Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 09:12:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Manual URL Cleanup

Browse Source
This commit is contained in:
Joe Grandja 2019-03-28 14:37:42 -04:00
parent 9b09201679
commit 4e9c37b1ae
17 changed files with 475 additions and 484 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.github/ISSUE_REPLY_TEMPLATES.md vendored
View File

@ -3,5 +3,4 @@
It would be very helpful if you could provide a complete and minimal sample that reproduces the issue and share it via a GitHub repository. This will allow us to efficiently troubleshoot and help resolve the issue. The sample should contain the minimum amount of code to reproduce the issue along with detailed steps on how to reproduce. Please see the following references for what a complete and minimal sample should consist of. It would be very helpful if you could provide a complete and minimal sample that reproduces the issue and share it via a GitHub repository. This will allow us to efficiently troubleshoot and help resolve the issue. The sample should contain the minimum amount of code to reproduce the issue along with detailed steps on how to reproduce. Please see the following references for what a complete and minimal sample should consist of.
- http://sscce.org/
- https://stackoverflow.com/help/mcve - https://stackoverflow.com/help/mcve

4
config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
View File

@ -119,7 +119,7 @@ public class OpenIDConfigTests {
OpenIDAuthenticationFilter openIDFilter = getFilter(OpenIDAuthenticationFilter.class); OpenIDAuthenticationFilter openIDFilter = getFilter(OpenIDAuthenticationFilter.class);
String openIdEndpointUrl = "http://testopenid.com?openid.return_to="; String openIdEndpointUrl = "https://testopenid.com?openid.return_to=";
Set<String> returnToUrlParameters = new HashSet<>(); Set<String> returnToUrlParameters = new HashSet<>();
returnToUrlParameters.add(AbstractRememberMeServices.DEFAULT_PARAMETER); returnToUrlParameters.add(AbstractRememberMeServices.DEFAULT_PARAMETER);
openIDFilter.setReturnToUrlParameters(returnToUrlParameters); openIDFilter.setReturnToUrlParameters(returnToUrlParameters);
@ -142,7 +142,7 @@ public class OpenIDConfigTests {
.andExpect(content().string(containsString(AbstractRememberMeServices.DEFAULT_PARAMETER))); .andExpect(content().string(containsString(AbstractRememberMeServices.DEFAULT_PARAMETER)));
this.mvc.perform(get("/login/openid") this.mvc.perform(get("/login/openid")
.param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, "http://ww1.openid.com") .param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, "https://ww1.openid.com")
.param(AbstractRememberMeServices.DEFAULT_PARAMETER, "on")) .param(AbstractRememberMeServices.DEFAULT_PARAMETER, "on"))
.andExpect(status().isFound()) .andExpect(status().isFound())
.andExpect(redirectedUrl(openIdEndpointUrl + expectedReturnTo)); .andExpect(redirectedUrl(openIdEndpointUrl + expectedReturnTo));

6
config/src/test/resources/org/springframework/security/config/http/HttpHeadersConfigTests-DefaultsDisabledWithPlaceholder.xml
View File

@ -6,7 +6,7 @@
~ you may not use this file except in compliance with the License. ~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at ~ You may obtain a copy of the License at
~ ~
~ http://www.apache.org/licenses/LICENSE-2.0 ~ https://www.apache.org/licenses/LICENSE-2.0
~ ~
~ Unless required by applicable law or agreed to in writing, software ~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS, ~ distributed under the License is distributed on an "AS IS" BASIS,
@ -20,9 +20,9 @@
xmlns="http://www.springframework.org/schema/security" xmlns="http://www.springframework.org/schema/security"
xsi:schemaLocation=" xsi:schemaLocation="
http://www.springframework.org/schema/security http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd https://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd"> https://www.springframework.org/schema/beans/spring-beans.xsd">
<http auto-config="true"> <http auto-config="true">
<headers defaults-disabled="${security.headers.defaults.disabled}"/> <headers defaults-disabled="${security.headers.defaults.disabled}"/>

6
config/src/test/resources/org/springframework/security/config/http/HttpHeadersConfigTests-DisabledWithPlaceholder.xml
View File

@ -6,7 +6,7 @@
~ you may not use this file except in compliance with the License. ~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at ~ You may obtain a copy of the License at
~ ~
~ http://www.apache.org/licenses/LICENSE-2.0 ~ https://www.apache.org/licenses/LICENSE-2.0
~ ~
~ Unless required by applicable law or agreed to in writing, software ~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS, ~ distributed under the License is distributed on an "AS IS" BASIS,
@ -20,9 +20,9 @@
xmlns="http://www.springframework.org/schema/security" xmlns="http://www.springframework.org/schema/security"
xsi:schemaLocation=" xsi:schemaLocation="
http://www.springframework.org/schema/security http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd https://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd"> https://www.springframework.org/schema/beans/spring-beans.xsd">
<http auto-config="true"> <http auto-config="true">
<headers disabled="${security.headers.disabled}" /> <headers disabled="${security.headers.disabled}" />

