From 3b89754926b1322fc606ecfe5652dc455ea594fc Mon Sep 17 00:00:00 2001 From: Spring Operator Date: Tue, 19 Mar 2019 23:53:23 -0500 Subject: [PATCH] URL Cleanup This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener). # HTTP URLs that Could Not Be Fixed These URLs were unable to be fixed. Please review them to see if they can be manually resolved. * http://blog.opensecurityresearch.com/2012/02/json-csrf-with-parameter-padding.html (200) with 1 occurrences could not be migrated: ([https](https://blog.opensecurityresearch.com/2012/02/json-csrf-with-parameter-padding.html) result ClosedChannelException). * http://bouncy-castle.1462172.n4.nabble.com/Java-Bouncy-Castle-scrypt-implementation-td4656832.html (200) with 1 occurrences could not be migrated: ([https](https://bouncy-castle.1462172.n4.nabble.com/Java-Bouncy-Castle-scrypt-implementation-td4656832.html) result SSLHandshakeException). * http://cujojs.com/ (200) with 1 occurrences could not be migrated: ([https](https://cujojs.com/) result SSLHandshakeException). * http://erik.eae.net/archives/2007/07/27/18.54.15/ (200) with 1 occurrences could not be migrated: ([https](https://erik.eae.net/archives/2007/07/27/18.54.15/) result SSLHandshakeException). * http://javascript.nwbox.com/IEContentLoaded/ (200) with 1 occurrences could not be migrated: ([https](https://javascript.nwbox.com/IEContentLoaded/) result SSLHandshakeException). * http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2011-February/007533.html (200) with 1 occurrences could not be migrated: ([https](https://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2011-February/007533.html) result SSLHandshakeException). * http://monkeymachine.co.uk/ (200) with 2 occurrences could not be migrated: ([https](https://monkeymachine.co.uk/) result SSLHandshakeException). * http://perfectionkills.com/detecting-event-support-without-browser-sniffing/ (200) with 1 occurrences could not be migrated: ([https](https://perfectionkills.com/detecting-event-support-without-browser-sniffing/) result SSLHandshakeException). * http://somesite.com/login (200) with 3 occurrences could not be migrated: ([https](https://somesite.com/login) result AnnotatedConnectException). * http://someurl.com/ (200) with 2 occurrences could not be migrated: ([https](https://someurl.com/) result SSLHandshakeException). * http://sscce.org/ (200) with 1 occurrences could not be migrated: ([https](https://sscce.org/) result SSLHandshakeException). * http://webblaze.cs.berkeley.edu/papers/barth-caballero-song.pdf (200) with 2 occurrences could not be migrated: ([https](https://webblaze.cs.berkeley.edu/papers/barth-caballero-song.pdf) result 404). * http://www.example.com:80/ (200) with 1 occurrences could not be migrated: ([https](https://www.example.com:80/) result NotSslRecordException). * http://www.faqs.org/qa/rfcc-1940.html (200) with 3 occurrences could not be migrated: ([https](https://www.faqs.org/qa/rfcc-1940.html) result AnnotatedConnectException). * http://www.faqs.org/rfcs/rfc1945.html (200) with 2 occurrences could not be migrated: ([https](https://www.faqs.org/rfcs/rfc1945.html) result AnnotatedConnectException). * http://www.faqs.org/rfcs/rfc3548.html (200) with 3 occurrences could not be migrated: ([https](https://www.faqs.org/rfcs/rfc3548.html) result AnnotatedConnectException). * http://www.zytrax.com/books/ldap/ (200) with 2 occurrences could not be migrated: ([https](https://www.zytrax.com/books/ldap/) result AnnotatedConnectException). * http://blindsignals.com/index.php/2009/07/jquery-delay/ (301) with 1 occurrences could not be migrated: ([https](https://blindsignals.com/index.php/2009/07/jquery-delay/) result SSLHandshakeException). * http://www.faqs.org/ (301) with 1 occurrences could not be migrated: ([https](https://www.faqs.org/) result AnnotatedConnectException). * http://sam.zoy.org/wtfpl/ (301) with 2 occurrences could not be migrated: ([https](https://sam.zoy.org/wtfpl/) result SSLHandshakeException). * http://hey.openid.com/ (302) with 1 occurrences could not be migrated: ([https](https://hey.openid.com/) result SSLHandshakeException). * http://iharder.net/base64 (303) with 2 occurrences could not be migrated: ([https](https://iharder.net/base64) result AnnotatedConnectException). * http://jaspan.com/improved_persistent_login_cookie_best_practice (500) with 3 occurrences could not be migrated: ([https](https://jaspan.com/improved_persistent_login_cookie_best_practice) result AnnotatedConnectException). # Fixed URLs ## Fixed But Review Recommended These URLs were fixed, but the https status was not OK. However, the https status was the same as the http request or http redirected to an https URL, so they were migrated. Your review is recommended. * http://www.relaxng.org/ (301) with 1 occurrences migrated to: https://relaxng.org/ ([https](https://www.relaxng.org/) result SSLHandshakeException). * http://www.relaxng.org (301) with 1 occurrences migrated to: https://relaxng.org/ ([https](https://www.relaxng.org) result SSLHandshakeException). * http://tools.ietf.org/html/draft-ietf-websec-x-frame-options (301) with 2 occurrences migrated to: https://tools.ietf.org/html/draft-ietf-websec-x-frame-options ([https](https://tools.ietf.org/html/draft-ietf-websec-x-frame-options) result ReadTimeoutException). * http://foo.test.com (302) with 2 occurrences migrated to: https://www.test.com ([https](https://foo.test.com) result SSLHandshakeException). * http://abc.test.com (302) with 2 occurrences migrated to: https://www.test.com ([https](https://abc.test.com) result SSLHandshakeException). * http://192.168.1:8080 (ConnectTimeoutException) with 2 occurrences migrated to: https://192.168.1:8080 ([https](https://192.168.1:8080) result ConnectTimeoutException). * http://www.example.com:8080/mycontext/secure/page.html (ConnectTimeoutException) with 1 occurrences migrated to: https://www.example.com:8080/mycontext/secure/page.html ([https](https://www.example.com:8080/mycontext/secure/page.html) result ConnectTimeoutException). * http://www.example.com:8888/bigWebApp/hello (ConnectTimeoutException) with 1 occurrences migrated to: https://www.example.com:8888/bigWebApp/hello ([https](https://www.example.com:8888/bigWebApp/hello) result ConnectTimeoutException). * http://www.example.com:8888/bigWebApp/hello/pathInfo.html?open=true (ConnectTimeoutException) with 1 occurrences migrated to: https://www.example.com:8888/bigWebApp/hello/pathInfo.html?open=true ([https](https://www.example.com:8888/bigWebApp/hello/pathInfo.html?open=true) result ConnectTimeoutException). * http://www.opensymphony.com/sitemesh/decorator (ConnectTimeoutException) with 1 occurrences migrated to: https://www.opensymphony.com/sitemesh/decorator ([https](https://www.opensymphony.com/sitemesh/decorator) result ConnectTimeoutException). * http://www.opensymphony.com/sitemesh/page (ConnectTimeoutException) with 1 occurrences migrated to: https://www.opensymphony.com/sitemesh/page ([https](https://www.opensymphony.com/sitemesh/page) result ConnectTimeoutException). * http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd (ReadTimeoutException) with 1 occurrences migrated to: https://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd ([https](https://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd) result ReadTimeoutException). * http://axschema.org/ (UnknownHostException) with 2 occurrences migrated to: https://axschema.org/ ([https](https://axschema.org/) result UnknownHostException). * http://axschema.org/contact/email (UnknownHostException) with 23 occurrences migrated to: https://axschema.org/contact/email ([https](https://axschema.org/contact/email) result UnknownHostException). * http://axschema.org/namePerson (UnknownHostException) with 5 occurrences migrated to: https://axschema.org/namePerson ([https](https://axschema.org/namePerson) result UnknownHostException). * http://axschema.org/namePerson/first (UnknownHostException) with 4 occurrences migrated to: https://axschema.org/namePerson/first ([https](https://axschema.org/namePerson/first) result UnknownHostException). * http://axschema.org/namePerson/last (UnknownHostException) with 4 occurrences migrated to: https://axschema.org/namePerson/last ([https](https://axschema.org/namePerson/last) result UnknownHostException). * http://context.blah.com/context/remainder (UnknownHostException) with 1 occurrences migrated to: https://context.blah.com/context/remainder ([https](https://context.blah.com/context/remainder) result UnknownHostException). * http://default (UnknownHostException) with 12 occurrences migrated to: https://default ([https](https://default) result UnknownHostException). * http://endpoint (UnknownHostException) with 4 occurrences migrated to: https://endpoint ([https](https://endpoint) result UnknownHostException). * http://endpoint?id_token_hint=id-token (UnknownHostException) with 2 occurrences migrated to: https://endpoint?id_token_hint=id-token ([https](https://endpoint?id_token_hint=id-token) result UnknownHostException). * http://example.com¶m1=value1¶m2=value2 (UnknownHostException) with 1 occurrences migrated to: https://example.com¶m1=value1¶m2=value2 ([https](https://example.com¶m1=value1¶m2=value2) result UnknownHostException). * http://host/myapp/index.html;jsessionid=blah (UnknownHostException) with 1 occurrences migrated to: https://host/myapp/index.html;jsessionid=blah ([https](https://host/myapp/index.html;jsessionid=blah) result UnknownHostException). * http://http://context.blah.com/context/remainder (UnknownHostException) with 1 occurrences migrated to: https://http://context.blah.com/context/remainder ([https](https://https://context.blah.com/context/remainder) result UnknownHostException). * http://id.openid.zz (UnknownHostException) with 2 occurrences migrated to: https://id.openid.zz ([https](https://id.openid.zz) result UnknownHostException). * http://invalid-provider.com/oauth2/token (UnknownHostException) with 4 occurrences migrated to: https://invalid-provider.com/oauth2/token ([https](https://invalid-provider.com/oauth2/token) result UnknownHostException). * http://invalid-provider.com/user (UnknownHostException) with 4 occurrences migrated to: https://invalid-provider.com/user ([https](https://invalid-provider.com/user) result UnknownHostException). * http://issuer/.well-known/jwks.json (UnknownHostException) with 2 occurrences migrated to: https://issuer/.well-known/jwks.json ([https](https://issuer/.well-known/jwks.json) result UnknownHostException). * http://issuer/certs (UnknownHostException) with 1 occurrences migrated to: https://issuer/certs ([https](https://issuer/certs) result UnknownHostException). * http://jimi.hendrix.myopenid.com/ (UnknownHostException) with 1 occurrences migrated to: https://jimi.hendrix.myopenid.com/ ([https](https://jimi.hendrix.myopenid.com/) result UnknownHostException). * http://joe.myopenid.com/ (UnknownHostException) with 3 occurrences migrated to: https://joe.myopenid.com/ ([https](https://joe.myopenid.com/) result UnknownHostException). * http://logout (UnknownHostException) with 2 occurrences migrated to: https://logout ([https](https://logout) result UnknownHostException). * http://logout?id_token_hint=id-token (UnknownHostException) with 2 occurrences migrated to: https://logout?id_token_hint=id-token ([https](https://logout?id_token_hint=id-token) result UnknownHostException). * http://openid.aol.com/ (UnknownHostException) with 2 occurrences migrated to: https://openid.aol.com/ ([https](https://openid.aol.com/) result UnknownHostException). * http://pip.verisignlabs.com/server (UnknownHostException) with 2 occurrences migrated to: https://pip.verisignlabs.com/server ([https](https://pip.verisignlabs.com/server) result UnknownHostException). * http://postlogout?encodedparam%3Dvalue (UnknownHostException) with 2 occurrences migrated to: https://postlogout?encodedparam%3Dvalue ([https](https://postlogout?encodedparam%3Dvalue) result UnknownHostException). * http://postlogout?encodedparam=value (UnknownHostException) with 2 occurrences migrated to: https://postlogout?encodedparam=value ([https](https://postlogout?encodedparam=value) result UnknownHostException). * http://schema.openid.net/contact/email (UnknownHostException) with 5 occurrences migrated to: https://schema.openid.net/contact/email ([https](https://schema.openid.net/contact/email) result UnknownHostException). * http://schema.openid.net/namePerson (UnknownHostException) with 2 occurrences migrated to: https://schema.openid.net/namePerson ([https](https://schema.openid.net/namePerson) result UnknownHostException). * http://some.site.org/index.html (UnknownHostException) with 1 occurrences migrated to: https://some.site.org/index.html ([https](https://some.site.org/index.html) result UnknownHostException). * http://something/ (UnknownHostException) with 1 occurrences migrated to: https://something/ ([https](https://something/) result UnknownHostException). * http://specs.openid.net/auth/2.0 (UnknownHostException) with 2 occurrences migrated to: https://specs.openid.net/auth/2.0 ([https](https://specs.openid.net/auth/2.0) result UnknownHostException). * http://specs.openid.net/auth/2.0/identifier_select (UnknownHostException) with 4 occurrences migrated to: https://specs.openid.net/auth/2.0/identifier_select ([https](https://specs.openid.net/auth/2.0/identifier_select) result UnknownHostException). * http://wiki.fasterxml.com/JacksonFeatureModules (UnknownHostException) with 1 occurrences migrated to: https://wiki.fasterxml.com/JacksonFeatureModules ([https](https://wiki.fasterxml.com/JacksonFeatureModules) result UnknownHostException). * http://www.faqs (UnknownHostException) with 1 occurrences migrated to: https://www.faqs ([https](https://www.faqs) result UnknownHostException). * http://www.test123.com (UnknownHostException) with 1 occurrences migrated to: https://www.test123.com ([https](https://www.test123.com) result UnknownHostException). * http://en.wikipedia.org/wiki/Defense_in_depth_%28computing%29 (301) with 1 occurrences migrated to: https://en.wikipedia.org/wiki/Defense_in_depth_%2528computing%2529 ([https](https://en.wikipedia.org/wiki/Defense_in_depth_%28computing%29) result 400). * http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ForwardedRequestCustomizer.html (404) with 1 occurrences migrated to: https://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ForwardedRequestCustomizer.html ([https](https://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ForwardedRequestCustomizer.html) result 404). * http://example.com/auth (404) with 2 occurrences migrated to: https://example.com/auth ([https](https://example.com/auth) result 404). * http://example.com/info (404) with 2 occurrences migrated to: https://example.com/info ([https](https://example.com/info) result 404). * http://example.com/jwkset (404) with 2 occurrences migrated to: https://example.com/jwkset ([https](https://example.com/jwkset) result 404). * http://example.com/login/oauth2/code/registration-id (404) with 1 occurrences migrated to: https://example.com/login/oauth2/code/registration-id ([https](https://example.com/login/oauth2/code/registration-id) result 404). * http://example.com/login/oauth2/code/registration-id-2 (404) with 1 occurrences migrated to: https://example.com/login/oauth2/code/registration-id-2 ([https](https://example.com/login/oauth2/code/registration-id-2) result 404). * http://example.com/path?a=b&c=d (404) with 1 occurrences migrated to: https://example.com/path?a=b&c=d ([https](https://example.com/path?a=b&c=d) result 404). * http://example.com/pkp-report (404) with 5 occurrences migrated to: https://example.com/pkp-report ([https](https://example.com/pkp-report) result 404). * http://example.com/token (404) with 2 occurrences migrated to: https://example.com/token ([https](https://example.com/token) result 404). * http://example.net/pkp-report (404) with 7 occurrences migrated to: https://example.net/pkp-report ([https](https://example.net/pkp-report) result 404). * http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/ (301) with 1 occurrences migrated to: https://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/ ([https](https://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/) result 404). * http://html5shim.googlecode.com/svn/trunk/html5.js (404) with 6 occurrences migrated to: https://html5shim.googlecode.com/svn/trunk/html5.js ([https](https://html5shim.googlecode.com/svn/trunk/html5.js) result 404). * http://json.org/json2.js (404) with 1 occurrences migrated to: https://json.org/json2.js ([https](https://json.org/json2.js) result 404). * http://openid-selector.googlecode.com/svn/trunk/ (404) with 2 occurrences migrated to: https://openid-selector.googlecode.com/svn/trunk/ ([https](https://openid-selector.googlecode.com/svn/trunk/) result 404). * http://provider.com/user (302) with 2 occurrences migrated to: https://provider.com/user ([https](https://provider.com/user) result 404). * http://relaxng.org/ns/compatibility/annotations/1.0 (301) with 8 occurrences migrated to: https://relaxng.org/ns/compatibility/annotations/1.0 ([https](https://relaxng.org/ns/compatibility/annotations/1.0) result 404). * http://www.example.com/bigWebApp/hello (404) with 2 occurrences migrated to: https://www.example.com/bigWebApp/hello ([https](https://www.example.com/bigWebApp/hello) result 404). * http://www.example.com/bigWebApp/hello/pathInfo.html?open=true (404) with 1 occurrences migrated to: https://www.example.com/bigWebApp/hello/pathInfo.html?open=true ([https](https://www.example.com/bigWebApp/hello/pathInfo.html?open=true) result 404). * http://www.example.com/identity (404) with 1 occurrences migrated to: https://www.example.com/identity ([https](https://www.example.com/identity) result 404). * http://www.example.com/login/openid (404) with 2 occurrences migrated to: https://www.example.com/login/openid ([https](https://www.example.com/login/openid) result 404). * http://www.example.com/mycontext/HelloWorld (404) with 1 occurrences migrated to: https://www.example.com/mycontext/HelloWorld ([https](https://www.example.com/mycontext/HelloWorld) result 404). * http://www.example.com/mycontext/HelloWorld/some/more/segments.html (404) with 1 occurrences migrated to: https://www.example.com/mycontext/HelloWorld/some/more/segments.html ([https](https://www.example.com/mycontext/HelloWorld/some/more/segments.html) result 404). * http://www.example.com/mycontext/HelloWorld?foo=bar (404) with 1 occurrences migrated to: https://www.example.com/mycontext/HelloWorld?foo=bar ([https](https://www.example.com/mycontext/HelloWorld?foo=bar) result 404). * http://www.example.com/mycontext/secure/page.html (404) with 3 occurrences migrated to: https://www.example.com/mycontext/secure/page.html ([https](https://www.example.com/mycontext/secure/page.html) result 404). * http://www.example.com/realm (404) with 1 occurrences migrated to: https://www.example.com/realm ([https](https://www.example.com/realm) result 404). * http://www.example.com/redirect (404) with 1 occurrences migrated to: https://www.example.com/redirect ([https](https://www.example.com/redirect) result 404). * http://www.example.org/do/something (404) with 4 occurrences migrated to: https://www.example.org/do/something ([https](https://www.example.org/do/something) result 404). * http://www.ibm.com/developerworks/tivoli/library/t-ldap-controls/ (301) with 1 occurrences migrated to: https://www.ibm.com/developerworks/tivoli/library/t-ldap-controls/ ([https](https://www.ibm.com/developerworks/tivoli/library/t-ldap-controls/) result 404). * http://www.json.org/json2.js (404) with 1 occurrences migrated to: https://www.json.org/json2.js ([https](https://www.json.org/json2.js) result 404). * http://www.thymeleaf.org/thymeleaf-extras-springsecurity5 (301) with 5 occurrences migrated to: https://www.thymeleaf.org/thymeleaf-extras-springsecurity5 ([https](https://www.thymeleaf.org/thymeleaf-extras-springsecurity5) result 404). ## Fixed Success These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended. * http://blog.ircmaxell.com/2014/03/why-i-dont-recommend-scrypt.html with 1 occurrences migrated to: https://blog.ircmaxell.com/2014/03/why-i-dont-recommend-scrypt.html ([https](https://blog.ircmaxell.com/2014/03/why-i-dont-recommend-scrypt.html) result 200). * http://bugs.jquery.com/ticket/12282 with 1 occurrences migrated to: https://bugs.jquery.com/ticket/12282 ([https](https://bugs.jquery.com/ticket/12282) result 200). * http://bugs.jquery.com/ticket/12359 with 1 occurrences migrated to: https://bugs.jquery.com/ticket/12359 ([https](https://bugs.jquery.com/ticket/12359) result 200). * http://claimid.com/ with 2 occurrences migrated to: https://claimid.com/ ([https](https://claimid.com/) result 200). * http://dist.springsource.org/snapshot/GRECLIPSE/e4.7/ with 1 occurrences migrated to: https://dist.springsource.org/snapshot/GRECLIPSE/e4.7/ ([https](https://dist.springsource.org/snapshot/GRECLIPSE/e4.7/) result 200). * http://docs.oracle.com/javaee/6/api/javax/servlet/AsyncContext.html with 1 occurrences migrated to: https://docs.oracle.com/javaee/6/api/javax/servlet/AsyncContext.html ([https](https://docs.oracle.com/javaee/6/api/javax/servlet/AsyncContext.html) result 200). * http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html with 26 occurrences migrated to: https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html ([https](https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html) result 200). * http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html with 1 occurrences migrated to: https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html ([https](https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html) result 200). * http://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html with 1 occurrences migrated to: https://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html ([https](https://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html) result 200). * http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html with 1 occurrences migrated to: https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html ([https](https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html) result 200). * http://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html with 1 occurrences migrated to: https://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html ([https](https://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html) result 200). * http://docs.spring.io/spring-framework/docs/4.0.x/spring-framework-reference/htmlsingle/ with 2 occurrences migrated to: https://docs.spring.io/spring-framework/docs/4.0.x/spring-framework-reference/htmlsingle/ ([https](https://docs.spring.io/spring-framework/docs/4.0.x/spring-framework-reference/htmlsingle/) result 200). * http://static.springsource.org/spring-security/site/docs/3.0.x/reference/remember-me.html (301) with 1 occurrences migrated to: https://docs.spring.io/spring-security/site/docs/3.0.x/reference/remember-me.html ([https](https://static.springsource.org/spring-security/site/docs/3.0.x/reference/remember-me.html) result 200). * http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html (301) with 1 occurrences migrated to: https://docs.spring.io/spring-security/site/docs/3.1.x/reference/springsecurity-single.html ([https](https://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html) result 200). * http://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/ with 1 occurrences migrated to: https://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/ ([https](https://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/) result 200). * http://docs.spring.io/spring-security/site/docs/current/api/ with 1 occurrences migrated to: https://docs.spring.io/spring-security/site/docs/current/api/ ([https](https://docs.spring.io/spring-security/site/docs/current/api/) result 200). * http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/ with 3 occurrences migrated to: https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/ ([https](https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/) result 200). * http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html (301) with 1 occurrences migrated to: https://docs.spring.io/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html ([https](https://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html) result 200). * http://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/beans.html with 1 occurrences migrated to: https://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/beans.html ([https](https://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/beans.html) result 200). * http://docs.spring.io/spring/docs/3.2.x/javadoc-api/org/springframework/web/multipart/support/MultipartFilter.html with 1 occurrences migrated to: https://docs.spring.io/spring/docs/3.2.x/javadoc-api/org/springframework/web/multipart/support/MultipartFilter.html ([https](https://docs.spring.io/spring/docs/3.2.x/javadoc-api/org/springframework/web/multipart/support/MultipartFilter.html) result 200). * http://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/mvc.html with 3 occurrences migrated to: https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/mvc.html ([https](https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/mvc.html) result 200). * http://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/view.html with 1 occurrences migrated to: https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/view.html ([https](https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/view.html) result 200). * http://en.wikipedia.org/wiki/Clickjacking with 9 occurrences migrated to: https://en.wikipedia.org/wiki/Clickjacking ([https](https://en.wikipedia.org/wiki/Clickjacking) result 200). * http://en.wikipedia.org/wiki/Content_sniffing with 2 occurrences migrated to: https://en.wikipedia.org/wiki/Content_sniffing ([https](https://en.wikipedia.org/wiki/Content_sniffing) result 200). * http://en.wikipedia.org/wiki/Cross-site_request_forgery with 11 occurrences migrated to: https://en.wikipedia.org/wiki/Cross-site_request_forgery ([https](https://en.wikipedia.org/wiki/Cross-site_request_forgery) result 200). * http://en.wikipedia.org/wiki/Cross-site_scripting with 7 occurrences migrated to: https://en.wikipedia.org/wiki/Cross-site_scripting ([https](https://en.wikipedia.org/wiki/Cross-site_scripting) result 200). * http://en.wikipedia.org/wiki/Firesheep with 1 occurrences migrated to: https://en.wikipedia.org/wiki/Firesheep ([https](https://en.wikipedia.org/wiki/Firesheep) result 200). * http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security with 4 occurrences migrated to: https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security ([https](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) result 200). * http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol with 1 occurrences migrated to: https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol ([https](https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol) result 200). * http://en.wikipedia.org/wiki/Man-in-the-middle_attack with 2 occurrences migrated to: https://en.wikipedia.org/wiki/Man-in-the-middle_attack ([https](https://en.wikipedia.org/wiki/Man-in-the-middle_attack) result 200). * http://en.wikipedia.org/wiki/Null_Object_pattern with 1 occurrences migrated to: https://en.wikipedia.org/wiki/Null_Object_pattern ([https](https://en.wikipedia.org/wiki/Null_Object_pattern) result 200). * http://en.wikipedia.org/wiki/SRV_record with 2 occurrences migrated to: https://en.wikipedia.org/wiki/SRV_record ([https](https://en.wikipedia.org/wiki/SRV_record) result 200). * http://en.wikipedia.org/wiki/Same-origin_policy with 1 occurrences migrated to: https://en.wikipedia.org/wiki/Same-origin_policy ([https](https://en.wikipedia.org/wiki/Same-origin_policy) result 200). * http://en.wikipedia.org/wiki/Session_fixation with 6 occurrences migrated to: https://en.wikipedia.org/wiki/Session_fixation ([https](https://en.wikipedia.org/wiki/Session_fixation) result 200). * http://example.com with 8 occurrences migrated to: https://example.com ([https](https://example.com) result 200). * http://example.com/ with 1 occurrences migrated to: https://example.com/ ([https](https://example.com/) result 200). * http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice with 2 occurrences migrated to: https://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice ([https](https://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice) result 200). * http://flywaydb.org/ with 1 occurrences migrated to: https://flywaydb.org/ ([https](https://flywaydb.org/) result 200). * http://getbootstrap.com/docs/4.0/examples/signin/signin.css with 1 occurrences migrated to: https://getbootstrap.com/docs/4.0/examples/signin/signin.css ([https](https://getbootstrap.com/docs/4.0/examples/signin/signin.css) result 200). * http://gradle.org with 1 occurrences migrated to: https://gradle.org ([https](https://gradle.org) result 200). * http://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/ with 2 occurrences migrated to: https://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/ ([https](https://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/) result 200). * http://joshlong.com/jl/blogPost/tech_tip_geting_started_with_spring_boot.html with 2 occurrences migrated to: https://joshlong.com/jl/blogPost/tech_tip_geting_started_with_spring_boot.html ([https](https://joshlong.com/jl/blogPost/tech_tip_geting_started_with_spring_boot.html) result 200). * http://jquery.com/ with 1 occurrences migrated to: https://jquery.com/ ([https](https://jquery.com/) result 200). * http://knockoutjs.com/ with 1 occurrences migrated to: https://knockoutjs.com/ ([https](https://knockoutjs.com/) result 200). * http://marketplace.eclipse.org/content/anyedit-tools with 1 occurrences migrated to: https://marketplace.eclipse.org/content/anyedit-tools ([https](https://marketplace.eclipse.org/content/anyedit-tools) result 200). * http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html with 1 occurrences migrated to: https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html ([https](https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html) result 200). * http://openid.net with 1 occurrences migrated to: https://openid.net ([https](https://openid.net) result 200). * http://openid.net/ with 1 occurrences migrated to: https://openid.net/ ([https](https://openid.net/) result 200). * http://openid.net/certification/ with 4 occurrences migrated to: https://openid.net/certification/ ([https](https://openid.net/certification/) result 200). * http://openid.net/connect/ with 4 occurrences migrated to: https://openid.net/connect/ ([https](https://openid.net/connect/) result 200). * http://openid.net/specs/openid-attribute-exchange-1_0.html with 3 occurrences migrated to: https://openid.net/specs/openid-attribute-exchange-1_0.html ([https](https://openid.net/specs/openid-attribute-exchange-1_0.html) result 200). * http://openid.net/specs/openid-connect-core-1_0.html with 50 occurrences migrated to: https://openid.net/specs/openid-connect-core-1_0.html ([https](https://openid.net/specs/openid-connect-core-1_0.html) result 200). * http://openid.net/specs/openid-connect-session-1_0.html with 2 occurrences migrated to: https://openid.net/specs/openid-connect-session-1_0.html ([https](https://openid.net/specs/openid-connect-session-1_0.html) result 200). * http://sizzlejs.com/ with 2 occurrences migrated to: https://sizzlejs.com/ ([https](https://sizzlejs.com/) result 200). * http://spring.io/blog/2009/01/03/spring-security-customization-part-2-adjusting-secured-session-in-real-time with 1 occurrences migrated to: https://spring.io/blog/2009/01/03/spring-security-customization-part-2-adjusting-secured-session-in-real-time ([https](https://spring.io/blog/2009/01/03/spring-security-customization-part-2-adjusting-secured-session-in-real-time) result 200). * http://blog.springsource.com/2010/03/06/behind-the-spring-security-namespace/ (301) with 1 occurrences migrated to: https://spring.io/blog/2010/03/06/behind-the-spring-security-namespace/ ([https](https://blog.springsource.com/2010/03/06/behind-the-spring-security-namespace/) result 200). * http://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/ (301) with 1 occurrences migrated to: https://spring.io/blog/2010/08/02/spring-security-in-google-app-engine/ ([https](https://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/) result 200). * http://spring.io/projects with 1 occurrences migrated to: https://spring.io/projects ([https](https://spring.io/projects) result 200). * http://spring.io/services with 1 occurrences migrated to: https://spring.io/services ([https](https://spring.io/services) result 200). * http://stackoverflow.com/questions/tagged/spring-security with 1 occurrences migrated to: https://stackoverflow.com/questions/tagged/spring-security ([https](https://stackoverflow.com/questions/tagged/spring-security) result 200). * http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html with 2 occurrences migrated to: https://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html ([https](https://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html) result 200). * http://tools.ietf.org/html/rfc6797 with 15 occurrences migrated to: https://tools.ietf.org/html/rfc6797 ([https](https://tools.ietf.org/html/rfc6797) result 200). * http://tools.ietf.org/html/rfc7469 with 18 occurrences migrated to: https://tools.ietf.org/html/rfc7469 ([https](https://tools.ietf.org/html/rfc7469) result 200). * http://vimeo.com/34436402 with 1 occurrences migrated to: https://vimeo.com/34436402 ([https](https://vimeo.com/34436402) result 200). * http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails/ with 1 occurrences migrated to: https://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails/ ([https](https://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails/) result 200). * http://www.ja-sig.org/cas (301) with 1 occurrences migrated to: https://www.apereo.org ([https](https://www.ja-sig.org/cas) result 200). * http://ehcache.sourceforge.net (301) with 2 occurrences migrated to: https://www.ehcache.org/ ([https](https://ehcache.sourceforge.net) result 200). * http://www.html5rocks.com/en/tutorials/security/content-security-policy/ with 2 occurrences migrated to: https://www.html5rocks.com/en/tutorials/security/content-security-policy/ ([https](https://www.html5rocks.com/en/tutorials/security/content-security-policy/) result 200). * http://www.ietf.org/rfc/rfc2396.txt with 3 occurrences migrated to: https://www.ietf.org/rfc/rfc2396.txt ([https](https://www.ietf.org/rfc/rfc2396.txt) result 200). * http://www.ietf.org/rfc/rfc2617.txt with 1 occurrences migrated to: https://www.ietf.org/rfc/rfc2617.txt ([https](https://www.ietf.org/rfc/rfc2617.txt) result 200). * http://www.liquibase.org/ with 1 occurrences migrated to: https://www.liquibase.org/ ([https](https://www.liquibase.org/) result 200). * http://www.openbsd.org/papers/bcrypt-paper.ps with 1 occurrences migrated to: https://www.openbsd.org/papers/bcrypt-paper.ps ([https](https://www.openbsd.org/papers/bcrypt-paper.ps) result 200). * http://www.springframework.org/schema/aop/spring-aop-2.5.xsd with 1 occurrences migrated to: https://www.springframework.org/schema/aop/spring-aop-2.5.xsd ([https](https://www.springframework.org/schema/aop/spring-aop-2.5.xsd) result 200). * http://www.springframework.org/schema/beans/spring-beans-2.5.xsd with 1 occurrences migrated to: https://www.springframework.org/schema/beans/spring-beans-2.5.xsd ([https](https://www.springframework.org/schema/beans/spring-beans-2.5.xsd) result 200). * http://www.springframework.org/schema/beans/spring-beans-3.0.xsd with 2 occurrences migrated to: https://www.springframework.org/schema/beans/spring-beans-3.0.xsd ([https](https://www.springframework.org/schema/beans/spring-beans-3.0.xsd) result 200). * http://www.springframework.org/schema/beans/spring-beans.xsd with 1 occurrences migrated to: https://www.springframework.org/schema/beans/spring-beans.xsd ([https](https://www.springframework.org/schema/beans/spring-beans.xsd) result 200). * http://www.springframework.org/schema/context/spring-context-2.5.xsd with 1 occurrences migrated to: https://www.springframework.org/schema/context/spring-context-2.5.xsd ([https](https://www.springframework.org/schema/context/spring-context-2.5.xsd) result 200). * http://www.springframework.org/schema/mvc/spring-mvc.xsd with 1 occurrences migrated to: https://www.springframework.org/schema/mvc/spring-mvc.xsd ([https](https://www.springframework.org/schema/mvc/spring-mvc.xsd) result 200). * http://www.springframework.org/schema/security/spring-security.xsd with 3 occurrences migrated to: https://www.springframework.org/schema/security/spring-security.xsd ([https](https://www.springframework.org/schema/security/spring-security.xsd) result 200). * http://www.springframework.org/schema/websocket/spring-websocket.xsd with 1 occurrences migrated to: https://www.springframework.org/schema/websocket/spring-websocket.xsd ([https](https://www.springframework.org/schema/websocket/spring-websocket.xsd) result 200). * http://www.test.com with 9 occurrences migrated to: https://www.test.com ([https](https://www.test.com) result 200). * http://www.thymeleaf.org with 25 occurrences migrated to: https://www.thymeleaf.org ([https](https://www.thymeleaf.org) result 200). * http://www.thymeleaf.org/ with 3 occurrences migrated to: https://www.thymeleaf.org/ ([https](https://www.thymeleaf.org/) result 200). * http://www.thymeleaf.org/dtd/xhtml1-strict-thymeleaf-spring4-3.dtd with 1 occurrences migrated to: https://www.thymeleaf.org/dtd/xhtml1-strict-thymeleaf-spring4-3.dtd ([https](https://www.thymeleaf.org/dtd/xhtml1-strict-thymeleaf-spring4-3.dtd) result 200). * http://www.thymeleaf.org/whatsnew21.html with 1 occurrences migrated to: https://www.thymeleaf.org/whatsnew21.html ([https](https://www.thymeleaf.org/whatsnew21.html) result 200). * http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html with 2 occurrences migrated to: https://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html ([https](https://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html) result 200). * http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html with 1 occurrences migrated to: https://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html ([https](https://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html) result 200). * http://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html with 1 occurrences migrated to: https://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html ([https](https://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html) result 200). * http://www.w3.org/TR/2011/REC-css3-selectors-20110929/ with 2 occurrences migrated to: https://www.w3.org/TR/2011/REC-css3-selectors-20110929/ ([https](https://www.w3.org/TR/2011/REC-css3-selectors-20110929/) result 200). * http://www.w3.org/TR/CSS21/syndata.html with 1 occurrences migrated to: https://www.w3.org/TR/CSS21/syndata.html ([https](https://www.w3.org/TR/CSS21/syndata.html) result 200). * http://www.w3.org/TR/selectors/ with 3 occurrences migrated to: https://www.w3.org/TR/selectors/ ([https](https://www.w3.org/TR/selectors/) result 200). * http://www.youtube.com/watch?v=3mk0RySeNsU with 2 occurrences migrated to: https://www.youtube.com/watch?v=3mk0RySeNsU ([https](https://www.youtube.com/watch?v=3mk0RySeNsU) result 200). * http://api.jquery.com/jQuery.browser with 1 occurrences migrated to: https://api.jquery.com/jQuery.browser ([https](https://api.jquery.com/jQuery.browser) result 301). * http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx with 1 occurrences migrated to: https://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx ([https](https://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx) result 301). * http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx with 2 occurrences migrated to: https://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx ([https](https://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx) result 301). * http://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx with 2 occurrences migrated to: https://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx ([https](https://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx) result 301). * http://code.google.com/p/openid-selector/ with 3 occurrences migrated to: https://code.google.com/p/openid-selector/ ([https](https://code.google.com/p/openid-selector/) result 301). * http://contributor-covenant.org with 1 occurrences migrated to: https://contributor-covenant.org ([https](https://contributor-covenant.org) result 301). * http://contributor-covenant.org/version/1/3/0/ with 1 occurrences migrated to: https://contributor-covenant.org/version/1/3/0/ ([https](https://contributor-covenant.org/version/1/3/0/) result 301). * http://dev.w3.org/csswg/cssom/ with 1 occurrences migrated to: https://dev.w3.org/csswg/cssom/ ([https](https://dev.w3.org/csswg/cssom/) result 301). * http://docs.spring.io with 1 occurrences migrated to: https://docs.spring.io ([https](https://docs.spring.io) result 301). * http://docs.spring.io/spring/docs/current/spring-framework-reference/html/testing.html with 1 occurrences migrated to: https://docs.spring.io/spring/docs/current/spring-framework-reference/html/testing.html ([https](https://docs.spring.io/spring/docs/current/spring-framework-reference/html/testing.html) result 301). * http://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html with 7 occurrences migrated to: https://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html ([https](https://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html) result 301). * http://forum.springsource.org/showthread.php?102783-How-to-use-hasIpAddress&p=343971 (301) with 1 occurrences migrated to: https://forum.spring.io/showthread.php?102783-How-to-use-hasIpAddress&p=343971 ([https](https://forum.springsource.org/showthread.php?102783-How-to-use-hasIpAddress&p=343971) result 301). * http://help.github.com/set-up-git-redirect with 1 occurrences migrated to: https://help.github.com/set-up-git-redirect ([https](https://help.github.com/set-up-git-redirect) result 301). * http://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_ with 1 occurrences migrated to: https://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_ ([https](https://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_) result 301). * http://jquery.org/license with 1 occurrences migrated to: https://jquery.org/license ([https](https://jquery.org/license) result 301). * http://msdn.microsoft.com/en-us/library/dd565647 with 4 occurrences migrated to: https://msdn.microsoft.com/en-us/library/dd565647 ([https](https://msdn.microsoft.com/en-us/library/dd565647) result 301). * http://msdn.microsoft.com/en-us/library/ie/gg622941 with 5 occurrences migrated to: https://msdn.microsoft.com/en-us/library/ie/gg622941 ([https](https://msdn.microsoft.com/en-us/library/ie/gg622941) result 301). * http://openid.net/get/ with 2 occurrences migrated to: https://openid.net/get/ ([https](https://openid.net/get/) result 301). * http://openid.net/what/ with 2 occurrences migrated to: https://openid.net/what/ ([https](https://openid.net/what/) result 301). * http://technorati.com/people/technorati/ with 2 occurrences migrated to: https://technorati.com/people/technorati/ ([https](https://technorati.com/people/technorati/) result 301). * http://twitter.github.com/bootstrap/javascript.html with 13 occurrences migrated to: https://twitter.github.com/bootstrap/javascript.html ([https](https://twitter.github.com/bootstrap/javascript.html) result 301). * http://www.jasig.org/cas with 1 occurrences migrated to: https://www.jasig.org/cas ([https](https://www.jasig.org/cas) result 301). * http://www.modernizr.com/ with 1 occurrences migrated to: https://www.modernizr.com/ ([https](https://www.modernizr.com/) result 301). * http://www.opensource.org/licenses/mit-license.php with 1 occurrences migrated to: https://www.opensource.org/licenses/mit-license.php ([https](https://www.opensource.org/licenses/mit-license.php) result 301). * http://www.oracle.com/technetwork/java/javase/downloads with 1 occurrences migrated to: https://www.oracle.com/technetwork/java/javase/downloads ([https](https://www.oracle.com/technetwork/java/javase/downloads) result 301). * http://www.springframework.org/security with 1 occurrences migrated to: https://www.springframework.org/security ([https](https://www.springframework.org/security) result 301). * http://www.springsource.com/ with 2 occurrences migrated to: https://www.springsource.com/ ([https](https://www.springsource.com/) result 301). * http://www.springsource.org with 1 occurrences migrated to: https://www.springsource.org ([https](https://www.springsource.org) result 301). * http://www.springsource.org/sts with 1 occurrences migrated to: https://www.springsource.org/sts ([https](https://www.springsource.org/sts) result 301). * http://www.thoughtcrime.org/software/sslstrip/ with 1 occurrences migrated to: https://www.thoughtcrime.org/software/sslstrip/ ([https](https://www.thoughtcrime.org/software/sslstrip/) result 301). * http://www.w3.org/TR/css3-selectors/ with 2 occurrences migrated to: https://www.w3.org/TR/css3-selectors/ ([https](https://www.w3.org/TR/css3-selectors/) result 301). * http://www.w3.org/TR/css3-syntax/ with 1 occurrences migrated to: https://www.w3.org/TR/css3-syntax/ ([https](https://www.w3.org/TR/css3-syntax/) result 301). * http://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/ with 2 occurrences migrated to: https://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/ ([https](https://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/) result 302). * http://download.oracle.com/javase/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/login/ConfigFile.html with 1 occurrences migrated to: https://download.oracle.com/javase/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/login/ConfigFile.html ([https](https://download.oracle.com/javase/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/login/ConfigFile.html) result 302). * http://example2.com with 3 occurrences migrated to: https://example2.com ([https](https://example2.com) result 302). * http://flickr.com/ with 2 occurrences migrated to: https://flickr.com/ ([https](https://flickr.com/) result 302). * http://git-scm.com/book/cs/ch7-3.html with 1 occurrences migrated to: https://git-scm.com/book/cs/ch7-3.html ([https](https://git-scm.com/book/cs/ch7-3.html) result 302). * http://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd with 1 occurrences migrated to: https://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd ([https](https://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd) result 302). * http://java.sun.com/j2se/1.4.2/docs/api/javax/naming/directory/DirContext.html with 1 occurrences migrated to: https://java.sun.com/j2se/1.4.2/docs/api/javax/naming/directory/DirContext.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/naming/directory/DirContext.html) result 302). * http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html with 4 occurrences migrated to: https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html) result 302). * http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html with 1 occurrences migrated to: https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html) result 302). * http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/NameCallback.html with 1 occurrences migrated to: https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/NameCallback.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/NameCallback.html) result 302). * http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/PasswordCallback.html with 1 occurrences migrated to: https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/PasswordCallback.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/PasswordCallback.html) result 302). * http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html with 1 occurrences migrated to: https://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html ([https](https://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html) result 302). * http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/callback/CallbackHandler.html with 2 occurrences migrated to: https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/callback/CallbackHandler.html ([https](https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/callback/CallbackHandler.html) result 302). * http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html with 1 occurrences migrated to: https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html ([https](https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html) result 302). * http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html with 2 occurrences migrated to: https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html ([https](https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html) result 302). * http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html with 3 occurrences migrated to: https://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html ([https](https://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html) result 302). * http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd with 1 occurrences migrated to: https://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd ([https](https://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd) result 302). * http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd with 1 occurrences migrated to: https://java.sun.com/xml/ns/javaee/web-app_2_5.xsd ([https](https://java.sun.com/xml/ns/javaee/web-app_2_5.xsd) result 302). * http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd with 2 occurrences migrated to: https://java.sun.com/xml/ns/javaee/web-app_3_0.xsd ([https](https://java.sun.com/xml/ns/javaee/web-app_3_0.xsd) result 302). * http://msdn.microsoft.com/en-us/library/ms680857%28VS.85%29.aspx with 1 occurrences migrated to: https://msdn.microsoft.com/en-us/library/ms680857%28VS.85%29.aspx ([https](https://msdn.microsoft.com/en-us/library/ms680857%28VS.85%29.aspx) result 302). * http://spring.io/spring-security with 1 occurrences migrated to: https://spring.io/spring-security ([https](https://spring.io/spring-security) result 302). * http://spring.io/spring-security/ with 2 occurrences migrated to: https://spring.io/spring-security/ ([https](https://spring.io/spring-security/) result 302). * http://spring.io/tools/sts with 1 occurrences migrated to: https://spring.io/tools/sts ([https](https://spring.io/tools/sts) result 302). * http://tools.ietf.org/draft/draft-behera-ldap-password-policy/draft-behera-ldap-password-policy-09.txt with 2 occurrences migrated to: https://tools.ietf.org/draft/draft-behera-ldap-password-policy/draft-behera-ldap-password-policy-09.txt ([https](https://tools.ietf.org/draft/draft-behera-ldap-password-policy/draft-behera-ldap-password-policy-09.txt) result 302). * http://webauth.stanford.edu/manual/mod/mod_webauth.html with 1 occurrences migrated to: https://webauth.stanford.edu/manual/mod/mod_webauth.html ([https](https://webauth.stanford.edu/manual/mod/mod_webauth.html) result 302). * http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context with 1 occurrences migrated to: https://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context ([https](https://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context) result 302). * http://www.ietf.org/internet-drafts/draft-ietf-ldapbis-authmeth-19.txt with 1 occurrences migrated to: https://www.ietf.org/internet-drafts/draft-ietf-ldapbis-authmeth-19.txt ([https](https://www.ietf.org/internet-drafts/draft-ietf-ldapbis-authmeth-19.txt) result 302). # Ignored These URLs were intentionally ignored. * http://java.sun.com/JSP/Page with 14 occurrences * http://java.sun.com/jsp/jstl/core with 31 occurrences * http://java.sun.com/jsp/jstl/fmt with 6 occurrences * http://java.sun.com/jsp/jstl/functions with 1 occurrences * http://java.sun.com/jstl/core with 1 occurrences * http://java.sun.com/xml/ns/j2ee with 2 occurrences * http://java.sun.com/xml/ns/javaee with 6 occurrences * http://localhost with 20 occurrences * http://localhost/ with 6 occurrences * http://localhost/Test</value></property> with 1 occurrences * http://localhost/appcontext/page with 1 occurrences * http://localhost/authenticated with 1 occurrences * http://localhost/authentication/login with 2 occurrences * http://localhost/authorize/oauth2/code/registration-id with 3 occurrences * http://localhost/authorize/oauth2/implicit/registration-3 with 1 occurrences * http://localhost/callback/client-1 with 1 occurrences * http://localhost/callback/client-1?error=invalid_grant with 1 occurrences * http://localhost/client-1 with 9 occurrences * http://localhost/cookie with 1 occurrences * http://localhost/cookie/delete with 1 occurrences * http://localhost/custom-login with 1 occurrences * http://localhost/custom-logout with 1 occurrences * http://localhost/form-page with 1 occurrences * http://localhost/iss with 1 occurrences * http://localhost/issuer with 2 occurrences * http://localhost/login with 38 occurrences * http://localhost/login/oauth2/code/ with 4 occurrences * http://localhost/login/oauth2/code/pkce-client-registration-id& with 1 occurrences * http://localhost/login/oauth2/code/registration-id with 3 occurrences * http://localhost/login/oauth2/code/registration-id& with 2 occurrences * http://localhost/login/oauth2/code/registration-id-2 with 2 occurrences * http://localhost/login/openid with 1 occurrences * http://localhost/login2 with 1 occurrences * http://localhost/loginPage with 2 occurrences * http://localhost/logout with 1 occurrences * http://localhost/messages with 4 occurrences * http://localhost/oauth2/authorization/google with 1 occurrences * http://localhost/openid-page with 1 occurrences * http://localhost/saved-request with 1 occurrences * http://localhost/secured with 2 occurrences * http://localhost/signin with 1 occurrences * http://localhost/some-url with 1 occurrences * http://localhost/tosave with 1 occurrences * http://localhost/user with 1 occurrences * http://localhost:123456 with 3 occurrences * http://localhost:1280/certs with 1 occurrences * http://localhost:314 with 1 occurrences * http://localhost:4080 with 1 occurrences * http://localhost:543 with 1 occurrences * http://localhost:8080 with 16 occurrences * http://localhost:8080/ with 4 occurrences * http://localhost:8080/SomeService with 1 occurrences * http://localhost:8080/contacts with 1 occurrences * http://localhost:8080/login/oauth2/code with 1 occurrences * http://localhost:8080/login/oauth2/code/client-id with 2 occurrences * http://localhost:8080/login/oauth2/code/facebook with 2 occurrences * http://localhost:8080/login/oauth2/code/github with 2 occurrences * http://localhost:8080/login/oauth2/code/google with 4 occurrences * http://localhost:8080/login/oauth2/code/okta with 2 occurrences * http://localhost:8080/path/page.html?query=string with 1 occurrences * http://localhost:8080/sample/ with 15 occurrences * http://localhost:8080/secure with 1 occurrences * http://localhost:8080/spring-security-samples-tutorial/listAccounts.html with 4 occurrences * http://localhost:8080/spring-security-samples-tutorial/post.html?id=1 with 4 occurrences * http://localhost:9080/protected with 2 occurrences * http://localhost:9080/secured with 1 occurrences * http://localhost:9080/unsecured with 1 occurrences * http://localhost:9080/user with 1 occurrences * http://test.com with 1 occurrences * http://test.foobar.com with 1 occurrences * http://testopenid.com?openid.return_to= with 1 occurrences * http://www.springframework.org/schema/aop with 2 occurrences * http://www.springframework.org/schema/beans with 8 occurrences * http://www.springframework.org/schema/context with 2 occurrences * http://www.springframework.org/schema/mvc with 2 occurrences * http://www.springframework.org/schema/security with 45 occurrences * http://www.springframework.org/schema/security/spring-security- with 1 occurrences * http://www.springframework.org/schema/websocket with 2 occurrences * http://www.springframework.org/security/tags with 17 occurrences * http://www.springframework.org/tags with 12 occurrences * http://www.springframework.org/tags/form with 14 occurrences * http://www.w3.org/1999/XSL/Transform with 1 occurrences * http://www.w3.org/1999/xhtml with 26 occurrences * http://www.w3.org/2001/XMLSchema with 15 occurrences * http://www.w3.org/2001/XMLSchema-datatypes with 8 occurrences * http://www.w3.org/2001/XMLSchema-instance with 9 occurrences --- CODE_OF_CONDUCT.adoc | 4 +- CONTRIBUTING.md | 10 ++-- README.adoc | 18 ++++---- .../EhCacheBasedTicketCache.java | 2 +- .../security/cas/package-info.java | 2 +- .../AuthenticationManagerBuilder.java | 6 +-- .../annotation/web/builders/HttpSecurity.java | 20 ++++---- .../ExpressionUrlAuthorizationConfigurer.java | 2 +- .../web/configurers/HeadersConfigurer.java | 26 +++++------ .../web/configurers/LogoutConfigurer.java | 2 +- .../oauth2/client/OAuth2LoginConfigurer.java | 2 +- .../security/config/spring-security-3.1.rnc | 4 +- .../security/config/spring-security-3.1.xsd | 2 +- .../security/config/spring-security-3.2.rnc | 4 +- .../security/config/spring-security-3.2.xsd | 2 +- .../security/config/spring-security-4.0.rnc | 4 +- .../security/config/spring-security-4.0.xsd | 2 +- .../security/config/spring-security-4.1.rnc | 4 +- .../security/config/spring-security-4.1.xsd | 2 +- .../security/config/spring-security-4.2.rnc | 4 +- .../security/config/spring-security-4.2.xsd | 2 +- .../security/config/spring-security-5.0.rnc | 4 +- .../security/config/spring-security-5.0.xsd | 2 +- .../security/config/spring-security-5.1.rnc | 4 +- .../security/config/spring-security-5.1.xsd | 2 +- .../security/config/spring-security-5.2.rnc | 4 +- .../security/config/spring-security-5.2.xsd | 2 +- .../configurers/HeadersConfigurerTests.groovy | 8 ++-- .../NamespaceHttpOpenIDLoginTests.groovy | 20 ++++---- .../client/OAuth2LoginConfigurerTests.java | 4 +- .../UserServiceBeanDefinitionParserTests.java | 6 +-- .../config/http/OpenIDConfigTests.java | 2 +- .../client/CommonOAuth2ProviderTests.java | 16 +++---- .../util/InMemoryXmlApplicationContext.java | 10 ++-- .../config/web/server/OAuth2LoginTests.java | 4 +- .../AbstractJaasAuthenticationProvider.java | 6 +-- .../JaasAuthenticationCallbackHandler.java | 6 +-- .../jaas/JaasAuthenticationProvider.java | 10 ++-- .../jaas/JaasNameCallbackHandler.java | 4 +- .../jaas/JaasPasswordCallbackHandler.java | 4 +- .../cache/EhCacheBasedUserCache.java | 2 +- .../security/crypto/bcrypt/BCrypt.java | 2 +- .../security/crypto/codec/Base64.java | 6 +-- .../MessageDigestPasswordEncoder.java | 2 +- .../password/Pbkdf2PasswordEncoder.java | 2 +- .../crypto/scrypt/SCryptPasswordEncoder.java | 2 +- .../secure-the-application-boot.asc | 24 +++++----- .../secure-the-application-javaconfig.asc | 22 ++++----- .../secure-the-application-xml.asc | 26 +++++------ .../src/docs/asciidoc/form-javaconfig.asc | 2 +- .../src/docs/asciidoc/hellomvc-javaconfig.asc | 6 +-- .../src/docs/asciidoc/helloworld-boot.asc | 6 +-- .../docs/asciidoc/helloworld-javaconfig.asc | 4 +- .../src/docs/asciidoc/helloworld-xml.asc | 6 +-- .../preface/getting-spring-security.adoc | 6 +-- .../asciidoc/_includes/preface/samples.adoc | 6 +-- .../asciidoc/_includes/reactive/headers.adoc | 18 ++++---- .../_includes/reactive/oauth2/login.adoc | 6 +-- .../servlet/additional-topics/cas.adoc | 2 +- .../servlet/additional-topics/jaas.adoc | 2 +- .../additional-topics/jsp-taglibs.adoc | 8 ++-- .../servlet/additional-topics/ldap.adoc | 4 +- .../servlet/additional-topics/mvc.adoc | 4 +- .../servlet/additional-topics/oauth2.adoc | 2 +- .../servlet/additional-topics/x509.adoc | 2 +- .../_includes/servlet/appendix/faq.adoc | 14 +++--- .../_includes/servlet/appendix/namespace.adoc | 26 +++++------ .../servlet/appendix/proxy-server.adoc | 6 +-- .../servlet/architecture/jackson.adoc | 2 +- .../servlet/authorization/architecture.adoc | 2 +- .../servlet/preface/java-configuration.adoc | 26 +++++------ .../_includes/servlet/preface/namespace.adoc | 26 +++++------ .../servlet/preface/oauth2-login.adoc | 6 +-- .../_includes/servlet/test/method.adoc | 4 +- .../_includes/servlet/test/mockmvc.adoc | 2 +- .../_includes/servlet/web/core-filters.adoc | 2 +- .../asciidoc/_includes/servlet/web/csrf.adoc | 14 +++--- .../_includes/servlet/web/headers.adoc | 28 +++++------ .../servlet/web/security-filter-chain.adoc | 2 +- .../_includes/servlet/web/servlet-api.adoc | 18 ++++---- .../_includes/servlet/web/websocket.adoc | 18 ++++---- docs/manual/src/docs/asciidoc/index.adoc | 2 +- .../LdapAuthenticationProvider.java | 2 +- ...veDirectoryLdapAuthenticationProvider.java | 2 +- .../ldap/ppolicy/PasswordPolicyControl.java | 2 +- .../PasswordPolicyResponseControl.java | 2 +- .../security/ldap/ppolicy/package-info.java | 2 +- notice.txt | 2 +- .../OAuth2LoginAuthenticationProvider.java | 2 +- ...th2LoginReactiveAuthenticationManager.java | 2 +- ...thorizationCodeAuthenticationProvider.java | 8 ++-- ...tionCodeReactiveAuthenticationManager.java | 2 +- .../authentication/OidcIdTokenValidator.java | 4 +- .../client/oidc/userinfo/OidcUserService.java | 2 +- ...dcClientInitiatedLogoutSuccessHandler.java | 2 +- ...ntInitiatedServerLogoutSuccessHandler.java | 2 +- .../registration/ClientRegistrations.java | 4 +- ...zationCodeAuthenticationProviderTests.java | 2 +- ...Auth2LoginAuthenticationProviderTests.java | 2 +- ...orizationCodeTokenResponseClientTests.java | 2 +- ...ntCredentialsTokenResponseClientTests.java | 2 +- ...orizationCodeTokenResponseClientTests.java | 2 +- ...orizationCodeTokenResponseClientTests.java | 2 +- ...zationCodeAuthenticationProviderTests.java | 2 +- .../oidc/userinfo/OidcUserServiceTests.java | 4 +- ...entInitiatedLogoutSuccessHandlerTests.java | 22 ++++----- ...tiatedServerLogoutSuccessHandlerTests.java | 22 ++++----- ...CustomUserTypesOAuth2UserServiceTests.java | 2 +- .../DefaultOAuth2UserServiceTests.java | 4 +- ...DefaultReactiveOAuth2UserServiceTests.java | 2 +- ...uth2AuthorizationRequestResolverTests.java | 2 +- .../OAuth2LoginAuthenticationFilterTests.java | 2 +- .../core/oidc/AddressStandardClaim.java | 6 +-- .../core/oidc/IdTokenClaimAccessor.java | 4 +- .../oauth2/core/oidc/IdTokenClaimNames.java | 2 +- .../oauth2/core/oidc/OidcIdToken.java | 4 +- .../security/oauth2/core/oidc/OidcScopes.java | 2 +- .../oauth2/core/oidc/OidcUserInfo.java | 6 +-- .../core/oidc/StandardClaimAccessor.java | 4 +- .../oauth2/core/oidc/StandardClaimNames.java | 6 +-- .../oidc/endpoint/OidcParameterNames.java | 2 +- .../oauth2/core/oidc/user/OidcUser.java | 4 +- .../OAuth2AuthorizationRequestTests.java | 6 +-- .../OAuth2AuthorizationResponseTests.java | 2 +- .../security/oauth2/jwt/JwtDecoders.java | 4 +- .../security/oauth2/jwt/NimbusJwtDecoder.java | 2 +- .../oauth2/jwt/NimbusReactiveJwtDecoder.java | 2 +- .../oauth2/jwt/ReactiveJwtDecoders.java | 4 +- .../oauth2/jwt/NimbusJwtDecoderTests.java | 4 +- .../jwt/NimbusReactiveJwtDecoderTests.java | 2 +- .../resource/BearerTokenErrorTests.java | 2 +- ...rerTokenAuthenticationEntryPointTests.java | 8 ++-- .../openid/OpenIDAuthenticationFilter.java | 4 +- .../security/openid/package.html | 2 +- .../OpenIDAuthenticationFilterTests.java | 6 +-- .../security/remoting/dns/DnsResolver.java | 2 +- .../remoting/dns/JndiDnsResolverTests.java | 2 +- .../src/main/resources/templates/index.html | 2 +- .../src/main/resources/templates/login.html | 2 +- .../main/resources/templates/user/index.html | 2 +- .../src/main/resources/templates/index.html | 2 +- .../src/main/resources/templates/login.html | 2 +- .../main/resources/templates/user/index.html | 2 +- samples/boot/oauth2login-webflux/README.adoc | 6 +-- .../src/main/resources/templates/index.html | 2 +- samples/boot/oauth2login/README.adoc | 6 +-- .../src/main/resources/templates/index.html | 2 +- .../src/main/resources/templates/index.html | 2 +- .../main/resources/templates/response.html | 2 +- .../src/main/resources/templates/index.html | 2 +- .../main/resources/templates/response.html | 2 +- .../src/main/resources/templates/login.html | 2 +- .../form/src/main/resources/views/login.html | 2 +- .../main/resources/resources/js/bootstrap.js | 28 +++++------ .../resources/resources/js/jquery-1.8.3.js | 46 +++++++++---------- .../resources/resources/js/knockout-2.3.0.js | 6 +-- .../main/resources/views/messages/inbox.html | 4 +- .../helloworld/src/main/webapp/index.jsp | 2 +- .../src/main/resources/views/layout.html | 8 ++-- .../resources/views/messages/compose.html | 2 +- .../main/resources/views/messages/inbox.html | 2 +- .../main/resources/views/messages/show.html | 2 +- .../samples/config/SecurityConfig.java | 14 +++--- .../js/openid-client/jquery.query-2.1.3.js | 2 +- .../js/openid-client/openid-client-config.js | 4 +- .../js/openid-client/openid-client.js | 6 +-- .../resources/resources/js/openid-jquery.js | 10 ++-- .../src/main/resources/views/login.html | 4 +- .../src/main/resources/views/user/show.html | 2 +- .../src/main/resources/views/login.html | 2 +- .../src/main/resources/views/login.html | 2 +- .../main/webapp/WEB-INF/decorators/main.jsp | 6 +-- .../x509/src/main/webapp/WEB-INF/web.xml- | 2 +- .../src/main/webapp/WEB-INF/jsp/frames.jsp | 4 +- .../src/main/webapp/WEB-INF/spring.tld | 2 +- .../xml/helloworld/src/main/webapp/index.jsp | 2 +- .../xml/insecure/src/main/webapp/index.jsp | 2 +- .../js/openid-client/jquery.query-2.1.3.js | 2 +- .../js/openid-client/openid-client-config.js | 4 +- .../webapp/js/openid-client/openid-client.js | 6 +-- .../src/main/webapp/js/openid-jquery.js | 10 ++-- .../openid/src/main/webapp/openidlogin.jsp | 4 +- .../src/main/resources/META-INF/security.tld | 2 +- ...bstractAuthenticationProcessingFilter.java | 2 +- .../authentication/RememberMeServices.java | 4 +- .../RequestAttributeAuthenticationFilter.java | 2 +- .../rememberme/package-info.java | 2 +- .../www/DigestAuthenticationFilter.java | 2 +- ...ractSecurityWebApplicationInitializer.java | 2 +- .../web/firewall/DefaultHttpFirewall.java | 2 +- .../security/web/firewall/RequestWrapper.java | 2 +- .../web/header/writers/HpkpHeaderWriter.java | 22 ++++----- .../web/header/writers/HstsHeaderWriter.java | 10 ++-- .../writers/XXssProtectionHeaderWriter.java | 2 +- .../web/DefaultRedirectStrategyTests.java | 4 +- .../security/web/FilterInvocationTests.java | 6 +-- .../ExceptionTranslationFilterTests.java | 8 ++-- .../channel/RetryWithHttpEntryPointTests.java | 6 +-- ...LoginUrlAuthenticationEntryPointTests.java | 4 +- ...wareAuthenticationSuccessHandlerTests.java | 2 +- ...eUrlAuthenticationSuccessHandlerTests.java | 4 +- .../AbstractRememberMeServicesTests.java | 4 +- .../security/web/csrf/CsrfFilterTests.java | 2 +- .../header/writers/HpkpHeaderWriterTests.java | 8 ++-- .../RegExpAllowFromStrategyTests.java | 8 ++-- .../StaticAllowFromStrategyTests.java | 2 +- .../WhiteListedAllowFromStrategyTests.java | 20 ++++---- ...tSecurityServerHttpHeadersWriterTests.java | 2 +- .../security/web/util/UrlUtilsTests.java | 2 +- 209 files changed, 592 insertions(+), 592 deletions(-) diff --git a/CODE_OF_CONDUCT.adoc b/CODE_OF_CONDUCT.adoc index f013d6f36b..17783c7c06 100644 --- a/CODE_OF_CONDUCT.adoc +++ b/CODE_OF_CONDUCT.adoc @@ -40,5 +40,5 @@ appropriate to the circumstances. Maintainers are obligated to maintain confiden with regard to the reporter of an incident. This Code of Conduct is adapted from the -http://contributor-covenant.org[Contributor Covenant], version 1.3.0, available at -http://contributor-covenant.org/version/1/3/0/[contributor-covenant.org/version/1/3/0/] +https://contributor-covenant.org[Contributor Covenant], version 1.3.0, available at +https://contributor-covenant.org/version/1/3/0/[contributor-covenant.org/version/1/3/0/] diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 915f31230b..7b9d20c9b9 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -12,7 +12,7 @@ Each Spring module is slightly different than another in terms of team size, num # Importing into IDE -The following provides information on setting up a development environment that can run the sample in [Spring Tool Suite 3.6.0+](http://www.springsource.org/sts). Other IDE's should work using Gradle's IDE support, but have not been tested. +The following provides information on setting up a development environment that can run the sample in [Spring Tool Suite 3.6.0+](https://www.springsource.org/sts). Other IDE's should work using Gradle's IDE support, but have not been tested. * IDE Setup * Install Spring Tool Suite 3.6.0+ @@ -25,7 +25,7 @@ The following provides information on setting up a development environment that As of new versions of Spring Tool Suite, you might need to install Groovy Eclipse pointing directly to the updates plugin location. To install Groovy Eclipse on Spring Tool Suite based on Eclipse Oxigen you must do the following steps: Help->Install New Software...->Add the following URL into _Work with_ field: -http://dist.springsource.org/snapshot/GRECLIPSE/e4.7/ +https://dist.springsource.org/snapshot/GRECLIPSE/e4.7/ # Understand the basics Not sure what a pull request is, or how to submit one? Take a look at GitHub's excellent [help documentation first](https://help.github.com/articles/using-pull-requests). @@ -64,8 +64,8 @@ Please carefully follow the whitespace and formatting conventions already presen Whitespace management tips -1. You can use the [AnyEdit Eclipse plugin](http://marketplace.eclipse.org/content/anyedit-tools) to ensure spaces are used and to clean up trailing whitespaces. -1. Use git's pre-commit.sample hook to prevent invalid whitespace from being pushed out. You can enable it by moving ~/spring-security/.git/hooks/pre-commit.sample to ~/spring-security/.git/hooks/pre-commit and ensuring it is executable. For more information on hooks refer to [Pro Git's Pre-Commit Hook's section](http://git-scm.com/book/cs/ch7-3.html) +1. You can use the [AnyEdit Eclipse plugin](https://marketplace.eclipse.org/content/anyedit-tools) to ensure spaces are used and to clean up trailing whitespaces. +1. Use git's pre-commit.sample hook to prevent invalid whitespace from being pushed out. You can enable it by moving ~/spring-security/.git/hooks/pre-commit.sample to ~/spring-security/.git/hooks/pre-commit and ensuring it is executable. For more information on hooks refer to [Pro Git's Pre-Commit Hook's section](https://git-scm.com/book/cs/ch7-3.html) # Add Apache license header to all new classes @@ -116,7 +116,7 @@ Search the codebase to find related unit tests and add additional `@Test` method 2. New test methods should not start with test. This is an old JUnit3 convention and is not necessary since the method is annotated with @Test. # Update spring-security-x.y.rnc for schema changes -Update the [RELAX NG](http://www.relaxng.org) schema `spring-security-x.y.rnc` instead of `spring-security-x.y.xsd` if you contribute changes to supported XML configuration. The XML schema file can be generated the following Gradle task: +Update the [RELAX NG](https://relaxng.org/) schema `spring-security-x.y.rnc` instead of `spring-security-x.y.xsd` if you contribute changes to supported XML configuration. The XML schema file can be generated the following Gradle task: 
 ./gradlew spring-security-config:rncToXsd
diff --git a/README.adoc b/README.adoc
index bb3dcb71f6..bbc983ce2f 100644
--- a/README.adoc
+++ b/README.adoc
@@ -4,10 +4,10 @@ image:https://travis-ci.org/spring-projects/spring-security.svg?branch=master["B
 
