScheme("http");
-		request.setServerName("example.com");
+		request.setServerName("localhost");
 		request.setServerPort(80);
 		request.setServletPath(requestUri);
 		request.addParameter(OAuth2ParameterNames.CODE, "code");
@@ -329,7 +329,7 @@ public class OAuth2LoginAuthenticationFilterTests {
 		OAuth2AuthorizationRequest authorizationRequest = authentication.getAuthorizationExchange().getAuthorizationRequest();
 		OAuth2AuthorizationResponse authorizationResponse = authentication.getAuthorizationExchange().getAuthorizationResponse();
 
-		String expectedRedirectUri = "http://example.com/login/oauth2/code/registration-id-2";
+		String expectedRedirectUri = "http://localhost/login/oauth2/code/registration-id-2";
 		assertThat(authorizationRequest.getRedirectUri()).isEqualTo(expectedRedirectUri);
 		assertThat(authorizationResponse.getRedirectUri()).isEqualTo(expectedRedirectUri);
 	}

openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java

@@ -254,8 +254,8 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 	 *
 	 * If no mapping is provided then the returnToUrl will be parsed to extract the
 	 * protocol, hostname and port followed by a trailing slash. This means that
-	 * <tt>https://www.example.com/login/openid</tt> will automatically become
-	 * <tt>http://www.example.com:80/</tt>
+	 * <tt>https://foo.example.com/login/openid</tt> will automatically become
+	 * <tt>http://foo.example.com:80/</tt>
 	 *
 	 * @param realmMapping containing returnToUrl -&gt; realm mappings
 	 */

remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java

@@ -57,11 +57,11 @@ public class AuthenticationSimpleHttpInvokerRequestExecutorTests {
 		// Create a connection and ensure our executor sets its
 		// properties correctly
 		AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor();
-		HttpURLConnection conn = new MockHttpURLConnection(new URL("http://localhost/"));
+		HttpURLConnection conn = new MockHttpURLConnection(new URL("https://localhost/"));
 		executor.prepareConnection(conn, 10);
 
 		// Check connection properties
-		// See http://www.faqs.org/rfcs/rfc1945.html section 11.1 for example
+		// See https://tools.ietf.org/html/rfc1945 section 11.1 for example
 		// we are comparing against
 		assertThat(conn.getRequestProperty("Authorization")).isEqualTo(
 				"Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==");
@@ -74,7 +74,7 @@ public class AuthenticationSimpleHttpInvokerRequestExecutorTests {
 		// Create a connection and ensure our executor sets its
 		// properties correctly
 		AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor();
-		HttpURLConnection conn = new MockHttpURLConnection(new URL("http://localhost/"));
+		HttpURLConnection conn = new MockHttpURLConnection(new URL("https://localhost/"));
 		executor.prepareConnection(conn, 10);
 
 		// Check connection properties (shouldn't be an Authorization header)
@@ -91,7 +91,7 @@ public class AuthenticationSimpleHttpInvokerRequestExecutorTests {
 		// Create a connection and ensure our executor sets its
 		// properties correctly
 		AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor();
-		HttpURLConnection conn = new MockHttpURLConnection(new URL("http://localhost/"));
+		HttpURLConnection conn = new MockHttpURLConnection(new URL("https://localhost/"));
 		executor.prepareConnection(conn, 10);
 
 		// Check connection properties (shouldn't be an Authorization header)

samples/javaconfig/hellojs/src/main/resources/resources/js/jquery-1.8.3.js

@@ -881,7 +881,7 @@ jQuery.ready.promise = function( obj ) {
 
 						try {
 							// Use the trick by Diego Perini
-							// http://javascript.nwbox.com/IEContentLoaded/
+							// https://javascript.nwbox.com/IEContentLoaded/
 							top.doScroll("left");
 						} catch(e) {
 							return setTimeout( doScrollCheck, 50 );
@@ -1390,7 +1390,7 @@ jQuery.support = (function() {
 	fragment.appendChild( div );
 
 	// Technique from Juriy Zaytsev
-	// http://perfectionkills.com/detecting-event-support-without-browser-sniffing/
+	// https://perfectionkills.com/detecting-event-support-without-browser-sniffing/
 	// We only care about the case where non-standard event systems
 	// are used, namely in IE. Short-circuiting here helps us to
 	// avoid an eval call (in setAttribute) which can cause CSP
@@ -1945,7 +1945,7 @@ jQuery.fn.extend({
 		});
 	},
 	// Based off of the plugin by Clint Helfers, with permission.
-	// http://blindsignals.com
+	// https://blindsignals.com
 	delay: function( time, type ) {
 		time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time;
 		type = type || "fx";
@@ -6867,7 +6867,7 @@ if ( window.getComputedStyle ) {
 		}
 
 		// From the awesome hack by Dean Edwards
-		// http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291
+		// https://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291
 