16
crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
View File

@ -44,8 +44,8 @@ public final class Base64 {
/** /**
* Encode using Base64-like encoding that is URL- and Filename-safe as described in * Encode using Base64-like encoding that is URL- and Filename-safe as described in
* Section 4 of RFC3548: <a * Section 4 of RFC3548: <a
* href="http://www.faqs.org/rfcs/rfc3548.html">https://www.faqs * href="https://tools.ietf.org/html/rfc3548">https://tools.ietf.org/html/rfc3548</a>.
* .org/rfcs/rfc3548.html</a>. It is important to note that data encoded this way is * It is important to note that data encoded this way is
* <em>not</em> officially valid Base64, or at the very least should not be called * <em>not</em> officially valid Base64, or at the very least should not be called
* Base64 without also specifying that is was encoded using the URL- and Filename-safe * Base64 without also specifying that is was encoded using the URL- and Filename-safe
* dialect. * dialect.
@ -53,9 +53,7 @@ public final class Base64 {
public final static int URL_SAFE = 16; public final static int URL_SAFE = 16;
/** /**
* Encode using the special "ordered" dialect of Base64 described here: <a * Encode using the special "ordered" dialect of Base64.
* href="http://www.faqs.org/qa/rfcc-1940.html"
* >http://www.faqs.org/qa/rfcc-1940.html</a>.
*/ */
public final static int ORDERED = 32; public final static int ORDERED = 32;
@ -131,7 +129,7 @@ public final class Base64 {
/** /**
* Used in the URL- and Filename-safe dialect described in Section 4 of RFC3548: <a * Used in the URL- and Filename-safe dialect described in Section 4 of RFC3548: <a
* href * href
* ="http://www.faqs.org/rfcs/rfc3548.html">http://www.faqs.org/rfcs/rfc3548.html</a>. * ="https://tools.ietf.org/html/rfc3548">https://tools.ietf.org/html/rfc3548</a>.
* Notice that the last two bytes become "hyphen" and "underscore" instead of "plus" * Notice that the last two bytes become "hyphen" and "underscore" instead of "plus"
* and "slash." * and "slash."
*/ */
@ -191,12 +189,6 @@ public final class Base64 {
/* ******** O R D E R E D B A S E 6 4 A L P H A B E T ******** */ /* ******** O R D E R E D B A S E 6 4 A L P H A B E T ******** */
/**
* I don't get the point of this technique, but someone requested it, and it is
* described here: <a
* href="http://www.faqs.org/qa/rfcc-1940.html">http://www.faqs.org/faqs/
* qa/rfcc-1940.html</a>.
*/
private final static byte[] _ORDERED_ALPHABET = { (byte) '-', (byte) '0', (byte) '1', private final static byte[] _ORDERED_ALPHABET = { (byte) '-', (byte) '0', (byte) '1',
(byte) '2', (byte) '3', (byte) '4', (byte) '5', (byte) '6', (byte) '7', (byte) '2', (byte) '3', (byte) '4', (byte) '5', (byte) '6', (byte) '7',
(byte) '8', (byte) '9', (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D', (byte) '8', (byte) '9', (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D',

2
docs/manual/src/docs/asciidoc/_includes/servlet/web/csrf.adoc
View File

@ -257,7 +257,7 @@ $(document).ajaxSend(function(e, xhr, options) {
}); });
---- ----
As an alternative to jQuery, we recommend using http://cujojs.com/[cujoJS's] rest.js. As an alternative to jQuery, we recommend using https://github.com/cujojs[cujoJS's] rest.js.
The https://github.com/cujojs/rest[rest.js] module provides advanced support for working with HTTP requests and responses in RESTful ways. The https://github.com/cujojs/rest[rest.js] module provides advanced support for working with HTTP requests and responses in RESTful ways.
A core capability is the ability to contextualize the HTTP client adding behavior as needed by chaining interceptors on to the client. A core capability is the ability to contextualize the HTTP client adding behavior as needed by chaining interceptors on to the client.

4
openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
View File

@ -254,8 +254,8 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
* *
* If no mapping is provided then the returnToUrl will be parsed to extract the * If no mapping is provided then the returnToUrl will be parsed to extract the
* protocol, hostname and port followed by a trailing slash. This means that * protocol, hostname and port followed by a trailing slash. This means that
* <tt>https://www.example.com/login/openid</tt> will automatically become * <tt>https://foo.example.com/login/openid</tt> will automatically become
* <tt>http://www.example.com:80/</tt> * <tt>http://foo.example.com:80/</tt>
* *
* @param realmMapping containing returnToUrl -&gt; realm mappings * @param realmMapping containing returnToUrl -&gt; realm mappings
*/ */

8
remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java
View File

@ -57,11 +57,11 @@ public class AuthenticationSimpleHttpInvokerRequestExecutorTests {
// Create a connection and ensure our executor sets its // Create a connection and ensure our executor sets its
// properties correctly // properties correctly
AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor(); AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor();
HttpURLConnection conn = new MockHttpURLConnection(new URL("http://localhost/")); HttpURLConnection conn = new MockHttpURLConnection(new URL("https://localhost/"));
executor.prepareConnection(conn, 10); executor.prepareConnection(conn, 10);
// Check connection properties // Check connection properties
// See http://www.faqs.org/rfcs/rfc1945.html section 11.1 for example // See https://tools.ietf.org/html/rfc1945 section 11.1 for example
// we are comparing against // we are comparing against
assertThat(conn.getRequestProperty("Authorization")).isEqualTo( assertThat(conn.getRequestProperty("Authorization")).isEqualTo(
"Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="); "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==");
@ -74,7 +74,7 @@ public class AuthenticationSimpleHttpInvokerRequestExecutorTests {
// Create a connection and ensure our executor sets its // Create a connection and ensure our executor sets its
// properties correctly // properties correctly
AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor(); AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor();
HttpURLConnection conn = new MockHttpURLConnection(new URL("http://localhost/")); HttpURLConnection conn = new MockHttpURLConnection(new URL("https://localhost/"));
executor.prepareConnection(conn, 10); executor.prepareConnection(conn, 10);
// Check connection properties (shouldn't be an Authorization header) // Check connection properties (shouldn't be an Authorization header)
@ -91,7 +91,7 @@ public class AuthenticationSimpleHttpInvokerRequestExecutorTests {
// Create a connection and ensure our executor sets its // Create a connection and ensure our executor sets its
// properties correctly // properties correctly
AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor(); AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor();
HttpURLConnection conn = new MockHttpURLConnection(new URL("http://localhost/")); HttpURLConnection conn = new MockHttpURLConnection(new URL("https://localhost/"));
executor.prepareConnection(conn, 10); executor.prepareConnection(conn, 10);
// Check connection properties (shouldn't be an Authorization header) // Check connection properties (shouldn't be an Authorization header)

