diff --git a/CODE_OF_CONDUCT.adoc b/CODE_OF_CONDUCT.adoc index f013d6f36b..17783c7c06 100644 --- a/CODE_OF_CONDUCT.adoc +++ b/CODE_OF_CONDUCT.adoc @@ -40,5 +40,5 @@ appropriate to the circumstances. Maintainers are obligated to maintain confiden with regard to the reporter of an incident. This Code of Conduct is adapted from the -http://contributor-covenant.org[Contributor Covenant], version 1.3.0, available at -http://contributor-covenant.org/version/1/3/0/[contributor-covenant.org/version/1/3/0/] +https://contributor-covenant.org[Contributor Covenant], version 1.3.0, available at +https://contributor-covenant.org/version/1/3/0/[contributor-covenant.org/version/1/3/0/] diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index e3676b1ccf..481bc8a104 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -12,7 +12,7 @@ Each Spring module is slightly different than another in terms of team size, num # Importing into IDE -The following provides information on setting up a development environment that can run the sample in [Spring Tool Suite 3.6.0+](http://www.springsource.org/sts). Other IDE's should work using Gradle's IDE support, but have not been tested. +The following provides information on setting up a development environment that can run the sample in [Spring Tool Suite 3.6.0+](https://www.springsource.org/sts). Other IDE's should work using Gradle's IDE support, but have not been tested. * IDE Setup * Install Spring Tool Suite 3.6.0+ @@ -59,8 +59,8 @@ Please carefully follow the whitespace and formatting conventions already presen Whitespace management tips -1. You can use the [AnyEdit Eclipse plugin](http://marketplace.eclipse.org/content/anyedit-tools) to ensure spaces are used and to clean up trailing whitespaces. -1. Use git's pre-commit.sample hook to prevent invalid whitespace from being pushed out. You can enable it by moving ~/spring-security/.git/hooks/pre-commit.sample to ~/spring-security/.git/hooks/pre-commit and ensuring it is executable. For more information on hooks refer to [Pro Git's Pre-Commit Hook's section](http://git-scm.com/book/cs/ch7-3.html) +1. You can use the [AnyEdit Eclipse plugin](https://marketplace.eclipse.org/content/anyedit-tools) to ensure spaces are used and to clean up trailing whitespaces. +1. Use git's pre-commit.sample hook to prevent invalid whitespace from being pushed out. You can enable it by moving ~/spring-security/.git/hooks/pre-commit.sample to ~/spring-security/.git/hooks/pre-commit and ensuring it is executable. For more information on hooks refer to [Pro Git's Pre-Commit Hook's section](https://git-scm.com/book/cs/ch7-3.html) # Add Apache license header to all new classes @@ -111,7 +111,7 @@ Search the codebase to find related unit tests and add additional `@Test` method 2. New test methods should not start with test. This is an old JUnit3 convention and is not necessary since the method is annotated with @Test. # Update spring-security-x.y.rnc for schema changes -Update the [RELAX NG](http://www.relaxng.org) schema `spring-security-x.y.rnc` instead of `spring-security-x.y.xsd` if you contribute changes to supported XML configuration. The XML schema file can be generated the following Gradle task: +Update the [RELAX NG](https://relaxng.org/) schema `spring-security-x.y.rnc` instead of `spring-security-x.y.xsd` if you contribute changes to supported XML configuration. The XML schema file can be generated the following Gradle task: 
 ./gradlew spring-security-config:rncToXsd
@@ -120,7 +120,7 @@ Update the [RELAX NG](http://www.relaxng.org) schema `spring-security-x.y.rnc` i
 Changes to the XML schema will be overwritten by the Gradle build task.
 
 # Squash commits
-Use git rebase --interactive, git add --patch and other tools to "squash" multiple commits into atomic changes. In addition to the man pages for git, there are many resources online to help you understand how these tools work. Here is one: http://book.git-scm.com/4_interactive_rebasing.html.
+Use git rebase --interactive, git add --patch and other tools to "squash" multiple commits into atomic changes. In addition to the man pages for git, there are many resources online to help you understand how these tools work. Here is one: https://book.git-scm.com/4_interactive_rebasing.html.
 
 # Use real name in git commits
 Please configure git to use your real first and last name for any commits you intend to submit as pull requests. For example, this is not acceptable:
diff --git a/README.adoc b/README.adoc
index 08ef263b60..64dc889aab 100644
--- a/README.adoc
+++ b/README.adoc
@@ -4,10 +4,10 @@ image:https://travis-ci.org/spring-projects/spring-security.svg?branch=master["B
 
 = Spring Security
 
-Spring Security provides security services for the http://docs.spring.io[Spring IO Platform]. Spring Security 3.1 requires Spring 3.0.3 as
+Spring Security provides security services for the https://docs.spring.io[Spring IO Platform]. Spring Security 3.1 requires Spring 3.0.3 as
 a minimum and also requires Java 5.
 
-For a detailed list of features and access to the latest release, please visit http://spring.io/projects[Spring projects].
+For a detailed list of features and access to the latest release, please visit https://spring.io/projects[Spring projects].
 
 == Code of Conduct
 This project adheres to the Contributor Covenant link:CODE_OF_CONDUCT.adoc[code of conduct].
@@ -17,19 +17,19 @@ By participating, you  are expected to uphold this code. Please report unaccepta
 See https://github.com/spring-projects/spring-framework/wiki/Downloading-Spring-artifacts[downloading Spring artifacts] for Maven repository information.
 