 		// If we're not dealing with a regular pixel number
 		// but a number that has a weird ending, we need to convert it to pixels
@@ -9469,4 +9469,4 @@ if ( typeof define === "function" && define.amd && define.amd.jQuery ) {
 	define( "jquery", [], function () { return jQuery; } );
 }
 
-})( window );
+})( window );

samples/javaconfig/openid/src/main/resources/resources/js/openid-client/jquery.query-2.1.3.js

@@ -1,220 +1,220 @@
-/**
- * jQuery.query - Query String Modification and Creation for jQuery
- * Written by Blair Mitchelmore (blair DOT mitchelmore AT gmail DOT com)
- * Licensed under the WTFPL (http://www.wtfpl.net/).
- * Date: 2009/02/08
- *
- * @author Blair Mitchelmore
- * @version 2.1.3
- *
- **/
-new function(settings) { 
-  // Various Settings
-  var $separator = settings.separator || '&';
-  var $spaces = settings.spaces === false ? false : true;
-  var $suffix = settings.suffix === false ? '' : '[]';
-  var $prefix = settings.prefix === false ? false : true;
-  var $hash = $prefix ? settings.hash === true ? "#" : "?" : "";
-  var $numbers = settings.numbers === false ? false : true;
-  
-  jQuery.query = new function() {
-    var is = function(o, t) {
-      return o != undefined && o !== null && (!!t ? o.constructor == t : true);
-    };
-    var parse = function(path) {
-      var m, rx = /\[([^[]*)\]/g, match = /^(\S+?)(\[\S*\])?$/.exec(path), base = match[1], tokens = [];
-      while (m = rx.exec(match[2])) tokens.push(m[1]);
-      return [base, tokens];
-    };
-    var set = function(target, tokens, value) {
-      var o, token = tokens.shift();
-      if (typeof target != 'object') target = null;
-      if (token === "") {
-        if (!target) target = [];
-        if (is(target, Array)) {
-          target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value));
-        } else if (is(target, Object)) {
-          var i = 0;
-          while (target[i++] != null);
-          target[--i] = tokens.length == 0 ? value : set(target[i], tokens.slice(0), value);
-        } else {
-          target = [];
-          target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value));
-        }
-      } else if (token && token.match(/^\s*[0-9]+\s*$/)) {
-        var index = parseInt(token, 10);
-        if (!target) target = [];
-        target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value);
-      } else if (token) {
-        var index = token.replace(/^\s*|\s*$/g, "");
-        if (!target) target = {};
-        if (is(target, Array)) {
-          var temp = {};
-          for (var i = 0; i < target.length; ++i) {
-            temp[i] = target[i];
-          }
-          target = temp;
-        }
-        target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value);
-      } else {
-        return value;
-      }
-      return target;
-    };
-    
-    var queryObject = function(a) {
-      var self = this;
-      self.keys = {};
-      
-      if (a.queryObject) {
-        jQuery.each(a.get(), function(key, val) {
-          self.SET(key, val);
-        });
-      } else {
-        jQuery.each(arguments, function() {
-          var q = "" + this;
-					q = decodeURIComponent(q);
-          q = q.replace(/^[?#]/,''); // remove any leading ? || #
-          q = q.replace(/[;&]$/,''); // remove any trailing & || ;
-          if ($spaces) q = q.replace(/[+]/g,' '); // replace +'s with spaces
-          
-          jQuery.each(q.split(/[&;]/), function(){
-            var key = this.split('=')[0];
-            var val = this.split('=')[1];
-            
-            if (!key) return;
-            
-            if ($numbers) {
-              if (/^[+-]?[0-9]+\.[0-9]*$/.test(val)) // simple float regex
-                val = parseFloat(val);
-              else if (/^[+-]?[0-9]+$/.test(val)) // simple int regex
-                val = parseInt(val, 10);
-            }
-            
-            val = (!val && val !== 0) ? true : val;
-            
-            if (val !== false && val !== true && typeof val != 'number')
-              val = val;
-            
-            self.SET(key, val);
-          });
-        });
-      }
-      return self;
-    };
-    
-    queryObject.prototype = {
-      queryObject: true,
-      has: function(key, type) {
-        var value = this.get(key);
-        return is(value, type);
-      },
-      GET: function(key) {
-        if (!is(key)) return this.keys;
-        var parsed = parse(key), base = parsed[0], tokens = parsed[1];
-        var target = this.keys[base];
-        while (target != null && tokens.length != 0) {
-          target = target[tokens.shift()];
-        }
-        return typeof target == 'number' ? target : target || "";
-      },
-      get: function(key) {
-        var target = this.GET(key);
-        if (is(target, Object))
-          return jQuery.extend(true, {}, target);
-        else if (is(target, Array))
-          return target.slice(0);
-        return target;
-      },
-      SET: function(key, val) {
-        var value = !is(val) ? null : val;
-        var parsed = parse(key), base = parsed[0], tokens = parsed[1];
-        var target = this.keys[base];
-        this.keys[base] = set(target, tokens.slice(0), value);