10
samples/javaconfig/hellojs/src/main/resources/resources/js/jquery-1.8.3.js vendored
View File

@ -881,7 +881,7 @@ jQuery.ready.promise = function( obj ) {
try { try {
// Use the trick by Diego Perini // Use the trick by Diego Perini
// http://javascript.nwbox.com/IEContentLoaded/ // https://javascript.nwbox.com/IEContentLoaded/
top.doScroll("left"); top.doScroll("left");
} catch(e) { } catch(e) {
return setTimeout( doScrollCheck, 50 ); return setTimeout( doScrollCheck, 50 );
@ -1390,7 +1390,7 @@ jQuery.support = (function() {
fragment.appendChild( div ); fragment.appendChild( div );
// Technique from Juriy Zaytsev // Technique from Juriy Zaytsev
// http://perfectionkills.com/detecting-event-support-without-browser-sniffing/ // https://perfectionkills.com/detecting-event-support-without-browser-sniffing/
// We only care about the case where non-standard event systems // We only care about the case where non-standard event systems
// are used, namely in IE. Short-circuiting here helps us to // are used, namely in IE. Short-circuiting here helps us to
// avoid an eval call (in setAttribute) which can cause CSP // avoid an eval call (in setAttribute) which can cause CSP
@ -1945,7 +1945,7 @@ jQuery.fn.extend({
}); });
}, },
// Based off of the plugin by Clint Helfers, with permission. // Based off of the plugin by Clint Helfers, with permission.
// http://blindsignals.com // https://blindsignals.com
delay: function( time, type ) { delay: function( time, type ) {
time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time; time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time;
type = type || "fx"; type = type || "fx";
@ -6867,7 +6867,7 @@ if ( window.getComputedStyle ) {
} }
// From the awesome hack by Dean Edwards // From the awesome hack by Dean Edwards
// http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291 // https://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291
// If we're not dealing with a regular pixel number // If we're not dealing with a regular pixel number
// but a number that has a weird ending, we need to convert it to pixels // but a number that has a weird ending, we need to convert it to pixels
@ -9469,4 +9469,4 @@ if ( typeof define === "function" && define.amd && define.amd.jQuery ) {
define( "jquery", [], function () { return jQuery; } ); define( "jquery", [], function () { return jQuery; } );
} }
})( window ); })( window );

440
samples/javaconfig/openid/src/main/resources/resources/js/openid-client/jquery.query-2.1.3.js
View File