 = Spring Security
 
-Spring Security provides security services for the http://docs.spring.io[Spring IO Platform]. Spring Security 5.0 requires Spring 5.0 as
+Spring Security provides security services for the https://docs.spring.io[Spring IO Platform]. Spring Security 5.0 requires Spring 5.0 as
 a minimum and also requires Java 8.
 
-For a detailed list of features and access to the latest release, please visit http://spring.io/projects[Spring projects].
+For a detailed list of features and access to the latest release, please visit https://spring.io/projects[Spring projects].
 
 == Code of Conduct
 This project adheres to the Contributor Covenant link:CODE_OF_CONDUCT.adoc[code of conduct].
@@ -17,19 +17,19 @@ By participating, you  are expected to uphold this code. Please report unaccepta
 See https://github.com/spring-projects/spring-framework/wiki/Downloading-Spring-artifacts[downloading Spring artifacts] for Maven repository information.
 
 == Documentation
-Be sure to read the http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/[Spring Security Reference].
+Be sure to read the https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/[Spring Security Reference].
 Extensive JavaDoc for the Spring Security code is also available in the https://docs.spring.io/spring-security/site/docs/current/api/[Spring Security API Documentation].
 
 == Quick Start
-We recommend you visit http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/[Spring Security Reference] and read the "Getting Started" page.
+We recommend you visit https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/[Spring Security Reference] and read the "Getting Started" page.
 
 == Building from Source
-Spring Security uses a http://gradle.org[Gradle]-based build system.
-In the instructions below, http://vimeo.com/34436402[`./gradlew`] is invoked from the root of the source tree and serves as
+Spring Security uses a https://gradle.org[Gradle]-based build system.
+In the instructions below, https://vimeo.com/34436402[`./gradlew`] is invoked from the root of the source tree and serves as
 a cross-platform, self-contained bootstrap mechanism for the build.
 
 === Prerequisites
-http://help.github.com/set-up-git-redirect[Git] and the http://www.oracle.com/technetwork/java/javase/downloads[JDK8 build].
+https://help.github.com/set-up-git-redirect[Git] and the https://www.oracle.com/technetwork/java/javase/downloads[JDK8 build].
 
 Be sure that your `JAVA_HOME` environment variable points to the `jdk1.8.0` folder extracted from the JDK download.
 
@@ -55,8 +55,8 @@ Discover more commands with `./gradlew tasks`.
 See also the https://github.com/spring-projects/spring-framework/wiki/Gradle-build-and-release-FAQ[Gradle build and release FAQ].
 
 == Getting Support
-Check out the http://stackoverflow.com/questions/tagged/spring-security[Spring Security tags on Stack Overflow].
-http://spring.io/services[Commercial support] is available too.
+Check out the https://stackoverflow.com/questions/tagged/spring-security[Spring Security tags on Stack Overflow].
+https://spring.io/services[Commercial support] is available too.
 
 == Contributing
 https://help.github.com/articles/creating-a-pull-request[Pull requests] are welcome; see the https://github.com/spring-projects/spring-security/blob/master/CONTRIBUTING.md[contributor guidelines] for details.
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java b/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java
index a2e2eba360..a530a88e2d 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java
@@ -26,7 +26,7 @@ import org.springframework.util.Assert;
 
 /**
  * Caches tickets using a Spring IoC defined EHCACHE.
+ * href="https://www.ehcache.org/">EHCACHE.
  *
  * @author Ben Alex
  */
diff --git a/cas/src/main/java/org/springframework/security/cas/package-info.java b/cas/src/main/java/org/springframework/security/cas/package-info.java
index b621df675c..8ce8a88b5a 100644
--- a/cas/src/main/java/org/springframework/security/cas/package-info.java
+++ b/cas/src/main/java/org/springframework/security/cas/package-info.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 /**
- * Spring Security support for Jasig's Central Authentication Service (CAS).
+ * Spring Security support for Jasig's Central Authentication Service (CAS).
  */
 package org.springframework.security.cas;
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java
index 4f2d7315b7..03d62e399f 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java
@@ -141,8 +141,8 @@ public class AuthenticationManagerBuilder
 	 *
 	 * 

 	 * When using with a persistent data store, it is best to add users external of
-	 * configuration using something like Flyway or Liquibase to create the schema and adding
+	 * configuration using something like Flyway or Liquibase to create the schema and adding
 	 * users to ensure these steps are only done once and that the optimal SQL is used.
 	 * 

 	 *
@@ -151,7 +151,7 @@ public class AuthenticationManagerBuilder
 	 * {@link #getDefaultUserDetailsService()} method. Note that additional
 	 * {@link UserDetailsService}'s may override this {@link UserDetailsService} as the
 	 * default. See the User Schema section of the reference for the default schema.
 	 * 

 	 *
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
index 25420296c8..db5151c521 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
@@ -204,17 +204,17 @@ public final class HttpSecurity extends
 	 * 				.authenticationUserDetailsService(
 	 * 						new AutoProvisioningUserDetailsService())
 	 * 				.attributeExchange("https://www.google.com/.*").attribute("email")
-	 * 				.type("http://axschema.org/contact/email").required(true).and()
-	 * 				.attribute("firstname").type("http://axschema.org/namePerson/first")
+	 * 				.type("https://axschema.org/contact/email").required(true).and()
+	 * 				.attribute("firstname").type("https://axschema.org/namePerson/first")
 	 * 				.required(true).and().attribute("lastname")
-	 * 				.type("http://axschema.org/namePerson/last").required(true).and().and()
+	 * 				.type("https://axschema.org/namePerson/last").required(true).and().and()
 	 * 				.attributeExchange(".*yahoo.com.*").attribute("email")
-	 * 				.type("http://schema.openid.net/contact/email").required(true).and()
-	 * 				.attribute("fullname").type("http://axschema.org/namePerson")
+	 * 				.type("https://schema.openid.net/contact/email").required(true).and()
+	 * 				.attribute("fullname").type("https://axschema.org/namePerson")
 	 * 				.required(true).and().and().attributeExchange(".*myopenid.com.*")
-	 * 				.attribute("email").type("http://schema.openid.net/contact/email")
+	 * 				.attribute("email").type("https://schema.openid.net/contact/email")
 	 * 				.required(true).and().attribute("fullname")
-	 * 				.type("http://schema.openid.net/namePerson").required(true);
+	 * 				.type("https://schema.openid.net/namePerson").required(true);
 	 * 	}
 	 * }
 	 *
@@ -906,7 +906,7 @@ public final class HttpSecurity extends
 	 *
 	 * The "authentication flow" is implemented using the Authorization Code Grant, as specified in the
 	 * OAuth 2.0 Authorization Framework
-	 * and OpenID Connect Core 1.0
+	 * and OpenID Connect Core 1.0
 	 * specification.
 	 * 

 	 * 

@@ -982,7 +982,7 @@ public final class HttpSecurity extends
 	 *
 	 * @since 5.0
 	 * @see Section 4.1 Authorization Code Grant
-	 * @see Section 3.1 Authorization Code Flow
+	 * @see Section 3.1 Authorization Code Flow
 	 * @see org.springframework.security.oauth2.client.registration.ClientRegistration
 	 * @see org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
 	 * @return the {@link OAuth2LoginConfigurer} for further customizations
@@ -1030,7 +1030,7 @@ public final class HttpSecurity extends
 	 * requiring HTTPS for some requests is supported, but not recommended since an
 	 * application that allows for HTTP introduces many security vulnerabilities. For one
 	 * such example, read about Firesheep.
+	 * href="https://en.wikipedia.org/wiki/Firesheep">Firesheep.
 	 *
 	 * 
 	 * @Configuration
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
index 106cdc68b4..ad5665c35b 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
@@ -371,7 +371,7 @@ public final class ExpressionUrlAuthorizationConfigurersubnet.
 		 *
 		 * @param ipaddressExpression the ipaddress (i.e. 192.168.1.79) or local subnet
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
index 344dcb53f9..1f38253d40 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
@@ -108,7 +108,7 @@ public class HeadersConfigurer> extends
 
 	/**
 	 * Configures the {@link XContentTypeOptionsHeaderWriter} which inserts the X-Content-Type-Options:
 	 *
 	 * 
@@ -164,7 +164,7 @@ public class HeadersConfigurer> extends
 	 *
 	 * 

 	 * Allows customizing the {@link XXssProtectionHeaderWriter} which adds the X-XSS-Protection header
 	 * 

 	 *
@@ -310,7 +310,7 @@ public class HeadersConfigurer> extends
 
 	/**
 	 * Allows customizing the {@link HstsHeaderWriter} which provides support for HTTP Strict Transport Security
+	 * href="https://tools.ietf.org/html/rfc6797">HTTP Strict Transport Security
 	 * (HSTS).
 	 *
 	 * @return the {@link HeadersConfigurer} for additional customizations
@@ -335,7 +335,7 @@ public class HeadersConfigurer> extends
 		 * 

 		 * This instructs browsers how long to remember to keep this domain as a known
 		 * HSTS Host. See Section 6.1.1 for
+		 * href="https://tools.ietf.org/html/rfc6797#section-6.1.1">Section 6.1.1 for
 		 * additional details.
 		 * 

 		 *
@@ -368,7 +368,7 @@ public class HeadersConfigurer> extends
 		 * 

 		 *
 		 * 

-		 * See Section
+		 * See Section
 		 * 6.1.2 for additional details.
 		 * 

 		 *
@@ -506,7 +506,7 @@ public class HeadersConfigurer> extends
 
 	/**
 	 * Allows customizing the {@link HpkpHeaderWriter} which provides support for HTTP Public Key Pinning (HPKP).
+	 * href="https://tools.ietf.org/html/rfc7469">HTTP Public Key Pinning (HPKP).
 	 *
 	 * @return the {@link HeadersConfigurer} for additional customizations
 	 *
@@ -529,7 +529,7 @@ public class HeadersConfigurer> extends
 		 * 

 		 * The pin directive specifies a way for web host operators to indicate
 		 * a cryptographic identity that should be bound to a given web host.
-		 * See Section 2.1.1 for additional details.
+		 * See Section 2.1.1 for additional details.
 		 * 

 		 *
 		 * @param pins the map of base64-encoded SPKI fingerprint & cryptographic hash algorithm pairs.
@@ -548,7 +548,7 @@ public class HeadersConfigurer> extends
 		 * 

 		 * The pin directive specifies a way for web host operators to indicate
 		 * a cryptographic identity that should be bound to a given web host.
-		 * See Section 2.1.1 for additional details.
+		 * See Section 2.1.1 for additional details.
 		 * 

 		 *
 		 * @param pins a list of base64-encoded SPKI fingerprints.
@@ -567,7 +567,7 @@ public class HeadersConfigurer> extends
 		 *
 		 * 

 		 * This instructs browsers how long they should regard the host (from whom the message was received)
-		 * as a known pinned host. See Section
+		 * as a known pinned host. See Section
 		 * 2.1.2 for additional details.
 		 * 

 		 *
@@ -587,7 +587,7 @@ public class HeadersConfigurer> extends
 		 * 

 		 *
 		 * 

-		 * See Section 2.1.3
+		 * See Section 2.1.3
 		 * for additional details.
 		 * 

 		 *
@@ -604,7 +604,7 @@ public class HeadersConfigurer> extends
 		 * 

 		 *
 		 * 

-		 * See Section 2.1
+		 * See Section 2.1
 		 * for additional details.
 		 * 

 		 *
@@ -621,7 +621,7 @@ public class HeadersConfigurer> extends
 		 * 

 		 *
 		 * 

-		 * See Section 2.1.4
+		 * See Section 2.1.4
 		 * for additional details.
 		 * 

 		 *
@@ -638,7 +638,7 @@ public class HeadersConfigurer> extends
 		 * 

 		 *
 		 * 

-		 * See Section 2.1.4
+		 * See Section 2.1.4
 		 * for additional details.
 		 * 

 		 *
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java
index 274e9ec5d0..2f90007958 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java
@@ -129,7 +129,7 @@ public final class LogoutConfigurer> extends
 	 * 

 	 * It is considered best practice to use an HTTP POST on any action that changes state
 	 * (i.e. log out) to protect against CSRF attacks. If
+	 * href="https://en.wikipedia.org/wiki/Cross-site_request_forgery">CSRF attacks. If
 	 * you really want to use an HTTP GET, you can use
 	 * logoutRequestMatcher(new AntPathRequestMatcher(logoutUrl, "GET"));
 	 * 

diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
index 8bcd445b59..d9db4abef9 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
@@ -640,7 +640,7 @@ public final class OAuth2LoginConfigurer> exten
 			OAuth2LoginAuthenticationToken authorizationCodeAuthentication =
 				(OAuth2LoginAuthenticationToken) authentication;
 
-			// Section 3.1.2.1 Authentication Request - http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
+			// Section 3.1.2.1 Authentication Request - https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
 			// scope
 			// 		REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
 			if (authorizationCodeAuthentication.getAuthorizationExchange()
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-3.1.rnc b/config/src/main/resources/org/springframework/security/config/spring-security-3.1.rnc
index 8d1b683e2a..c36eb2b7b1 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-3.1.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.1.rnc
@@ -1,4 +1,4 @@
-namespace a = "http://relaxng.org/ns/compatibility/annotations/1.0"
+namespace a = "https://relaxng.org/ns/compatibility/annotations/1.0"
 datatypes xsd = "http://www.w3.org/2001/XMLSchema-datatypes"
 
 default namespace = "http://www.springframework.org/schema/security"
@@ -444,7 +444,7 @@ openid-attribute.attlist &=
     ## Specifies the name of the attribute that you wish to get back. For example, email.
     attribute name {xsd:token}
 openid-attribute.attlist &=
-    ## Specifies the attribute type. For example, http://axschema.org/contact/email. See your OP's documentation for valid attribute types.
+    ## Specifies the attribute type. For example, https://axschema.org/contact/email. See your OP's documentation for valid attribute types.
     attribute type {xsd:token}
 openid-attribute.attlist &=
     ## Specifies if this attribute is required to the OP, but does not error out if the OP does not return the attribute. Default is false.
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-3.1.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-3.1.xsd
index 05e95ca75c..0cd1701232 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-3.1.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.1.xsd
@@ -1439,7 +1439,7 @@
       
       
          
-            Specifies the attribute type. For example, http://axschema.org/contact/email. See your
+            Specifies the attribute type. For example, https://axschema.org/contact/email. See your
                 OP's documentation for valid attribute types.
                 
          
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-3.2.rnc b/config/src/main/resources/org/springframework/security/config/spring-security-3.2.rnc
index 14d16d92d5..561608643a 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-3.2.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.2.rnc
@@ -1,4 +1,4 @@
-namespace a = "http://relaxng.org/ns/compatibility/annotations/1.0"
+namespace a = "https://relaxng.org/ns/compatibility/annotations/1.0"
 datatypes xsd = "http://www.w3.org/2001/XMLSchema-datatypes"
 
 default namespace = "http://www.springframework.org/schema/security"
@@ -444,7 +444,7 @@ openid-attribute.attlist &=
     ## Specifies the name of the attribute that you wish to get back. For example, email.
     attribute name {xsd:token}
 openid-attribute.attlist &=
-    ## Specifies the attribute type. For example, http://axschema.org/contact/email. See your OP's documentation for valid attribute types.
+    ## Specifies the attribute type. For example, https://axschema.org/contact/email. See your OP's documentation for valid attribute types.
     attribute type {xsd:token}
 openid-attribute.attlist &=
     ## Specifies if this attribute is required to the OP, but does not error out if the OP does not return the attribute. Default is false.
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-3.2.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-3.2.xsd
index bdd4cdf143..ab98b07d64 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-3.2.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.2.xsd
@@ -1441,7 +1441,7 @@
       
       
          
-            Specifies the attribute type. For example, http://axschema.org/contact/email. See your
+            Specifies the attribute type. For example, https://axschema.org/contact/email. See your
                 OP's documentation for valid attribute types.
                 
          
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-4.0.rnc b/config/src/main/resources/org/springframework/security/config/spring-security-4.0.rnc
index f25f69c42c..4795353a40 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-4.0.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-4.0.rnc
@@ -1,4 +1,4 @@
-namespace a = "http://relaxng.org/ns/compatibility/annotations/1.0"
+namespace a = "https://relaxng.org/ns/compatibility/annotations/1.0"
 datatypes xsd = "http://www.w3.org/2001/XMLSchema-datatypes"
 
 default namespace = "http://www.springframework.org/schema/security"
@@ -460,7 +460,7 @@ openid-attribute.attlist &=
 	## Specifies the name of the attribute that you wish to get back. For example, email.
 	attribute name {xsd:token}
 openid-attribute.attlist &=
-	## Specifies the attribute type. For example, http://axschema.org/contact/email. See your OP's documentation for valid attribute types.
+	## Specifies the attribute type. For example, https://axschema.org/contact/email. See your OP's documentation for valid attribute types.
 	attribute type {xsd:token}
 openid-attribute.attlist &=
 	## Specifies if this attribute is required to the OP, but does not error out if the OP does not return the attribute. Default is false.
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-4.0.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-4.0.xsd
index cdaf952df7..3780ac26fc 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-4.0.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-4.0.xsd
@@ -1509,7 +1509,7 @@
       
       
          
-            Specifies the attribute type. For example, http://axschema.org/contact/email. See your
+            Specifies the attribute type. For example, https://axschema.org/contact/email. See your
                 OP's documentation for valid attribute types.
                 
          
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-4.1.rnc b/config/src/main/resources/org/springframework/security/config/spring-security-4.1.rnc
index 9f3bbe98a1..33909473fa 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-4.1.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-4.1.rnc
@@ -1,4 +1,4 @@
-namespace a = "http://relaxng.org/ns/compatibility/annotations/1.0"
+namespace a = "https://relaxng.org/ns/compatibility/annotations/1.0"
 datatypes xsd = "http://www.w3.org/2001/XMLSchema-datatypes"
 
 default namespace = "http://www.springframework.org/schema/security"
@@ -469,7 +469,7 @@ openid-attribute.attlist &=
 	## Specifies the name of the attribute that you wish to get back. For example, email.
 	attribute name {xsd:token}
 openid-attribute.attlist &=
-	## Specifies the attribute type. For example, http://axschema.org/contact/email. See your OP's documentation for valid attribute types.
+	## Specifies the attribute type. For example, https://axschema.org/contact/email. See your OP's documentation for valid attribute types.
 	attribute type {xsd:token}
 openid-attribute.attlist &=
 	## Specifies if this attribute is required to the OP, but does not error out if the OP does not return the attribute. Default is false.
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-4.1.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-4.1.xsd
index 4e13923540..9f87deecd8 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-4.1.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-4.1.xsd
@@ -1534,7 +1534,7 @@
       
       
          
-            Specifies the attribute type. For example, http://axschema.org/contact/email. See your
+            Specifies the attribute type. For example, https://axschema.org/contact/email. See your
                 OP's documentation for valid attribute types.
                 
          
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-4.2.rnc b/config/src/main/resources/org/springframework/security/config/spring-security-4.2.rnc
index 330bb68be8..9f65df684a 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-4.2.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-4.2.rnc
@@ -1,4 +1,4 @@
-namespace a = "http://relaxng.org/ns/compatibility/annotations/1.0"
+namespace a = "https://relaxng.org/ns/compatibility/annotations/1.0"
 datatypes xsd = "http://www.w3.org/2001/XMLSchema-datatypes"
 
 default namespace = "http://www.springframework.org/schema/security"
@@ -468,7 +468,7 @@ openid-attribute.attlist &=
 	## Specifies the name of the attribute that you wish to get back. For example, email.
 	attribute name {xsd:token}
 openid-attribute.attlist &=
-	## Specifies the attribute type. For example, http://axschema.org/contact/email. See your OP's documentation for valid attribute types.
+	## Specifies the attribute type. For example, https://axschema.org/contact/email. See your OP's documentation for valid attribute types.
 	attribute type {xsd:token}
 openid-attribute.attlist &=
 	## Specifies if this attribute is required to the OP, but does not error out if the OP does not return the attribute. Default is false.
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-4.2.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-4.2.xsd
index a7efae9f5d..83d77e1875 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-4.2.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-4.2.xsd
@@ -1539,7 +1539,7 @@
       
       
          
-            Specifies the attribute type. For example, http://axschema.org/contact/email. See your
+            Specifies the attribute type. For example, https://axschema.org/contact/email. See your
                 OP's documentation for valid attribute types.
                 
          
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-5.0.rnc b/config/src/main/resources/org/springframework/security/config/spring-security-5.0.rnc
index 32788775f7..12a8b3331d 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-5.0.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-5.0.rnc
@@ -1,4 +1,4 @@
-namespace a = "http://relaxng.org/ns/compatibility/annotations/1.0"
+namespace a = "https://relaxng.org/ns/compatibility/annotations/1.0"
 datatypes xsd = "http://www.w3.org/2001/XMLSchema-datatypes"
 
 default namespace = "http://www.springframework.org/schema/security"
@@ -458,7 +458,7 @@ openid-attribute.attlist &=
 	## Specifies the name of the attribute that you wish to get back. For example, email.
 	attribute name {xsd:token}
 openid-attribute.attlist &=
-	## Specifies the attribute type. For example, http://axschema.org/contact/email. See your OP's documentation for valid attribute types.
+	## Specifies the attribute type. For example, https://axschema.org/contact/email. See your OP's documentation for valid attribute types.
 	attribute type {xsd:token}
 openid-attribute.attlist &=
 	## Specifies if this attribute is required to the OP, but does not error out if the OP does not return the attribute. Default is false.
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-5.0.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-5.0.xsd
index d8ffb9beaf..c566ea52f4 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-5.0.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-5.0.xsd
@@ -1494,7 +1494,7 @@
       
       
          
-            Specifies the attribute type. For example, http://axschema.org/contact/email. See your
+            Specifies the attribute type. For example, https://axschema.org/contact/email. See your
                 OP's documentation for valid attribute types.
                 
          
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-5.1.rnc b/config/src/main/resources/org/springframework/security/config/spring-security-5.1.rnc
index 76ae32f188..6f2d9acda9 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-5.1.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-5.1.rnc
@@ -1,4 +1,4 @@
-namespace a = "http://relaxng.org/ns/compatibility/annotations/1.0"
+namespace a = "https://relaxng.org/ns/compatibility/annotations/1.0"
 datatypes xsd = "http://www.w3.org/2001/XMLSchema-datatypes"
 
 default namespace = "http://www.springframework.org/schema/security"
@@ -458,7 +458,7 @@ openid-attribute.attlist &=
 	## Specifies the name of the attribute that you wish to get back. For example, email.
 	attribute name {xsd:token}
 openid-attribute.attlist &=
-	## Specifies the attribute type. For example, http://axschema.org/contact/email. See your OP's documentation for valid attribute types.
+	## Specifies the attribute type. For example, https://axschema.org/contact/email. See your OP's documentation for valid attribute types.
 	attribute type {xsd:token}
 openid-attribute.attlist &=
 	## Specifies if this attribute is required to the OP, but does not error out if the OP does not return the attribute. Default is false.
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-5.1.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-5.1.xsd
index 24af81638e..efe77878a5 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-5.1.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-5.1.xsd
@@ -1494,7 +1494,7 @@
       
       
          
-            Specifies the attribute type. For example, http://axschema.org/contact/email. See your
+            Specifies the attribute type. For example, https://axschema.org/contact/email. See your
                 OP's documentation for valid attribute types.
                 