-        return this;
-      },
-      set: function(key, val) {
-        return this.copy().SET(key, val);
-      },
-      REMOVE: function(key) {
-        return this.SET(key, null).COMPACT();
-      },
-      remove: function(key) {
-        return this.copy().REMOVE(key);
-      },
-      EMPTY: function() {
-        var self = this;
-        jQuery.each(self.keys, function(key, value) {
-          delete self.keys[key];
-        });
-        return self;
-      },
-      load: function(url) {
-        var hash = url.replace(/^.*?[#](.+?)(?:\?.+)?$/, "$1");
-        var search = url.replace(/^.*?[?](.+?)(?:#.+)?$/, "$1");
-        return new queryObject(url.length == search.length ? '' : search, url.length == hash.length ? '' : hash);
-      },
-      empty: function() {
-        return this.copy().EMPTY();
-      },
-      copy: function() {
-        return new queryObject(this);
-      },
-      COMPACT: function() {
-        function build(orig) {
-          var obj = typeof orig == "object" ? is(orig, Array) ? [] : {} : orig;
-          if (typeof orig == 'object') {
-            function add(o, key, value) {
-              if (is(o, Array))
-                o.push(value);
-              else
-                o[key] = value;
-            }
-            jQuery.each(orig, function(key, value) {
-              if (!is(value)) return true;
-              add(obj, key, build(value));
-            });
-          }
-          return obj;
-        }
-        this.keys = build(this.keys);
-        return this;
-      },
-      compact: function() {
-        return this.copy().COMPACT();
-      },
-      toString: function() {
-        var i = 0, queryString = [], chunks = [], self = this;
-        var addFields = function(arr, key, value) {
-          if (!is(value) || value === false) return;
-          var o = [encodeURIComponent(key)];
-          if (value !== true) {
-            o.push("=");
-            o.push(encodeURIComponent(value));
-          }
-          arr.push(o.join(""));
-        };
-        var build = function(obj, base) {
-          var newKey = function(key) {
-            return !base || base == "" ? [key].join("") : [base, "[", key, "]"].join("");
-          };
-          jQuery.each(obj, function(key, value) {
-            if (typeof value == 'object') 
-              build(value, newKey(key));
-            else
-              addFields(chunks, newKey(key), value);
-          });
-        };
-        
-        build(this.keys);
-        
-        if (chunks.length > 0) queryString.push($hash);
-        queryString.push(chunks.join($separator));
-        
-        return queryString.join("");
-      }
-    };
-    
-    return new queryObject(location.search, location.hash);
-  };
-}(jQuery.query || {}); // Pass in jQuery.query as settings object
+/**
+ * jQuery.query - Query String Modification and Creation for jQuery
+ * Written by Blair Mitchelmore (blair DOT mitchelmore AT gmail DOT com)
+ * Licensed under the WTFPL (https://www.wtfpl.net/).
+ * Date: 2009/02/08
+ *
+ * @author Blair Mitchelmore
+ * @version 2.1.3
+ *
+ **/
+new function(settings) { 
+  // Various Settings
+  var $separator = settings.separator || '&';
+  var $spaces = settings.spaces === false ? false : true;
+  var $suffix = settings.suffix === false ? '' : '[]';
+  var $prefix = settings.prefix === false ? false : true;
+  var $hash = $prefix ? settings.hash === true ? "#" : "?" : "";
+  var $numbers = settings.numbers === false ? false : true;
+  
+  jQuery.query = new function() {
+    var is = function(o, t) {
+      return o != undefined && o !== null && (!!t ? o.constructor == t : true);
+    };
+    var parse = function(path) {
+      var m, rx = /\[([^[]*)\]/g, match = /^(\S+?)(\[\S*\])?$/.exec(path), base = match[1], tokens = [];
+      while (m = rx.exec(match[2])) tokens.push(m[1]);
+      return [base, tokens];
+    };
+    var set = function(target, tokens, value) {
+      var o, token = tokens.shift();
+      if (typeof target != 'object') target = null;
+      if (token === "") {
+        if (!target) target = [];
+        if (is(target, Array)) {
+          target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value));
+        } else if (is(target, Object)) {
+          var i = 0;
+          while (target[i++] != null);
+          target[--i] = tokens.length == 0 ? value : set(target[i], tokens.slice(0), value);
+        } else {
+          target = [];
+          target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value));
+        }
+      } else if (token && token.match(/^\s*[0-9]+\s*$/)) {
+        var index = parseInt(token, 10);
+        if (!target) target = [];
+        target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value);
+      } else if (token) {
+        var index = token.replace(/^\s*|\s*$/g, "");
+        if (!target) target = {};
+        if (is(target, Array)) {
+          var temp = {};
+          for (var i = 0; i < target.length; ++i) {
+            temp[i] = target[i];
+          }
+          target = temp;
+        }
+        target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value);
+      } else {
+        return value;
+      }
+      return target;