@ -1,220 +1,220 @@
/** /**
* jQuery.query - Query String Modification and Creation for jQuery * jQuery.query - Query String Modification and Creation for jQuery
* Written by Blair Mitchelmore (blair DOT mitchelmore AT gmail DOT com) * Written by Blair Mitchelmore (blair DOT mitchelmore AT gmail DOT com)
* Licensed under the WTFPL (http://www.wtfpl.net/). * Licensed under the WTFPL (https://www.wtfpl.net/).
* Date: 2009/02/08 * Date: 2009/02/08
* *
* @author Blair Mitchelmore * @author Blair Mitchelmore
* @version 2.1.3 * @version 2.1.3
* *
**/ **/
new function(settings) { new function(settings) {
// Various Settings // Various Settings
var $separator = settings.separator || '&'; var $separator = settings.separator || '&';
var $spaces = settings.spaces === false ? false : true; var $spaces = settings.spaces === false ? false : true;
var $suffix = settings.suffix === false ? '' : '[]'; var $suffix = settings.suffix === false ? '' : '[]';
var $prefix = settings.prefix === false ? false : true; var $prefix = settings.prefix === false ? false : true;
var $hash = $prefix ? settings.hash === true ? "#" : "?" : ""; var $hash = $prefix ? settings.hash === true ? "#" : "?" : "";
var $numbers = settings.numbers === false ? false : true; var $numbers = settings.numbers === false ? false : true;
jQuery.query = new function() { jQuery.query = new function() {
var is = function(o, t) { var is = function(o, t) {
return o != undefined && o !== null && (!!t ? o.constructor == t : true); return o != undefined && o !== null && (!!t ? o.constructor == t : true);
}; };
var parse = function(path) { var parse = function(path) {
var m, rx = /\[([^[]*)\]/g, match = /^(\S+?)(\[\S*\])?$/.exec(path), base = match[1], tokens = []; var m, rx = /\[([^[]*)\]/g, match = /^(\S+?)(\[\S*\])?$/.exec(path), base = match[1], tokens = [];
while (m = rx.exec(match[2])) tokens.push(m[1]); while (m = rx.exec(match[2])) tokens.push(m[1]);
return [base, tokens]; return [base, tokens];
}; };
var set = function(target, tokens, value) { var set = function(target, tokens, value) {
var o, token = tokens.shift(); var o, token = tokens.shift();
if (typeof target != 'object') target = null; if (typeof target != 'object') target = null;
if (token === "") { if (token === "") {
if (!target) target = []; if (!target) target = [];
if (is(target, Array)) { if (is(target, Array)) {
target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value)); target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value));
} else if (is(target, Object)) { } else if (is(target, Object)) {
var i = 0; var i = 0;
while (target[i++] != null); while (target[i++] != null);
target[--i] = tokens.length == 0 ? value : set(target[i], tokens.slice(0), value); target[--i] = tokens.length == 0 ? value : set(target[i], tokens.slice(0), value);
} else { } else {
target = []; target = [];
target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value)); target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value));
} }
} else if (token && token.match(/^\s*[0-9]+\s*$/)) { } else if (token && token.match(/^\s*[0-9]+\s*$/)) {
var index = parseInt(token, 10); var index = parseInt(token, 10);
if (!target) target = []; if (!target) target = [];
target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value); target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value);
} else if (token) { } else if (token) {
var index = token.replace(/^\s*|\s*$/g, ""); var index = token.replace(/^\s*|\s*$/g, "");
if (!target) target = {}; if (!target) target = {};
if (is(target, Array)) { if (is(target, Array)) {
var temp = {}; var temp = {};
for (var i = 0; i < target.length; ++i) { for (var i = 0; i < target.length; ++i) {
temp[i] = target[i]; temp[i] = target[i];
} }
target = temp; target = temp;
} }
target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value); target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value);
} else { } else {
return value; return value;
} }
return target; return target;
}; };
var queryObject = function(a) { var queryObject = function(a) {
var self = this; var self = this;
self.keys = {}; self.keys = {};
if (a.queryObject) { if (a.queryObject) {
jQuery.each(a.get(), function(key, val) { jQuery.each(a.get(), function(key, val) {
self.SET(key, val); self.SET(key, val);
}); });
} else { } else {
jQuery.each(arguments, function() { jQuery.each(arguments, function() {
var q = "" + this; var q = "" + this;
q = decodeURIComponent(q); q = decodeURIComponent(q);
q = q.replace(/^[?#]/,''); // remove any leading ? || # q = q.replace(/^[?#]/,''); // remove any leading ? || #
q = q.replace(/[;&]$/,''); // remove any trailing & || ; q = q.replace(/[;&]$/,''); // remove any trailing & || ;
if ($spaces) q = q.replace(/[+]/g,' '); // replace +'s with spaces if ($spaces) q = q.replace(/[+]/g,' '); // replace +'s with spaces
jQuery.each(q.split(/[&;]/), function(){ jQuery.each(q.split(/[&;]/), function(){
var key = this.split('=')[0]; var key = this.split('=')[0];
var val = this.split('=')[1]; var val = this.split('=')[1];
if (!key) return; if (!key) return;
if ($numbers) { if ($numbers) {
if (/^[+-]?[0-9]+\.[0-9]*$/.test(val)) // simple float regex if (/^[+-]?[0-9]+\.[0-9]*$/.test(val)) // simple float regex
val = parseFloat(val); val = parseFloat(val);
else if (/^[+-]?[0-9]+$/.test(val)) // simple int regex else if (/^[+-]?[0-9]+$/.test(val)) // simple int regex
val = parseInt(val, 10); val = parseInt(val, 10);
} }
val = (!val && val !== 0) ? true : val; val = (!val && val !== 0) ? true : val;
if (val !== false && val !== true && typeof val != 'number') if (val !== false && val !== true && typeof val != 'number')
val = val; val = val;