 == Documentation
-Be sure to read the http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/[Spring Security Reference].
-Extensive JavaDoc for the Spring Security code is also available in the http://docs.spring.io/spring-security/site/docs/current/apidocs/[Spring Security API Documentation].
+Be sure to read the https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/[Spring Security Reference].
+Extensive JavaDoc for the Spring Security code is also available in the https://docs.spring.io/spring-security/site/docs/current/apidocs/[Spring Security API Documentation].
 
 == Quick Start
-We recommend you visit http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/[Spring Security Reference] and read the "Getting Started" page.
+We recommend you visit https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/[Spring Security Reference] and read the "Getting Started" page.
 
 == Building from Source
-Spring Security uses a http://gradle.org[Gradle]-based build system.
-In the instructions below, http://vimeo.com/34436402[`./gradlew`] is invoked from the root of the source tree and serves as
+Spring Security uses a https://gradle.org[Gradle]-based build system.
+In the instructions below, https://vimeo.com/34436402[`./gradlew`] is invoked from the root of the source tree and serves as
 a cross-platform, self-contained bootstrap mechanism for the build.
 
 === Prerequisites
-http://help.github.com/set-up-git-redirect[Git] and the http://www.oracle.com/technetwork/java/javase/downloads[JDK8 build].
+https://help.github.com/set-up-git-redirect[Git] and the https://www.oracle.com/technetwork/java/javase/downloads[JDK8 build].
 
 Be sure that your `JAVA_HOME` environment variable points to the `jdk1.8.0` folder extracted from the JDK download.
 
@@ -55,11 +55,11 @@ Discover more commands with `./gradlew tasks`.
 See also the https://github.com/spring-projects/spring-framework/wiki/Gradle-build-and-release-FAQ[Gradle build and release FAQ].
 
 == Getting Support
-Check out the http://stackoverflow.com/questions/tagged/spring-security[Spring Security tags on Stack Overflow].
-http://spring.io/services[Commercial support] is available too.
+Check out the https://stackoverflow.com/questions/tagged/spring-security[Spring Security tags on Stack Overflow].
+https://spring.io/services[Commercial support] is available too.
 
 == Contributing
-http://help.github.com/send-pull-requests[Pull requests] are welcome; see the https://github.com/spring-projects/spring-security/blob/master/CONTRIBUTING.md[contributor guidelines] for details.
+https://help.github.com/send-pull-requests[Pull requests] are welcome; see the https://github.com/spring-projects/spring-security/blob/master/CONTRIBUTING.md[contributor guidelines] for details.
 
 == License
 Spring Security is Open Source software released under the
diff --git a/buildSrc/src/main/groovy/MavenBomTask.groovy b/buildSrc/src/main/groovy/MavenBomTask.groovy
index 171dd77892..fbdf4a3991 100644
--- a/buildSrc/src/main/groovy/MavenBomTask.groovy
+++ b/buildSrc/src/main/groovy/MavenBomTask.groovy
@@ -13,7 +13,7 @@ public class MavenBomTask extends DefaultTask {
 
 	public MavenBomTask() {
 		this.group = "Generate"
-		this.description = "Generates a Maven Build of Materials (BOM). See http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Importing_Dependencies"
+		this.description = "Generates a Maven Build of Materials (BOM). See https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Importing_Dependencies"
 		this.projects = project.subprojects
 		this.bomFile = project.file("${->project.buildDir}/maven-bom/${->project.name}-${->project.version}.txt")
 	}
@@ -23,7 +23,7 @@ public class MavenBomTask extends DefaultTask {
 		project.configurations.archives.artifacts.clear()
 
 		bomFile.parentFile.mkdirs()
-		bomFile.write("Maven Build of Materials (BOM). See http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Importing_Dependencies")
+		bomFile.write("Maven Build of Materials (BOM). See https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Importing_Dependencies")
 		project.artifacts {
 			// work around GRADLE-2406 by attaching text artifact
 			archives(bomFile)
diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java b/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java
index a2e2eba360..a530a88e2d 100644
--- a/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java
+++ b/cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java
@@ -26,7 +26,7 @@ import org.springframework.util.Assert;
 
 /**
  * Caches tickets using a Spring IoC defined EHCACHE.
+ * href="https://www.ehcache.org/">EHCACHE.
  *
  * @author Ben Alex
  */
diff --git a/cas/src/main/java/org/springframework/security/cas/package-info.java b/cas/src/main/java/org/springframework/security/cas/package-info.java
index b621df675c..8ce8a88b5a 100644
--- a/cas/src/main/java/org/springframework/security/cas/package-info.java
+++ b/cas/src/main/java/org/springframework/security/cas/package-info.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 /**
- * Spring Security support for Jasig's Central Authentication Service (CAS).
+ * Spring Security support for Jasig's Central Authentication Service (CAS).
  */
 package org.springframework.security.cas;
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java
index 91cdc5f5a9..c533a4479b 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java
@@ -141,8 +141,8 @@ public class AuthenticationManagerBuilder
 	 *
 	 * 

 	 * When using with a persistent data store, it is best to add users external of
-	 * configuration using something like Flyway or Liquibase to create the schema and adding
+	 * configuration using something like Flyway or Liquibase to create the schema and adding
 	 * users to ensure these steps are only done once and that the optimal SQL is used.
 	 * 

 	 *
@@ -151,7 +151,7 @@ public class AuthenticationManagerBuilder
 	 * {@link #getDefaultUserDetailsService()} method. Note that additional
 	 * {@link UserDetailsService}'s may override this {@link UserDetailsService} as the
 	 * default. See the User Schema section of the reference for the default schema.
 	 * 