+    };
+    
+    var queryObject = function(a) {
+      var self = this;
+      self.keys = {};
+      
+      if (a.queryObject) {
+        jQuery.each(a.get(), function(key, val) {
+          self.SET(key, val);
+        });
+      } else {
+        jQuery.each(arguments, function() {
+          var q = "" + this;
+					q = decodeURIComponent(q);
+          q = q.replace(/^[?#]/,''); // remove any leading ? || #
+          q = q.replace(/[;&]$/,''); // remove any trailing & || ;
+          if ($spaces) q = q.replace(/[+]/g,' '); // replace +'s with spaces
+          
+          jQuery.each(q.split(/[&;]/), function(){
+            var key = this.split('=')[0];
+            var val = this.split('=')[1];
+            
+            if (!key) return;
+            
+            if ($numbers) {
+              if (/^[+-]?[0-9]+\.[0-9]*$/.test(val)) // simple float regex
+                val = parseFloat(val);
+              else if (/^[+-]?[0-9]+$/.test(val)) // simple int regex
+                val = parseInt(val, 10);
+            }
+            
+            val = (!val && val !== 0) ? true : val;
+            
+            if (val !== false && val !== true && typeof val != 'number')
+              val = val;
+            
+            self.SET(key, val);
+          });
+        });
+      }
+      return self;
+    };
+    
+    queryObject.prototype = {
+      queryObject: true,
+      has: function(key, type) {
+        var value = this.get(key);
+        return is(value, type);
+      },
+      GET: function(key) {
+        if (!is(key)) return this.keys;
+        var parsed = parse(key), base = parsed[0], tokens = parsed[1];
+        var target = this.keys[base];
+        while (target != null && tokens.length != 0) {
+          target = target[tokens.shift()];
+        }
+        return typeof target == 'number' ? target : target || "";
+      },
+      get: function(key) {
+        var target = this.GET(key);
+        if (is(target, Object))
+          return jQuery.extend(true, {}, target);
+        else if (is(target, Array))
+          return target.slice(0);
+        return target;
+      },
+      SET: function(key, val) {
+        var value = !is(val) ? null : val;
+        var parsed = parse(key), base = parsed[0], tokens = parsed[1];
+        var target = this.keys[base];
+        this.keys[base] = set(target, tokens.slice(0), value);
+        return this;
+      },
+      set: function(key, val) {
+        return this.copy().SET(key, val);
+      },
+      REMOVE: function(key) {
+        return this.SET(key, null).COMPACT();
+      },
+      remove: function(key) {
+        return this.copy().REMOVE(key);
+      },
+      EMPTY: function() {
+        var self = this;
+        jQuery.each(self.keys, function(key, value) {
+          delete self.keys[key];
+        });
+        return self;
+      },
+      load: function(url) {
+        var hash = url.replace(/^.*?[#](.+?)(?:\?.+)?$/, "$1");
+        var search = url.replace(/^.*?[?](.+?)(?:#.+)?$/, "$1");
+        return new queryObject(url.length == search.length ? '' : search, url.length == hash.length ? '' : hash);
+      },
+      empty: function() {
+        return this.copy().EMPTY();
+      },
+      copy: function() {
+        return new queryObject(this);
+      },
+      COMPACT: function() {
+        function build(orig) {
+          var obj = typeof orig == "object" ? is(orig, Array) ? [] : {} : orig;
+          if (typeof orig == 'object') {
+            function add(o, key, value) {
+              if (is(o, Array))
+                o.push(value);
+              else
+                o[key] = value;
+            }
+            jQuery.each(orig, function(key, value) {
+              if (!is(value)) return true;
+              add(obj, key, build(value));
+            });
+          }
+          return obj;
+        }
+        this.keys = build(this.keys);
+        return this;
+      },
+      compact: function() {
+        return this.copy().COMPACT();
+      },
+      toString: function() {
+        var i = 0, queryString = [], chunks = [], self = this;
+        var addFields = function(arr, key, value) {
+          if (!is(value) || value === false) return;
+          var o = [encodeURIComponent(key)];
+          if (value !== true) {
+            o.push("=");
+            o.push(encodeURIComponent(value));
+          }
+          arr.push(o.join(""));
+        };
+        var build = function(obj, base) {
+          var newKey = function(key) {
+            return !base || base == "" ? [key].join("") : [base, "[", key, "]"].join("");
+          };
+          jQuery.each(obj, function(key, value) {
+            if (typeof value == 'object') 
+              build(value, newKey(key));
+            else
+              addFields(chunks, newKey(key), value);
+          });
+        };
+        
+        build(this.keys);
+        
+        if (chunks.length > 0) queryString.push($hash);
+        queryString.push(chunks.join($separator));
+        
+        return queryString.join("");
+      }
+    };
+    
+    return new queryObject(location.search, location.hash);
+  };
+}(jQuery.query || {}); // Pass in jQuery.query as settings object