self.SET(key, val); self.SET(key, val);
}); });
}); });
} }
return self; return self;
}; };
queryObject.prototype = { queryObject.prototype = {
queryObject: true, queryObject: true,
has: function(key, type) { has: function(key, type) {
var value = this.get(key); var value = this.get(key);
return is(value, type); return is(value, type);
}, },
GET: function(key) { GET: function(key) {
if (!is(key)) return this.keys; if (!is(key)) return this.keys;
var parsed = parse(key), base = parsed[0], tokens = parsed[1]; var parsed = parse(key), base = parsed[0], tokens = parsed[1];
var target = this.keys[base]; var target = this.keys[base];
while (target != null && tokens.length != 0) { while (target != null && tokens.length != 0) {
target = target[tokens.shift()]; target = target[tokens.shift()];
} }
return typeof target == 'number' ? target : target || ""; return typeof target == 'number' ? target : target || "";
}, },
get: function(key) { get: function(key) {
var target = this.GET(key); var target = this.GET(key);
if (is(target, Object)) if (is(target, Object))
return jQuery.extend(true, {}, target); return jQuery.extend(true, {}, target);
else if (is(target, Array)) else if (is(target, Array))
return target.slice(0); return target.slice(0);
return target; return target;
}, },
SET: function(key, val) { SET: function(key, val) {
var value = !is(val) ? null : val; var value = !is(val) ? null : val;
var parsed = parse(key), base = parsed[0], tokens = parsed[1]; var parsed = parse(key), base = parsed[0], tokens = parsed[1];
var target = this.keys[base]; var target = this.keys[base];
this.keys[base] = set(target, tokens.slice(0), value); this.keys[base] = set(target, tokens.slice(0), value);
return this; return this;
}, },
set: function(key, val) { set: function(key, val) {
return this.copy().SET(key, val); return this.copy().SET(key, val);
}, },
REMOVE: function(key) { REMOVE: function(key) {
return this.SET(key, null).COMPACT(); return this.SET(key, null).COMPACT();
}, },
remove: function(key) { remove: function(key) {
return this.copy().REMOVE(key); return this.copy().REMOVE(key);
}, },
EMPTY: function() { EMPTY: function() {
var self = this; var self = this;
jQuery.each(self.keys, function(key, value) { jQuery.each(self.keys, function(key, value) {
delete self.keys[key]; delete self.keys[key];
}); });
return self; return self;
}, },
load: function(url) { load: function(url) {
var hash = url.replace(/^.*?[#](.+?)(?:\?.+)?$/, "$1"); var hash = url.replace(/^.*?[#](.+?)(?:\?.+)?$/, "$1");
var search = url.replace(/^.*?[?](.+?)(?:#.+)?$/, "$1"); var search = url.replace(/^.*?[?](.+?)(?:#.+)?$/, "$1");
return new queryObject(url.length == search.length ? '' : search, url.length == hash.length ? '' : hash); return new queryObject(url.length == search.length ? '' : search, url.length == hash.length ? '' : hash);
}, },
empty: function() { empty: function() {
return this.copy().EMPTY(); return this.copy().EMPTY();
}, },
copy: function() { copy: function() {
return new queryObject(this); return new queryObject(this);
}, },
COMPACT: function() { COMPACT: function() {
function build(orig) { function build(orig) {
var obj = typeof orig == "object" ? is(orig, Array) ? [] : {} : orig; var obj = typeof orig == "object" ? is(orig, Array) ? [] : {} : orig;
if (typeof orig == 'object') { if (typeof orig == 'object') {
function add(o, key, value) { function add(o, key, value) {
if (is(o, Array)) if (is(o, Array))
o.push(value); o.push(value);
else else
o[key] = value; o[key] = value;
} }
jQuery.each(orig, function(key, value) { jQuery.each(orig, function(key, value) {
if (!is(value)) return true; if (!is(value)) return true;
add(obj, key, build(value)); add(obj, key, build(value));
}); });
} }
return obj; return obj;
} }
this.keys = build(this.keys); this.keys = build(this.keys);
return this; return this;
}, },
compact: function() { compact: function() {
return this.copy().COMPACT(); return this.copy().COMPACT();
}, },
toString: function() { toString: function() {
var i = 0, queryString = [], chunks = [], self = this; var i = 0, queryString = [], chunks = [], self = this;
var addFields = function(arr, key, value) { var addFields = function(arr, key, value) {
if (!is(value) || value === false) return; if (!is(value) || value === false) return;
var o = [encodeURIComponent(key)]; var o = [encodeURIComponent(key)];
if (value !== true) { if (value !== true) {
o.push("="); o.push("=");
o.push(encodeURIComponent(value)); o.push(encodeURIComponent(value));
} }
arr.push(o.join("")); arr.push(o.join(""));
}; };
var build = function(obj, base) { var build = function(obj, base) {
var newKey = function(key) { var newKey = function(key) {
return !base || base == "" ? [key].join("") : [base, "[", key, "]"].join(""); return !base || base == "" ? [key].join("") : [base, "[", key, "]"].join("");
}; };
jQuery.each(obj, function(key, value) { jQuery.each(obj, function(key, value) {
if (typeof value == 'object') if (typeof value == 'object')
build(value, newKey(key)); build(value, newKey(key));
else else
addFields(chunks, newKey(key), value); addFields(chunks, newKey(key), value);
}); });
}; };
build(this.keys); build(this.keys);
if (chunks.length > 0) queryString.push($hash); if (chunks.length > 0) queryString.push($hash);
queryString.push(chunks.join($separator)); queryString.push(chunks.join($separator));
return queryString.join(""); return queryString.join("");
} }
}; };
return new queryObject(location.search, location.hash); return new queryObject(location.search, location.hash);
}; };
}(jQuery.query || {}); // Pass in jQuery.query as settings object }(jQuery.query || {}); // Pass in jQuery.query as settings object