 	 *
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
index 4233c1b51a..9cfd9e393b 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
@@ -201,17 +201,17 @@ public final class HttpSecurity extends
 	 * 				.authenticationUserDetailsService(
 	 * 						new AutoProvisioningUserDetailsService())
 	 * 				.attributeExchange("https://www.google.com/.*").attribute("email")
-	 * 				.type("http://axschema.org/contact/email").required(true).and()
-	 * 				.attribute("firstname").type("http://axschema.org/namePerson/first")
+	 * 				.type("https://axschema.org/contact/email").required(true).and()
+	 * 				.attribute("firstname").type("https://axschema.org/namePerson/first")
 	 * 				.required(true).and().attribute("lastname")
-	 * 				.type("http://axschema.org/namePerson/last").required(true).and().and()
+	 * 				.type("https://axschema.org/namePerson/last").required(true).and().and()
 	 * 				.attributeExchange(".*yahoo.com.*").attribute("email")
-	 * 				.type("http://schema.openid.net/contact/email").required(true).and()
-	 * 				.attribute("fullname").type("http://axschema.org/namePerson")
+	 * 				.type("https://schema.openid.net/contact/email").required(true).and()
+	 * 				.attribute("fullname").type("https://axschema.org/namePerson")
 	 * 				.required(true).and().and().attributeExchange(".*myopenid.com.*")
-	 * 				.attribute("email").type("http://schema.openid.net/contact/email")
+	 * 				.attribute("email").type("https://schema.openid.net/contact/email")
 	 * 				.required(true).and().attribute("fullname")
-	 * 				.type("http://schema.openid.net/namePerson").required(true);
+	 * 				.type("https://schema.openid.net/namePerson").required(true);
 	 * 	}
 	 * }
 	 *
@@ -906,7 +906,7 @@ public final class HttpSecurity extends
 	 * requiring HTTPS for some requests is supported, but not recommended since an
 	 * application that allows for HTTP introduces many security vulnerabilities. For one
 	 * such example, read about Firesheep.
+	 * href="https://en.wikipedia.org/wiki/Firesheep">Firesheep.
 	 *
 	 * 
 	 * @Configuration
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
index ab9f0118e1..d072766e0c 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
@@ -365,7 +365,7 @@ public final class ExpressionUrlAuthorizationConfigurersubnet.
 		 *
 		 * @param ipaddressExpression the ipaddress (i.e. 192.168.1.79) or local subnet
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
index a00b9da038..6ce97fedad 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
@@ -104,7 +104,7 @@ public class HeadersConfigurer> extends
 
 	/**
 	 * Configures the {@link XContentTypeOptionsHeaderWriter} which inserts the X-Content-Type-Options:
 	 *
 	 * 
@@ -160,7 +160,7 @@ public class HeadersConfigurer> extends
 	 *
 	 * 

 	 * Allows customizing the {@link XXssProtectionHeaderWriter} which adds the X-XSS-Protection header
 	 * 

 	 *
@@ -306,7 +306,7 @@ public class HeadersConfigurer> extends
 
 	/**
 	 * Allows customizing the {@link HstsHeaderWriter} which provides support for HTTP Strict Transport Security
+	 * href="https://tools.ietf.org/html/rfc6797">HTTP Strict Transport Security
 	 * (HSTS).
 	 *
 	 * @return the {@link HeadersConfigurer} for additional customizations
@@ -331,7 +331,7 @@ public class HeadersConfigurer> extends
 		 * 

 		 * This instructs browsers how long to remember to keep this domain as a known
 		 * HSTS Host. See Section 6.1.1 for
+		 * href="https://tools.ietf.org/html/rfc6797#section-6.1.1">Section 6.1.1 for
 		 * additional details.
 		 * 

 		 *
@@ -364,7 +364,7 @@ public class HeadersConfigurer> extends
 		 * 

 		 *
 		 * 

-		 * See Section
+		 * See Section
 		 * 6.1.2 for additional details.
 		 * 

 		 *
@@ -483,7 +483,7 @@ public class HeadersConfigurer> extends
 
 	/**
 	 * Allows customizing the {@link HpkpHeaderWriter} which provides support for HTTP Public Key Pinning (HPKP).
+	 * href="https://tools.ietf.org/html/rfc7469">HTTP Public Key Pinning (HPKP).
 	 *
 	 * @return the {@link HeadersConfigurer} for additional customizations
 	 *
@@ -506,7 +506,7 @@ public class HeadersConfigurer> extends
 		 * 

 		 * The pin directive specifies a way for web host operators to indicate
 		 * a cryptographic identity that should be bound to a given web host.
-		 * See Section 2.1.1 for additional details.
+		 * See Section 2.1.1 for additional details.
 		 * 

 		 *
 		 * @param pins the map of base64-encoded SPKI fingerprint & cryptographic hash algorithm pairs.
@@ -525,7 +525,7 @@ public class HeadersConfigurer> extends
 		 * 

 		 * The pin directive specifies a way for web host operators to indicate
 		 * a cryptographic identity that should be bound to a given web host.
-		 * See Section 2.1.1 for additional details.
+		 * See Section 2.1.1 for additional details.
 		 * 

 		 *
 		 * @param pins a list of base64-encoded SPKI fingerprints.
@@ -544,7 +544,7 @@ public class HeadersConfigurer> extends
 		 *
 		 * 