samples/xml/openid/src/main/webapp/WEB-INF/applicationContext-security.xml

@@ -54,7 +54,7 @@
 <!--
 	<user-service id="userService">
 		<user name="https://luke.taylor.myopenid.com/" authorities="ROLE_SUPERVISOR,ROLE_USER" />
-		<user name="http://luke.taylor.openid.cn/" authorities="ROLE_SUPERVISOR,ROLE_USER" />
+		<user name="https://luke.taylor.openid.cn/" authorities="ROLE_SUPERVISOR,ROLE_USER" />
 		<user name="https://raykrueger.blogspot.com/" authorities="ROLE_SUPERVISOR,ROLE_USER" />
 		<user name="https://spring.security.test.myopenid.com/" authorities="ROLE_SUPERVISOR,ROLE_USER" />
 	</user-service>

samples/xml/openid/src/main/webapp/js/openid-client/jquery.query-2.1.3.js

@@ -1,220 +1,220 @@
-/**
- * jQuery.query - Query String Modification and Creation for jQuery
- * Written by Blair Mitchelmore (blair DOT mitchelmore AT gmail DOT com)
- * Licensed under the WTFPL (http://www.wtfpl.net/).
- * Date: 2009/02/08
- *
- * @author Blair Mitchelmore
- * @version 2.1.3
- *
- **/
-new function(settings) { 
-  // Various Settings
-  var $separator = settings.separator || '&';
-  var $spaces = settings.spaces === false ? false : true;
-  var $suffix = settings.suffix === false ? '' : '[]';
-  var $prefix = settings.prefix === false ? false : true;
-  var $hash = $prefix ? settings.hash === true ? "#" : "?" : "";
-  var $numbers = settings.numbers === false ? false : true;
-  
-  jQuery.query = new function() {
-    var is = function(o, t) {
-      return o != undefined && o !== null && (!!t ? o.constructor == t : true);
-    };
-    var parse = function(path) {
-      var m, rx = /\[([^[]*)\]/g, match = /^(\S+?)(\[\S*\])?$/.exec(path), base = match[1], tokens = [];
-      while (m = rx.exec(match[2])) tokens.push(m[1]);
-      return [base, tokens];
-    };
-    var set = function(target, tokens, value) {
-      var o, token = tokens.shift();
-      if (typeof target != 'object') target = null;
-      if (token === "") {
-        if (!target) target = [];
-        if (is(target, Array)) {
-          target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value));
-        } else if (is(target, Object)) {
-          var i = 0;
-          while (target[i++] != null);
-          target[--i] = tokens.length == 0 ? value : set(target[i], tokens.slice(0), value);
-        } else {
-          target = [];
-          target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value));
-        }
-      } else if (token && token.match(/^\s*[0-9]+\s*$/)) {
-        var index = parseInt(token, 10);
-        if (!target) target = [];
-        target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value);
-      } else if (token) {
-        var index = token.replace(/^\s*|\s*$/g, "");
-        if (!target) target = {};
-        if (is(target, Array)) {
-          var temp = {};
-          for (var i = 0; i < target.length; ++i) {
-            temp[i] = target[i];
-          }
-          target = temp;
-        }
-        target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value);
-      } else {
-        return value;
-      }
-      return target;
-    };
-    
-    var queryObject = function(a) {
-      var self = this;
-      self.keys = {};
-      
-      if (a.queryObject) {
-        jQuery.each(a.get(), function(key, val) {
-          self.SET(key, val);
-        });
-      } else {
-        jQuery.each(arguments, function() {
-          var q = "" + this;
-					q = decodeURIComponent(q);
-          q = q.replace(/^[?#]/,''); // remove any leading ? || #
-          q = q.replace(/[;&]$/,''); // remove any trailing & || ;
-          if ($spaces) q = q.replace(/[+]/g,' '); // replace +'s with spaces
-          
-          jQuery.each(q.split(/[&;]/), function(){
-            var key = this.split('=')[0];
-            var val = this.split('=')[1];
-            
-            if (!key) return;
-            
-            if ($numbers) {
-              if (/^[+-]?[0-9]+\.[0-9]*$/.test(val)) // simple float regex
-                val = parseFloat(val);
-              else if (/^[+-]?[0-9]+$/.test(val)) // simple int regex
-                val = parseInt(val, 10);
-            }
-            
-            val = (!val && val !== 0) ? true : val;
-            
-            if (val !== false && val !== true && typeof val != 'number')
-              val = val;
-            
-            self.SET(key, val);
-          });
-        });
-      }
-      return self;
-    };
-    
-    queryObject.prototype = {
-      queryObject: true,
-      has: function(key, type) {
-        var value = this.get(key);
-        return is(value, type);
-      },
-      GET: function(key) {
-        if (!is(key)) return this.keys;
-        var parsed = parse(key), base = parsed[0], tokens = parsed[1];
-        var target = this.keys[base];
-        while (target != null && tokens.length != 0) {
-          target = target[tokens.shift()];
-        }
-        return typeof target == 'number' ? target : target || "";
-      },
-      get: function(key) {
-        var target = this.GET(key);
-        if (is(target, Object))
-          return jQuery.extend(true, {}, target);
-        else if (is(target, Array))
-          return target.slice(0);
-        return target;
-      },
-      SET: function(key, val) {
-        var value = !is(val) ? null : val;