440
samples/xml/openid/src/main/webapp/js/openid-client/jquery.query-2.1.3.js
View File

@ -1,220 +1,220 @@
/** /**
* jQuery.query - Query String Modification and Creation for jQuery * jQuery.query - Query String Modification and Creation for jQuery
* Written by Blair Mitchelmore (blair DOT mitchelmore AT gmail DOT com) * Written by Blair Mitchelmore (blair DOT mitchelmore AT gmail DOT com)
* Licensed under the WTFPL (http://www.wtfpl.net/). * Licensed under the WTFPL (https://www.wtfpl.net/).
* Date: 2009/02/08 * Date: 2009/02/08
* *
* @author Blair Mitchelmore * @author Blair Mitchelmore
* @version 2.1.3 * @version 2.1.3
* *
**/ **/
new function(settings) { new function(settings) {
// Various Settings // Various Settings
var $separator = settings.separator || '&'; var $separator = settings.separator || '&';
var $spaces = settings.spaces === false ? false : true; var $spaces = settings.spaces === false ? false : true;
var $suffix = settings.suffix === false ? '' : '[]'; var $suffix = settings.suffix === false ? '' : '[]';
var $prefix = settings.prefix === false ? false : true; var $prefix = settings.prefix === false ? false : true;
var $hash = $prefix ? settings.hash === true ? "#" : "?" : ""; var $hash = $prefix ? settings.hash === true ? "#" : "?" : "";
var $numbers = settings.numbers === false ? false : true; var $numbers = settings.numbers === false ? false : true;
jQuery.query = new function() { jQuery.query = new function() {
var is = function(o, t) { var is = function(o, t) {
return o != undefined && o !== null && (!!t ? o.constructor == t : true); return o != undefined && o !== null && (!!t ? o.constructor == t : true);
}; };
var parse = function(path) { var parse = function(path) {
var m, rx = /\[([^[]*)\]/g, match = /^(\S+?)(\[\S*\])?$/.exec(path), base = match[1], tokens = []; var m, rx = /\[([^[]*)\]/g, match = /^(\S+?)(\[\S*\])?$/.exec(path), base = match[1], tokens = [];
while (m = rx.exec(match[2])) tokens.push(m[1]); while (m = rx.exec(match[2])) tokens.push(m[1]);
return [base, tokens]; return [base, tokens];
}; };
var set = function(target, tokens, value) { var set = function(target, tokens, value) {
var o, token = tokens.shift(); var o, token = tokens.shift();
if (typeof target != 'object') target = null; if (typeof target != 'object') target = null;
if (token === "") { if (token === "") {
if (!target) target = []; if (!target) target = [];
if (is(target, Array)) { if (is(target, Array)) {
target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value)); target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value));
} else if (is(target, Object)) { } else if (is(target, Object)) {
var i = 0; var i = 0;
while (target[i++] != null); while (target[i++] != null);
target[--i] = tokens.length == 0 ? value : set(target[i], tokens.slice(0), value); target[--i] = tokens.length == 0 ? value : set(target[i], tokens.slice(0), value);
} else { } else {
target = []; target = [];
target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value)); target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value));
} }
} else if (token && token.match(/^\s*[0-9]+\s*$/)) { } else if (token && token.match(/^\s*[0-9]+\s*$/)) {
var index = parseInt(token, 10); var index = parseInt(token, 10);
if (!target) target = []; if (!target) target = [];
target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value); target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value);
} else if (token) { } else if (token) {
var index = token.replace(/^\s*|\s*$/g, ""); var index = token.replace(/^\s*|\s*$/g, "");
if (!target) target = {}; if (!target) target = {};
if (is(target, Array)) { if (is(target, Array)) {
var temp = {}; var temp = {};
for (var i = 0; i < target.length; ++i) { for (var i = 0; i < target.length; ++i) {
temp[i] = target[i]; temp[i] = target[i];
} }
target = temp; target = temp;
} }
target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value); target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value);
} else { } else {
return value; return value;
} }
return target; return target;
}; };
var queryObject = function(a) { var queryObject = function(a) {
var self = this; var self = this;
self.keys = {}; self.keys = {};
if (a.queryObject) { if (a.queryObject) {
jQuery.each(a.get(), function(key, val) { jQuery.each(a.get(), function(key, val) {
self.SET(key, val); self.SET(key, val);
}); });
} else { } else {
jQuery.each(arguments, function() { jQuery.each(arguments, function() {
var q = "" + this; var q = "" + this;
q = decodeURIComponent(q); q = decodeURIComponent(q);
q = q.replace(/^[?#]/,''); // remove any leading ? || # q = q.replace(/^[?#]/,''); // remove any leading ? || #
q = q.replace(/[;&]$/,''); // remove any trailing & || ; q = q.replace(/[;&]$/,''); // remove any trailing & || ;
if ($spaces) q = q.replace(/[+]/g,' '); // replace +'s with spaces if ($spaces) q = q.replace(/[+]/g,' '); // replace +'s with spaces
jQuery.each(q.split(/[&;]/), function(){ jQuery.each(q.split(/[&;]/), function(){
var key = this.split('=')[0]; var key = this.split('=')[0];
var val = this.split('=')[1]; var val = this.split('=')[1];
if (!key) return; if (!key) return;
if ($numbers) { if ($numbers) {
if (/^[+-]?[0-9]+\.[0-9]*$/.test(val)) // simple float regex if (/^[+-]?[0-9]+\.[0-9]*$/.test(val)) // simple float regex
val = parseFloat(val); val = parseFloat(val);
else if (/^[+-]?[0-9]+$/.test(val)) // simple int regex else if (/^[+-]?[0-9]+$/.test(val)) // simple int regex
val = parseInt(val, 10); val = parseInt(val, 10);
} }
val = (!val && val !== 0) ? true : val; val = (!val && val !== 0) ? true : val;
if (val !== false && val !== true && typeof val != 'number') if (val !== false && val !== true && typeof val != 'number')