 		 * This instructs browsers how long they should regard the host (from whom the message was received)
-		 * as a known pinned host. See Section
+		 * as a known pinned host. See Section
 		 * 2.1.2 for additional details.
 		 * 

 		 *
@@ -564,7 +564,7 @@ public class HeadersConfigurer> extends
 		 * 

 		 *
 		 * 

-		 * See Section 2.1.3
+		 * See Section 2.1.3
 		 * for additional details.
 		 * 

 		 *
@@ -581,7 +581,7 @@ public class HeadersConfigurer> extends
 		 * 

 		 *
 		 * 

-		 * See Section 2.1
+		 * See Section 2.1
 		 * for additional details.
 		 * 

 		 *
@@ -598,7 +598,7 @@ public class HeadersConfigurer> extends
 		 * 

 		 *
 		 * 

-		 * See Section 2.1.4
+		 * See Section 2.1.4
 		 * for additional details.
 		 * 

 		 *
@@ -615,7 +615,7 @@ public class HeadersConfigurer> extends
 		 * 

 		 *
 		 * 

-		 * See Section 2.1.4
+		 * See Section 2.1.4
 		 * for additional details.
 		 * 

 		 *
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java
index 88d60427aa..c3ff722275 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java
@@ -129,7 +129,7 @@ public final class LogoutConfigurer> extends
 	 * 

 	 * It is considered best practice to use an HTTP POST on any action that changes state
 	 * (i.e. log out) to protect against CSRF attacks. If
+	 * href="https://en.wikipedia.org/wiki/Cross-site_request_forgery">CSRF attacks. If
 	 * you really want to use an HTTP GET, you can use
 	 * logoutRequestMatcher(new AntPathRequestMatcher(logoutUrl, "GET"));
 	 * 

diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-3.1.rnc b/config/src/main/resources/org/springframework/security/config/spring-security-3.1.rnc
index 8d1b683e2a..c36eb2b7b1 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-3.1.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.1.rnc
@@ -1,4 +1,4 @@
-namespace a = "http://relaxng.org/ns/compatibility/annotations/1.0"
+namespace a = "https://relaxng.org/ns/compatibility/annotations/1.0"
 datatypes xsd = "http://www.w3.org/2001/XMLSchema-datatypes"
 
 default namespace = "http://www.springframework.org/schema/security"
@@ -444,7 +444,7 @@ openid-attribute.attlist &=
     ## Specifies the name of the attribute that you wish to get back. For example, email.
     attribute name {xsd:token}
 openid-attribute.attlist &=
-    ## Specifies the attribute type. For example, http://axschema.org/contact/email. See your OP's documentation for valid attribute types.
+    ## Specifies the attribute type. For example, https://axschema.org/contact/email. See your OP's documentation for valid attribute types.
     attribute type {xsd:token}
 openid-attribute.attlist &=
     ## Specifies if this attribute is required to the OP, but does not error out if the OP does not return the attribute. Default is false.
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-3.1.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-3.1.xsd
index 05e95ca75c..0cd1701232 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-3.1.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.1.xsd
@@ -1439,7 +1439,7 @@
       
       
          
-            Specifies the attribute type. For example, http://axschema.org/contact/email. See your
+            Specifies the attribute type. For example, https://axschema.org/contact/email. See your
                 OP's documentation for valid attribute types.
                 
          
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-3.2.rnc b/config/src/main/resources/org/springframework/security/config/spring-security-3.2.rnc
index 14d16d92d5..561608643a 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-3.2.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.2.rnc
@@ -1,4 +1,4 @@
-namespace a = "http://relaxng.org/ns/compatibility/annotations/1.0"
+namespace a = "https://relaxng.org/ns/compatibility/annotations/1.0"
 datatypes xsd = "http://www.w3.org/2001/XMLSchema-datatypes"
 
 default namespace = "http://www.springframework.org/schema/security"
@@ -444,7 +444,7 @@ openid-attribute.attlist &=
     ## Specifies the name of the attribute that you wish to get back. For example, email.
     attribute name {xsd:token}
 openid-attribute.attlist &=
-    ## Specifies the attribute type. For example, http://axschema.org/contact/email. See your OP's documentation for valid attribute types.
+    ## Specifies the attribute type. For example, https://axschema.org/contact/email. See your OP's documentation for valid attribute types.
     attribute type {xsd:token}
 openid-attribute.attlist &=
     ## Specifies if this attribute is required to the OP, but does not error out if the OP does not return the attribute. Default is false.
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-3.2.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-3.2.xsd
index bdd4cdf143..ab98b07d64 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-3.2.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.2.xsd
@@ -1441,7 +1441,7 @@
       
       
          
-            Specifies the attribute type. For example, http://axschema.org/contact/email. See your
+            Specifies the attribute type. For example, https://axschema.org/contact/email. See your
                 OP's documentation for valid attribute types.
                 