-        var parsed = parse(key), base = parsed[0], tokens = parsed[1];
-        var target = this.keys[base];
-        this.keys[base] = set(target, tokens.slice(0), value);
-        return this;
-      },
-      set: function(key, val) {
-        return this.copy().SET(key, val);
-      },
-      REMOVE: function(key) {
-        return this.SET(key, null).COMPACT();
-      },
-      remove: function(key) {
-        return this.copy().REMOVE(key);
-      },
-      EMPTY: function() {
-        var self = this;
-        jQuery.each(self.keys, function(key, value) {
-          delete self.keys[key];
-        });
-        return self;
-      },
-      load: function(url) {
-        var hash = url.replace(/^.*?[#](.+?)(?:\?.+)?$/, "$1");
-        var search = url.replace(/^.*?[?](.+?)(?:#.+)?$/, "$1");
-        return new queryObject(url.length == search.length ? '' : search, url.length == hash.length ? '' : hash);
-      },
-      empty: function() {
-        return this.copy().EMPTY();
-      },
-      copy: function() {
-        return new queryObject(this);
-      },
-      COMPACT: function() {
-        function build(orig) {
-          var obj = typeof orig == "object" ? is(orig, Array) ? [] : {} : orig;
-          if (typeof orig == 'object') {
-            function add(o, key, value) {
-              if (is(o, Array))
-                o.push(value);
-              else
-                o[key] = value;
-            }
-            jQuery.each(orig, function(key, value) {
-              if (!is(value)) return true;
-              add(obj, key, build(value));
-            });
-          }
-          return obj;
-        }
-        this.keys = build(this.keys);
-        return this;
-      },
-      compact: function() {
-        return this.copy().COMPACT();
-      },
-      toString: function() {
-        var i = 0, queryString = [], chunks = [], self = this;
-        var addFields = function(arr, key, value) {
-          if (!is(value) || value === false) return;
-          var o = [encodeURIComponent(key)];
-          if (value !== true) {
-            o.push("=");
-            o.push(encodeURIComponent(value));
-          }
-          arr.push(o.join(""));
-        };
-        var build = function(obj, base) {
-          var newKey = function(key) {
-            return !base || base == "" ? [key].join("") : [base, "[", key, "]"].join("");
-          };
-          jQuery.each(obj, function(key, value) {
-            if (typeof value == 'object') 
-              build(value, newKey(key));
-            else
-              addFields(chunks, newKey(key), value);
-          });
-        };
-        
-        build(this.keys);
-        
-        if (chunks.length > 0) queryString.push($hash);
-        queryString.push(chunks.join($separator));
-        
-        return queryString.join("");
-      }
-    };
-    
-    return new queryObject(location.search, location.hash);
-  };
-}(jQuery.query || {}); // Pass in jQuery.query as settings object
+/**
+ * jQuery.query - Query String Modification and Creation for jQuery
+ * Written by Blair Mitchelmore (blair DOT mitchelmore AT gmail DOT com)
+ * Licensed under the WTFPL (https://www.wtfpl.net/).
+ * Date: 2009/02/08
+ *
+ * @author Blair Mitchelmore
+ * @version 2.1.3
+ *
+ **/
+new function(settings) { 
+  // Various Settings
+  var $separator = settings.separator || '&';
+  var $spaces = settings.spaces === false ? false : true;
+  var $suffix = settings.suffix === false ? '' : '[]';
+  var $prefix = settings.prefix === false ? false : true;
+  var $hash = $prefix ? settings.hash === true ? "#" : "?" : "";
+  var $numbers = settings.numbers === false ? false : true;
+  
+  jQuery.query = new function() {
+    var is = function(o, t) {
+      return o != undefined && o !== null && (!!t ? o.constructor == t : true);
+    };
+    var parse = function(path) {
+      var m, rx = /\[([^[]*)\]/g, match = /^(\S+?)(\[\S*\])?$/.exec(path), base = match[1], tokens = [];
+      while (m = rx.exec(match[2])) tokens.push(m[1]);
+      return [base, tokens];
+    };
+    var set = function(target, tokens, value) {
+      var o, token = tokens.shift();
+      if (typeof target != 'object') target = null;
+      if (token === "") {
+        if (!target) target = [];
+        if (is(target, Array)) {
+          target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value));
+        } else if (is(target, Object)) {
+          var i = 0;
+          while (target[i++] != null);
+          target[--i] = tokens.length == 0 ? value : set(target[i], tokens.slice(0), value);
+        } else {
+          target = [];
+          target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value));
+        }
+      } else if (token && token.match(/^\s*[0-9]+\s*$/)) {
+        var index = parseInt(token, 10);
+        if (!target) target = [];
+        target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value);
+      } else if (token) {
+        var index = token.replace(/^\s*|\s*$/g, "");
+        if (!target) target = {};
+        if (is(target, Array)) {
+          var temp = {};
+          for (var i = 0; i < target.length; ++i) {
+            temp[i] = target[i];
+          }
+          target = temp;
+        }
+        target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value);