val = val; val = val;
self.SET(key, val); self.SET(key, val);
}); });
}); });
} }
return self; return self;
}; };
queryObject.prototype = { queryObject.prototype = {
queryObject: true, queryObject: true,
has: function(key, type) { has: function(key, type) {
var value = this.get(key); var value = this.get(key);
return is(value, type); return is(value, type);
}, },
GET: function(key) { GET: function(key) {
if (!is(key)) return this.keys; if (!is(key)) return this.keys;
var parsed = parse(key), base = parsed[0], tokens = parsed[1]; var parsed = parse(key), base = parsed[0], tokens = parsed[1];
var target = this.keys[base]; var target = this.keys[base];
while (target != null && tokens.length != 0) { while (target != null && tokens.length != 0) {
target = target[tokens.shift()]; target = target[tokens.shift()];
} }
return typeof target == 'number' ? target : target || ""; return typeof target == 'number' ? target : target || "";
}, },
get: function(key) { get: function(key) {
var target = this.GET(key); var target = this.GET(key);
if (is(target, Object)) if (is(target, Object))
return jQuery.extend(true, {}, target); return jQuery.extend(true, {}, target);
else if (is(target, Array)) else if (is(target, Array))
return target.slice(0); return target.slice(0);
return target; return target;
}, },
SET: function(key, val) { SET: function(key, val) {
var value = !is(val) ? null : val; var value = !is(val) ? null : val;
var parsed = parse(key), base = parsed[0], tokens = parsed[1]; var parsed = parse(key), base = parsed[0], tokens = parsed[1];
var target = this.keys[base]; var target = this.keys[base];
this.keys[base] = set(target, tokens.slice(0), value); this.keys[base] = set(target, tokens.slice(0), value);
return this; return this;
}, },
set: function(key, val) { set: function(key, val) {
return this.copy().SET(key, val); return this.copy().SET(key, val);
}, },
REMOVE: function(key) { REMOVE: function(key) {
return this.SET(key, null).COMPACT(); return this.SET(key, null).COMPACT();
}, },
remove: function(key) { remove: function(key) {
return this.copy().REMOVE(key); return this.copy().REMOVE(key);
}, },
EMPTY: function() { EMPTY: function() {
var self = this; var self = this;
jQuery.each(self.keys, function(key, value) { jQuery.each(self.keys, function(key, value) {
delete self.keys[key]; delete self.keys[key];
}); });
return self; return self;
}, },
load: function(url) { load: function(url) {
var hash = url.replace(/^.*?[#](.+?)(?:\?.+)?$/, "$1"); var hash = url.replace(/^.*?[#](.+?)(?:\?.+)?$/, "$1");
var search = url.replace(/^.*?[?](.+?)(?:#.+)?$/, "$1"); var search = url.replace(/^.*?[?](.+?)(?:#.+)?$/, "$1");
return new queryObject(url.length == search.length ? '' : search, url.length == hash.length ? '' : hash); return new queryObject(url.length == search.length ? '' : search, url.length == hash.length ? '' : hash);
}, },
empty: function() { empty: function() {
return this.copy().EMPTY(); return this.copy().EMPTY();
}, },
copy: function() { copy: function() {
return new queryObject(this); return new queryObject(this);
}, },
COMPACT: function() { COMPACT: function() {
function build(orig) { function build(orig) {
var obj = typeof orig == "object" ? is(orig, Array) ? [] : {} : orig; var obj = typeof orig == "object" ? is(orig, Array) ? [] : {} : orig;
if (typeof orig == 'object') { if (typeof orig == 'object') {
function add(o, key, value) { function add(o, key, value) {
if (is(o, Array)) if (is(o, Array))
o.push(value); o.push(value);
else else
o[key] = value; o[key] = value;
} }
jQuery.each(orig, function(key, value) { jQuery.each(orig, function(key, value) {
if (!is(value)) return true; if (!is(value)) return true;
add(obj, key, build(value)); add(obj, key, build(value));
}); });
} }
return obj; return obj;
} }
this.keys = build(this.keys); this.keys = build(this.keys);
return this; return this;
}, },
compact: function() { compact: function() {
return this.copy().COMPACT(); return this.copy().COMPACT();
}, },
toString: function() { toString: function() {
var i = 0, queryString = [], chunks = [], self = this; var i = 0, queryString = [], chunks = [], self = this;
var addFields = function(arr, key, value) { var addFields = function(arr, key, value) {
if (!is(value) || value === false) return; if (!is(value) || value === false) return;
var o = [encodeURIComponent(key)]; var o = [encodeURIComponent(key)];
if (value !== true) { if (value !== true) {
o.push("="); o.push("=");
o.push(encodeURIComponent(value)); o.push(encodeURIComponent(value));
} }
arr.push(o.join("")); arr.push(o.join(""));
}; };
var build = function(obj, base) { var build = function(obj, base) {
var newKey = function(key) { var newKey = function(key) {
return !base || base == "" ? [key].join("") : [base, "[", key, "]"].join(""); return !base || base == "" ? [key].join("") : [base, "[", key, "]"].join("");
}; };
jQuery.each(obj, function(key, value) { jQuery.each(obj, function(key, value) {
if (typeof value == 'object') if (typeof value == 'object')
build(value, newKey(key)); build(value, newKey(key));
else else
addFields(chunks, newKey(key), value); addFields(chunks, newKey(key), value);
}); });
}; };
build(this.keys); build(this.keys);
if (chunks.length > 0) queryString.push($hash); if (chunks.length > 0) queryString.push($hash);
queryString.push(chunks.join($separator)); queryString.push(chunks.join($separator));
return queryString.join(""); return queryString.join("");
} }
}; };
return new queryObject(location.search, location.hash); return new queryObject(location.search, location.hash);
}; };
}(jQuery.query || {}); // Pass in jQuery.query as settings object }(jQuery.query || {}); // Pass in jQuery.query as settings object