          
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-4.0.rnc b/config/src/main/resources/org/springframework/security/config/spring-security-4.0.rnc
index f25f69c42c..4795353a40 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-4.0.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-4.0.rnc
@@ -1,4 +1,4 @@
-namespace a = "http://relaxng.org/ns/compatibility/annotations/1.0"
+namespace a = "https://relaxng.org/ns/compatibility/annotations/1.0"
 datatypes xsd = "http://www.w3.org/2001/XMLSchema-datatypes"
 
 default namespace = "http://www.springframework.org/schema/security"
@@ -460,7 +460,7 @@ openid-attribute.attlist &=
 	## Specifies the name of the attribute that you wish to get back. For example, email.
 	attribute name {xsd:token}
 openid-attribute.attlist &=
-	## Specifies the attribute type. For example, http://axschema.org/contact/email. See your OP's documentation for valid attribute types.
+	## Specifies the attribute type. For example, https://axschema.org/contact/email. See your OP's documentation for valid attribute types.
 	attribute type {xsd:token}
 openid-attribute.attlist &=
 	## Specifies if this attribute is required to the OP, but does not error out if the OP does not return the attribute. Default is false.
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-4.0.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-4.0.xsd
index cdaf952df7..3780ac26fc 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-4.0.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-4.0.xsd
@@ -1509,7 +1509,7 @@
       
       
          
-            Specifies the attribute type. For example, http://axschema.org/contact/email. See your
+            Specifies the attribute type. For example, https://axschema.org/contact/email. See your
                 OP's documentation for valid attribute types.
                 
          
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-4.1.rnc b/config/src/main/resources/org/springframework/security/config/spring-security-4.1.rnc
index 9f3bbe98a1..33909473fa 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-4.1.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-4.1.rnc
@@ -1,4 +1,4 @@
-namespace a = "http://relaxng.org/ns/compatibility/annotations/1.0"
+namespace a = "https://relaxng.org/ns/compatibility/annotations/1.0"
 datatypes xsd = "http://www.w3.org/2001/XMLSchema-datatypes"
 
 default namespace = "http://www.springframework.org/schema/security"
@@ -469,7 +469,7 @@ openid-attribute.attlist &=
 	## Specifies the name of the attribute that you wish to get back. For example, email.
 	attribute name {xsd:token}
 openid-attribute.attlist &=
-	## Specifies the attribute type. For example, http://axschema.org/contact/email. See your OP's documentation for valid attribute types.
+	## Specifies the attribute type. For example, https://axschema.org/contact/email. See your OP's documentation for valid attribute types.
 	attribute type {xsd:token}
 openid-attribute.attlist &=
 	## Specifies if this attribute is required to the OP, but does not error out if the OP does not return the attribute. Default is false.
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-4.1.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-4.1.xsd
index 4e13923540..9f87deecd8 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-4.1.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-4.1.xsd
@@ -1534,7 +1534,7 @@
       
       
          
-            Specifies the attribute type. For example, http://axschema.org/contact/email. See your
+            Specifies the attribute type. For example, https://axschema.org/contact/email. See your
                 OP's documentation for valid attribute types.
                 
          
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-4.2.rnc b/config/src/main/resources/org/springframework/security/config/spring-security-4.2.rnc
index 2cb7dbad83..fb77de8b17 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-4.2.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-4.2.rnc
@@ -1,4 +1,4 @@
-namespace a = "http://relaxng.org/ns/compatibility/annotations/1.0"
+namespace a = "https://relaxng.org/ns/compatibility/annotations/1.0"
 datatypes xsd = "http://www.w3.org/2001/XMLSchema-datatypes"
 
 default namespace = "http://www.springframework.org/schema/security"
@@ -468,7 +468,7 @@ openid-attribute.attlist &=
 	## Specifies the name of the attribute that you wish to get back. For example, email.
 	attribute name {xsd:token}
 openid-attribute.attlist &=
-	## Specifies the attribute type. For example, http://axschema.org/contact/email. See your OP's documentation for valid attribute types.
+	## Specifies the attribute type. For example, https://axschema.org/contact/email. See your OP's documentation for valid attribute types.
 	attribute type {xsd:token}
 openid-attribute.attlist &=
 	## Specifies if this attribute is required to the OP, but does not error out if the OP does not return the attribute. Default is false.
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-4.2.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-4.2.xsd
index 07c025729b..dfeee9f3c5 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-4.2.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-4.2.xsd
@@ -1539,7 +1539,7 @@
       
       
          
-            Specifies the attribute type. For example, http://axschema.org/contact/email. See your
+            Specifies the attribute type. For example, https://axschema.org/contact/email. See your
                 OP's documentation for valid attribute types.
                 
          
diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.groovy
index 504275cb72..7aa9dc884c 100644
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.groovy
@@ -351,7 +351,7 @@ class HeadersConfigurerTests extends BaseSpringSpec {
 		when:
 			springSecurityFilterChain.doFilter(request,response,chain)
 		then:
-			responseHeaders == ['Public-Key-Pins-Report-Only' : 'max-age=5184000 ; pin-sha256="d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=" ; report-uri="http://example.net/pkp-report"']
+			responseHeaders == ['Public-Key-Pins-Report-Only' : 'max-age=5184000 ; pin-sha256="d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=" ; report-uri="https://example.net/pkp-report"']
 	}
 
 	@EnableWebSecurity
@@ -364,7 +364,7 @@ class HeadersConfigurerTests extends BaseSpringSpec {
 					.defaultsDisabled()
 					.httpPublicKeyPinning()
 					.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=")
-					.reportUri(new URI("http://example.net/pkp-report"))
+					.reportUri(new URI("https://example.net/pkp-report"))
 		}
 	}
 
@@ -375,7 +375,7 @@ class HeadersConfigurerTests extends BaseSpringSpec {
 		when:
 			springSecurityFilterChain.doFilter(request,response,chain)
 		then:
-			responseHeaders == ['Public-Key-Pins-Report-Only' : 'max-age=5184000 ; pin-sha256="d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=" ; report-uri="http://example.net/pkp-report"']
+			responseHeaders == ['Public-Key-Pins-Report-Only' : 'max-age=5184000 ; pin-sha256="d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=" ; report-uri="https://example.net/pkp-report"']
 	}
 