+      } else {
+        return value;
+      }
+      return target;
+    };
+    
+    var queryObject = function(a) {
+      var self = this;
+      self.keys = {};
+      
+      if (a.queryObject) {
+        jQuery.each(a.get(), function(key, val) {
+          self.SET(key, val);
+        });
+      } else {
+        jQuery.each(arguments, function() {
+          var q = "" + this;
+					q = decodeURIComponent(q);
+          q = q.replace(/^[?#]/,''); // remove any leading ? || #
+          q = q.replace(/[;&]$/,''); // remove any trailing & || ;
+          if ($spaces) q = q.replace(/[+]/g,' '); // replace +'s with spaces
+          
+          jQuery.each(q.split(/[&;]/), function(){
+            var key = this.split('=')[0];
+            var val = this.split('=')[1];
+            
+            if (!key) return;
+            
+            if ($numbers) {
+              if (/^[+-]?[0-9]+\.[0-9]*$/.test(val)) // simple float regex
+                val = parseFloat(val);
+              else if (/^[+-]?[0-9]+$/.test(val)) // simple int regex
+                val = parseInt(val, 10);
+            }
+            
+            val = (!val && val !== 0) ? true : val;
+            
+            if (val !== false && val !== true && typeof val != 'number')
+              val = val;
+            
+            self.SET(key, val);
+          });
+        });
+      }
+      return self;
+    };
+    
+    queryObject.prototype = {
+      queryObject: true,
+      has: function(key, type) {
+        var value = this.get(key);
+        return is(value, type);
+      },
+      GET: function(key) {
+        if (!is(key)) return this.keys;
+        var parsed = parse(key), base = parsed[0], tokens = parsed[1];
+        var target = this.keys[base];
+        while (target != null && tokens.length != 0) {
+          target = target[tokens.shift()];
+        }
+        return typeof target == 'number' ? target : target || "";
+      },
+      get: function(key) {
+        var target = this.GET(key);
+        if (is(target, Object))
+          return jQuery.extend(true, {}, target);
+        else if (is(target, Array))
+          return target.slice(0);
+        return target;
+      },
+      SET: function(key, val) {
+        var value = !is(val) ? null : val;
+        var parsed = parse(key), base = parsed[0], tokens = parsed[1];
+        var target = this.keys[base];
+        this.keys[base] = set(target, tokens.slice(0), value);
+        return this;
+      },
+      set: function(key, val) {
+        return this.copy().SET(key, val);
+      },
+      REMOVE: function(key) {
+        return this.SET(key, null).COMPACT();
+      },
+      remove: function(key) {
+        return this.copy().REMOVE(key);
+      },
+      EMPTY: function() {
+        var self = this;
+        jQuery.each(self.keys, function(key, value) {
+          delete self.keys[key];
+        });
+        return self;
+      },
+      load: function(url) {
+        var hash = url.replace(/^.*?[#](.+?)(?:\?.+)?$/, "$1");
+        var search = url.replace(/^.*?[?](.+?)(?:#.+)?$/, "$1");
+        return new queryObject(url.length == search.length ? '' : search, url.length == hash.length ? '' : hash);
+      },
+      empty: function() {
+        return this.copy().EMPTY();
+      },
+      copy: function() {
+        return new queryObject(this);
+      },
+      COMPACT: function() {
+        function build(orig) {
+          var obj = typeof orig == "object" ? is(orig, Array) ? [] : {} : orig;
+          if (typeof orig == 'object') {
+            function add(o, key, value) {
+              if (is(o, Array))
+                o.push(value);
+              else
+                o[key] = value;
+            }
+            jQuery.each(orig, function(key, value) {
+              if (!is(value)) return true;
+              add(obj, key, build(value));
+            });
+          }
+          return obj;
+        }
+        this.keys = build(this.keys);
+        return this;
+      },
+      compact: function() {
+        return this.copy().COMPACT();
+      },
+      toString: function() {
+        var i = 0, queryString = [], chunks = [], self = this;
+        var addFields = function(arr, key, value) {
+          if (!is(value) || value === false) return;
+          var o = [encodeURIComponent(key)];
+          if (value !== true) {
+            o.push("=");
+            o.push(encodeURIComponent(value));
+          }
+          arr.push(o.join(""));
+        };
+        var build = function(obj, base) {
+          var newKey = function(key) {
+            return !base || base == "" ? [key].join("") : [base, "[", key, "]"].join("");
+          };
+          jQuery.each(obj, function(key, value) {
+            if (typeof value == 'object') 
+              build(value, newKey(key));
+            else
+              addFields(chunks, newKey(key), value);
+          });
+        };
+        
+        build(this.keys);
+        
+        if (chunks.length > 0) queryString.push($hash);
+        queryString.push(chunks.join($separator));
+        
+        return queryString.join("");
+      }
+    };
+    
+    return new queryObject(location.search, location.hash);
+  };
+}(jQuery.query || {}); // Pass in jQuery.query as settings object