          
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-5.2.rnc b/config/src/main/resources/org/springframework/security/config/spring-security-5.2.rnc
index e4d637f062..6e7110ab7c 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-5.2.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-5.2.rnc
@@ -1,4 +1,4 @@
-namespace a = "http://relaxng.org/ns/compatibility/annotations/1.0"
+namespace a = "https://relaxng.org/ns/compatibility/annotations/1.0"
 datatypes xsd = "http://www.w3.org/2001/XMLSchema-datatypes"
 
 default namespace = "http://www.springframework.org/schema/security"
@@ -458,7 +458,7 @@ openid-attribute.attlist &=
 	## Specifies the name of the attribute that you wish to get back. For example, email.
 	attribute name {xsd:token}
 openid-attribute.attlist &=
-	## Specifies the attribute type. For example, http://axschema.org/contact/email. See your OP's documentation for valid attribute types.
+	## Specifies the attribute type. For example, https://axschema.org/contact/email. See your OP's documentation for valid attribute types.
 	attribute type {xsd:token}
 openid-attribute.attlist &=
 	## Specifies if this attribute is required to the OP, but does not error out if the OP does not return the attribute. Default is false.
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-5.2.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-5.2.xsd
index 362a4142b9..59ce25b425 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-5.2.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-5.2.xsd
@@ -1494,7 +1494,7 @@
       
       
          
-            Specifies the attribute type. For example, http://axschema.org/contact/email. See your
+            Specifies the attribute type. For example, https://axschema.org/contact/email. See your
                 OP's documentation for valid attribute types.
                 
          
diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.groovy
index c29e81171d..67135ad71f 100644
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.groovy
@@ -355,7 +355,7 @@ class HeadersConfigurerTests extends BaseSpringSpec {
 		when:
 			springSecurityFilterChain.doFilter(request,response,chain)
 		then:
-			responseHeaders == ['Public-Key-Pins-Report-Only' : 'max-age=5184000 ; pin-sha256="d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=" ; report-uri="http://example.net/pkp-report"']
+			responseHeaders == ['Public-Key-Pins-Report-Only' : 'max-age=5184000 ; pin-sha256="d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=" ; report-uri="https://example.net/pkp-report"']
 	}
 
 	@EnableWebSecurity
@@ -368,7 +368,7 @@ class HeadersConfigurerTests extends BaseSpringSpec {
 					.defaultsDisabled()
 					.httpPublicKeyPinning()
 					.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=")
-					.reportUri(new URI("http://example.net/pkp-report"))
+					.reportUri(new URI("https://example.net/pkp-report"))
 		}
 	}
 
@@ -379,7 +379,7 @@ class HeadersConfigurerTests extends BaseSpringSpec {
 		when:
 			springSecurityFilterChain.doFilter(request,response,chain)
 		then:
-			responseHeaders == ['Public-Key-Pins-Report-Only' : 'max-age=5184000 ; pin-sha256="d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=" ; report-uri="http://example.net/pkp-report"']
+			responseHeaders == ['Public-Key-Pins-Report-Only' : 'max-age=5184000 ; pin-sha256="d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=" ; report-uri="https://example.net/pkp-report"']
 	}
 
 	@EnableWebSecurity
@@ -392,7 +392,7 @@ class HeadersConfigurerTests extends BaseSpringSpec {
 					.defaultsDisabled()
 					.httpPublicKeyPinning()
 					.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=")
-					.reportUri("http://example.net/pkp-report")
+					.reportUri("https://example.net/pkp-report")
 		}
 	}
 
diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.groovy
index f3d8605671..b791fff57c 100644
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.groovy
@@ -83,21 +83,21 @@ public class NamespaceHttpOpenIDLoginTests extends BaseSpringSpec {
 
 			def googleAttrs = consumer.attributesToFetchFactory.createAttributeList("https://www.google.com/1")
 			googleAttrs[0].name == "email"
-			googleAttrs[0].type == "http://axschema.org/contact/email"
+			googleAttrs[0].type == "https://axschema.org/contact/email"
 			googleAttrs[0].required
 			googleAttrs[1].name == "firstname"
-			googleAttrs[1].type == "http://axschema.org/namePerson/first"
+			googleAttrs[1].type == "https://axschema.org/namePerson/first"
 			googleAttrs[1].required
 			googleAttrs[2].name == "lastname"
-			googleAttrs[2].type == "http://axschema.org/namePerson/last"
+			googleAttrs[2].type == "https://axschema.org/namePerson/last"
 			googleAttrs[2].required
 
 			def yahooAttrs = consumer.attributesToFetchFactory.createAttributeList("https://rwinch.yahoo.com/rwinch/id")
 			yahooAttrs[0].name == "email"
-			yahooAttrs[0].type == "http://schema.openid.net/contact/email"
+			yahooAttrs[0].type == "https://schema.openid.net/contact/email"
 			yahooAttrs[0].required
 			yahooAttrs[1].name == "fullname"
-			yahooAttrs[1].type == "http://axschema.org/namePerson"
+			yahooAttrs[1].type == "https://axschema.org/namePerson"
 			yahooAttrs[1].required
 		when:
 			springSecurityFilterChain.doFilter(request,response,chain)
@@ -122,26 +122,26 @@ public class NamespaceHttpOpenIDLoginTests extends BaseSpringSpec {
 				.openidLogin()
 					.attributeExchange("https://www.google.com/.*") // attribute-exchange@identifier-match
 						.attribute("email") // openid-attribute@name
-							.type("http://axschema.org/contact/email") // openid-attribute@type
+							.type("https://axschema.org/contact/email") // openid-attribute@type
 							.required(true) // openid-attribute@required
 							.count(1) // openid-attribute@count
 							.and()
 						.attribute("firstname")
-							.type("http://axschema.org/namePerson/first")
+							.type("https://axschema.org/namePerson/first")
 							.required(true)
 							.and()
 						.attribute("lastname")
-							.type("http://axschema.org/namePerson/last")
+							.type("https://axschema.org/namePerson/last")
 							.required(true)
 							.and()
 						.and()
 					.attributeExchange(".*yahoo.com.*")
 						.attribute("email")
-							.type("http://schema.openid.net/contact/email")
+							.type("https://schema.openid.net/contact/email")
 							.required(true)
 							.and()
 						.attribute("fullname")
-							.type("http://axschema.org/namePerson")
+							.type("https://axschema.org/namePerson")
 							.required(true)
 							.and()
 						.and()
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
index da4112d7db..3789561536 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
@@ -486,7 +486,7 @@ public class OAuth2LoginConfigurerTests {
 		this.mvc.perform(post("/logout")
 				.with(authentication(token))
 				.with(csrf()))
-				.andExpect(redirectedUrl("http://logout?id_token_hint=id-token"));
+				.andExpect(redirectedUrl("https://logout?id_token_hint=id-token"));
 	}
 
 	private void loadConfig(Class... configs) {
@@ -643,7 +643,7 @@ public class OAuth2LoginConfigurerTests {
 		@Bean
 		ClientRegistrationRepository clientRegistrationRepository() {
 			Map providerMetadata =
-					Collections.singletonMap("end_session_endpoint", "http://logout");
+					Collections.singletonMap("end_session_endpoint", "https://logout");
 			return new InMemoryClientRegistrationRepository(
 					TestClientRegistrations.clientRegistration()
 							.providerConfigurationMetadata(providerMetadata).build());
diff --git a/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java
index f8f878be6d..b3791d7f1d 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java
@@ -89,14 +89,14 @@ public class UserServiceBeanDefinitionParserTests {
 	@Test
 	public void worksWithOpenIDUrlsAsNames() {
 		setContext(""
-				+ "    "
+				+ "    "
 				+ "    "
 				+ "");
 		UserDetailsService userService = (UserDetailsService) appContext
 				.getBean("service");
 		assertThat(
-				userService.loadUserByUsername("http://joe.myopenid.com/").getUsername())
-				.isEqualTo("http://joe.myopenid.com/");
+				userService.loadUserByUsername("https://joe.myopenid.com/").getUsername())
+				.isEqualTo("https://joe.myopenid.com/");
 		assertThat(
 				userService.loadUserByUsername(
 						"https://www.google.com/accounts/o8/id?id=MPtOaenBIk5yzW9n7n9")
diff --git a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
index b240b1c81b..1be4f07cc6 100644
--- a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
@@ -142,7 +142,7 @@ public class OpenIDConfigTests {
 				.andExpect(content().string(containsString(AbstractRememberMeServices.DEFAULT_PARAMETER)));
 
 		this.mvc.perform(get("/login/openid")
-				.param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, "http://hey.openid.com/")
+				.param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, "http://ww1.openid.com")
 				.param(AbstractRememberMeServices.DEFAULT_PARAMETER, "on"))
 				.andExpect(status().isFound())
 				.andExpect(redirectedUrl(openIdEndpointUrl + expectedReturnTo));
diff --git a/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java b/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java
index d19be11686..8f59e4397c 100644
--- a/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java
+++ b/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java
@@ -106,18 +106,18 @@ public class CommonOAuth2ProviderTests {
 	@Test
 	public void getBuilderWhenOktaShouldHaveOktaSettings() throws Exception {
 		ClientRegistration registration = builder(CommonOAuth2Provider.OKTA)
-			.authorizationUri("http://example.com/auth")
-			.tokenUri("http://example.com/token")
-			.userInfoUri("http://example.com/info")
-			.jwkSetUri("http://example.com/jwkset").build();
+			.authorizationUri("https://example.com/auth")
+			.tokenUri("https://example.com/token")
+			.userInfoUri("https://example.com/info")
+			.jwkSetUri("https://example.com/jwkset").build();
 		ProviderDetails providerDetails = registration.getProviderDetails();
 		assertThat(providerDetails.getAuthorizationUri())
-			.isEqualTo("http://example.com/auth");
-		assertThat(providerDetails.getTokenUri()).isEqualTo("http://example.com/token");
-		assertThat(providerDetails.getUserInfoEndpoint().getUri()).isEqualTo("http://example.com/info");
+			.isEqualTo("https://example.com/auth");
+		assertThat(providerDetails.getTokenUri()).isEqualTo("https://example.com/token");
+		assertThat(providerDetails.getUserInfoEndpoint().getUri()).isEqualTo("https://example.com/info");
 		assertThat(providerDetails.getUserInfoEndpoint().getUserNameAttributeName())
 			.isEqualTo(IdTokenClaimNames.SUB);
-		assertThat(providerDetails.getJwkSetUri()).isEqualTo("http://example.com/jwkset");
+		assertThat(providerDetails.getJwkSetUri()).isEqualTo("https://example.com/jwkset");
 		assertThat(registration.getClientAuthenticationMethod())
 			.isEqualTo(ClientAuthenticationMethod.BASIC);
 		assertThat(registration.getAuthorizationGrantType())
diff --git a/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java b/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java
index 64d201f3b0..4336af0cc8 100644
--- a/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java
+++ b/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java
@@ -32,11 +32,11 @@ public class InMemoryXmlApplicationContext extends AbstractXmlApplicationContext
 			+ "    xmlns:mvc='http://www.springframework.org/schema/mvc'\n"
 			+ "    xmlns:websocket='http://www.springframework.org/schema/websocket'\n"
 			+ "    xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'\n"
-			+ "    xsi:schemaLocation='http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd\n"
-			+ "http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.5.xsd\n"
-			+ "http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd\n"
-			+ "http://www.springframework.org/schema/websocket http://www.springframework.org/schema/websocket/spring-websocket.xsd\n"
-			+ "http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd\n"
+			+ "    xsi:schemaLocation='http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans-2.5.xsd\n"
+			+ "http://www.springframework.org/schema/aop https://www.springframework.org/schema/aop/spring-aop-2.5.xsd\n"
+			+ "http://www.springframework.org/schema/mvc https://www.springframework.org/schema/mvc/spring-mvc.xsd\n"
+			+ "http://www.springframework.org/schema/websocket https://www.springframework.org/schema/websocket/spring-websocket.xsd\n"
+			+ "http://www.springframework.org/schema/context https://www.springframework.org/schema/context/spring-context-2.5.xsd\n"
 			+ "http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-";
 	static final String BEANS_CLOSE = "\n";
 
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
index bf14eda9f2..6857bd6ce5 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
@@ -366,7 +366,7 @@ public class OAuth2LoginTests {
 
 		this.client.post().uri("/logout")
 				.exchange()
-				.expectHeader().valueEquals("Location", "http://logout?id_token_hint=id-token");
+				.expectHeader().valueEquals("Location", "https://logout?id_token_hint=id-token");
 	}
 
 	@EnableWebFlux
@@ -377,7 +377,7 @@ public class OAuth2LoginTests {
 		private final ClientRegistration withLogout =
 				TestClientRegistrations.clientRegistration()
 						.providerConfigurationMetadata(Collections.singletonMap(
-								"end_session_endpoint", "http://logout")).build();
+								"end_session_endpoint", "https://logout")).build();
 
 		@Bean
 		public SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java
index 473b94c087..1b92dceb28 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java
@@ -58,16 +58,16 @@ import org.springframework.util.ObjectUtils;
  *
  * 

  * This implementation is backed by a
- * 
+ * 
  * JAAS configuration that is provided by a subclass's implementation of
  * {@link #createLoginContext(CallbackHandler)}.
  *
  * 

  * When using JAAS login modules as the authentication source, sometimes the 
+ * "https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html" >
  * LoginContext will require CallbackHandlers. The
  * AbstractJaasAuthenticationProvider uses an internal CallbackHandler  to wrap the {@link JaasAuthenticationCallbackHandler}s configured
  * in the ApplicationContext. When the LoginContext calls the internal CallbackHandler,
  * control is passed to each {@link JaasAuthenticationCallbackHandler} for each Callback
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationCallbackHandler.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationCallbackHandler.java
index da82a14e41..101bdcef9e 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationCallbackHandler.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationCallbackHandler.java
@@ -41,9 +41,9 @@ import javax.security.auth.callback.UnsupportedCallbackException;
  * @see JaasNameCallbackHandler
  * @see JaasPasswordCallbackHandler
  * @see Callback
+ * href="https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html">Callback
  * @see 
+ * href="https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html">
  * CallbackHandler
  */
 public interface JaasAuthenticationCallbackHandler {
@@ -52,7 +52,7 @@ public interface JaasAuthenticationCallbackHandler {
 
 	/**
 	 * Handle the Callback. The handle method will be called for every callback instance sent
 	 * from the LoginContext. Meaning that The handle method may be called multiple times
 	 * for a given JaasAuthenticationCallbackHandler.
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
index a45991b40a..2b38352461 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
@@ -48,7 +48,7 @@ import org.springframework.util.Assert;
  * 

  * 

  * This implementation is backed by a
- * 
+ * 
  * JAAS configuration. The loginConfig property must be set to a given JAAS
  * configuration file. This setter accepts a Spring
  * {@link org.springframework.core.io.Resource} instance. It should point to a JAAS
@@ -84,10 +84,10 @@ import org.springframework.util.Assert;
  *
  * 

  * When using JAAS login modules as the authentication source, sometimes the 
+ * "https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html" >
  * LoginContext will require CallbackHandlers. The JaasAuthenticationProvider
  * uses an internal CallbackHandler  to wrap the {@link JaasAuthenticationCallbackHandler}s configured
  * in the ApplicationContext. When the LoginContext calls the internal CallbackHandler,
  * control is passed to each {@link JaasAuthenticationCallbackHandler} for each Callback
@@ -164,7 +164,7 @@ public class JaasAuthenticationProvider extends AbstractJaasAuthenticationProvid
 		configureJaas(this.loginConfig);
 
 		Assert.notNull(Configuration.getConfiguration(),
-				"As per http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html "
+				"As per https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html "
 						+ "\"If a Configuration object was set via the Configuration.setConfiguration method, then that object is "
 						+ "returned. Otherwise, a default Configuration object is returned\". Your JRE returned null to "
 						+ "Configuration.getConfiguration().");
@@ -267,7 +267,7 @@ public class JaasAuthenticationProvider extends AbstractJaasAuthenticationProvid
 	 * @param loginConfig
 	 *
 	 * @see JAAS
+	 * "https://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html">JAAS
 	 * Reference
 	 */
 	public void setLoginConfig(Resource loginConfig) {
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasNameCallbackHandler.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasNameCallbackHandler.java
index 4ad6cd88ed..fe068805ba 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasNameCallbackHandler.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasNameCallbackHandler.java
@@ -33,9 +33,9 @@ import javax.security.auth.callback.UnsupportedCallbackException;
  * @author Ray Krueger
  *
  * @see Callback
+ * href="https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html">Callback
  * @see NameCallback
+ * href="https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/NameCallback.html">NameCallback
  */
 public class JaasNameCallbackHandler implements JaasAuthenticationCallbackHandler {
 	// ~ Methods
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasPasswordCallbackHandler.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasPasswordCallbackHandler.java
index 306f909a62..bf5d69b167 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasPasswordCallbackHandler.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasPasswordCallbackHandler.java
@@ -32,9 +32,9 @@ import javax.security.auth.callback.UnsupportedCallbackException;
  * @author Ray Krueger
  *
  * @see Callback
+ * href="https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html">Callback
  * @see 
+ * href="https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/PasswordCallback.html">
  * PasswordCallback
  */
 public class JaasPasswordCallbackHandler implements JaasAuthenticationCallbackHandler {
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java b/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java
index a2a69df26b..196136b389 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java
@@ -28,7 +28,7 @@ import org.springframework.util.Assert;
 
 /**
  * Caches User objects using a Spring IoC defined EHCACHE.
+ * HREF="https://www.ehcache.org/">EHCACHE.
  *
  * @author Ben Alex
  */
diff --git a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java
index a0a7276a54..bdc4638916 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java
@@ -600,7 +600,7 @@ public class BCrypt {
 	/**
 	 * Perform the "enhanced key schedule" step described by
 	 * Provos and Mazieres in "A Future-Adaptable Password Scheme"
-	 * http://www.openbsd.org/papers/bcrypt-paper.ps
+	 * https://www.openbsd.org/papers/bcrypt-paper.ps
 	 * @param data	salt information
 	 * @param key	password information
 	 * @param sign_ext_bug	true to implement the 2x bug
diff --git a/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java b/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
index ea203f97db..8e07c87c7b 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
@@ -18,7 +18,7 @@ package org.springframework.security.crypto.codec;
 /**
  * Base64 encoder which is a reduced version of Robert Harder's public domain
  * implementation (version 2.3.7). See http://iharder.net/base64 for more information.
+ * href="http://iharder.sourceforge.net/current/java/base64/">http://iharder.sourceforge.net/current/java/base64/ for more information.
  * 

  * For internal use only.
  *
@@ -44,7 +44,7 @@ public final class Base64 {
 	/**
 	 * Encode using Base64-like encoding that is URL- and Filename-safe as described in
 	 * Section 4 of RFC3548: http://www.faqs
+	 * href="http://www.faqs.org/rfcs/rfc3548.html">https://www.faqs
 	 * .org/rfcs/rfc3548.html. It is important to note that data encoded this way is
 	 * not officially valid Base64, or at the very least should not be called
 	 * Base64 without also specifying that is was encoded using the URL- and Filename-safe
@@ -194,7 +194,7 @@ public final class Base64 {
 	/**
 	 * I don't get the point of this technique, but someone requested it, and it is
 	 * described here: http://www.faqs.org/
+	 * href="http://www.faqs.org/qa/rfcc-1940.html">http://www.faqs.org/faqs/
 	 * qa/rfcc-1940.html.
 	 */
 	private final static byte[] _ORDERED_ALPHABET = { (byte) '-', (byte) '0', (byte) '1',
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoder.java
index fb8f50eabd..620bd6bf95 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoder.java
@@ -90,7 +90,7 @@ public class MessageDigestPasswordEncoder implements PasswordEncoder {
 
 	/**
 	 * The digest algorithm to use Supports the named
-	 * 
+	 * 
 	 * Message Digest Algorithms in the Java environment.
 	 *
 	 * @param algorithm
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java
index ceeda00192..552a0be7cf 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java
@@ -92,7 +92,7 @@ public class Pbkdf2PasswordEncoder implements PasswordEncoder {
 
 	/**
 	 * Sets the algorithm to use. See
-	 * SecretKeyFactory Algorithms
+	 * SecretKeyFactory Algorithms
 	 * @param secretKeyFactoryAlgorithm the algorithm to use (i.e.
 	 * {@code SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA1},
 	 * {@code SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA256},
diff --git a/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java
index 41b927c0f3..198f91adf1 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java
@@ -45,7 +45,7 @@ import org.springframework.security.crypto.password.PasswordEncoder;
  * 
  • Scrypt is based on Salsa20 which performs poorly in Java (on par with
  * AES) but performs awesome (~4-5x faster) on SIMD capable platforms
    • 
  * 
  • While there are some that would disagree, consider reading -
- * 
+ * 
  * Why I Don't Recommend Scrypt (for password storage)
    • 
  * 
  *
diff --git a/docs/guides/src/docs/asciidoc/_hello-includes/secure-the-application-boot.asc b/docs/guides/src/docs/asciidoc/_hello-includes/secure-the-application-boot.asc
index 17ebbab416..5d2c63dcbe 100644
--- a/docs/guides/src/docs/asciidoc/_hello-includes/secure-the-application-boot.asc
+++ b/docs/guides/src/docs/asciidoc/_hello-includes/secure-the-application-boot.asc
@@ -32,7 +32,7 @@ In order to use Spring Security you must add the necessary dependencies. For the
 
 ----
 
-<1> We are using http://www.thymeleaf.org/[Thymeleaf] for our view template engine
+<1> We are using https://www.thymeleaf.org/[Thymeleaf] for our view template engine
 and need to add an additional dependency for the https://github.com/thymeleaf/thymeleaf-extras-springsecurity[Thymeleaf - Spring Security integration module].
 
 After you have completed this, you need to ensure that STS knows about the updated dependencies by:
@@ -101,18 +101,18 @@ The <> will:
 * Specifies the URL to send users to for form-based login
 * Allow the user with the *Username* _user_ and the *Password* _password_ to authenticate with form based authentication
 * Allow the user to logout
-* http://en.wikipedia.org/wiki/Cross-site_request_forgery[CSRF attack] prevention
-* http://en.wikipedia.org/wiki/Session_fixation[Session Fixation] protection
+* https://en.wikipedia.org/wiki/Cross-site_request_forgery[CSRF attack] prevention
+* https://en.wikipedia.org/wiki/Session_fixation[Session Fixation] protection
 * Security Header integration
-** http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security[HTTP Strict Transport Security] for secure requests
-** http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx[X-Content-Type-Options] integration
+** https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security[HTTP Strict Transport Security] for secure requests
+** https://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx[X-Content-Type-Options] integration
 ** Cache Control (can be overridden later by your application to allow caching of your static resources)
-** http://msdn.microsoft.com/en-us/library/dd565647(v=vs.85).aspx[X-XSS-Protection] integration
-** X-Frame-Options integration to help prevent http://en.wikipedia.org/wiki/Clickjacking[Clickjacking]
+** https://msdn.microsoft.com/en-us/library/dd565647(v=vs.85).aspx[X-XSS-Protection] integration
+** X-Frame-Options integration to help prevent https://en.wikipedia.org/wiki/Clickjacking[Clickjacking]
 * Integrate with the following Servlet API methods
-** http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getRemoteUser()[HttpServletRequest#getRemoteUser()]
-** http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getUserPrincipal()[HttpServletRequest.html#getUserPrincipal()]
-** http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#isUserInRole(java.lang.String)[HttpServletRequest.html#isUserInRole(java.lang.String)]
-** http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#login(java.lang.String,%20java.lang.String)[HttpServletRequest.html#login(java.lang.String, java.lang.String)]
-** http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#logout()[HttpServletRequest.html#logout()]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getRemoteUser()[HttpServletRequest#getRemoteUser()]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getUserPrincipal()[HttpServletRequest.html#getUserPrincipal()]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#isUserInRole(java.lang.String)[HttpServletRequest.html#isUserInRole(java.lang.String)]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#login(java.lang.String,%20java.lang.String)[HttpServletRequest.html#login(java.lang.String, java.lang.String)]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#logout()[HttpServletRequest.html#logout()]
 
diff --git a/docs/guides/src/docs/asciidoc/_hello-includes/secure-the-application-javaconfig.asc b/docs/guides/src/docs/asciidoc/_hello-includes/secure-the-application-javaconfig.asc
index 67ff008038..7dc183a393 100644
--- a/docs/guides/src/docs/asciidoc/_hello-includes/secure-the-application-javaconfig.asc
+++ b/docs/guides/src/docs/asciidoc/_hello-includes/secure-the-application-javaconfig.asc
@@ -75,18 +75,18 @@ The <> will:
 * Generate a login form for you
 * Allow the user with the *Username* _user_ and the *Password* _password_ to authenticate with form based authentication
 * Allow the user to logout
-* http://en.wikipedia.org/wiki/Cross-site_request_forgery[CSRF attack] prevention
-* http://en.wikipedia.org/wiki/Session_fixation[Session Fixation] protection
+* https://en.wikipedia.org/wiki/Cross-site_request_forgery[CSRF attack] prevention
+* https://en.wikipedia.org/wiki/Session_fixation[Session Fixation] protection
 * Security Header integration
-** http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security[HTTP Strict Transport Security] for secure requests
-** http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx[X-Content-Type-Options] integration
+** https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security[HTTP Strict Transport Security] for secure requests
+** https://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx[X-Content-Type-Options] integration
 ** Cache Control (can be overridden later by your application to allow caching of your static resources)
-** http://msdn.microsoft.com/en-us/library/dd565647(v=vs.85).aspx[X-XSS-Protection] integration
-** X-Frame-Options integration to help prevent http://en.wikipedia.org/wiki/Clickjacking[Clickjacking]
+** https://msdn.microsoft.com/en-us/library/dd565647(v=vs.85).aspx[X-XSS-Protection] integration
+** X-Frame-Options integration to help prevent https://en.wikipedia.org/wiki/Clickjacking[Clickjacking]
 * Integrate with the following Servlet API methods
-** http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getRemoteUser()[HttpServletRequest#getRemoteUser()]
-** http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getUserPrincipal()[HttpServletRequest.html#getUserPrincipal()]
-** http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#isUserInRole(java.lang.String)[HttpServletRequest.html#isUserInRole(java.lang.String)]
-** http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#login(java.lang.String,%20java.lang.String)[HttpServletRequest.html#login(java.lang.String, java.lang.String)]
-** http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#logout()[HttpServletRequest.html#logout()]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getRemoteUser()[HttpServletRequest#getRemoteUser()]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getUserPrincipal()[HttpServletRequest.html#getUserPrincipal()]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#isUserInRole(java.lang.String)[HttpServletRequest.html#isUserInRole(java.lang.String)]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#login(java.lang.String,%20java.lang.String)[HttpServletRequest.html#login(java.lang.String, java.lang.String)]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#logout()[HttpServletRequest.html#logout()]
 
diff --git a/docs/guides/src/docs/asciidoc/_hello-includes/secure-the-application-xml.asc b/docs/guides/src/docs/asciidoc/_hello-includes/secure-the-application-xml.asc
index 1119a3482d..0d47daf040 100644
--- a/docs/guides/src/docs/asciidoc/_hello-includes/secure-the-application-xml.asc
+++ b/docs/guides/src/docs/asciidoc/_hello-includes/secure-the-application-xml.asc
@@ -53,8 +53,8 @@ The next step is to create a Spring Security configuration.
 
+		 xsi:schemaLocation="http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd
+						http://www.springframework.org/schema/security https://www.springframework.org/schema/security/spring-security.xsd">
 
 	
 
@@ -72,18 +72,18 @@ The <> will:
 * Generate a login form for you
 * Allow the user with the *Username* _user_ and the *Password* _password_ to authenticate with form based authentication
 * Allow the user to logout
-* http://en.wikipedia.org/wiki/Cross-site_request_forgery[CSRF attack] prevention
-* http://en.wikipedia.org/wiki/Session_fixation[Session Fixation] protection
+* https://en.wikipedia.org/wiki/Cross-site_request_forgery[CSRF attack] prevention
+* https://en.wikipedia.org/wiki/Session_fixation[Session Fixation] protection
 * Security Header integration
-** http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security[HTTP Strict Transport Security] for secure requests
-** http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx[X-Content-Type-Options] integration
+** https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security[HTTP Strict Transport Security] for secure requests
+** https://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx[X-Content-Type-Options] integration
 ** Cache Control (can be overridden later by your application to allow caching of your static resources)
-** http://msdn.microsoft.com/en-us/library/dd565647(v=vs.85).aspx[X-XSS-Protection] integration
-** X-Frame-Options integration to help prevent http://en.wikipedia.org/wiki/Clickjacking[Clickjacking]
+** https://msdn.microsoft.com/en-us/library/dd565647(v=vs.85).aspx[X-XSS-Protection] integration
+** X-Frame-Options integration to help prevent https://en.wikipedia.org/wiki/Clickjacking[Clickjacking]
 * Integrate with the following Servlet API methods
-** http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getRemoteUser()[HttpServletRequest#getRemoteUser()]
-** http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getUserPrincipal()[HttpServletRequest.html#getUserPrincipal()]
-** http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#isUserInRole(java.lang.String)[HttpServletRequest.html#isUserInRole(java.lang.String)]
-** http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#login(java.lang.String,%20java.lang.String)[HttpServletRequest.html#login(java.lang.String, java.lang.String)]
-** http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#logout()[HttpServletRequest.html#logout()]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getRemoteUser()[HttpServletRequest#getRemoteUser()]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getUserPrincipal()[HttpServletRequest.html#getUserPrincipal()]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#isUserInRole(java.lang.String)[HttpServletRequest.html#isUserInRole(java.lang.String)]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#login(java.lang.String,%20java.lang.String)[HttpServletRequest.html#login(java.lang.String, java.lang.String)]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#logout()[HttpServletRequest.html#logout()]
 
diff --git a/docs/guides/src/docs/asciidoc/form-javaconfig.asc b/docs/guides/src/docs/asciidoc/form-javaconfig.asc
index cbaa43e719..845185f633 100644
--- a/docs/guides/src/docs/asciidoc/form-javaconfig.asc
+++ b/docs/guides/src/docs/asciidoc/form-javaconfig.asc
@@ -162,7 +162,7 @@ Our existing configuration means that all we need to do is create a *login.html*
 .src/main/resources/views/login.html
 [source,xml]
 ----
-
+
   
     Please Login
   
diff --git a/docs/guides/src/docs/asciidoc/hellomvc-javaconfig.asc b/docs/guides/src/docs/asciidoc/hellomvc-javaconfig.asc
index 258269866d..c913e2c4ad 100644
--- a/docs/guides/src/docs/asciidoc/hellomvc-javaconfig.asc
+++ b/docs/guides/src/docs/asciidoc/hellomvc-javaconfig.asc
@@ -97,9 +97,9 @@ Now that we have authenticated, let's see how our application is displaying the
 
 ----
 
-In our samples we use http://www.thymeleaf.org/[Thymeleaf], but any view technology will work. Any technology can inspect the `HttpServletRequest#getRemoteUser()` to view the current user since Spring Security integrates with the <>.
+In our samples we use https://www.thymeleaf.org/[Thymeleaf], but any view technology will work. Any technology can inspect the `HttpServletRequest#getRemoteUser()` to view the current user since Spring Security integrates with the <>.
 
-WARNING: The Thymeleaf ensures the username is escaped to avoid http://en.wikipedia.org/wiki/Cross-site_scripting[XSS vulnerabilities] Regardless of how an application renders user inputed values, it should ensure that the values are properly escaped.
+WARNING: The Thymeleaf ensures the username is escaped to avoid https://en.wikipedia.org/wiki/Cross-site_scripting[XSS vulnerabilities] Regardless of how an application renders user inputed values, it should ensure that the values are properly escaped.
 
 ==== Logging out
 
@@ -113,7 +113,7 @@ We can view the user name, but how are we able to log out? Below you can see how
 
 ----
 
-In order to help protect against http://en.wikipedia.org/wiki/Cross-site_request_forgery[CSRF attacks], by default, Spring Security Java Configuration log out requires:
+In order to help protect against https://en.wikipedia.org/wiki/Cross-site_request_forgery[CSRF attacks], by default, Spring Security Java Configuration log out requires:
 
 * the HTTP method must be a POST
 * the CSRF token must be added to the request. Since we have used `@EnableWebSecurity` and are using Thymeleaf, the CSRF token is automatically added as a hidden input for you (view the source to see it).
diff --git a/docs/guides/src/docs/asciidoc/helloworld-boot.asc b/docs/guides/src/docs/asciidoc/helloworld-boot.asc
index d8f726efd9..7cec963d94 100644
--- a/docs/guides/src/docs/asciidoc/helloworld-boot.asc
+++ b/docs/guides/src/docs/asciidoc/helloworld-boot.asc
@@ -32,7 +32,7 @@ Now that we have authenticated, let's update the application to display the user
 [source,html]
 ----
 
-
+
     
         Hello Spring Security
         
@@ -57,7 +57,7 @@ Now that we have authenticated, let's update the application to display the user
 
 ----
 
-NOTE: We are using http://www.thymeleaf.org/[Thymeleaf] for our view template engine and
+NOTE: We are using https://www.thymeleaf.org/[Thymeleaf] for our view template engine and
 https://github.com/thymeleaf/thymeleaf-extras-springsecurity[Thymeleaf - Spring Security integration modules]
 in order to utilize the _sec:authentication_ and _sec:authorize_ attributes.
 