2
web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
View File

@ -46,7 +46,7 @@ import org.springframework.web.filter.OncePerRequestFilter;
* *
* <p> * <p>
* For a detailed background on what this filter is designed to process, refer to * For a detailed background on what this filter is designed to process, refer to
* <a href="http://www.faqs.org/rfcs/rfc1945.html">RFC 1945, Section 11.1</a>. Any realm * <a href="https://tools.ietf.org/html/rfc1945">RFC 1945, Section 11.1</a>. Any realm
* name presented in the HTTP request is ignored. * name presented in the HTTP request is ignored.
* *
* <p> * <p>

2
web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java
View File

@ -52,7 +52,7 @@ public class DefaultRedirectStrategyTests {
MockHttpServletResponse response = new MockHttpServletResponse(); MockHttpServletResponse response = new MockHttpServletResponse();
rds.sendRedirect(request, response, rds.sendRedirect(request, response,
"https://http://context.blah.com/context/remainder"); "https://context.blah.com/context/remainder");
assertThat(response.getRedirectedUrl()).isEqualTo("remainder"); assertThat(response.getRedirectedUrl()).isEqualTo("remainder");
} }

4
web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java
View File

@ -85,7 +85,7 @@ public class RetryWithHttpEntryPointTests {
"/bigWebApp/hello/pathInfo.html"); "/bigWebApp/hello/pathInfo.html");
request.setQueryString("open=true"); request.setQueryString("open=true");
request.setScheme("https"); request.setScheme("https");
request.setServerName("www.example.com"); request.setServerName("localhost");
request.setServerPort(443); request.setServerPort(443);
MockHttpServletResponse response = new MockHttpServletResponse(); MockHttpServletResponse response = new MockHttpServletResponse();
@ -96,7 +96,7 @@ public class RetryWithHttpEntryPointTests {
ep.commence(request, response); ep.commence(request, response);
assertThat(response.getRedirectedUrl()).isEqualTo( assertThat(response.getRedirectedUrl()).isEqualTo(
"http://www.example.com/bigWebApp/hello/pathInfo.html?open=true"); "http://localhost/bigWebApp/hello/pathInfo.html?open=true");
} }
@Test @Test

4
web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java
View File

@ -385,7 +385,7 @@ public class AbstractAuthenticationProcessingFilterTests {
MockHttpServletResponse response = new MockHttpServletResponse(); MockHttpServletResponse response = new MockHttpServletResponse();
MockAuthenticationFilter filter = new MockAuthenticationFilter(false); MockAuthenticationFilter filter = new MockAuthenticationFilter(false);
successHandler.setDefaultTargetUrl("http://monkeymachine.co.uk/"); successHandler.setDefaultTargetUrl("https://monkeymachine.co.uk/");
filter.setAuthenticationSuccessHandler(successHandler); filter.setAuthenticationSuccessHandler(successHandler);
filter.doFilter(request, response, chain); filter.doFilter(request, response, chain);
@ -409,7 +409,7 @@ public class AbstractAuthenticationProcessingFilterTests {
ReflectionTestUtils.setField(filter, "logger", logger); ReflectionTestUtils.setField(filter, "logger", logger);
filter.exceptionToThrow = new InternalAuthenticationServiceException( filter.exceptionToThrow = new InternalAuthenticationServiceException(
"Mock requested to do so"); "Mock requested to do so");
successHandler.setDefaultTargetUrl("http://monkeymachine.co.uk/"); successHandler.setDefaultTargetUrl("https://monkeymachine.co.uk/");
filter.setAuthenticationSuccessHandler(successHandler); filter.setAuthenticationSuccessHandler(successHandler);
filter.doFilter(request, response, chain); filter.doFilter(request, response, chain);

6
web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java
View File

@ -249,7 +249,7 @@ public class LoginUrlAuthenticationEntryPointTests {
// SEC-1498 // SEC-1498
@Test @Test
public void absoluteLoginFormUrlIsSupported() throws Exception { public void absoluteLoginFormUrlIsSupported() throws Exception {
final String loginFormUrl = "http://somesite.com/login"; final String loginFormUrl = "https://somesite.com/login";
LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint( LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint(
loginFormUrl); loginFormUrl);
ep.afterPropertiesSet(); ep.afterPropertiesSet();
@ -260,9 +260,9 @@ public class LoginUrlAuthenticationEntryPointTests {
@Test(expected = IllegalArgumentException.class) @Test(expected = IllegalArgumentException.class)
public void absoluteLoginFormUrlCantBeUsedWithForwarding() throws Exception { public void absoluteLoginFormUrlCantBeUsedWithForwarding() throws Exception {
final String loginFormUrl = "http://somesite.com/login"; final String loginFormUrl = "https://somesite.com/login";
LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint( LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint(
"http://somesite.com/login"); "https://somesite.com/login");
ep.setUseForward(true); ep.setUseForward(true);
ep.afterPropertiesSet(); ep.afterPropertiesSet();
} }

4
web/src/test/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandlerTests.java
View File

@ -45,11 +45,11 @@ public class SimpleUrlLogoutSuccessHandlerTests {
@Test @Test
public void absoluteUrlIsSupported() throws Exception { public void absoluteUrlIsSupported() throws Exception {
SimpleUrlLogoutSuccessHandler lsh = new SimpleUrlLogoutSuccessHandler(); SimpleUrlLogoutSuccessHandler lsh = new SimpleUrlLogoutSuccessHandler();
lsh.setDefaultTargetUrl("http://someurl.com/"); lsh.setDefaultTargetUrl("https://someurl.com/");
MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse(); MockHttpServletResponse response = new MockHttpServletResponse();
lsh.onLogoutSuccess(request, response, mock(Authentication.class)); lsh.onLogoutSuccess(request, response, mock(Authentication.class));
assertThat(response.getRedirectedUrl()).isEqualTo("http://someurl.com/"); assertThat(response.getRedirectedUrl()).isEqualTo("https://someurl.com/");
} }
} }