 	@EnableWebSecurity
@@ -388,7 +388,7 @@ class HeadersConfigurerTests extends BaseSpringSpec {
 					.defaultsDisabled()
 					.httpPublicKeyPinning()
 					.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=")
-					.reportUri("http://example.net/pkp-report")
+					.reportUri("https://example.net/pkp-report")
 		}
 	}
 
diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.groovy
index f3d8605671..b791fff57c 100644
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.groovy
@@ -83,21 +83,21 @@ public class NamespaceHttpOpenIDLoginTests extends BaseSpringSpec {
 
 			def googleAttrs = consumer.attributesToFetchFactory.createAttributeList("https://www.google.com/1")
 			googleAttrs[0].name == "email"
-			googleAttrs[0].type == "http://axschema.org/contact/email"
+			googleAttrs[0].type == "https://axschema.org/contact/email"
 			googleAttrs[0].required
 			googleAttrs[1].name == "firstname"
-			googleAttrs[1].type == "http://axschema.org/namePerson/first"
+			googleAttrs[1].type == "https://axschema.org/namePerson/first"
 			googleAttrs[1].required
 			googleAttrs[2].name == "lastname"
-			googleAttrs[2].type == "http://axschema.org/namePerson/last"
+			googleAttrs[2].type == "https://axschema.org/namePerson/last"
 			googleAttrs[2].required
 
 			def yahooAttrs = consumer.attributesToFetchFactory.createAttributeList("https://rwinch.yahoo.com/rwinch/id")
 			yahooAttrs[0].name == "email"
-			yahooAttrs[0].type == "http://schema.openid.net/contact/email"
+			yahooAttrs[0].type == "https://schema.openid.net/contact/email"
 			yahooAttrs[0].required
 			yahooAttrs[1].name == "fullname"
-			yahooAttrs[1].type == "http://axschema.org/namePerson"
+			yahooAttrs[1].type == "https://axschema.org/namePerson"
 			yahooAttrs[1].required
 		when:
 			springSecurityFilterChain.doFilter(request,response,chain)
@@ -122,26 +122,26 @@ public class NamespaceHttpOpenIDLoginTests extends BaseSpringSpec {
 				.openidLogin()
 					.attributeExchange("https://www.google.com/.*") // attribute-exchange@identifier-match
 						.attribute("email") // openid-attribute@name
-							.type("http://axschema.org/contact/email") // openid-attribute@type
+							.type("https://axschema.org/contact/email") // openid-attribute@type
 							.required(true) // openid-attribute@required
 							.count(1) // openid-attribute@count
 							.and()
 						.attribute("firstname")
-							.type("http://axschema.org/namePerson/first")
+							.type("https://axschema.org/namePerson/first")
 							.required(true)
 							.and()
 						.attribute("lastname")
-							.type("http://axschema.org/namePerson/last")
+							.type("https://axschema.org/namePerson/last")
 							.required(true)
 							.and()
 						.and()
 					.attributeExchange(".*yahoo.com.*")
 						.attribute("email")
-							.type("http://schema.openid.net/contact/email")
+							.type("https://schema.openid.net/contact/email")
 							.required(true)
 							.and()
 						.attribute("fullname")
-							.type("http://axschema.org/namePerson")
+							.type("https://axschema.org/namePerson")
 							.required(true)
 							.and()
 						.and()
diff --git a/config/src/test/groovy/org/springframework/security/config/http/HttpHeadersConfigTests.groovy b/config/src/test/groovy/org/springframework/security/config/http/HttpHeadersConfigTests.groovy
index d093f1a2b4..fa6ad18799 100644
--- a/config/src/test/groovy/org/springframework/security/config/http/HttpHeadersConfigTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/http/HttpHeadersConfigTests.groovy
@@ -624,7 +624,7 @@ class HttpHeadersConfigTests extends AbstractHttpConfigTests {
 				setup:
 						httpAutoConfig {
 								'headers'('defaults-disabled':true) {
-										'hpkp'('report-uri':'http://example.net/pkp-report') {
+										'hpkp'('report-uri':'https://example.net/pkp-report') {
 												'pins'() {
 														'pin'('algorithm':'sha256', 'E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=')
 												}
@@ -637,7 +637,7 @@ class HttpHeadersConfigTests extends AbstractHttpConfigTests {
 				when:
 						springSecurityFilterChain.doFilter(new MockHttpServletRequest(secure: true), response, new MockFilterChain())
 				then:
-						assertHeaders(response, ['Public-Key-Pins-Report-Only': 'max-age=5184000 ; pin-sha256="E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=" ; report-uri="http://example.net/pkp-report"'])
+						assertHeaders(response, ['Public-Key-Pins-Report-Only': 'max-age=5184000 ; pin-sha256="E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=" ; report-uri="https://example.net/pkp-report"'])
 		}
 