@@ -76,7 +76,7 @@ The last step is to update the _secured_ page to also display the currently auth
 [source,html]
 ----
 
-
+
     
         Hello Spring Security
         
diff --git a/docs/guides/src/docs/asciidoc/helloworld-javaconfig.asc b/docs/guides/src/docs/asciidoc/helloworld-javaconfig.asc
index 5fdee917c2..d418e918a2 100644
--- a/docs/guides/src/docs/asciidoc/helloworld-javaconfig.asc
+++ b/docs/guides/src/docs/asciidoc/helloworld-javaconfig.asc
@@ -73,7 +73,7 @@ Now that we have authenticated, let's update the application to display the user
 
 ----
 
-WARNING: The `` tag ensures the username is escaped to avoid http://en.wikipedia.org/wiki/Cross-site_scripting[XSS vulnerabilities] Regardless of how an application renders user inputed values, it should ensure that the values are properly escaped.
+WARNING: The `` tag ensures the username is escaped to avoid https://en.wikipedia.org/wiki/Cross-site_scripting[XSS vulnerabilities] Regardless of how an application renders user inputed values, it should ensure that the values are properly escaped.
 
 Refresh the page at http://localhost:8080/sample/ and you will see the user name displayed. This works because Spring Security integrates with the <>
 
@@ -99,7 +99,7 @@ Now that we can view the user name, let's update the application to allow loggin
 
 ----
 
-In order to help protect against http://en.wikipedia.org/wiki/Cross-site_request_forgery[CSRF attacks], by default, Spring Security Java Configuration log out requires:
+In order to help protect against https://en.wikipedia.org/wiki/Cross-site_request_forgery[CSRF attacks], by default, Spring Security Java Configuration log out requires:
 
 * the HTTP method must be a POST
 * the CSRF token must be added to the request. You can access it on the ServletRequest using the attribute _csrf as illustrated above.
diff --git a/docs/guides/src/docs/asciidoc/helloworld-xml.asc b/docs/guides/src/docs/asciidoc/helloworld-xml.asc
index 78f5e69f2d..c04f05a5fe 100644
--- a/docs/guides/src/docs/asciidoc/helloworld-xml.asc
+++ b/docs/guides/src/docs/asciidoc/helloworld-xml.asc
@@ -37,7 +37,7 @@ We have created the Spring Security configuration, but we still need to register
 
+  https://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
 
 	
 
 
 
@@ -194,4 +194,4 @@ The following section describes the Servlet 3.1 methods that Spring Security int
 
 [[servletapi-change-session-id]]
 ==== HttpServletRequest#changeSessionId()
-The http://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html#changeSessionId()[HttpServletRequest.changeSessionId()] is the default method for protecting against <> attacks in Servlet 3.1 and higher.
+The https://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html#changeSessionId()[HttpServletRequest.changeSessionId()] is the default method for protecting against <> attacks in Servlet 3.1 and higher.
diff --git a/docs/manual/src/docs/asciidoc/_includes/servlet/web/websocket.adoc b/docs/manual/src/docs/asciidoc/_includes/servlet/web/websocket.adoc
index d01a38fe22..eda1b60201 100644
--- a/docs/manual/src/docs/asciidoc/_includes/servlet/web/websocket.adoc
+++ b/docs/manual/src/docs/asciidoc/_includes/servlet/web/websocket.adoc
@@ -1,7 +1,7 @@
 [[websocket]]
 == WebSocket Security
 
-Spring Security 4 added support for securing http://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html[Spring's WebSocket support].
+Spring Security 4 added support for securing https://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html[Spring's WebSocket support].
 This section describes how to use Spring Security's WebSocket support.
 
 NOTE: You can find a complete working sample of WebSocket security at https://github.com/spring-projects/spring-session/tree/master/samples/boot/websocket.
@@ -9,7 +9,7 @@ NOTE: You can find a complete working sample of WebSocket security at https://gi
 .Direct JSR-356 Support
 ****
 Spring Security does not provide direct JSR-356 support because doing so would provide little value.
-This is because the format is unknown, so there is http://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html#websocket-intro-sub-protocol[little Spring can do to secure an unknown format].
+This is because the format is unknown, so there is https://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html#websocket-intro-sub-protocol[little Spring can do to secure an unknown format].
 Additionally, JSR-356 does not provide a way to intercept messages, so security would be rather invasive.
 ****
 
@@ -153,7 +153,7 @@ Consider a chat application.
 While we want clients to be able to SUBSCRIBE to "/topic/system/notifications", we do not want to enable them to send a MESSAGE to that destination.
 If we allowed sending a MESSAGE to "/topic/system/notifications", then clients could send a message directly to that endpoint and impersonate the system.
 
-In general, it is common for applications to deny any MESSAGE sent to a message that starts with the http://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html#websocket-stomp[broker prefix] (i.e. "/topic/" or "/queue/").
+In general, it is common for applications to deny any MESSAGE sent to a message that starts with the https://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html#websocket-stomp[broker prefix] (i.e. "/topic/" or "/queue/").
 
 [[websocket-authorization-notes-destinations]]
 ===== WebSocket Authorization on Destinations
@@ -170,13 +170,13 @@ Consider a chat application.
 With the application above, we want to allow our client to listen to "/user/queue" which is transformed into "/queue/user/messages-".
 However, we do not want the client to be able to listen to "/queue/*" because that would allow the client to see messages for every user.
 
-In general, it is common for applications to deny any SUBSCRIBE sent to a message that starts with the http://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html#websocket-stomp[broker prefix] (i.e. "/topic/" or "/queue/").
+In general, it is common for applications to deny any SUBSCRIBE sent to a message that starts with the https://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html#websocket-stomp[broker prefix] (i.e. "/topic/" or "/queue/").
 Of course we may provide exceptions to account for things like
 
 [[websocket-authorization-notes-outbound]]
 ==== Outbound Messages
 
-Spring contains a section titled http://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html#websocket-stomp-message-flow[Flow of Messages] that describes how messages flow through the system.
+Spring contains a section titled https://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html#websocket-stomp-message-flow[Flow of Messages] that describes how messages flow through the system.
 It is important to note that Spring Security only secures the `clientInboundChannel`.
 Spring Security does not attempt to secure the `clientOutboundChannel`.
 
@@ -187,7 +187,7 @@ Instead of securing the outbound messages, we encourage securing the subscriptio
 [[websocket-sameorigin]]
 === Enforcing Same Origin Policy
 
-It is important to emphasize that the browser does not enforce the http://en.wikipedia.org/wiki/Same-origin_policy[Same Origin Policy] for WebSocket connections.
+It is important to emphasize that the browser does not enforce the https://en.wikipedia.org/wiki/Same-origin_policy[Same Origin Policy] for WebSocket connections.
 This is an extremely important consideration.
 
 [[websocket-sameorigin-why]]
@@ -208,8 +208,8 @@ This means developers need to explicitly protect their applications from externa
 [[websocket-sameorigin-spring]]
 ==== Spring WebSocket Allowed Origin
 
-Fortunately, since Spring 4.1.5 Spring's WebSocket and SockJS support restricts access to the http://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html#websocket-server-allowed-origins[current domain].
-Spring Security adds an additional layer of protection to provide http://en.wikipedia.org/wiki/Defense_in_depth_%28computing%29[defence in depth].
+Fortunately, since Spring 4.1.5 Spring's WebSocket and SockJS support restricts access to the https://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html#websocket-server-allowed-origins[current domain].
+Spring Security adds an additional layer of protection to provide https://en.wikipedia.org/wiki/Defense_in_depth_%2528computing%2529[defence in depth].
 
 [[websocket-sameorigin-csrf]]
 ==== Adding CSRF to Stomp Headers
@@ -286,7 +286,7 @@ public class WebSocketSecurityConfig extends AbstractSecurityWebSocketMessageBro
 [[websocket-sockjs]]
 === Working with SockJS
 
-http://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html#websocket-fallback[SockJS] provides fallback transports to support older browsers.
+https://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html#websocket-fallback[SockJS] provides fallback transports to support older browsers.
 When using the fallback options we need to relax a few security constraints to allow SockJS to work with Spring Security.
 
 [[websocket-sockjs-sameorigin]]
diff --git a/docs/manual/src/docs/asciidoc/index.adoc b/docs/manual/src/docs/asciidoc/index.adoc
index f870839602..237c691546 100644
--- a/docs/manual/src/docs/asciidoc/index.adoc
+++ b/docs/manual/src/docs/asciidoc/index.adoc
@@ -1,7 +1,7 @@
 = Spring Security Reference
 Ben Alex; Luke Taylor; Rob Winch; Gunnar Hillert; Joe Grandja; Jay Bryant
 :include-dir: _includes
-:security-api-url: http://docs.spring.io/spring-security/site/docs/current/api/
+:security-api-url: https://docs.spring.io/spring-security/site/docs/current/api/
 :source-indent: 0
 :tabsize: 4
 
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java
index 2a2f77c7d9..8381f2efcb 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java
@@ -108,7 +108,7 @@ import org.springframework.util.Assert;
  * this means that if the LDAP directory is configured to allow unauthenticated access, it
  * might be possible to authenticate as any user just by supplying an empty
  * password. More information on the misuse of unauthenticated access can be found in
- *  draft
+ *  draft
  * -ietf-ldapbis-authmeth-19.txt.
  *
  *
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
index 290f47e9b8..863de6bb29 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
@@ -52,7 +52,7 @@ import java.util.regex.Pattern;
  * conventions.
  * 
    
  * It will authenticate using the Active Directory 
+ * href="https://msdn.microsoft.com/en-us/library/ms680857%28VS.85%29.aspx">
  * {@code userPrincipalName} or a custom {@link #setSearchFilter(String) searchFilter}
  * in the form {@code username@domain}. If the username does not already end with the
  * domain name, the {@code userPrincipalName} will be built by appending the configured
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java
index 95caaefae3..9d45957fa3 100755
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java
@@ -23,7 +23,7 @@ import javax.naming.ldap.Control;
  * A Password Policy request control.
  * 
    
  * Based on the information in the corresponding  internet draft on LDAP password policy
  *
  * @author Stefan Zoerner
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java
index f7c9ae2a44..86e3240a18 100755
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java
@@ -46,7 +46,7 @@ import org.springframework.dao.DataRetrievalFailureException;
  * @author Luke Taylor
  *
  * @see org.springframework.security.ldap.ppolicy.PasswordPolicyControl
- * @see Stefan
+ * @see Stefan
  * Zoerner's IBM developerworks article on LDAP controls.
  */
 public class PasswordPolicyResponseControl extends PasswordPolicyControl {
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/package-info.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/package-info.java
index 5780575f61..8bbbc99b7a 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/package-info.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/package-info.java
@@ -15,7 +15,7 @@
  */
 /**
  * Implementation of password policy functionality based on the
- * 
+ * 
  * Password Policy for LDAP Directories.
  * 
    
  * This code will not work with servers such as Active Directory, which do not implement this standard.
diff --git a/notice.txt b/notice.txt
index dde652c658..2336a37696 100644
--- a/notice.txt
+++ b/notice.txt
@@ -7,7 +7,7 @@
    must include the following acknowledgement:
 
      "This product includes software developed by Spring Security
-      Project (http://www.springframework.org/security)."
+      Project (https://www.springframework.org/security)."
 
    Alternately, this acknowledgement may appear in the software itself,
    if and wherever such third-party acknowledgements normally appear.
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java
index 4360c8ad05..02d4b5e7b1 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java
@@ -85,7 +85,7 @@ public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider
 		OAuth2LoginAuthenticationToken authorizationCodeAuthentication =
 			(OAuth2LoginAuthenticationToken) authentication;
 
-		// Section 3.1.2.1 Authentication Request - http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
+		// Section 3.1.2.1 Authentication Request - https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
 		// scope
 		// 		REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
 		if (authorizationCodeAuthentication.getAuthorizationExchange()
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java
index e1591fe450..e82ee9e8bd 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java
@@ -79,7 +79,7 @@ public class OAuth2LoginReactiveAuthenticationManager implements
 		return Mono.defer(() -> {
 			OAuth2AuthorizationCodeAuthenticationToken token = (OAuth2AuthorizationCodeAuthenticationToken) authentication;
 
-			// Section 3.1.2.1 Authentication Request - http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
+			// Section 3.1.2.1 Authentication Request - https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
 			// scope REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
 			if (token.getAuthorizationExchange()
 					.getAuthorizationRequest().getScopes().contains("openid")) {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java
index af76ceb0b7..73227b6989 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java
@@ -67,9 +67,9 @@ import java.util.Map;
  * @see OidcUserService
  * @see OidcUser
  * @see OidcIdTokenDecoderFactory
- * @see Section 3.1 Authorization Code Grant Flow
- * @see Section 3.1.3.1 Token Request
- * @see Section 3.1.3.3 Token Response
+ * @see Section 3.1 Authorization Code Grant Flow
+ * @see Section 3.1.3.1 Token Request
+ * @see Section 3.1.3.3 Token Response
  */
 public class OidcAuthorizationCodeAuthenticationProvider implements AuthenticationProvider {
 	private static final String INVALID_STATE_PARAMETER_ERROR_CODE = "invalid_state_parameter";
@@ -101,7 +101,7 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
 		OAuth2LoginAuthenticationToken authorizationCodeAuthentication =
 			(OAuth2LoginAuthenticationToken) authentication;
 
-		// Section 3.1.2.1 Authentication Request - http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
+		// Section 3.1.2.1 Authentication Request - https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
 		// scope
 		// 		REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
 		if (!authorizationCodeAuthentication.getAuthorizationExchange()
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java
index 4f47a5766e..8a215efdf8 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java
@@ -100,7 +100,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements
 		return Mono.defer(() -> {
 			OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = (OAuth2AuthorizationCodeAuthenticationToken) authentication;
 
-			// Section 3.1.2.1 Authentication Request - http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
+			// Section 3.1.2.1 Authentication Request - https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
 			// scope REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
 			if (!authorizationCodeAuthentication.getAuthorizationExchange()
 					.getAuthorizationRequest().getScopes().contains("openid")) {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java
index 94c64a8fcd..e5d31dafc7 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java
@@ -43,7 +43,7 @@ import java.util.stream.Collectors;
  * @since 5.1
  * @see OAuth2TokenValidator
  * @see Jwt
- * @see ID Token Validation
+ * @see ID Token Validation
  */
 public final class OidcIdTokenValidator implements OAuth2TokenValidator {
 	private static final Duration DEFAULT_CLOCK_SKEW = Duration.ofSeconds(60);
@@ -58,7 +58,7 @@ public final class OidcIdTokenValidator implements OAuth2TokenValidator {
 	@Override
 	public OAuth2TokenValidatorResult validate(Jwt idToken) {
 		// 3.1.3.7  ID Token Validation
-		// http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
+		// https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
 
 		Map invalidClaims = validateRequiredClaims(idToken);
 		if (!invalidClaims.isEmpty()) {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java
index 26a57fe058..859cc1b534 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java
@@ -62,7 +62,7 @@ public class OidcUserService implements OAuth2UserServiceRP-Initiated Logout
+ * @see RP-Initiated Logout
  * @see org.springframework.security.web.authentication.logout.LogoutSuccessHandler
  */
 public final class OidcClientInitiatedLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java
index 6bc467cd3f..b697bd0eaf 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java
@@ -39,7 +39,7 @@ import org.springframework.web.util.UriComponentsBuilder;
  *
  * @author Josh Cummings
  * @since 5.2
- * @see RP-Initiated Logout
+ * @see RP-Initiated Logout
  * @see org.springframework.security.web.server.authentication.logout.ServerLogoutSuccessHandler
  */
 public class OidcClientInitiatedServerLogoutSuccessHandler
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java
index 3c4670cc30..5a7663a526 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java
@@ -44,7 +44,7 @@ public final class ClientRegistrations {
 
 	/**
 	 * Creates a {@link ClientRegistration.Builder}  using the provided
-	 * Issuer by making an
+	 * Issuer by making an
 	 * OpenID Provider
 	 * Configuration Request and using the values in the
 	 * OpenID
@@ -65,7 +65,7 @@ public final class ClientRegistrations {
 	 *     .clientSecret("client-secret")
 	 *     .build();
 	 * 
    
-	 * @param issuer the Issuer
+	 * @param issuer the Issuer
 	 * @return a {@link ClientRegistration.Builder} that was initialized by the OpenID Provider Configuration.
 	 */
 	public static ClientRegistration.Builder fromOidcIssuerLocation(String issuer) {
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
index d13cbbf4c6..4f7157afcc 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
@@ -100,7 +100,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
 
 	@Test
 	public void authenticateWhenAuthorizationResponseRedirectUriNotEqualAuthorizationRequestRedirectUriThenThrowOAuth2AuthorizationException() {
-		OAuth2AuthorizationResponse authorizationResponse = success().redirectUri("http://example2.com").build();
+		OAuth2AuthorizationResponse authorizationResponse = success().redirectUri("https://example2.com").build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(
 				this.authorizationRequest, authorizationResponse);
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java
index 0acb484d23..31d841a6f1 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java
@@ -157,7 +157,7 @@ public class OAuth2LoginAuthenticationProviderTests {
 		this.exception.expectMessage(containsString("invalid_redirect_uri_parameter"));
 
 		OAuth2AuthorizationResponse authorizationResponse =
-				success().redirectUri("http://example2.com").build();
+				success().redirectUri("https://example2.com").build();
 		OAuth2AuthorizationExchange authorizationExchange =
 				new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse);
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java
index 3299a5a5b6..b26a53aa92 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java
@@ -234,7 +234,7 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenTokenUriInvalidThenThrowOAuth2AuthorizationException() {
-		String invalidTokenUri = "http://invalid-provider.com/oauth2/token";
+		String invalidTokenUri = "https://invalid-provider.com/oauth2/token";
 		ClientRegistration clientRegistration = this.from(this.clientRegistration)
 				.tokenUri(invalidTokenUri)
 				.build();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java
index 184db3bd19..1a2f93a31e 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java
@@ -239,7 +239,7 @@ public class DefaultClientCredentialsTokenResponseClientTests {
 
 	@Test
 	public void getTokenResponseWhenTokenUriInvalidThenThrowOAuth2AuthorizationException() {
-		String invalidTokenUri = "http://invalid-provider.com/oauth2/token";
+		String invalidTokenUri = "https://invalid-provider.com/oauth2/token";
 		ClientRegistration clientRegistration = this.from(this.clientRegistration)
 				.tokenUri(invalidTokenUri)
 				.build();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java
index 213d6aeab2..ce651b431b 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java
@@ -169,7 +169,7 @@ public class NimbusAuthorizationCodeTokenResponseClientTests {
 	public void getTokenResponseWhenTokenUriInvalidThenThrowOAuth2AuthorizationException() throws Exception {
 		this.exception.expect(OAuth2AuthorizationException.class);
 
-		String tokenUri = "http://invalid-provider.com/oauth2/token";
+		String tokenUri = "https://invalid-provider.com/oauth2/token";
 		this.clientRegistrationBuilder.tokenUri(tokenUri);
 
 		this.tokenResponseClient.getTokenResponse(
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
index e96cf86f60..c05d1572d9 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
@@ -162,7 +162,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 //	public void getTokenResponseWhenTokenUriInvalidThenThrowAuthenticationServiceException() throws Exception {
 //		this.exception.expect(AuthenticationServiceException.class);
 //
-//		String tokenUri = "http://invalid-provider.com/oauth2/token";
+//		String tokenUri = "https://invalid-provider.com/oauth2/token";
 //		when(this.providerDetails.getTokenUri()).thenReturn(tokenUri);
 //
 //		this.tokenResponseClient.getTokenResponse(
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java
index d5c66b000f..77dba3d87a 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java
@@ -170,7 +170,7 @@ public class OidcAuthorizationCodeAuthenticationProviderTests {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString("invalid_redirect_uri_parameter"));
 
-		OAuth2AuthorizationResponse authorizationResponse = success().redirectUri("http://example2.com").build();
+		OAuth2AuthorizationResponse authorizationResponse = success().redirectUri("https://example2.com").build();
 		OAuth2AuthorizationExchange authorizationExchange =
 				new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse);
 
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
index b5ad7a0505..15d4015a5e 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
@@ -114,7 +114,7 @@ public class OidcUserServiceTests {
 	@Test
 	public void loadUserWhenAuthorizedScopesDoesNotContainUserInfoScopesThenUserInfoEndpointNotRequested() {
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri("http://provider.com/user").build();
+				.userInfoUri("https://provider.com/user").build();
 
 		Set authorizedScopes = new LinkedHashSet<>(Arrays.asList("scope1", "scope2"));
 		OAuth2AccessToken accessToken = new OAuth2AccessToken(
@@ -248,7 +248,7 @@ public class OidcUserServiceTests {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString("[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
 
-		String userInfoUri = "http://invalid-provider.com/user";
+		String userInfoUri = "https://invalid-provider.com/user";
 
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder
 				.userInfoUri(userInfoUri).build();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java
index e580500f0f..ff667fc04a 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java
@@ -50,7 +50,7 @@ public class OidcClientInitiatedLogoutSuccessHandlerTests {
 	ClientRegistration registration = TestClientRegistrations
 			.clientRegistration()
 			.providerConfigurationMetadata(
-					Collections.singletonMap("end_session_endpoint", "http://endpoint"))
+					Collections.singletonMap("end_session_endpoint", "https://endpoint"))
 			.build();
 	ClientRegistrationRepository repository = new InMemoryClientRegistrationRepository(registration);
 
@@ -77,7 +77,7 @@ public class OidcClientInitiatedLogoutSuccessHandlerTests {
 		this.request.setUserPrincipal(token);
 		this.handler.onLogoutSuccess(this.request, this.response, token);
 
-		assertThat(this.response.getRedirectedUrl()).isEqualTo("http://endpoint?id_token_hint=id-token");
+		assertThat(this.response.getRedirectedUrl()).isEqualTo("https://endpoint?id_token_hint=id-token");
 	}
 
 	@Test
@@ -86,10 +86,10 @@ public class OidcClientInitiatedLogoutSuccessHandlerTests {
 		Authentication token = mock(Authentication.class);
 
 		this.request.setUserPrincipal(token);
-		this.handler.setDefaultTargetUrl("http://default");
+		this.handler.setDefaultTargetUrl("https://default");
 		this.handler.onLogoutSuccess(this.request, this.response, token);
 
-		assertThat(this.response.getRedirectedUrl()).isEqualTo("http://default");
+		assertThat(this.response.getRedirectedUrl()).isEqualTo("https://default");
 	}
 
 	@Test
@@ -101,10 +101,10 @@ public class OidcClientInitiatedLogoutSuccessHandlerTests {
 				this.registration.getRegistrationId());
 
 		this.request.setUserPrincipal(token);
-		this.handler.setDefaultTargetUrl("http://default");
+		this.handler.setDefaultTargetUrl("https://default");
 		this.handler.onLogoutSuccess(this.request, this.response, token);
 
-		assertThat(this.response.getRedirectedUrl()).isEqualTo("http://default");
+		assertThat(this.response.getRedirectedUrl()).isEqualTo("https://default");
 	}
 
 	@Test
@@ -121,10 +121,10 @@ public class OidcClientInitiatedLogoutSuccessHandlerTests {
 				registration.getRegistrationId());
 
 		this.request.setUserPrincipal(token);
-		handler.setDefaultTargetUrl("http://default");
+		handler.setDefaultTargetUrl("https://default");
 		handler.onLogoutSuccess(this.request, this.response, token);
 
-		assertThat(this.response.getRedirectedUrl()).isEqualTo("http://default");
+		assertThat(this.response.getRedirectedUrl()).isEqualTo("https://default");
 	}
 
 	@Test
@@ -136,13 +136,13 @@ public class OidcClientInitiatedLogoutSuccessHandlerTests {
 				AuthorityUtils.NO_AUTHORITIES,
 				this.registration.getRegistrationId());
 
-		this.handler.setPostLogoutRedirectUri(URI.create("http://postlogout?encodedparam=value"));
+		this.handler.setPostLogoutRedirectUri(URI.create("https://postlogout?encodedparam=value"));
 		this.request.setUserPrincipal(token);
 		this.handler.onLogoutSuccess(this.request, this.response, token);
 
-		assertThat(this.response.getRedirectedUrl()).isEqualTo("http://endpoint?" +
+		assertThat(this.response.getRedirectedUrl()).isEqualTo("https://endpoint?" +
 				"id_token_hint=id-token&" +
-				"post_logout_redirect_uri=http://postlogout?encodedparam%3Dvalue");
+				"post_logout_redirect_uri=https://postlogout?encodedparam%3Dvalue");
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
index a9bfcc4800..199eb0c5ab 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
@@ -50,7 +50,7 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 	ClientRegistration registration = TestClientRegistrations
 			.clientRegistration()
 			.providerConfigurationMetadata(
-					Collections.singletonMap("end_session_endpoint", "http://endpoint"))
+					Collections.singletonMap("end_session_endpoint", "https://endpoint"))
 			.build();
 	ReactiveClientRegistrationRepository repository = new InMemoryReactiveClientRegistrationRepository(registration);
 
@@ -79,7 +79,7 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 		WebFilterExchange f = new WebFilterExchange(exchange, this.chain);
 		this.handler.onLogoutSuccess(f, token).block();
 
-		assertThat(redirectedUrl(this.exchange)).isEqualTo("http://endpoint?id_token_hint=id-token");
+		assertThat(redirectedUrl(this.exchange)).isEqualTo("https://endpoint?id_token_hint=id-token");
 	}
 
 	@Test
@@ -89,10 +89,10 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 		when(this.exchange.getPrincipal()).thenReturn(Mono.just(token));
 		WebFilterExchange f = new WebFilterExchange(exchange, this.chain);
 
-		this.handler.setLogoutSuccessUrl(URI.create("http://default"));
+		this.handler.setLogoutSuccessUrl(URI.create("https://default"));
 		this.handler.onLogoutSuccess(f, token).block();
 
-		assertThat(redirectedUrl(this.exchange)).isEqualTo("http://default");
+		assertThat(redirectedUrl(this.exchange)).isEqualTo("https://default");
 	}
 
 	@Test
@@ -105,10 +105,10 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 		when(this.exchange.getPrincipal()).thenReturn(Mono.just(token));
 		WebFilterExchange f = new WebFilterExchange(exchange, this.chain);
 
-		this.handler.setLogoutSuccessUrl(URI.create("http://default"));
+		this.handler.setLogoutSuccessUrl(URI.create("https://default"));
 		this.handler.onLogoutSuccess(f, token).block();
 
-		assertThat(redirectedUrl(this.exchange)).isEqualTo("http://default");
+		assertThat(redirectedUrl(this.exchange)).isEqualTo("https://default");
 	}
 
 	@Test
@@ -128,10 +128,10 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 		when(this.exchange.getPrincipal()).thenReturn(Mono.just(token));
 		WebFilterExchange f = new WebFilterExchange(exchange, this.chain);
 
-		handler.setLogoutSuccessUrl(URI.create("http://default"));
+		handler.setLogoutSuccessUrl(URI.create("https://default"));
 		handler.onLogoutSuccess(f, token).block();
 
-		assertThat(redirectedUrl(this.exchange)).isEqualTo("http://default");
+		assertThat(redirectedUrl(this.exchange)).isEqualTo("https://default");
 	}
 
 	@Test
@@ -145,13 +145,13 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 		when(this.exchange.getPrincipal()).thenReturn(Mono.just(token));
 		WebFilterExchange f = new WebFilterExchange(exchange, this.chain);
 
-		this.handler.setPostLogoutRedirectUri(URI.create("http://postlogout?encodedparam=value"));
+		this.handler.setPostLogoutRedirectUri(URI.create("https://postlogout?encodedparam=value"));
 		this.handler.onLogoutSuccess(f, token).block();
 
 		assertThat(redirectedUrl(this.exchange))
-				.isEqualTo("http://endpoint?" +
+				.isEqualTo("https://endpoint?" +
 						"id_token_hint=id-token&" +
-						"post_logout_redirect_uri=http://postlogout?encodedparam%3Dvalue");
+						"post_logout_redirect_uri=https://postlogout?encodedparam%3Dvalue");
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java
index 2d7177f5ff..3f1a9bfaad 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java
@@ -184,7 +184,7 @@ public class CustomUserTypesOAuth2UserServiceTests {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString("[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
 
-		String userInfoUri = "http://invalid-provider.com/user";
+		String userInfoUri = "https://invalid-provider.com/user";
 
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder
 				.userInfoUri(userInfoUri).build();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java
index ae830b7426..99a6718e07 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java
@@ -103,7 +103,7 @@ public class DefaultOAuth2UserServiceTests {
 		this.exception.expectMessage(containsString("missing_user_name_attribute"));
 
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder
-				.userInfoUri("http://provider.com/user").build();
+				.userInfoUri("https://provider.com/user").build();
 		this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken));
 	}
 
@@ -235,7 +235,7 @@ public class DefaultOAuth2UserServiceTests {
 		this.exception.expect(OAuth2AuthenticationException.class);
 		this.exception.expectMessage(containsString("[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"));
 
-		String userInfoUri = "http://invalid-provider.com/user";
+		String userInfoUri = "https://invalid-provider.com/user";
 
 		ClientRegistration clientRegistration = this.clientRegistrationBuilder
 				.userInfoUri(userInfoUri)
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java
index 421f1734c7..b856c80252 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java
@@ -206,7 +206,7 @@ public class DefaultReactiveOAuth2UserServiceTests {
 
 	@Test
 	public void loadUserWhenUserInfoUriInvalidThenThrowAuthenticationServiceException() throws Exception {
-		this.clientRegistration.userInfoUri("http://invalid-provider.com/user");
+		this.clientRegistration.userInfoUri("https://invalid-provider.com/user");
 		assertThatThrownBy(() -> this.userService.loadUser(oauth2UserRequest()).block())
 				.isInstanceOf(AuthenticationServiceException.class);
 	}
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
index 5adb88773f..d55e1bb415 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
@@ -183,7 +183,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 				.matches("https://example.com/login/oauth/authorize\\?" +
 						"response_type=code&client_id=client-id&" +
 						"scope=read:user&state=.{15,}&" +
-						"redirect_uri=http://example.com/login/oauth2/code/registration-id");
+						"redirect_uri=https://example.com/login/oauth2/code/registration-id");
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
index 73ac9dc5ab..d137abc480 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
@@ -329,7 +329,7 @@ public class OAuth2LoginAuthenticationFilterTests {
 		OAuth2AuthorizationRequest authorizationRequest = authentication.getAuthorizationExchange().getAuthorizationRequest();
 		OAuth2AuthorizationResponse authorizationResponse = authentication.getAuthorizationExchange().getAuthorizationResponse();
 