web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java

@@ -45,7 +45,7 @@ import org.springframework.web.filter.OncePerRequestFilter;
  *
  * <p>
  * For a detailed background on what this filter is designed to process, refer to
- * <a href="http://www.faqs.org/rfcs/rfc1945.html">RFC 1945, Section 11.1</a>. Any realm
+ * <a href="https://tools.ietf.org/html/rfc1945">RFC 1945, Section 11.1</a>. Any realm
  * name presented in the HTTP request is ignored.
  *
  * <p>

web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java

@@ -52,7 +52,7 @@ public class DefaultRedirectStrategyTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
 		rds.sendRedirect(request, response,
-				"https://http://context.blah.com/context/remainder");
+				"https://context.blah.com/context/remainder");
 
 		assertThat(response.getRedirectedUrl()).isEqualTo("remainder");
 	}

web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java

@@ -85,7 +85,7 @@ public class RetryWithHttpEntryPointTests {
 				"/bigWebApp/hello/pathInfo.html");
 		request.setQueryString("open=true");
 		request.setScheme("https");
-		request.setServerName("www.example.com");
+		request.setServerName("localhost");
 		request.setServerPort(443);
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -96,7 +96,7 @@ public class RetryWithHttpEntryPointTests {
 
 		ep.commence(request, response);
 		assertThat(response.getRedirectedUrl()).isEqualTo(
-				"http://www.example.com/bigWebApp/hello/pathInfo.html?open=true");
+				"http://localhost/bigWebApp/hello/pathInfo.html?open=true");
 	}
 
 	@Test

web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java

@@ -385,7 +385,7 @@ public class AbstractAuthenticationProcessingFilterTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
 		MockAuthenticationFilter filter = new MockAuthenticationFilter(false);
-		successHandler.setDefaultTargetUrl("http://monkeymachine.co.uk/");
+		successHandler.setDefaultTargetUrl("https://monkeymachine.co.uk/");
 		filter.setAuthenticationSuccessHandler(successHandler);
 
 		filter.doFilter(request, response, chain);
@@ -409,7 +409,7 @@ public class AbstractAuthenticationProcessingFilterTests {
 		ReflectionTestUtils.setField(filter, "logger", logger);
 		filter.exceptionToThrow = new InternalAuthenticationServiceException(
 				"Mock requested to do so");
-		successHandler.setDefaultTargetUrl("http://monkeymachine.co.uk/");
+		successHandler.setDefaultTargetUrl("https://monkeymachine.co.uk/");
 		filter.setAuthenticationSuccessHandler(successHandler);
 
 		filter.doFilter(request, response, chain);

web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java

@@ -249,7 +249,7 @@ public class LoginUrlAuthenticationEntryPointTests {
 	// SEC-1498
 	@Test
 	public void absoluteLoginFormUrlIsSupported() throws Exception {
-		final String loginFormUrl = "http://somesite.com/login";
+		final String loginFormUrl = "https://somesite.com/login";
 		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint(
 				loginFormUrl);
 		ep.afterPropertiesSet();
@@ -260,9 +260,9 @@ public class LoginUrlAuthenticationEntryPointTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void absoluteLoginFormUrlCantBeUsedWithForwarding() throws Exception {
-		final String loginFormUrl = "http://somesite.com/login";
+		final String loginFormUrl = "https://somesite.com/login";
 		LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint(
-				"http://somesite.com/login");
+				"https://somesite.com/login");
 		ep.setUseForward(true);
 		ep.afterPropertiesSet();
 	}

web/src/test/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandlerTests.java

@@ -45,11 +45,11 @@ public class SimpleUrlLogoutSuccessHandlerTests {
 	@Test
 	public void absoluteUrlIsSupported() throws Exception {
 		SimpleUrlLogoutSuccessHandler lsh = new SimpleUrlLogoutSuccessHandler();
-		lsh.setDefaultTargetUrl("http://someurl.com/");
+		lsh.setDefaultTargetUrl("https://someurl.com/");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		lsh.onLogoutSuccess(request, response, mock(Authentication.class));
-		assertThat(response.getRedirectedUrl()).isEqualTo("http://someurl.com/");
+		assertThat(response.getRedirectedUrl()).isEqualTo("https://someurl.com/");
 	}
 
 }

web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java

@@ -86,7 +86,7 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests {
 
 	@Test
 	public void writeHttpHeadersWhenHttpThenNoHeaders() {
-		exchange = exchange(MockServerHttpRequest.get("http://example.com/"));
+		exchange = exchange(MockServerHttpRequest.get("http://localhost/"));
 
 		hsts.writeHttpHeaders(exchange);