 	// --- disable single default header ---
diff --git a/config/src/test/groovy/org/springframework/security/config/http/HttpOpenIDConfigTests.groovy b/config/src/test/groovy/org/springframework/security/config/http/HttpOpenIDConfigTests.groovy
index 1f4c03b8ac..919b73999c 100644
--- a/config/src/test/groovy/org/springframework/security/config/http/HttpOpenIDConfigTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/http/HttpOpenIDConfigTests.groovy
@@ -118,7 +118,7 @@ class OpenIDConfigTests extends AbstractHttpConfigTests {
 		response.getContentAsString().contains(AbstractRememberMeServices.DEFAULT_PARAMETER)
 		when: "Login is submitted with remember-me selected"
 		request.servletPath = "/login/openid"
-		request.setParameter(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, "http://hey.openid.com/")
+		request.setParameter(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, "http://ww1.openid.com")
 		request.setParameter(AbstractRememberMeServices.DEFAULT_PARAMETER, "on")
 		response = new MockHttpServletResponse();
 		fc.doFilter(request, response, new MockFilterChain());
@@ -133,8 +133,8 @@ class OpenIDConfigTests extends AbstractHttpConfigTests {
 		xml.http() {
 			'openid-login'() {
 				'attribute-exchange'() {
-					'openid-attribute'(name: 'nickname', type: 'http://schema.openid.net/namePerson/friendly')
-					'openid-attribute'(name: 'email', type: 'http://schema.openid.net/contact/email', required: 'true',
+					'openid-attribute'(name: 'nickname', type: 'https://schema.openid.net/namePerson/friendly')
+					'openid-attribute'(name: 'email', type: 'https://schema.openid.net/contact/email', required: 'true',
 							'count': '2')
 				}
 			}
@@ -146,7 +146,7 @@ class OpenIDConfigTests extends AbstractHttpConfigTests {
 		expect:
 		attributes.size() == 2
 		attributes[0].name == 'nickname'
-		attributes[0].type == 'http://schema.openid.net/namePerson/friendly'
+		attributes[0].type == 'https://schema.openid.net/namePerson/friendly'
 		!attributes[0].required
 		attributes[1].required
 		attributes[1].getCount() == 2
diff --git a/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java
index f8f878be6d..b3791d7f1d 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java
@@ -89,14 +89,14 @@ public class UserServiceBeanDefinitionParserTests {
 	@Test
 	public void worksWithOpenIDUrlsAsNames() {
 		setContext(""
-				+ "    "
+				+ "    "
 				+ "    "
 				+ "");
 		UserDetailsService userService = (UserDetailsService) appContext
 				.getBean("service");
 		assertThat(
-				userService.loadUserByUsername("http://joe.myopenid.com/").getUsername())
-				.isEqualTo("http://joe.myopenid.com/");
+				userService.loadUserByUsername("https://joe.myopenid.com/").getUsername())
+				.isEqualTo("https://joe.myopenid.com/");
 		assertThat(
 				userService.loadUserByUsername(
 						"https://www.google.com/accounts/o8/id?id=MPtOaenBIk5yzW9n7n9")
diff --git a/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java b/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java
index 64d201f3b0..4336af0cc8 100644
--- a/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java
+++ b/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java
@@ -32,11 +32,11 @@ public class InMemoryXmlApplicationContext extends AbstractXmlApplicationContext
 			+ "    xmlns:mvc='http://www.springframework.org/schema/mvc'\n"
 			+ "    xmlns:websocket='http://www.springframework.org/schema/websocket'\n"
 			+ "    xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'\n"
-			+ "    xsi:schemaLocation='http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd\n"
-			+ "http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.5.xsd\n"
-			+ "http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd\n"
-			+ "http://www.springframework.org/schema/websocket http://www.springframework.org/schema/websocket/spring-websocket.xsd\n"
-			+ "http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd\n"
+			+ "    xsi:schemaLocation='http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans-2.5.xsd\n"
+			+ "http://www.springframework.org/schema/aop https://www.springframework.org/schema/aop/spring-aop-2.5.xsd\n"
+			+ "http://www.springframework.org/schema/mvc https://www.springframework.org/schema/mvc/spring-mvc.xsd\n"
+			+ "http://www.springframework.org/schema/websocket https://www.springframework.org/schema/websocket/spring-websocket.xsd\n"
+			+ "http://www.springframework.org/schema/context https://www.springframework.org/schema/context/spring-context-2.5.xsd\n"
 			+ "http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-";
 	static final String BEANS_CLOSE = "\n";
 
diff --git a/core/src/main/java/org/springframework/security/authentication/encoding/MessageDigestPasswordEncoder.java b/core/src/main/java/org/springframework/security/authentication/encoding/MessageDigestPasswordEncoder.java
index b27892bb68..4776a2137c 100644
--- a/core/src/main/java/org/springframework/security/authentication/encoding/MessageDigestPasswordEncoder.java
+++ b/core/src/main/java/org/springframework/security/authentication/encoding/MessageDigestPasswordEncoder.java
@@ -28,7 +28,7 @@ import org.springframework.util.Assert;
  * 

  * This class can be used stand-alone, or one of the subclasses can be used for
  * compatiblity and convenience. When using this class directly you must specify a
- * 
+ * 
  * Message Digest Algorithm to use as a constructor arg.
  * 

  * The encoded password hash is normally returned as Hex (32 char) version of the hash
@@ -45,7 +45,7 @@ import org.springframework.util.Assert;
  * 

  * 

  * If desired, the {@link #setIterations iterations} property can be set to enable
- * "password stretching" for
+ * "password stretching" for
  * the digest calculation.
  *
  * @author Ray Krueger
@@ -62,7 +62,7 @@ public class MessageDigestPasswordEncoder extends BaseDigestPasswordEncoder {
 