-		String expectedRedirectUri = "http://example.com/login/oauth2/code/registration-id-2";
+		String expectedRedirectUri = "https://example.com/login/oauth2/code/registration-id-2";
 		assertThat(authorizationRequest.getRedirectUri()).isEqualTo(expectedRedirectUri);
 		assertThat(authorizationResponse.getRedirectUri()).isEqualTo(expectedRedirectUri);
 	}
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/AddressStandardClaim.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/AddressStandardClaim.java
index ec75da2e02..47037a3127 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/AddressStandardClaim.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/AddressStandardClaim.java
@@ -21,9 +21,9 @@ package org.springframework.security.oauth2.core.oidc;
  *
  * @author Joe Grandja
  * @since 5.0
- * @see Address Claim
- * @see UserInfo Response
- * @see ID Token
+ * @see Address Claim
+ * @see UserInfo Response
+ * @see ID Token
  */
 public interface AddressStandardClaim {
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java
index 61a4e87e75..0170f933ec 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java
@@ -30,8 +30,8 @@ import java.util.List;
  * @see StandardClaimNames
  * @see IdTokenClaimNames
  * @see OidcIdToken
- * @see ID Token
- * @see Standard Claims
+ * @see ID Token
+ * @see Standard Claims
  * @author Joe Grandja
  * @since 5.0
  */
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimNames.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimNames.java
index 15a351f22c..c73b604f3d 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimNames.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimNames.java
@@ -22,7 +22,7 @@ package org.springframework.security.oauth2.core.oidc;
  * @author Joe Grandja
  * @since 5.0
  * @see OidcIdToken
- * @see ID Token
+ * @see ID Token
  */
 
 public interface IdTokenClaimNames {
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java
index 27a6b09b57..6e1297862d 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java
@@ -35,8 +35,8 @@ import java.util.Map;
  * @see AbstractOAuth2Token
  * @see IdTokenClaimAccessor
  * @see StandardClaimAccessor
- * @see ID Token
- * @see Standard Claims
+ * @see ID Token
+ * @see Standard Claims
  */
 public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAccessor {
 	private final Map claims;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcScopes.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcScopes.java
index c546f8ebbf..e8b70c757a 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcScopes.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcScopes.java
@@ -28,7 +28,7 @@ import org.springframework.security.oauth2.core.OAuth2AccessToken;
  * @author Joe Grandja
  * @since 5.0
  * @see StandardClaimNames
- * @see Requesting Claims using Scope Values
+ * @see Requesting Claims using Scope Values
  */
 public interface OidcScopes {
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java
index 5b2fd36886..0d3ba43183 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java
@@ -33,9 +33,9 @@ import java.util.Map;
  * @author Joe Grandja
  * @since 5.0
  * @see StandardClaimAccessor
- * @see UserInfo Response
- * @see UserInfo Endpoint
- * @see Standard Claims
+ * @see UserInfo Response
+ * @see UserInfo Endpoint
+ * @see Standard Claims
  */
 public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimAccessor.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimAccessor.java
index 31d0bc1bdd..455e0f8f36 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimAccessor.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimAccessor.java
@@ -28,8 +28,8 @@ import java.util.Map;
  * @see ClaimAccessor
  * @see StandardClaimNames
  * @see OidcUserInfo
- * @see UserInfo Response
- * @see Standard Claims
+ * @see UserInfo Response
+ * @see Standard Claims
  * @author Joe Grandja
  * @since 5.0
  */
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimNames.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimNames.java
index 3ac3d142e9..e57b4df7a0 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimNames.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimNames.java
@@ -21,9 +21,9 @@ package org.springframework.security.oauth2.core.oidc;
  *
  * @author Joe Grandja
  * @since 5.0
- * @see Standard Claims
- * @see UserInfo Response
- * @see ID Token
+ * @see Standard Claims
+ * @see UserInfo Response
+ * @see ID Token
  */
 public interface StandardClaimNames {
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/endpoint/OidcParameterNames.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/endpoint/OidcParameterNames.java
index 8d1e400de8..13c37441c8 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/endpoint/OidcParameterNames.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/endpoint/OidcParameterNames.java
@@ -21,7 +21,7 @@ package org.springframework.security.oauth2.core.oidc.endpoint;
  *
  * @author Joe Grandja
  * @since 5.0
- * @see 18.2 OAuth Parameters Registration
+ * @see 18.2 OAuth Parameters Registration
  */
 public interface OidcParameterNames {
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUser.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUser.java
index fe11e95a2a..15b3014061 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUser.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUser.java
@@ -46,8 +46,8 @@ import java.util.Map;
  * @see OidcUserInfo
  * @see IdTokenClaimAccessor
  * @see StandardClaimAccessor
- * @see ID Token
- * @see Standard Claims
+ * @see ID Token
+ * @see Standard Claims
  */
 public interface OidcUser extends OAuth2User, IdTokenClaimAccessor {
 
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java
index 6583d81a08..caa1da5fbe 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java
@@ -35,7 +35,7 @@ import static org.assertj.core.api.Assertions.*;
 public class OAuth2AuthorizationRequestTests {
 	private static final String AUTHORIZATION_URI = "https://provider.com/oauth2/authorize";
 	private static final String CLIENT_ID = "client-id";
-	private static final String REDIRECT_URI = "http://example.com";
+	private static final String REDIRECT_URI = "https://example.com";
 	private static final Set SCOPES = new LinkedHashSet<>(Arrays.asList("scope1", "scope2"));
 	private static final String STATE = "state";
 
@@ -204,7 +204,7 @@ public class OAuth2AuthorizationRequestTests {
 				.isEqualTo("https://provider.com/oauth2/authorize?" +
 						"response_type=token&client_id=client-id&" +
 						"scope=scope1%20scope2&state=state&" +
-						"redirect_uri=http://example.com");
+						"redirect_uri=https://example.com");
 	}
 
 	@Test
@@ -240,7 +240,7 @@ public class OAuth2AuthorizationRequestTests {
 				.isEqualTo("https://provider.com/oauth2/authorize?" +
 						"response_type=code&client_id=client-id&" +
 						"scope=scope1%20scope2&state=state&" +
-						"redirect_uri=http://example.com¶m1=value1¶m2=value2");
+						"redirect_uri=https://example.com¶m1=value1¶m2=value2");
 	}
 
 	@Test
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTests.java
index 8a876675a1..00bd042b70 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseTests.java
@@ -27,7 +27,7 @@ import static org.assertj.core.api.Assertions.assertThatCode;
  */
 public class OAuth2AuthorizationResponseTests {
 	private static final String AUTH_CODE = "auth-code";
-	private static final String REDIRECT_URI = "http://example.com";
+	private static final String REDIRECT_URI = "https://example.com";
 	private static final String STATE = "state";
 	private static final String ERROR_CODE = "error-code";
 	private static final String ERROR_DESCRIPTION = "error-description";
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoders.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoders.java
index 00a910bdf6..e407d25b7f 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoders.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoders.java
@@ -37,13 +37,13 @@ public final class JwtDecoders {
 
 	/**
 	 * Creates a {@link JwtDecoder} using the provided
-	 * Issuer by making an
+	 * Issuer by making an
 	 * OpenID Provider
 	 * Configuration Request and using the values in the
 	 * OpenID
 	 * Provider Configuration Response to initialize the {@link JwtDecoder}.
 	 *
-	 * @param oidcIssuerLocation the Issuer
+	 * @param oidcIssuerLocation the Issuer
 	 * @return a {@link JwtDecoder} that was initialized by the OpenID Provider Configuration.
 	 */
 	public static JwtDecoder fromOidcIssuerLocation(String oidcIssuerLocation) {
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java
index 1254636210..f41278c5e3 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java
@@ -230,7 +230,7 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 		 * Use the given {@link RestOperations} to coordinate with the authorization servers indicated in the
 		 * JWK Set uri
 		 * as well as the
-		 * Issuer.
+		 * Issuer.
 		 *
 		 * @param restOperations
 		 * @return
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
index fbced6046f..4a12d23619 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
@@ -234,7 +234,7 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 		 * Use the given {@link WebClient} to coordinate with the authorization servers indicated in the
 		 * JWK Set uri
 		 * as well as the
-		 * Issuer.
+		 * Issuer.
 		 *
 		 * @param webClient
 		 * @return a {@link JwkSetUriReactiveJwtDecoderBuilder} for further configurations
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoders.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoders.java
index f85b02dad5..f3788ac06f 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoders.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoders.java
@@ -35,13 +35,13 @@ public final class ReactiveJwtDecoders {
 
 	/**
 	 * Creates a {@link ReactiveJwtDecoder} using the provided
-	 * Issuer by making an
+	 * Issuer by making an
 	 * OpenID Provider
 	 * Configuration Request and using the values in the
 	 * OpenID
 	 * Provider Configuration Response to initialize the {@link ReactiveJwtDecoder}.
 	 *
-	 * @param oidcIssuerLocation the Issuer
+	 * @param oidcIssuerLocation the Issuer
 	 * @return a {@link ReactiveJwtDecoder} that was initialized by the OpenID Provider Configuration.
 	 */
 	public static ReactiveJwtDecoder fromOidcIssuerLocation(String oidcIssuerLocation) {
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
index 4d93df3da2..6db71fda49 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java
@@ -75,7 +75,7 @@ public class NimbusJwtDecoderTests {
 	private static final String UNSIGNED_JWT = "eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJleHAiOi0yMDMzMjI0OTcsImp0aSI6IjEyMyIsInR5cCI6IkpXVCJ9.";
 	private static final String EMPTY_EXP_CLAIM_JWT = "eyJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJhdWRpZW5jZSJ9.D1eT0jpBEpuh74p-YT-uF81Z7rkVqIpUtJ5hWWFiVShZ9s8NIntK4Q1GlvlziiySSaVYaXtpTmDB3c8r-Z5Mj4ibihiueCSq7jaPD3sA8IMQKL-L6Uol8MSD_lSFE2n3fVBTxFeaejBKfZsDxnhzgpy8g7PncR47w8NHs-7tKO4qw7G_SV3hkNpDNoqZTfMImxyWEebgKM2pJAhN4das2CO1KAjYMfEByLcgYncE8fzdYPJhMFo2XRRSQABoeUBuKSAwIntBaOGvcb-qII_Hefc5U0cmpNItG75F2XfX803plKI4FFpAxJsbPKWSQmhs6bZOrhx0x74pY5LS3ghmJw";
 
-	private static final String JWK_SET_URI = "http://issuer/.well-known/jwks.json";
+	private static final String JWK_SET_URI = "https://issuer/.well-known/jwks.json";
 	private static final String RS512_SIGNED_JWT = "eyJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJ0ZXN0LXN1YmplY3QiLCJleHAiOjE5NzQzMjYxMTl9.LKAx-60EBfD7jC1jb1eKcjO4uLvf3ssISV-8tN-qp7gAjSvKvj4YA9-V2mIb6jcS1X_xGmNy6EIimZXpWaBR3nJmeu-jpe85u4WaW2Ztr8ecAi-dTO7ZozwdtljKuBKKvj4u1nF70zyCNl15AozSG0W1ASrjUuWrJtfyDG6WoZ8VfNMuhtU-xUYUFvscmeZKUYQcJ1KS-oV5tHeF8aNiwQoiPC_9KXCOZtNEJFdq6-uzFdHxvOP2yex5Gbmg5hXonauIFXG2ZPPGdXzm-5xkhBpgM8U7A_6wb3So8wBvLYYm2245QUump63AJRAy8tQpwt4n9MvQxQgS3z9R-NK92A";
 	private static final String RS256_SIGNED_JWT = "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJ0ZXN0LXN1YmplY3QiLCJleHAiOjE5NzQzMjYzMzl9.CT-H2OWEqmSs1NWmnta5ealLFvM8OlbQTjGhfRcKLNxrTrzsOkqBJl-AN3k16BQU7mS32o744TiiZ29NcDlxPsr1MqTlN86-dobPiuNIDLp3A1bOVdXMcVFuMYkrNv0yW0tGS9OjEqsCCuZDkZ1by6AhsHLbGwRY-6AQdcRouZygGpOQu1hNun5j8q5DpSTY4AXKARIFlF-O3OpVbPJ0ebr3Ki-i3U9p_55H0e4-wx2bqcApWlqgofl1I8NKWacbhZgn81iibup2W7E0CzCzh71u1Mcy3xk1sYePx-dwcxJnHmxJReBBWjJZEAeCrkbnn_OCuo2fA-EQyNJtlN5F2w";
 	private static final String VERIFY_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4yKxb6SNePdDmQi9xFCrP6QvHosErQzryknQTTTffs0t3cy3Er3lIceuhZ7yQNSCDfPFqG8GoyoKhuChRiA5D+J2ab7bqTa1QJKfnCyERoscftgN2fXPHjHoiKbpGV2tMVw8mXl//tePOAiKbMJaBUnlAvJgkk1rVm08dSwpLC1sr2M19euf9jwnRGkMRZuhp9iCPgECRke5T8Ixpv0uQjSmGHnWUKTFlbj8sM83suROR1Ue64JSGScANc5vk3huJ/J97qTC+K2oKj6L8d9O8dpc4obijEOJwpydNvTYDgbiivYeSB00KS9jlBkQ5B2QqLvLVEygDl3dp59nGx6YQIDAQAB";
@@ -277,7 +277,7 @@ public class NimbusJwtDecoderTests {
 		RestOperations restOperations = mock(RestOperations.class);
 		when(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
 				.thenReturn(new ResponseEntity<>(jwkResponse, HttpStatus.OK));
-		return withJwkSetUri("http://issuer/.well-known/jwks.json")
+		return withJwkSetUri("https://issuer/.well-known/jwks.json")
 				.restOperations(restOperations)
 				.processor();
 	}
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
index 90454624bf..96bdddc75f 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
@@ -79,7 +79,7 @@ public class NimbusReactiveJwtDecoderTests {
 		+ "      }\n"
 		+ "   ]\n"
 		+ "}";
-	private String jwkSetUri = "http://issuer/certs";
+	private String jwkSetUri = "https://issuer/certs";
 
 	private String rsa512 = "eyJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJ0ZXN0LXN1YmplY3QiLCJleHAiOjE5NzQzMjYxMTl9.LKAx-60EBfD7jC1jb1eKcjO4uLvf3ssISV-8tN-qp7gAjSvKvj4YA9-V2mIb6jcS1X_xGmNy6EIimZXpWaBR3nJmeu-jpe85u4WaW2Ztr8ecAi-dTO7ZozwdtljKuBKKvj4u1nF70zyCNl15AozSG0W1ASrjUuWrJtfyDG6WoZ8VfNMuhtU-xUYUFvscmeZKUYQcJ1KS-oV5tHeF8aNiwQoiPC_9KXCOZtNEJFdq6-uzFdHxvOP2yex5Gbmg5hXonauIFXG2ZPPGdXzm-5xkhBpgM8U7A_6wb3So8wBvLYYm2245QUump63AJRAy8tQpwt4n9MvQxQgS3z9R-NK92A";
 	private String rsa256 = "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJ0ZXN0LXN1YmplY3QiLCJleHAiOjE5NzQzMjYzMzl9.CT-H2OWEqmSs1NWmnta5ealLFvM8OlbQTjGhfRcKLNxrTrzsOkqBJl-AN3k16BQU7mS32o744TiiZ29NcDlxPsr1MqTlN86-dobPiuNIDLp3A1bOVdXMcVFuMYkrNv0yW0tGS9OjEqsCCuZDkZ1by6AhsHLbGwRY-6AQdcRouZygGpOQu1hNun5j8q5DpSTY4AXKARIFlF-O3OpVbPJ0ebr3Ki-i3U9p_55H0e4-wx2bqcApWlqgofl1I8NKWacbhZgn81iibup2W7E0CzCzh71u1Mcy3xk1sYePx-dwcxJnHmxJReBBWjJZEAeCrkbnn_OCuo2fA-EQyNJtlN5F2w";
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorTests.java
index c3510e968f..b8d78569e0 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/BearerTokenErrorTests.java
@@ -37,7 +37,7 @@ public class BearerTokenErrorTests {
 
 	private static final String TEST_DESCRIPTION = "test-description";
 
-	private static final String TEST_URI = "http://example.com";
+	private static final String TEST_URI = "https://example.com";
 
 	private static final String TEST_SCOPE = "test-scope";
 
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPointTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPointTests.java
index 8a81b22acd..fc5bca4482 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPointTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPointTests.java
@@ -115,14 +115,14 @@ public class BearerTokenAuthenticationEntryPointTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_REQUEST, HttpStatus.BAD_REQUEST,
-				null, "http://example.com", null);
+				null, "https://example.com", null);
 
 		this.authenticationEntryPoint.commence(request, response,
 				new OAuth2AuthenticationException(error));
 
 		assertThat(response.getStatus()).isEqualTo(400);
 		assertThat(response.getHeader("WWW-Authenticate"))
-				.isEqualTo("Bearer error=\"invalid_request\", error_uri=\"http://example.com\"");
+				.isEqualTo("Bearer error=\"invalid_request\", error_uri=\"https://example.com\"");
 	}
 
 	@Test
@@ -181,7 +181,7 @@ public class BearerTokenAuthenticationEntryPointTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INSUFFICIENT_SCOPE, HttpStatus.FORBIDDEN,
-				"Insufficient scope", "http://example.com", "test.read test.write");
+				"Insufficient scope", "https://example.com", "test.read test.write");
 
 		this.authenticationEntryPoint.setRealmName("test");
 		this.authenticationEntryPoint.commence(request, response,
@@ -190,7 +190,7 @@ public class BearerTokenAuthenticationEntryPointTests {
 		assertThat(response.getStatus()).isEqualTo(403);
 		assertThat(response.getHeader("WWW-Authenticate")).isEqualTo(
 				"Bearer realm=\"test\", error=\"insufficient_scope\", error_description=\"Insufficient scope\", "
-						+ "error_uri=\"http://example.com\", scope=\"test.read test.write\"");
+						+ "error_uri=\"https://example.com\", scope=\"test.read test.write\"");
 	}
 
 	@Test
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
index 652ed3b8e3..de49db5a4a 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
@@ -249,12 +249,12 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 	 * Maps the return_to url to a realm, for example:
 	 *
 	 * 
    -	 * http://www.example.com/login/openid -> http://www.example.com/realm
+	 * https://www.example.com/login/openid -> https://www.example.com/realm
 	 * 
    
 	 *
 	 * If no mapping is provided then the returnToUrl will be parsed to extract the
 	 * protocol, hostname and port followed by a trailing slash. This means that
-	 * http://www.example.com/login/openid will automatically become
+	 * https://www.example.com/login/openid will automatically become
 	 * http://www.example.com:80/
 	 *
 	 * @param realmMapping containing returnToUrl -> realm mappings
diff --git a/openid/src/main/java/org/springframework/security/openid/package.html b/openid/src/main/java/org/springframework/security/openid/package.html
index c940ab8aee..80e7f0c0f4 100644
--- a/openid/src/main/java/org/springframework/security/openid/package.html
+++ b/openid/src/main/java/org/springframework/security/openid/package.html
@@ -1,5 +1,5 @@
 
 
-Authenticates standard web browser users via OpenID.
+Authenticates standard web browser users via OpenID.
 
 
\ No newline at end of file
diff --git a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
index 85be75fa12..1622c3ff59 100644
--- a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
+++ b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
@@ -36,8 +36,8 @@ import org.springframework.security.web.authentication.SavedRequestAwareAuthenti
 public class OpenIDAuthenticationFilterTests {
 
 	OpenIDAuthenticationFilter filter;
-	private static final String REDIRECT_URL = "http://www.example.com/redirect";
-	private static final String CLAIMED_IDENTITY_URL = "http://www.example.com/identity";
+	private static final String REDIRECT_URL = "https://www.example.com/redirect";
+	private static final String CLAIMED_IDENTITY_URL = "https://www.example.com/identity";
 	private static final String REQUEST_PATH = "/login/openid";
 	private static final String FILTER_PROCESS_URL = "http://localhost:8080"
 			+ REQUEST_PATH;
@@ -95,7 +95,7 @@ public class OpenIDAuthenticationFilterTests {
 	public void encodesUrlParameters() throws Exception {
 		// Arbitrary parameter name and value that will both need to be encoded:
 		String paramName = "foo&bar";
-		String paramValue = "http://example.com/path?a=b&c=d";
+		String paramValue = "https://example.com/path?a=b&c=d";
 		MockHttpServletRequest req = new MockHttpServletRequest("GET", REQUEST_PATH);
 		req.addParameter(paramName, paramValue);
 		filter.setReturnToUrlParameters(Collections.singleton(paramName));
diff --git a/remoting/src/main/java/org/springframework/security/remoting/dns/DnsResolver.java b/remoting/src/main/java/org/springframework/security/remoting/dns/DnsResolver.java
index 63d88a0379..f5d689cc59 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/dns/DnsResolver.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/dns/DnsResolver.java
@@ -57,7 +57,7 @@ public interface DnsResolver {
 	 * number in the DNS record) and if there are more than one records with the same
 	 * priority, it will return the one with the highest weight. You will find more
 	 * informatione about DNS service records at Wikipedia.
+	 * href="https://en.wikipedia.org/wiki/SRV_record">Wikipedia.
 	 *
 	 * @param serviceType The service type you are searching for, e.g. ldap, kerberos, ...
 	 * @param domain The domain, in which you are searching for the service
diff --git a/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java b/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java
index 314d0bfc9c..4f2aee1959 100644
--- a/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java
+++ b/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java
@@ -113,7 +113,7 @@ public class JndiDnsResolverTests {
 		BasicAttribute record = new BasicAttribute("SRV");
 		// the structure of the service records is:
 		// priority weight port hostname
-		// for more information: http://en.wikipedia.org/wiki/SRV_record
+		// for more information: https://en.wikipedia.org/wiki/SRV_record
 		record.add("20 80 389 kdc3.springsource.com.");
 		record.add("10 70 389 kdc.springsource.com.");
 		record.add("20 20 389 kdc4.springsource.com.");
diff --git a/samples/boot/helloworld/src/main/resources/templates/index.html b/samples/boot/helloworld/src/main/resources/templates/index.html
index a395cd0623..05fad12033 100644
--- a/samples/boot/helloworld/src/main/resources/templates/index.html
+++ b/samples/boot/helloworld/src/main/resources/templates/index.html
@@ -1,5 +1,5 @@
 
-
+
     
         Hello Spring Security
         
diff --git a/samples/boot/helloworld/src/main/resources/templates/login.html b/samples/boot/helloworld/src/main/resources/templates/login.html
index d5a8c9520f..cec2b5b0da 100644
--- a/samples/boot/helloworld/src/main/resources/templates/login.html
+++ b/samples/boot/helloworld/src/main/resources/templates/login.html
@@ -1,5 +1,5 @@
 
-
+
     
         Login page
         
diff --git a/samples/boot/helloworld/src/main/resources/templates/user/index.html b/samples/boot/helloworld/src/main/resources/templates/user/index.html
index f0329e7bd6..53dd9319a5 100644
--- a/samples/boot/helloworld/src/main/resources/templates/user/index.html
+++ b/samples/boot/helloworld/src/main/resources/templates/user/index.html
@@ -1,5 +1,5 @@
 
-
+
     
         Hello Spring Security
         
diff --git a/samples/boot/insecure/src/main/resources/templates/index.html b/samples/boot/insecure/src/main/resources/templates/index.html
index edd7137287..ee9ccec618 100644
--- a/samples/boot/insecure/src/main/resources/templates/index.html
+++ b/samples/boot/insecure/src/main/resources/templates/index.html
@@ -1,5 +1,5 @@
 
-
+
     
         Hello Spring Security
         
diff --git a/samples/boot/insecure/src/main/resources/templates/login.html b/samples/boot/insecure/src/main/resources/templates/login.html
index d5a8c9520f..cec2b5b0da 100644
--- a/samples/boot/insecure/src/main/resources/templates/login.html
+++ b/samples/boot/insecure/src/main/resources/templates/login.html
@@ -1,5 +1,5 @@
 
-
+
     
         Login page
         
diff --git a/samples/boot/insecure/src/main/resources/templates/user/index.html b/samples/boot/insecure/src/main/resources/templates/user/index.html
index f00768aab1..3fd4ccc1a3 100644
--- a/samples/boot/insecure/src/main/resources/templates/user/index.html
+++ b/samples/boot/insecure/src/main/resources/templates/user/index.html
@@ -1,5 +1,5 @@
 
-
+
     
         Hello Spring Security
         
diff --git a/samples/boot/oauth2login-webflux/README.adoc b/samples/boot/oauth2login-webflux/README.adoc
index b963c54240..3d5080afc4 100644
--- a/samples/boot/oauth2login-webflux/README.adoc
+++ b/samples/boot/oauth2login-webflux/README.adoc
@@ -29,7 +29,7 @@ This section shows how to configure the sample application using Google as the A
 To use Google's OAuth 2.0 authentication system for login, you must set up a project in the Google API Console to obtain OAuth 2.0 credentials.
 
 NOTE: https://developers.google.com/identity/protocols/OpenIDConnect[Google's OAuth 2.0 implementation] for authentication conforms to the
- http://openid.net/connect/[OpenID Connect 1.0] specification and is http://openid.net/certification/[OpenID Certified].
+ https://openid.net/connect/[OpenID Connect 1.0] specification and is https://openid.net/certification/[OpenID Certified].
 
 Follow the instructions on the https://developers.google.com/identity/protocols/OpenIDConnect[OpenID Connect] page, starting in the section, "Setting up OAuth 2.0".
 
@@ -86,7 +86,7 @@ The Consent screen asks you to either allow or deny access to the OAuth Client y
 Click *Allow* to authorize the OAuth Client to access your email address and basic profile information.
 
 At this point, the OAuth Client retrieves your email address and basic profile information
-from the http://openid.net/specs/openid-connect-core-1_0.html#UserInfo[UserInfo Endpoint] and establishes an authenticated session.
+from the https://openid.net/specs/openid-connect-core-1_0.html#UserInfo[UserInfo Endpoint] and establishes an authenticated session.
 
 [[github-login]]
 == Login with GitHub
@@ -309,4 +309,4 @@ You are then redirected to the default _auto-generated_ login page, which displa
 Click on the Okta link, and you are then redirected to Okta for authentication.
 
 After authenticating with your Okta account credentials, the OAuth Client retrieves your email address and basic profile information
-from the http://openid.net/specs/openid-connect-core-1_0.html#UserInfo[UserInfo Endpoint] and establishes an authenticated session.
+from the https://openid.net/specs/openid-connect-core-1_0.html#UserInfo[UserInfo Endpoint] and establishes an authenticated session.
diff --git a/samples/boot/oauth2login-webflux/src/main/resources/templates/index.html b/samples/boot/oauth2login-webflux/src/main/resources/templates/index.html
index 7232bd61c4..ce8cdcde23 100644
--- a/samples/boot/oauth2login-webflux/src/main/resources/templates/index.html
+++ b/samples/boot/oauth2login-webflux/src/main/resources/templates/index.html
@@ -18,7 +18,7 @@
   ~
   -->
 
-
+
 
 	Spring Security - OAuth 2.0 Login
 	
diff --git a/samples/boot/oauth2login/README.adoc b/samples/boot/oauth2login/README.adoc
index 914b0b71a9..81d8fd2e90 100644
--- a/samples/boot/oauth2login/README.adoc
+++ b/samples/boot/oauth2login/README.adoc
@@ -26,7 +26,7 @@ This section shows how to configure the sample application using Google as the A
 To use Google's OAuth 2.0 authentication system for login, you must set up a project in the Google API Console to obtain OAuth 2.0 credentials.
 
 NOTE: https://developers.google.com/identity/protocols/OpenIDConnect[Google's OAuth 2.0 implementation] for authentication conforms to the
- http://openid.net/connect/[OpenID Connect 1.0] specification and is http://openid.net/certification/[OpenID Certified].
+ https://openid.net/connect/[OpenID Connect 1.0] specification and is https://openid.net/certification/[OpenID Certified].
 
 Follow the instructions on the https://developers.google.com/identity/protocols/OpenIDConnect[OpenID Connect] page, starting in the section, "Setting up OAuth 2.0".
 
@@ -83,7 +83,7 @@ The Consent screen asks you to either allow or deny access to the OAuth Client y
 Click *Allow* to authorize the OAuth Client to access your email address and basic profile information.
 
 At this point, the OAuth Client retrieves your email address and basic profile information
-from the http://openid.net/specs/openid-connect-core-1_0.html#UserInfo[UserInfo Endpoint] and establishes an authenticated session.
+from the https://openid.net/specs/openid-connect-core-1_0.html#UserInfo[UserInfo Endpoint] and establishes an authenticated session.
 
 [[github-login]]
 == Login with GitHub
@@ -306,4 +306,4 @@ You are then redirected to the default _auto-generated_ login page, which displa
 Click on the Okta link, and you are then redirected to Okta for authentication.
 
 After authenticating with your Okta account credentials, the OAuth Client retrieves your email address and basic profile information
-from the http://openid.net/specs/openid-connect-core-1_0.html#UserInfo[UserInfo Endpoint] and establishes an authenticated session.
+from the https://openid.net/specs/openid-connect-core-1_0.html#UserInfo[UserInfo Endpoint] and establishes an authenticated session.
diff --git a/samples/boot/oauth2login/src/main/resources/templates/index.html b/samples/boot/oauth2login/src/main/resources/templates/index.html
index f34527dc7c..629d8ac8ee 100644
--- a/samples/boot/oauth2login/src/main/resources/templates/index.html
+++ b/samples/boot/oauth2login/src/main/resources/templates/index.html
@@ -1,5 +1,5 @@
 
-
+
 
 	Spring Security - OAuth 2.0 Login
 	
diff --git a/samples/boot/oauth2webclient-webflux/src/main/resources/templates/index.html b/samples/boot/oauth2webclient-webflux/src/main/resources/templates/index.html
index 8617f1775b..7787a75dd7 100644
--- a/samples/boot/oauth2webclient-webflux/src/main/resources/templates/index.html
+++ b/samples/boot/oauth2webclient-webflux/src/main/resources/templates/index.html
@@ -1,5 +1,5 @@
 
-
+
 
 	OAuth2 WebClient Showcase
 	
diff --git a/samples/boot/oauth2webclient-webflux/src/main/resources/templates/response.html b/samples/boot/oauth2webclient-webflux/src/main/resources/templates/response.html
index 84d7bc76b9..210c18c29a 100644
--- a/samples/boot/oauth2webclient-webflux/src/main/resources/templates/response.html
+++ b/samples/boot/oauth2webclient-webflux/src/main/resources/templates/response.html
@@ -15,7 +15,7 @@
   -->
 
 
-
+
 
     OAuth2 WebClient Showcase
     
diff --git a/samples/boot/oauth2webclient/src/main/resources/templates/index.html b/samples/boot/oauth2webclient/src/main/resources/templates/index.html
index a32fa48a2f..07a8e68035 100644
--- a/samples/boot/oauth2webclient/src/main/resources/templates/index.html
+++ b/samples/boot/oauth2webclient/src/main/resources/templates/index.html
@@ -1,5 +1,5 @@
 
-
+
 
 	OAuth2 WebClient Showcase
 	
diff --git a/samples/boot/oauth2webclient/src/main/resources/templates/response.html b/samples/boot/oauth2webclient/src/main/resources/templates/response.html
index 84d7bc76b9..210c18c29a 100644
--- a/samples/boot/oauth2webclient/src/main/resources/templates/response.html
+++ b/samples/boot/oauth2webclient/src/main/resources/templates/response.html
@@ -15,7 +15,7 @@
   -->
 
 
-
+
 
     OAuth2 WebClient Showcase
     
diff --git a/samples/boot/webflux-form/src/main/resources/templates/login.html b/samples/boot/webflux-form/src/main/resources/templates/login.html
index c28b4c97eb..4fa5c65688 100644
--- a/samples/boot/webflux-form/src/main/resources/templates/login.html
+++ b/samples/boot/webflux-form/src/main/resources/templates/login.html
@@ -7,7 +7,7 @@
 	
 	Please Log In
 	
-	
+	
 
 
 
    
diff --git a/samples/javaconfig/form/src/main/resources/views/login.html b/samples/javaconfig/form/src/main/resources/views/login.html
index 18ac1b2b9c..c28c5b2add 100644
--- a/samples/javaconfig/form/src/main/resources/views/login.html
+++ b/samples/javaconfig/form/src/main/resources/views/login.html
@@ -1,4 +1,4 @@
-
+
 	
 		Please Login
 	
diff --git a/samples/javaconfig/hellojs/src/main/resources/resources/js/bootstrap.js b/samples/javaconfig/hellojs/src/main/resources/resources/js/bootstrap.js
index 3c639f57d3..ee5a14587b 100644
--- a/samples/javaconfig/hellojs/src/main/resources/resources/js/bootstrap.js
+++ b/samples/javaconfig/hellojs/src/main/resources/resources/js/bootstrap.js
@@ -1,6 +1,6 @@
 /* ===================================================
  * bootstrap-transition.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#transitions
+ * https://twitter.github.com/bootstrap/javascript.html#transitions
  * ===================================================
  * Copyright 2012 Twitter, Inc.
  *
@@ -23,7 +23,7 @@
   "use strict"; // jshint ;_;
 
 
-  /* CSS TRANSITION SUPPORT (http://www.modernizr.com/)
+  /* CSS TRANSITION SUPPORT (https://www.modernizr.com/)
    * ======================================================= */
 
   $(function () {
@@ -59,7 +59,7 @@
 
 }(window.jQuery);/* ==========================================================
  * bootstrap-alert.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#alerts
+ * https://twitter.github.com/bootstrap/javascript.html#alerts
  * ==========================================================
  * Copyright 2012 Twitter, Inc.
  *
@@ -157,7 +157,7 @@
 
 }(window.jQuery);/* ============================================================
  * bootstrap-button.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#buttons
+ * https://twitter.github.com/bootstrap/javascript.html#buttons
  * ============================================================
  * Copyright 2012 Twitter, Inc.
  *
@@ -261,7 +261,7 @@
 
 }(window.jQuery);/* ==========================================================
  * bootstrap-carousel.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#carousel
+ * https://twitter.github.com/bootstrap/javascript.html#carousel
  * ==========================================================
  * Copyright 2012 Twitter, Inc.
  *
@@ -467,7 +467,7 @@
 
 }(window.jQuery);/* =============================================================
  * bootstrap-collapse.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#collapse
+ * https://twitter.github.com/bootstrap/javascript.html#collapse
  * =============================================================
  * Copyright 2012 Twitter, Inc.
  *
@@ -633,7 +633,7 @@
 
 }(window.jQuery);/* ============================================================
  * bootstrap-dropdown.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#dropdowns
+ * https://twitter.github.com/bootstrap/javascript.html#dropdowns
  * ============================================================
  * Copyright 2012 Twitter, Inc.
  *
@@ -802,7 +802,7 @@
 }(window.jQuery);
 /* =========================================================
  * bootstrap-modal.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#modals
+ * https://twitter.github.com/bootstrap/javascript.html#modals
  * =========================================================
  * Copyright 2012 Twitter, Inc.
  *
@@ -1049,7 +1049,7 @@
 }(window.jQuery);
 /* ===========================================================
  * bootstrap-tooltip.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#tooltips
+ * https://twitter.github.com/bootstrap/javascript.html#tooltips
  * Inspired by the original jQuery.tipsy by Jason Frame
  * ===========================================================
  * Copyright 2012 Twitter, Inc.
@@ -1410,7 +1410,7 @@
 }(window.jQuery);
 /* ===========================================================
  * bootstrap-popover.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#popovers
+ * https://twitter.github.com/bootstrap/javascript.html#popovers
  * ===========================================================
  * Copyright 2012 Twitter, Inc.
  *
@@ -1524,7 +1524,7 @@
 }(window.jQuery);
 /* =============================================================
  * bootstrap-scrollspy.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#scrollspy
+ * https://twitter.github.com/bootstrap/javascript.html#scrollspy
  * =============================================================
  * Copyright 2012 Twitter, Inc.
  *
@@ -1685,7 +1685,7 @@
 
 }(window.jQuery);/* ========================================================
  * bootstrap-tab.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#tabs
+ * https://twitter.github.com/bootstrap/javascript.html#tabs
  * ========================================================
  * Copyright 2012 Twitter, Inc.
  *
@@ -1828,7 +1828,7 @@
 
 }(window.jQuery);/* =============================================================
  * bootstrap-typeahead.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#typeahead
+ * https://twitter.github.com/bootstrap/javascript.html#typeahead
  * =============================================================
  * Copyright 2012 Twitter, Inc.
  *
@@ -2163,7 +2163,7 @@
 }(window.jQuery);
 /* ==========================================================
  * bootstrap-affix.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#affix
+ * https://twitter.github.com/bootstrap/javascript.html#affix
  * ==========================================================
  * Copyright 2012 Twitter, Inc.
  *
diff --git a/samples/javaconfig/hellojs/src/main/resources/resources/js/jquery-1.8.3.js b/samples/javaconfig/hellojs/src/main/resources/resources/js/jquery-1.8.3.js
index e6e07fc6b7..29d7a3efe7 100644
--- a/samples/javaconfig/hellojs/src/main/resources/resources/js/jquery-1.8.3.js
+++ b/samples/javaconfig/hellojs/src/main/resources/resources/js/jquery-1.8.3.js
@@ -1,13 +1,13 @@
 /*!
  * jQuery JavaScript Library v1.8.3
- * http://jquery.com/
+ * https://jquery.com/
  *
  * Includes Sizzle.js
- * http://sizzlejs.com/
+ * https://sizzlejs.com/
  *
  * Copyright 2012 jQuery Foundation and other contributors
  * Released under the MIT license
- * http://jquery.org/license
+ * https://jquery.org/license
  *
  * Date: Tue Nov 13 2012 08:20:33 GMT-0500 (Eastern Standard Time)
  */
@@ -515,7 +515,7 @@ jQuery.extend({
 		}
 
 		// Make sure the incoming data is actual JSON
-		// Logic borrowed from http://json.org/json2.js
+		// Logic borrowed from https://json.org/json2.js
 		if ( rvalidchars.test( data.replace( rvalidescape, "@" )
 			.replace( rvalidtokens, "]" )
 			.replace( rvalidbraces, "")) ) {
@@ -554,7 +554,7 @@ jQuery.extend({
 
 	// Evaluates a script in a global context
 	// Workarounds based on findings by Jim Driscoll
-	// http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context
+	// https://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context
 	globalEval: function( data ) {
 		if ( data && core_rnotwhite.test( data ) ) {
 			// We use execScript on Internet Explorer
@@ -846,7 +846,7 @@ jQuery.ready.promise = function( obj ) {
 
 		// Catch cases where $(document).ready() is called after the browser event has already occurred.
 		// we once tried to use readyState "interactive" here, but it caused issues like the one
-		// discovered by ChrisS here: http://bugs.jquery.com/ticket/12282#comment:15
+		// discovered by ChrisS here: https://bugs.jquery.com/ticket/12282#comment:15
 		if ( document.readyState === "complete" ) {
 			// Handle it asynchronously to allow scripts the opportunity to delay ready
 			setTimeout( jQuery.ready, 1 );
@@ -1945,7 +1945,7 @@ jQuery.fn.extend({
 		});
 	},
 	// Based off of the plugin by Clint Helfers, with permission.
-	// http://blindsignals.com/index.php/2009/07/jquery-delay/
+	// http://blindsignals.com
 	delay: function( time, type ) {
 		time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time;
 		type = type || "fx";
@@ -2452,7 +2452,7 @@ jQuery.extend({
 		tabIndex: {
 			get: function( elem ) {
 				// elem.tabIndex doesn't always return the correct value when it hasn't been explicitly set
-				// http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/
+				// https://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/
 				var attributeNode = elem.getAttributeNode("tabindex");
 
 				return attributeNode && attributeNode.specified ?
@@ -3279,7 +3279,7 @@ function returnTrue() {
 }
 
 // jQuery.Event is based on DOM3 Events as specified by the ECMAScript Language Binding
-// http://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html
+// https://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html
 jQuery.Event.prototype = {
 	preventDefault: function() {
 		this.isDefaultPrevented = returnTrue;
@@ -3664,7 +3664,7 @@ jQuery.each( ("blur focus focusin focusout load resize scroll unload click dblcl
  * Sizzle CSS Selector Engine
  * Copyright 2012 jQuery Foundation and other contributors
  * Released under the MIT license
- * http://sizzlejs.com/
+ * https://sizzlejs.com/
  */
 (function( window, undefined ) {
 
@@ -3731,17 +3731,17 @@ var cachedruns,
 
 	// Regex
 
-	// Whitespace characters http://www.w3.org/TR/css3-selectors/#whitespace
+	// Whitespace characters https://www.w3.org/TR/css3-selectors/#whitespace
 	whitespace = "[\\x20\\t\\r\\n\\f]",
-	// http://www.w3.org/TR/css3-syntax/#characters
+	// https://www.w3.org/TR/css3-syntax/#characters
 	characterEncoding = "(?:\\\\.|[-\\w]|[^\\x00-\\xa0])+",
 
 	// Loosely modeled on CSS identifier characters
-	// An unquoted value should be a CSS identifier (http://www.w3.org/TR/css3-selectors/#attribute-selectors)
-	// Proper syntax: http://www.w3.org/TR/CSS21/syndata.html#value-def-identifier
+	// An unquoted value should be a CSS identifier (https://www.w3.org/TR/css3-selectors/#attribute-selectors)
+	// Proper syntax: https://www.w3.org/TR/CSS21/syndata.html#value-def-identifier
 	identifier = characterEncoding.replace( "w", "w#" ),
 
-	// Acceptable operators http://www.w3.org/TR/selectors/#attribute-selectors
+	// Acceptable operators https://www.w3.org/TR/selectors/#attribute-selectors
 	operators = "([*^$|!~]?=)",
 	attributes = "\\[" + whitespace + "*(" + characterEncoding + ")" + whitespace +
 		"*(?:" + operators + whitespace + "*(?:(['\"])((?:\\\\.|[^\\\\])*?)\\3|(" + identifier + ")|)|)" + whitespace + "*\\]",
@@ -4350,7 +4350,7 @@ Expr = Sizzle.selectors = {
 
 		"PSEUDO": function( pseudo, argument ) {
 			// pseudo-class names are case-insensitive
-			// http://www.w3.org/TR/selectors/#pseudo-classes
+			// https://www.w3.org/TR/selectors/#pseudo-classes
 			// Prioritize by case sensitivity in case custom pseudos are added with uppercase letters
 			// Remember that setFilters inherits from pseudos
 			var args,
@@ -4437,7 +4437,7 @@ Expr = Sizzle.selectors = {
 
 		"checked": function( elem ) {
 			// In CSS3, :checked should return both checked and selected elements
-			// http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked
+			// https://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked
 			var nodeName = elem.nodeName.toLowerCase();
 			return (nodeName === "input" && !!elem.checked) || (nodeName === "option" && !!elem.selected);
 		},
@@ -4457,7 +4457,7 @@ Expr = Sizzle.selectors = {
 		},
 
 		"empty": function( elem ) {
-			// http://www.w3.org/TR/selectors/#empty-pseudo
+			// https://www.w3.org/TR/selectors/#empty-pseudo
 			// :empty is only affected by element nodes and content nodes(including text(3), cdata(4)),
 			//   not comment, processing instructions, or others
 			// Thanks to Diego Perini for the nodeName shortcut
@@ -5202,7 +5202,7 @@ if ( document.querySelectorAll ) {
 			// This is to test IE's treatment of not explictly
 			// setting a boolean content attribute,
 			// since its presence should be enough
-			// http://bugs.jquery.com/ticket/12359
+			// https://bugs.jquery.com/ticket/12359
 			div.innerHTML = "";
 
 			// IE8 - Some boolean attributes are not treated correctly
@@ -5211,7 +5211,7 @@ if ( document.querySelectorAll ) {
 			}
 
 			// Webkit/Opera - :checked should return selected option elements
-			// http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked
+			// https://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked
 			// IE8 throws error here (do not put tests after this one)
 			if ( !div.querySelectorAll(":checked").length ) {
 				rbuggyQSA.push(":checked");
@@ -6478,7 +6478,7 @@ jQuery.extend({
 var matched, browser;
 
 // Use of jQuery.browser is frowned upon.
-// More details: http://api.jquery.com/jQuery.browser
+// More details: https://api.jquery.com/jQuery.browser
 // jQuery.uaMatch maintained for back-compat
 jQuery.uaMatch = function( ua ) {
 	ua = ua.toLowerCase();
@@ -6837,7 +6837,7 @@ if ( window.getComputedStyle ) {
 			// A tribute to the "awesome hack by Dean Edwards"
 			// Chrome < 17 and Safari 5.0 uses "computed value" instead of "used value" for margin-right
 			// Safari 5.1.7 (at least) returns percentage for a larger set of values, but width seems to be reliably pixels
-			// this is against the CSSOM draft spec: http://dev.w3.org/csswg/cssom/#resolved-values
+			// this is against the CSSOM draft spec: https://dev.w3.org/csswg/cssom/#resolved-values
 			if ( rnumnonpx.test( ret ) && rmargin.test( name ) ) {
 				width = style.width;
 				minWidth = style.minWidth;
@@ -8444,7 +8444,7 @@ if ( jQuery.support.ajax ) {
 
 						// Firefox throws exceptions when accessing properties
 						// of an xhr when a network error occurred
-						// http://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_(NS_ERROR_NOT_AVAILABLE)
+						// https://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_(NS_ERROR_NOT_AVAILABLE)
 						try {
 
 							// Was never called and is aborted or complete
diff --git a/samples/javaconfig/hellojs/src/main/resources/resources/js/knockout-2.3.0.js b/samples/javaconfig/hellojs/src/main/resources/resources/js/knockout-2.3.0.js
index 73fd0e2d93..752a084f99 100644
--- a/samples/javaconfig/hellojs/src/main/resources/resources/js/knockout-2.3.0.js
+++ b/samples/javaconfig/hellojs/src/main/resources/resources/js/knockout-2.3.0.js
@@ -1,6 +1,6 @@
 // Knockout JavaScript library v2.3.0
-// (c) Steven Sanderson - http://knockoutjs.com/
-// License: MIT (http://www.opensource.org/licenses/mit-license.php)
+// (c) Steven Sanderson - https://knockoutjs.com/
+// License: MIT (https://www.opensource.org/licenses/mit-license.php)
 
 (function() {function F(q){return function(){return q}};(function(q){var w=this||(0,eval)("this"),s=w.document,H=w.navigator,t=w.jQuery,y=w.JSON;(function(q){"function"===typeof require&&"object"===typeof exports&&"object"===typeof module?q(module.exports||exports):"function"===typeof define&&define.amd?define(["exports"],q):q(w.ko={})})(function(C){function G(b,c,d,f){a.d[b]={init:function(b){a.a.f.set(b,I,{});return{controlsDescendantBindings:!0}},update:function(b,e,m,h,k){m=a.a.f.get(b,I);e=a.a.c(e());h=!d!==!e;var l=!m.fb;if(l||c||h!==m.vb)l&&(m.fb=
 a.a.Oa(a.e.childNodes(b),!0)),h?(l||a.e.P(b,a.a.Oa(m.fb)),a.Ja(f?f(k,e):k,b)):a.e.ba(b),m.vb=h}};a.g.S[b]=!1;a.e.L[b]=!0}function J(b,c,d){d&&c!==a.h.n(b)&&a.h.W(b,c);c!==a.h.n(b)&&a.q.I(a.a.Ga,null,[b,"change"])}var a="undefined"!==typeof C?C:{};a.b=function(b,c){for(var d=b.split("."),f=a,g=0;g=e)try{a.mergeAttributes(s.createElement(""),!1)}catch(c){}},Bb:function(a){9<=e&&(a=1==a.nodeType?a:a.parentNode,a.style&&(a.style.zoom=a.style.zoom))},zb:function(a){if(e){var b=a.style.width;a.style.width=0;a.style.width=
 b}},Qb:function(b,e){b=a.a.c(b);e=a.a.c(e);for(var c=[],d=b;d<=e;d++)c.push(d);return c},N:function(a){for(var b=[],e=0,c=a.length;e
+
   
     SecureMail
     
@@ -66,7 +66,7 @@
 
     
     
     
     
diff --git a/samples/javaconfig/helloworld/src/main/webapp/index.jsp b/samples/javaconfig/helloworld/src/main/webapp/index.jsp
index 4cec889f1f..8b4d7a3983 100644
--- a/samples/javaconfig/helloworld/src/main/webapp/index.jsp
+++ b/samples/javaconfig/helloworld/src/main/webapp/index.jsp
@@ -17,7 +17,7 @@
     
     
     
   
 
diff --git a/samples/javaconfig/messages/src/main/resources/views/layout.html b/samples/javaconfig/messages/src/main/resources/views/layout.html
index 1d56e76cf1..19ca32e283 100644
--- a/samples/javaconfig/messages/src/main/resources/views/layout.html
+++ b/samples/javaconfig/messages/src/main/resources/views/layout.html
@@ -1,6 +1,6 @@
-
+
 
+      xmlns:th="https://www.thymeleaf.org">
   
     SecureMail: <th:block th:include="${title}"></th:block>
     
@@ -68,7 +68,7 @@
 
     
     
     
   
@@ -114,7 +114,7 @@
 
     
   
diff --git a/samples/javaconfig/messages/src/main/resources/views/messages/compose.html b/samples/javaconfig/messages/src/main/resources/views/messages/compose.html
index 959d381eab..4e098d306f 100644
--- a/samples/javaconfig/messages/src/main/resources/views/messages/compose.html
+++ b/samples/javaconfig/messages/src/main/resources/views/messages/compose.html
@@ -1,4 +1,4 @@
-
+
   
       Create
   
diff --git a/samples/javaconfig/messages/src/main/resources/views/messages/inbox.html b/samples/javaconfig/messages/src/main/resources/views/messages/inbox.html
index 939c54a0f1..2b759bd90f 100644
--- a/samples/javaconfig/messages/src/main/resources/views/messages/inbox.html
+++ b/samples/javaconfig/messages/src/main/resources/views/messages/inbox.html
@@ -1,4 +1,4 @@
-
+
   
       View All
   
diff --git a/samples/javaconfig/messages/src/main/resources/views/messages/show.html b/samples/javaconfig/messages/src/main/resources/views/messages/show.html
index 8e8f9774e1..9c04cc7ae9 100644
--- a/samples/javaconfig/messages/src/main/resources/views/messages/show.html
+++ b/samples/javaconfig/messages/src/main/resources/views/messages/show.html
@@ -1,4 +1,4 @@
-
+
   
       Create
   
diff --git a/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
index 002464c63b..0b21d482e9 100644
--- a/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@@ -36,35 +36,35 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 				.authenticationUserDetailsService(new CustomUserDetailsService())
 				.attributeExchange("https://www.google.com/.*")
 					.attribute("email")
-						.type("http://axschema.org/contact/email")
+						.type("https://axschema.org/contact/email")
 						.required(true)
 						.and()
 					.attribute("firstname")
-						.type("http://axschema.org/namePerson/first")
+						.type("https://axschema.org/namePerson/first")
 						.required(true)
 						.and()
 					.attribute("lastname")
-						.type("http://axschema.org/namePerson/last")
+						.type("https://axschema.org/namePerson/last")
 						.required(true)
 						.and()
 					.and()
 				.attributeExchange(".*yahoo.com.*")
 					.attribute("email")
-						.type("http://axschema.org/contact/email")
+						.type("https://axschema.org/contact/email")
 						.required(true)
 						.and()
 					.attribute("fullname")
-						.type("http://axschema.org/namePerson")
+						.type("https://axschema.org/namePerson")
 						.required(true)
 						.and()
 					.and()
 				.attributeExchange(".*myopenid.com.*")
 					.attribute("email")
-						.type("http://schema.openid.net/contact/email")
+						.type("https://schema.openid.net/contact/email")
 						.required(true)
 						.and()
 					.attribute("fullname")
-						.type("http://schema.openid.net/namePerson")
+						.type("https://schema.openid.net/namePerson")
 						.required(true);
 	}
 	// @formatter:on
diff --git a/samples/javaconfig/openid/src/main/resources/resources/js/openid-client/jquery.query-2.1.3.js b/samples/javaconfig/openid/src/main/resources/resources/js/openid-client/jquery.query-2.1.3.js
index 07519d134e..29611c080b 100644
--- a/samples/javaconfig/openid/src/main/resources/resources/js/openid-client/jquery.query-2.1.3.js
+++ b/samples/javaconfig/openid/src/main/resources/resources/js/openid-client/jquery.query-2.1.3.js
@@ -1,7 +1,7 @@
 /**
  * jQuery.query - Query String Modification and Creation for jQuery
  * Written by Blair Mitchelmore (blair DOT mitchelmore AT gmail DOT com)
- * Licensed under the WTFPL (http://sam.zoy.org/wtfpl/).
+ * Licensed under the WTFPL (http://www.wtfpl.net/).
  * Date: 2009/02/08
  *
  * @author Blair Mitchelmore
diff --git a/samples/javaconfig/openid/src/main/resources/resources/js/openid-client/openid-client-config.js b/samples/javaconfig/openid/src/main/resources/resources/js/openid-client/openid-client-config.js
index f8ffd07027..4cb0920c8e 100644
--- a/samples/javaconfig/openid/src/main/resources/resources/js/openid-client/openid-client-config.js
+++ b/samples/javaconfig/openid/src/main/resources/resources/js/openid-client/openid-client-config.js
@@ -1,7 +1,7 @@
 /*
 Defines the base of where the OpenID Provider redirects its response to.
  */
-var server_root = "http://openid-selector.googlecode.com/svn/trunk/"
+var server_root = "https://openid-selector.googlecode.com/svn/trunk/"
 
 /*
 On the server-side you'd accept an OpenID URL and perform discovery
@@ -16,5 +16,5 @@ var providers_endpoint = {
 	google: 'https://www.google.com/accounts/o8/ud',
 	yahoo: 'https://open.login.yahooapis.com/openid/op/auth',
 	aol: 'https://api.screenname.aol.com/auth/openidServer',
-	verisign: 'http://pip.verisignlabs.com/server'
+	verisign: 'https://pip.verisignlabs.com/server'
 }
\ No newline at end of file
diff --git a/samples/javaconfig/openid/src/main/resources/resources/js/openid-client/openid-client.js b/samples/javaconfig/openid/src/main/resources/resources/js/openid-client/openid-client.js
index 92c1d17c87..63f4f75bf6 100644
--- a/samples/javaconfig/openid/src/main/resources/resources/js/openid-client/openid-client.js
+++ b/samples/javaconfig/openid/src/main/resources/resources/js/openid-client/openid-client.js
@@ -41,14 +41,14 @@ function getBaseOpenIDProviderURL(provider, claimed, immediate) {
 	var providerEndpoint = providers_endpoint[provider];
     var providerURL = providerEndpoint; //From previous discovery
     providerURL += "?";
-    providerURL += "openid.ns=" + encodeURIComponent("http://specs.openid.net/auth/2.0");
+    providerURL += "openid.ns=" + encodeURIComponent("https://specs.openid.net/auth/2.0");
     if(providers[provider].label) {
         providerURL += "&openid.claimed_id=" + encodeURIComponent(claimed);
         providerURL += "&openid.identity=" + encodeURIComponent(claimed);    	
     }
     else {
-        providerURL += "&openid.claimed_id=" + encodeURIComponent("http://specs.openid.net/auth/2.0/identifier_select");
-        providerURL += "&openid.identity=" + encodeURIComponent("http://specs.openid.net/auth/2.0/identifier_select");
+        providerURL += "&openid.claimed_id=" + encodeURIComponent("https://specs.openid.net/auth/2.0/identifier_select");
+        providerURL += "&openid.identity=" + encodeURIComponent("https://specs.openid.net/auth/2.0/identifier_select");
     }
     if(immediate) {
         providerURL += "&openid.return_to=" + encodeURIComponent(server_root + "openid-client/checkid_immediate_response.html");
diff --git a/samples/javaconfig/openid/src/main/resources/resources/js/openid-jquery.js b/samples/javaconfig/openid/src/main/resources/resources/js/openid-jquery.js
index 82a19ec24d..e46d233e33 100644
--- a/samples/javaconfig/openid/src/main/resources/resources/js/openid-jquery.js
+++ b/samples/javaconfig/openid/src/main/resources/resources/js/openid-jquery.js
@@ -1,6 +1,6 @@
 /*
 Simple OpenID Plugin
-http://code.google.com/p/openid-selector/
+https://code.google.com/p/openid-selector/
 
 This code is licenced under the New BSD License.
 */
@@ -17,7 +17,7 @@ var providers_large = {
     aol: {
         name: 'AOL',
         label: 'Enter your AOL screenname.',
-        url: 'http://openid.aol.com/{username}'
+        url: 'https://openid.aol.com/{username}'
     },
     verisign: {
         name: 'Verisign',
@@ -44,12 +44,12 @@ var providers_small = {
     flickr: {
         name: 'Flickr',
         label: 'Enter your Flickr username.',
-        url: 'http://flickr.com/{username}/'
+        url: 'https://flickr.com/{username}/'
     },
     technorati: {
         name: 'Technorati',
         label: 'Enter your Technorati username.',
-        url: 'http://technorati.com/people/technorati/{username}/'
+        url: 'https://technorati.com/people/technorati/{username}/'
     },
     wordpress: {
         name: 'Wordpress',
@@ -69,7 +69,7 @@ var providers_small = {
     claimid: {
         name: 'ClaimID',
         label: 'Your ClaimID username',
-        url: 'http://claimid.com/{username}'
+        url: 'https://claimid.com/{username}'
     }
 };
 var providers = $.extend({}, providers_large, providers_small);
diff --git a/samples/javaconfig/openid/src/main/resources/views/login.html b/samples/javaconfig/openid/src/main/resources/views/login.html
index fb3aadb6e5..0d46e3b163 100644
--- a/samples/javaconfig/openid/src/main/resources/views/login.html
+++ b/samples/javaconfig/openid/src/main/resources/views/login.html
@@ -1,4 +1,4 @@
-
+
   
     Messages : Login
     
@@ -28,7 +28,7 @@
                 
    
                 
 	        
 	    
diff --git a/samples/javaconfig/openid/src/main/resources/views/user/show.html b/samples/javaconfig/openid/src/main/resources/views/user/show.html
index 9f2dc81bc5..d2a14f7ad4 100644
--- a/samples/javaconfig/openid/src/main/resources/views/user/show.html
+++ b/samples/javaconfig/openid/src/main/resources/views/user/show.html
@@ -1,4 +1,4 @@
-
+
   
     Messages : Login
     
diff --git a/samples/javaconfig/preauth/src/main/resources/views/login.html b/samples/javaconfig/preauth/src/main/resources/views/login.html
index 32e355ed04..225e08832b 100644
--- a/samples/javaconfig/preauth/src/main/resources/views/login.html
+++ b/samples/javaconfig/preauth/src/main/resources/views/login.html
@@ -1,4 +1,4 @@
-
+
     
         Please Login
     
diff --git a/samples/javaconfig/rememberme/src/main/resources/views/login.html b/samples/javaconfig/rememberme/src/main/resources/views/login.html
index f807b051ea..55b40468e3 100644
--- a/samples/javaconfig/rememberme/src/main/resources/views/login.html
+++ b/samples/javaconfig/rememberme/src/main/resources/views/login.html
@@ -1,4 +1,4 @@
-
+
 	
 		Please Login
 	
diff --git a/samples/javaconfig/x509/src/main/webapp/WEB-INF/decorators/main.jsp b/samples/javaconfig/x509/src/main/webapp/WEB-INF/decorators/main.jsp
index 29e25eb9d0..20726cb81e 100644
--- a/samples/javaconfig/x509/src/main/webapp/WEB-INF/decorators/main.jsp
+++ b/samples/javaconfig/x509/src/main/webapp/WEB-INF/decorators/main.jsp
@@ -2,8 +2,8 @@
 
     
   
 
diff --git a/samples/javaconfig/x509/src/main/webapp/WEB-INF/web.xml- b/samples/javaconfig/x509/src/main/webapp/WEB-INF/web.xml-
index c6fe21d9b3..b87ff75318 100644
--- a/samples/javaconfig/x509/src/main/webapp/WEB-INF/web.xml-
+++ b/samples/javaconfig/x509/src/main/webapp/WEB-INF/web.xml-
@@ -1,7 +1,7 @@
 
 
+    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee https://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
 
     
         FORM
diff --git a/samples/xml/contacts/src/main/webapp/WEB-INF/jsp/frames.jsp b/samples/xml/contacts/src/main/webapp/WEB-INF/jsp/frames.jsp
index 96e928967d..cf3ad2066a 100644
--- a/samples/xml/contacts/src/main/webapp/WEB-INF/jsp/frames.jsp
+++ b/samples/xml/contacts/src/main/webapp/WEB-INF/jsp/frames.jsp
@@ -3,8 +3,8 @@
 Frames
 
 
-
    This contains frames, but the frames will not be loaded due to the X-Frame-Options
-being specified as denied. This protects against clickjacking attacks
    
+
    This contains frames, but the frames will not be loaded due to the X-Frame-Options
+being specified as denied. This protects against clickjacking attacks
    
 
 
 
\ No newline at end of file
diff --git a/samples/xml/contacts/src/main/webapp/WEB-INF/spring.tld b/samples/xml/contacts/src/main/webapp/WEB-INF/spring.tld
index 1bc7091f03..9580c330a8 100644
--- a/samples/xml/contacts/src/main/webapp/WEB-INF/spring.tld
+++ b/samples/xml/contacts/src/main/webapp/WEB-INF/spring.tld
@@ -1,5 +1,5 @@
 
-
+
 
 
 
diff --git a/samples/xml/helloworld/src/main/webapp/index.jsp b/samples/xml/helloworld/src/main/webapp/index.jsp
index 4cec889f1f..8b4d7a3983 100644
--- a/samples/xml/helloworld/src/main/webapp/index.jsp
+++ b/samples/xml/helloworld/src/main/webapp/index.jsp
@@ -17,7 +17,7 @@
     
     
     
   
 
diff --git a/samples/xml/insecure/src/main/webapp/index.jsp b/samples/xml/insecure/src/main/webapp/index.jsp
index f07b5771c5..431136a503 100644
--- a/samples/xml/insecure/src/main/webapp/index.jsp
+++ b/samples/xml/insecure/src/main/webapp/index.jsp
@@ -17,7 +17,7 @@
     
     
     
   
 
diff --git a/samples/xml/openid/src/main/webapp/js/openid-client/jquery.query-2.1.3.js b/samples/xml/openid/src/main/webapp/js/openid-client/jquery.query-2.1.3.js
index 07519d134e..29611c080b 100644
--- a/samples/xml/openid/src/main/webapp/js/openid-client/jquery.query-2.1.3.js
+++ b/samples/xml/openid/src/main/webapp/js/openid-client/jquery.query-2.1.3.js
@@ -1,7 +1,7 @@
 /**
  * jQuery.query - Query String Modification and Creation for jQuery
  * Written by Blair Mitchelmore (blair DOT mitchelmore AT gmail DOT com)
- * Licensed under the WTFPL (http://sam.zoy.org/wtfpl/).
+ * Licensed under the WTFPL (http://www.wtfpl.net/).
  * Date: 2009/02/08
  *
  * @author Blair Mitchelmore
diff --git a/samples/xml/openid/src/main/webapp/js/openid-client/openid-client-config.js b/samples/xml/openid/src/main/webapp/js/openid-client/openid-client-config.js
index f8ffd07027..4cb0920c8e 100644
--- a/samples/xml/openid/src/main/webapp/js/openid-client/openid-client-config.js
+++ b/samples/xml/openid/src/main/webapp/js/openid-client/openid-client-config.js
@@ -1,7 +1,7 @@
 /*
 Defines the base of where the OpenID Provider redirects its response to.
  */
-var server_root = "http://openid-selector.googlecode.com/svn/trunk/"
+var server_root = "https://openid-selector.googlecode.com/svn/trunk/"
 
 /*
 On the server-side you'd accept an OpenID URL and perform discovery
@@ -16,5 +16,5 @@ var providers_endpoint = {
 	google: 'https://www.google.com/accounts/o8/ud',
 	yahoo: 'https://open.login.yahooapis.com/openid/op/auth',
 	aol: 'https://api.screenname.aol.com/auth/openidServer',
-	verisign: 'http://pip.verisignlabs.com/server'
+	verisign: 'https://pip.verisignlabs.com/server'
 }
\ No newline at end of file
diff --git a/samples/xml/openid/src/main/webapp/js/openid-client/openid-client.js b/samples/xml/openid/src/main/webapp/js/openid-client/openid-client.js
index 92c1d17c87..63f4f75bf6 100644
--- a/samples/xml/openid/src/main/webapp/js/openid-client/openid-client.js
+++ b/samples/xml/openid/src/main/webapp/js/openid-client/openid-client.js
@@ -41,14 +41,14 @@ function getBaseOpenIDProviderURL(provider, claimed, immediate) {
 	var providerEndpoint = providers_endpoint[provider];
     var providerURL = providerEndpoint; //From previous discovery
     providerURL += "?";
-    providerURL += "openid.ns=" + encodeURIComponent("http://specs.openid.net/auth/2.0");
+    providerURL += "openid.ns=" + encodeURIComponent("https://specs.openid.net/auth/2.0");
     if(providers[provider].label) {
         providerURL += "&openid.claimed_id=" + encodeURIComponent(claimed);
         providerURL += "&openid.identity=" + encodeURIComponent(claimed);    	
     }
     else {
-        providerURL += "&openid.claimed_id=" + encodeURIComponent("http://specs.openid.net/auth/2.0/identifier_select");
-        providerURL += "&openid.identity=" + encodeURIComponent("http://specs.openid.net/auth/2.0/identifier_select");
+        providerURL += "&openid.claimed_id=" + encodeURIComponent("https://specs.openid.net/auth/2.0/identifier_select");
+        providerURL += "&openid.identity=" + encodeURIComponent("https://specs.openid.net/auth/2.0/identifier_select");
     }
     if(immediate) {
         providerURL += "&openid.return_to=" + encodeURIComponent(server_root + "openid-client/checkid_immediate_response.html");
diff --git a/samples/xml/openid/src/main/webapp/js/openid-jquery.js b/samples/xml/openid/src/main/webapp/js/openid-jquery.js
index 3a333daa60..e64a7ea90a 100644
--- a/samples/xml/openid/src/main/webapp/js/openid-jquery.js
+++ b/samples/xml/openid/src/main/webapp/js/openid-jquery.js
@@ -1,6 +1,6 @@
 /*
 Simple OpenID Plugin
-http://code.google.com/p/openid-selector/
+https://code.google.com/p/openid-selector/
 
 This code is licenced under the New BSD License.
 */
@@ -17,7 +17,7 @@ var providers_large = {
     aol: {
         name: 'AOL',     
         label: 'Enter your AOL screenname.',
-        url: 'http://openid.aol.com/{username}'
+        url: 'https://openid.aol.com/{username}'
     },
     verisign: {
         name: 'Verisign',
@@ -44,12 +44,12 @@ var providers_small = {
     flickr: {
         name: 'Flickr',        
         label: 'Enter your Flickr username.',
-        url: 'http://flickr.com/{username}/'
+        url: 'https://flickr.com/{username}/'
     },
     technorati: {
         name: 'Technorati',
         label: 'Enter your Technorati username.',
-        url: 'http://technorati.com/people/technorati/{username}/'
+        url: 'https://technorati.com/people/technorati/{username}/'
     },
     wordpress: {
         name: 'Wordpress',
@@ -69,7 +69,7 @@ var providers_small = {
     claimid: {
         name: 'ClaimID',
         label: 'Your ClaimID username',
-        url: 'http://claimid.com/{username}'
+        url: 'https://claimid.com/{username}'
     }
 };
 var providers = $.extend({}, providers_large, providers_small);
diff --git a/samples/xml/openid/src/main/webapp/openidlogin.jsp b/samples/xml/openid/src/main/webapp/openidlogin.jsp
index 8abc898910..17fde568ff 100644
--- a/samples/xml/openid/src/main/webapp/openidlogin.jsp
+++ b/samples/xml/openid/src/main/webapp/openidlogin.jsp
@@ -1,7 +1,7 @@
 <%@ taglib prefix='c' uri='http://java.sun.com/jsp/jstl/core' %>
 <%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
 
-
+
 
 
     OpenID Login
@@ -55,7 +55,7 @@
             
             
     
 
diff --git a/taglibs/src/main/resources/META-INF/security.tld b/taglibs/src/main/resources/META-INF/security.tld
index ae29b50573..f8b7231da4 100644
--- a/taglibs/src/main/resources/META-INF/security.tld
+++ b/taglibs/src/main/resources/META-INF/security.tld
@@ -16,7 +16,7 @@
 -->
 
     Spring Security Authorization Tag Library
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
index 3f8427ff8d..5f7cf4b839 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
@@ -245,7 +245,7 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 	 * current invocation.
 	 * 
    
 	 * It strips any parameters from the "path" section of the request URL (such as the
-	 * jsessionid parameter in http://host/myapp/index.html;jsessionid=blah)
+	 * jsessionid parameter in https://host/myapp/index.html;jsessionid=blah)
 	 * before matching against the filterProcessesUrl property.
 	 * 
    
 	 * Subclasses may override for special requirements, such as Tapestry integration.
diff --git a/web/src/main/java/org/springframework/security/web/authentication/RememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/RememberMeServices.java
index cf7c1fd212..2dd1464e7f 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/RememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/RememberMeServices.java
@@ -34,8 +34,8 @@ import org.springframework.security.core.Authentication;
  * 
    
  * Implementations may implement any type of remember-me capability they wish. Rolling
  * cookies (as per 
- * http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice) can
+ * href="https://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice">
+ * https://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice) can
  * be used, as can simple implementations that don't require a persistent store.
  * Implementations also determine the validity period of a remember-me cookie. This
  * interface has been designed to accommodate any of these remember-me models.
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java
index 05d5b897a2..4769060bc8 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java
@@ -22,7 +22,7 @@ import org.springframework.util.Assert;
 /**
  * A simple pre-authenticated filter which obtains the username from request attributes,
  * for use with SSO systems such as
- * Stanford WebAuth or
+ * Stanford WebAuth or
  * Shibboleth.
  * 
    
  * As with most pre-authenticated scenarios, it is essential that the external
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/package-info.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/package-info.java
index 370fccc067..b45f6feb1c 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/package-info.java
@@ -17,7 +17,7 @@
  * Support for remembering a user between different web sessions.
  * 
    
  * Comes with two default implementations. See the
- * Remember-Me
+ * Remember-Me
  * Authentication chapter of the reference manual.
  */
 package org.springframework.security.web.authentication.rememberme;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
index 7921e1657a..a108d760ec 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
@@ -57,7 +57,7 @@ import org.springframework.web.filter.GenericFilterBean;
  * SecurityContextHolder.
  * 
    
  * For a detailed background on what this filter is designed to process, refer to
- * RFC 2617 (which superseded RFC 2069,
+ * RFC 2617 (which superseded RFC 2069,
  * although this filter support clients that implement either RFC 2617 or RFC 2069).
  * 
    
  * This filter can be used to provide Digest authentication services to both remoting
diff --git a/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java b/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java
index deac47bd00..b08ad8c1af 100644
--- a/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java
+++ b/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java
@@ -252,7 +252,7 @@ public abstract class AbstractSecurityWebApplicationInitializer
 	 *
 	 * 
    
 	 * Note that {@link SessionTrackingMode#URL} is intentionally omitted to help
-	 * protected against session
+	 * protected against session
 	 * fixation attacks. {@link SessionTrackingMode#SSL} is omitted because SSL
 	 * configuration is required for this to work.
 	 * 
    
diff --git a/web/src/main/java/org/springframework/security/web/firewall/DefaultHttpFirewall.java b/web/src/main/java/org/springframework/security/web/firewall/DefaultHttpFirewall.java
index 5d57500a73..c7efac6b90 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/DefaultHttpFirewall.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/DefaultHttpFirewall.java
@@ -27,7 +27,7 @@ import javax.servlet.http.HttpServletResponse;
  * Default implementation which wraps requests in order to provide consistent
  * values of the {@code servletPath} and {@code pathInfo}, which do not contain
  * path parameters (as defined in
- * RFC 2396). Different
+ * RFC 2396). Different
  * servlet containers interpret the servlet spec differently as to how path
  * parameters are treated and it is possible they might be added in order to
  * bypass particular security constraints. When using this implementation, they
diff --git a/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java b/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java
index 1b6608fe8d..a5a1d76b35 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java
@@ -30,7 +30,7 @@ import java.util.*;
  * and extra consecutive '/' characters.
  *
  * 
    Path Parameters
     Parameters (as defined in RFC 2396) are stripped from the path
+ * href="https://www.ietf.org/rfc/rfc2396.txt">RFC 2396) are stripped from the path
  * segments of the {@code servletPath} and {@code pathInfo} values of the request.
  * 
    
  * The parameter sequence is demarcated by a semi-colon, so each segment is checked for
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
index 133fe5245b..4abe39b7b7 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
@@ -29,16 +29,16 @@ import java.util.LinkedHashMap;
 import java.util.Map;
 
 /**
- * Provides support for HTTP Public Key Pinning (HPKP).
+ * Provides support for HTTP Public Key Pinning (HPKP).
  *
  * 
    
- * Since Section 4.1 states
+ * Since Section 4.1 states
  * that a value on the order of 60 days (5,184,000 seconds) may be considered a good balance,
  * we use this value as the default. This can be customized using {@link #setMaxAgeInSeconds(long)}.
  * 
    
  *
  * 
    
- * Because Appendix B recommends
+ * Because Appendix B recommends
  * that operators should first deploy public key pinning by using the report-only mode,
  * we opted to use this mode as default. This can be customized using {@link #setReportOnly(boolean)}.
  * 
    
@@ -84,7 +84,7 @@ import java.util.Map;
  * Public-Key-Pins: max-age=5184000;
  * 		pin-sha256="E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=";
  * 		pin-sha256="LPJNul+wow4m6DsqxbninhsWHlwfp0JecwQzYpOLmCQ=";
- * 		report-uri="http://example.com/pkp-report"
+ * 		report-uri="https://example.com/pkp-report"
  *
  * Public-Key-Pins-Report-Only: max-age=5184000;
  * 		pin-sha256="E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=";
@@ -196,7 +196,7 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 	 * 
    
 	 * The pin directive specifies a way for web host operators to indicate
 	 * a cryptographic identity that should be bound to a given web host.
-	 * See Section 2.1.1 for additional details.
+	 * See Section 2.1.1 for additional details.
 	 * 
    
 	 *
 	 * 
    
@@ -232,7 +232,7 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 	 * 
    
 	 * The pin directive specifies a way for web host operators to indicate
 	 * a cryptographic identity that should be bound to a given web host.
-	 * See Section 2.1.1 for additional details.
+	 * See Section 2.1.1 for additional details.
 	 * 
    
 	 *
 	 * 
    
@@ -266,7 +266,7 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 	 *
 	 * 
    
 	 * This instructs browsers how long they should regard the host (from whom the message was received)
-	 * as a known pinned host. See Section
+	 * as a known pinned host. See Section
 	 * 2.1.2 for additional details.
 	 * 
    
 	 *
@@ -303,7 +303,7 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 	 * 
    
 	 *
 	 * 
    
-	 * See Section 2.1.3
+	 * See Section 2.1.3
 	 * for additional details.
 	 * 
    
 	 *
@@ -333,7 +333,7 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 	 * 
    
 	 *
 	 * 
    
-	 * See Section 2.1
+	 * See Section 2.1
 	 * for additional details.
 	 * 
    
 	 *
@@ -359,7 +359,7 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 	 * 
    
 	 *
 	 * 
    
-	 * See Section 2.1.4
+	 * See Section 2.1.4
 	 * for additional details.
 	 * 
    
 	 *
@@ -390,7 +390,7 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 	 * 
    
 	 *
 	 * 
    
-	 * See Section 2.1.4
+	 * See Section 2.1.4
 	 * for additional details.
 	 * 
    
 	 *
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java
index 7923da6851..2e8d9c2075 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java
@@ -26,7 +26,7 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 
 /**
- * Provides support for HTTP Strict Transport
+ * Provides support for HTTP Strict Transport
  * Security (HSTS).
  *
  * 
    
@@ -37,7 +37,7 @@ import org.springframework.util.Assert;
  * 
    
  *
  * 
    
- * Since section 7.2 states
+ * Since section 7.2 states
  * that HSTS Host MUST NOT include the STS header in HTTP responses, the default behavior
  * is that the "Strict-Transport-Security" will only be added when
  * {@link HttpServletRequest#isSecure()} returns {@code true} . At times this may need to
@@ -193,7 +193,7 @@ public final class HstsHeaderWriter implements HeaderWriter {
 	 *
 	 * 
    
 	 * This instructs browsers how long to remember to keep this domain as a known HSTS
-	 * Host. See Section
+	 * Host. See Section
 	 * 6.1.1 for additional details.
 	 * 
    
 	 *
@@ -216,7 +216,7 @@ public final class HstsHeaderWriter implements HeaderWriter {
 	 * 
    
 	 *
 	 * 
    
-	 * See Section 6.1.2
+	 * See Section 6.1.2
 	 * for additional details.
 	 * 
    
 	 *
@@ -232,7 +232,7 @@ public final class HstsHeaderWriter implements HeaderWriter {
 	 * 
    
 	 *
 	 * 
    
-	 * See Section 6.1.2
+	 * See Section 6.1.2
 	 * for additional details.
 	 * 
    
 	 *
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java
index 8e30275f1f..0e955e5ad4 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java
@@ -22,7 +22,7 @@ import org.springframework.security.web.header.HeaderWriter;
 
 /**
  * Renders the X-XSS-Protection header.
  *
  * @author Rob Winch
diff --git a/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java b/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java
index 11e4e7cc1b..c542b070c9 100644
--- a/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java
@@ -36,7 +36,7 @@ public class DefaultRedirectStrategyTests {
 		request.setContextPath("/context");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
-		rds.sendRedirect(request, response, "http://context.blah.com/context/remainder");
+		rds.sendRedirect(request, response, "https://context.blah.com/context/remainder");
 
 		assertThat(response.getRedirectedUrl()).isEqualTo("remainder");
 	}
@@ -52,7 +52,7 @@ public class DefaultRedirectStrategyTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
 		rds.sendRedirect(request, response,
-				"http://http://context.blah.com/context/remainder");
+				"https://http://context.blah.com/context/remainder");
 
 		assertThat(response.getRedirectedUrl()).isEqualTo("remainder");
 	}
diff --git a/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java b/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java
index 3fa0b18be3..3abc67b27d 100644
--- a/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java
+++ b/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java
@@ -61,7 +61,7 @@ public class FilterInvocationTests {
 		assertThat(fi.getChain()).isEqualTo(chain);
 		assertThat(fi.getRequestUrl()).isEqualTo("/HelloWorld/some/more/segments.html");
 		assertThat(fi.toString()).isEqualTo("FilterInvocation: URL: /HelloWorld/some/more/segments.html");
-		assertThat(fi.getFullRequestUrl()).isEqualTo("http://www.example.com/mycontext/HelloWorld/some/more/segments.html");
+		assertThat(fi.getFullRequestUrl()).isEqualTo("https://www.example.com/mycontext/HelloWorld/some/more/segments.html");
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -102,7 +102,7 @@ public class FilterInvocationTests {
 				mock(FilterChain.class));
 		assertThat(fi.getRequestUrl()).isEqualTo("/HelloWorld?foo=bar");
 		assertThat(fi.toString()).isEqualTo("FilterInvocation: URL: /HelloWorld?foo=bar");
-		assertThat(fi.getFullRequestUrl()).isEqualTo("http://www.example.com/mycontext/HelloWorld?foo=bar");
+		assertThat(fi.getFullRequestUrl()).isEqualTo("https://www.example.com/mycontext/HelloWorld?foo=bar");
 	}
 
 	@Test
@@ -120,7 +120,7 @@ public class FilterInvocationTests {
 				mock(FilterChain.class));
 		assertThat(fi.getRequestUrl()).isEqualTo("/HelloWorld");
 		assertThat(fi.toString()).isEqualTo("FilterInvocation: URL: /HelloWorld");
-		assertThat(fi.getFullRequestUrl()).isEqualTo("http://www.example.com/mycontext/HelloWorld");
+		assertThat(fi.getFullRequestUrl()).isEqualTo("https://www.example.com/mycontext/HelloWorld");
 	}
 
 	@Test(expected = UnsupportedOperationException.class)
diff --git a/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java b/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
index a949e2dd0b..c55d982881 100644
--- a/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
@@ -109,7 +109,7 @@ public class ExceptionTranslationFilterTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		filter.doFilter(request, response, fc);
 		assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/login.jsp");
-		assertThat(getSavedRequestUrl(request)).isEqualTo("http://www.example.com/mycontext/secure/page.html");
+		assertThat(getSavedRequestUrl(request)).isEqualTo("https://www.example.com/mycontext/secure/page.html");
 	}
 
 	@Test
@@ -139,7 +139,7 @@ public class ExceptionTranslationFilterTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		filter.doFilter(request, response, fc);
 		assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/login.jsp");
-		assertThat(getSavedRequestUrl(request)).isEqualTo("http://www.example.com/mycontext/secure/page.html");
+		assertThat(getSavedRequestUrl(request)).isEqualTo("https://www.example.com/mycontext/secure/page.html");
 	}
 
 
@@ -225,7 +225,7 @@ public class ExceptionTranslationFilterTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		filter.doFilter(request, response, fc);
 		assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/login.jsp");
-		assertThat(getSavedRequestUrl(request)).isEqualTo("http://www.example.com/mycontext/secure/page.html");
+		assertThat(getSavedRequestUrl(request)).isEqualTo("https://www.example.com/mycontext/secure/page.html");
 	}
 
 	@Test
@@ -254,7 +254,7 @@ public class ExceptionTranslationFilterTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		filter.doFilter(request, response, fc);
 		assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/login.jsp");
-		assertThat(getSavedRequestUrl(request)).isEqualTo("http://www.example.com:8080/mycontext/secure/page.html");
+		assertThat(getSavedRequestUrl(request)).isEqualTo("https://www.example.com:8080/mycontext/secure/page.html");
 	}
 
 	@Test(expected = IllegalArgumentException.class)
diff --git a/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java b/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java
index 2263f7c659..f7866ab962 100644
--- a/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java
@@ -96,7 +96,7 @@ public class RetryWithHttpEntryPointTests {
 
 		ep.commence(request, response);
 		assertThat(response.getRedirectedUrl()).isEqualTo(
-				"http://www.example.com/bigWebApp/hello/pathInfo.html?open=true");
+				"https://www.example.com/bigWebApp/hello/pathInfo.html?open=true");
 	}
 
 	@Test
@@ -115,7 +115,7 @@ public class RetryWithHttpEntryPointTests {
 
 		ep.commence(request, response);
 		assertThat(response.getRedirectedUrl())
-				.isEqualTo("http://www.example.com/bigWebApp/hello");
+				.isEqualTo("https://www.example.com/bigWebApp/hello");
 	}
 
 	@Test
@@ -158,6 +158,6 @@ public class RetryWithHttpEntryPointTests {
 
 		ep.commence(request, response);
 		assertThat(response.getRedirectedUrl()).isEqualTo(
-				"http://www.example.com:8888/bigWebApp/hello/pathInfo.html?open=true");
+				"https://www.example.com:8888/bigWebApp/hello/pathInfo.html?open=true");
 	}
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java
index 75d1752eeb..6aa3dc4a54 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java
@@ -173,7 +173,7 @@ public class LoginUrlAuthenticationEntryPointTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
 		ep.commence(request, response, null);
-		assertThat(response.getRedirectedUrl()).isEqualTo("http://www.example.com/bigWebApp/hello");
+		assertThat(response.getRedirectedUrl()).isEqualTo("https://www.example.com/bigWebApp/hello");
 	}
 
 	@Test
@@ -198,7 +198,7 @@ public class LoginUrlAuthenticationEntryPointTests {
 
 		// Response doesn't switch to HTTPS, as we didn't know HTTP port 8888 to HTTP port
 		// mapping
-		assertThat(response.getRedirectedUrl()).isEqualTo("http://www.example.com:8888/bigWebApp/hello");
+		assertThat(response.getRedirectedUrl()).isEqualTo("https://www.example.com:8888/bigWebApp/hello");
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java
index 1e207c65ed..91ed96eb0b 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java
@@ -33,7 +33,7 @@ public class SavedRequestAwareAuthenticationSuccessHandlerTests {
 		SavedRequestAwareAuthenticationSuccessHandler handler = new SavedRequestAwareAuthenticationSuccessHandler();
 
 		handler.setDefaultTargetUrl("/acceptableRelativeUrl");
-		handler.setDefaultTargetUrl("http://some.site.org/index.html");
+		handler.setDefaultTargetUrl("https://some.site.org/index.html");
 		handler.setDefaultTargetUrl("https://some.site.org/index.html");
 
 		try {
diff --git a/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java
index eacb5fbda9..f75660260d 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java
@@ -81,10 +81,10 @@ public class SimpleUrlAuthenticationSuccessHandlerTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		ash.setUseReferer(true);
-		request.addHeader("Referer", "http://www.springsource.com/");
+		request.addHeader("Referer", "https://www.springsource.com/");
 
 		ash.onAuthenticationSuccess(request, response, mock(Authentication.class));
-		assertThat(response.getRedirectedUrl()).isEqualTo("http://www.springsource.com/");
+		assertThat(response.getRedirectedUrl()).isEqualTo("https://www.springsource.com/");
 	}
 
 	/**
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
index 422950c196..102e451ff2 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
@@ -100,13 +100,13 @@ public class AbstractRememberMeServicesTests {
 
 	@Test
 	public void cookieWithOpenIDidentifierAsNameIsEncodedAndDecoded() throws Exception {
-		String[] cookie = new String[] { "http://id.openid.zz", "cookie", "tokens",
+		String[] cookie = new String[] { "https://id.openid.zz", "cookie", "tokens",
 			"blah" };
 		MockRememberMeServices services = new MockRememberMeServices(uds);
 
 		String[] decoded = services.decodeCookie(services.encodeCookie(cookie));
 		assertThat(decoded).hasSize(4);
-		assertThat(decoded[0]).isEqualTo("http://id.openid.zz");
+		assertThat(decoded[0]).isEqualTo("https://id.openid.zz");
 
 		// Check https (SEC-1410)
 		cookie[0] = "https://id.openid.zz";
diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
index 1465f304db..785e9cc720 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
@@ -330,7 +330,7 @@ public class CsrfFilterTests {
 
 	/**
 	 * SEC-2292 Should not allow other cases through since spec states HTTP method is case
-	 * sensitive http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.1
+	 * sensitive https://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.1
 	 * @throws Exception if an error occurs
 	 *
 	 */
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java
index 49875bd94c..8db0fd42da 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java
@@ -148,25 +148,25 @@ public class HpkpHeaderWriterTests {
 	@Test
 	public void writeHeadersTerminateConnectionWithURI() throws URISyntaxException {
 		writer.setReportOnly(false);
-		writer.setReportUri(new URI("http://example.com/pkp-report"));
+		writer.setReportUri(new URI("https://example.com/pkp-report"));
 
 		writer.writeHeaders(request, response);
 
 		assertThat(response.getHeaderNames()).hasSize(1);
 		assertThat(response.getHeader("Public-Key-Pins")).isEqualTo(
-				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"http://example.com/pkp-report\"");
+				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.com/pkp-report\"");
 	}
 
 	@Test
 	public void writeHeadersTerminateConnectionWithURIAsString() throws URISyntaxException {
 		writer.setReportOnly(false);
-		writer.setReportUri("http://example.com/pkp-report");
+		writer.setReportUri("https://example.com/pkp-report");
 
 		writer.writeHeaders(request, response);
 
 		assertThat(response.getHeaderNames()).hasSize(1);
 		assertThat(response.getHeader("Public-Key-Pins")).isEqualTo(
-				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"http://example.com/pkp-report\"");
+				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.com/pkp-report\"");
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java
index ae928b7d54..8dd997cbee 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java
@@ -45,13 +45,13 @@ public class RegExpAllowFromStrategyTests {
 		strategy.setAllowFromParameterName("from");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 
-		request.setParameter("from", "http://abc.test.com");
+		request.setParameter("from", "https://www.test.com");
 		String result1 = strategy.getAllowFromValue(request);
-		assertThat(result1).isEqualTo("http://abc.test.com");
+		assertThat(result1).isEqualTo("https://www.test.com");
 
-		request.setParameter("from", "http://foo.test.com");
+		request.setParameter("from", "https://www.test.com");
 		String result2 = strategy.getAllowFromValue(request);
-		assertThat(result2).isEqualTo("http://foo.test.com");
+		assertThat(result2).isEqualTo("https://www.test.com");
 
 		request.setParameter("from", "http://test.foobar.com");
 		String result3 = strategy.getAllowFromValue(request);
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategyTests.java
index e3e250d07d..7d38c3b36f 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategyTests.java
@@ -33,7 +33,7 @@ public class StaticAllowFromStrategyTests {
 
 	@Test
 	public void shouldReturnUri() {
-		String uri = "http://www.test.com";
+		String uri = "https://www.test.com";
 		StaticAllowFromStrategy strategy = new StaticAllowFromStrategy(URI.create(uri));
 		assertThat(strategy.getAllowFromValue(new MockHttpServletRequest())).isEqualTo(uri);
 	}
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java
index 308207525f..c67a047792 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java
@@ -44,38 +44,38 @@ public class WhiteListedAllowFromStrategyTests {
 	@Test
 	public void listWithSingleElementShouldMatch() {
 		List allowed = new ArrayList<>();
-		allowed.add("http://www.test.com");
+		allowed.add("https://www.test.com");
 		WhiteListedAllowFromStrategy strategy = new WhiteListedAllowFromStrategy(allowed);
 		strategy.setAllowFromParameterName("from");
 		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.setParameter("from", "http://www.test.com");
+		request.setParameter("from", "https://www.test.com");
 
 		String result = strategy.getAllowFromValue(request);
-		assertThat(result).isEqualTo("http://www.test.com");
+		assertThat(result).isEqualTo("https://www.test.com");
 	}
 
 	@Test
 	public void listWithMultipleElementShouldMatch() {
 		List allowed = new ArrayList<>();
-		allowed.add("http://www.test.com");
-		allowed.add("http://www.springsource.org");
+		allowed.add("https://www.test.com");
+		allowed.add("https://www.springsource.org");
 		WhiteListedAllowFromStrategy strategy = new WhiteListedAllowFromStrategy(allowed);
 		strategy.setAllowFromParameterName("from");
 		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.setParameter("from", "http://www.test.com");
+		request.setParameter("from", "https://www.test.com");
 
 		String result = strategy.getAllowFromValue(request);
-		assertThat(result).isEqualTo("http://www.test.com");
+		assertThat(result).isEqualTo("https://www.test.com");
 	}
 
 	@Test
 	public void listWithSingleElementShouldNotMatch() {
 		List allowed = new ArrayList<>();
-		allowed.add("http://www.test.com");
+		allowed.add("https://www.test.com");
 		WhiteListedAllowFromStrategy strategy = new WhiteListedAllowFromStrategy(allowed);
 		strategy.setAllowFromParameterName("from");
 		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.setParameter("from", "http://www.test123.com");
+		request.setParameter("from", "https://www.test123.com");
 
 		String result = strategy.getAllowFromValue(request);
 		assertThat(result).isEqualTo("DENY");
@@ -84,7 +84,7 @@ public class WhiteListedAllowFromStrategyTests {
 	@Test
 	public void requestWithoutParameterShouldNotMatch() {
 		List allowed = new ArrayList<>();
-		allowed.add("http://www.test.com");
+		allowed.add("https://www.test.com");
 		WhiteListedAllowFromStrategy strategy = new WhiteListedAllowFromStrategy(allowed);
 		strategy.setAllowFromParameterName("from");
 		MockHttpServletRequest request = new MockHttpServletRequest();
diff --git a/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java
index 8d59ca82d0..6d88c20506 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java
@@ -86,7 +86,7 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests {
 
 	@Test
 	public void writeHttpHeadersWhenHttpThenNoHeaders() {
-		exchange = exchange(MockServerHttpRequest.get("http://example.com/"));
+		exchange = exchange(MockServerHttpRequest.get("https://example.com/"));
 
 		hsts.writeHttpHeaders(exchange);
 
diff --git a/web/src/test/java/org/springframework/security/web/util/UrlUtilsTests.java b/web/src/test/java/org/springframework/security/web/util/UrlUtilsTests.java
index 942e675d80..856b27f111 100644
--- a/web/src/test/java/org/springframework/security/web/util/UrlUtilsTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/UrlUtilsTests.java
@@ -27,7 +27,7 @@ public class UrlUtilsTests {
 
 	@Test
 	public void absoluteUrlsAreMatchedAsAbsolute() throws Exception {
-		assertThat(UrlUtils.isAbsoluteUrl("http://something/")).isTrue();
+		assertThat(UrlUtils.isAbsoluteUrl("https://something/")).isTrue();
 		assertThat(UrlUtils.isAbsoluteUrl("http1://something/")).isTrue();
 		assertThat(UrlUtils.isAbsoluteUrl("HTTP://something/")).isTrue();
 		assertThat(UrlUtils.isAbsoluteUrl("https://something/")).isTrue();