 	/**
 	 * The digest algorithm to use Supports the named
-	 * 
+	 * 
 	 * Message Digest Algorithms in the Java environment.
 	 *
 	 * @param algorithm
diff --git a/core/src/main/java/org/springframework/security/authentication/encoding/package-info.java b/core/src/main/java/org/springframework/security/authentication/encoding/package-info.java
index ddc7adb00c..ada5855341 100644
--- a/core/src/main/java/org/springframework/security/authentication/encoding/package-info.java
+++ b/core/src/main/java/org/springframework/security/authentication/encoding/package-info.java
@@ -16,7 +16,7 @@
 /**
  * Password encoding implementations. Apart from the "null" implementations, they are all based on
  * password hashing using digest functions. See the
- * 
+ * 
  * reference manual for more information.
  * 

  * Third part implementations such as those provided by Jasypt
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java
index 9b4a3d69bb..98bb20cb08 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java
@@ -58,16 +58,16 @@ import org.springframework.util.ObjectUtils;
  *
  * 

  * This implementation is backed by a
- * 
+ * 
  * JAAS configuration that is provided by a subclass's implementation of
  * {@link #createLoginContext(CallbackHandler)}.
  *
  * 

  * When using JAAS login modules as the authentication source, sometimes the 
+ * "https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html" >
  * LoginContext will require CallbackHandlers. The
  * AbstractJaasAuthenticationProvider uses an internal CallbackHandler  to wrap the {@link JaasAuthenticationCallbackHandler}s configured
  * in the ApplicationContext. When the LoginContext calls the internal CallbackHandler,
  * control is passed to each {@link JaasAuthenticationCallbackHandler} for each Callback
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationCallbackHandler.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationCallbackHandler.java
index da82a14e41..101bdcef9e 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationCallbackHandler.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationCallbackHandler.java
@@ -41,9 +41,9 @@ import javax.security.auth.callback.UnsupportedCallbackException;
  * @see JaasNameCallbackHandler
  * @see JaasPasswordCallbackHandler
  * @see Callback
+ * href="https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html">Callback
  * @see 
+ * href="https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html">
  * CallbackHandler
  */
 public interface JaasAuthenticationCallbackHandler {
@@ -52,7 +52,7 @@ public interface JaasAuthenticationCallbackHandler {
 
 	/**
 	 * Handle the Callback. The handle method will be called for every callback instance sent
 	 * from the LoginContext. Meaning that The handle method may be called multiple times
 	 * for a given JaasAuthenticationCallbackHandler.
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
index 421eb1795b..ef2b6fc5bc 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
@@ -48,7 +48,7 @@ import org.springframework.util.Assert;
  * 

  * 

  * This implementation is backed by a
- * 
+ * 
  * JAAS configuration. The loginConfig property must be set to a given JAAS
  * configuration file. This setter accepts a Spring
  * {@link org.springframework.core.io.Resource} instance. It should point to a JAAS
@@ -84,10 +84,10 @@ import org.springframework.util.Assert;
  *
  * 

  * When using JAAS login modules as the authentication source, sometimes the 
+ * "https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html" >
  * LoginContext will require CallbackHandlers. The JaasAuthenticationProvider
  * uses an internal CallbackHandler  to wrap the {@link JaasAuthenticationCallbackHandler}s configured
  * in the ApplicationContext. When the LoginContext calls the internal CallbackHandler,
  * control is passed to each {@link JaasAuthenticationCallbackHandler} for each Callback
@@ -163,7 +163,7 @@ public class JaasAuthenticationProvider extends AbstractJaasAuthenticationProvid
 		configureJaas(this.loginConfig);
 
 		Assert.notNull(Configuration.getConfiguration(),
-				"As per http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html "
+				"As per https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html "
 						+ "\"If a Configuration object was set via the Configuration.setConfiguration method, then that object is "
 						+ "returned. Otherwise, a default Configuration object is returned\". Your JRE returned null to "
 						+ "Configuration.getConfiguration().");
@@ -266,7 +266,7 @@ public class JaasAuthenticationProvider extends AbstractJaasAuthenticationProvid
 	 * @param loginConfig
 	 *
 	 * @see JAAS
+	 * "https://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html">JAAS
 	 * Reference
 	 */
 	public void setLoginConfig(Resource loginConfig) {
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasNameCallbackHandler.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasNameCallbackHandler.java
index 4ad6cd88ed..fe068805ba 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasNameCallbackHandler.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasNameCallbackHandler.java
@@ -33,9 +33,9 @@ import javax.security.auth.callback.UnsupportedCallbackException;
  * @author Ray Krueger
  *
  * @see Callback
+ * href="https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html">Callback
  * @see NameCallback
+ * href="https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/NameCallback.html">NameCallback
  */
 public class JaasNameCallbackHandler implements JaasAuthenticationCallbackHandler {
 	// ~ Methods
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasPasswordCallbackHandler.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasPasswordCallbackHandler.java
index 306f909a62..bf5d69b167 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasPasswordCallbackHandler.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasPasswordCallbackHandler.java
@@ -32,9 +32,9 @@ import javax.security.auth.callback.UnsupportedCallbackException;
  * @author Ray Krueger
  *
  * @see Callback
+ * href="https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html">Callback
  * @see 
+ * href="https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/PasswordCallback.html">
  * PasswordCallback
  */
 public class JaasPasswordCallbackHandler implements JaasAuthenticationCallbackHandler {
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java b/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java
index a2a69df26b..196136b389 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/cache/EhCacheBasedUserCache.java
@@ -28,7 +28,7 @@ import org.springframework.util.Assert;
 
 /**
  * Caches User objects using a Spring IoC defined EHCACHE.
+ * HREF="https://www.ehcache.org/">EHCACHE.
  *
  * @author Ben Alex
  */
diff --git a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java
index 80477c0f56..bca8af3b86 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java
@@ -452,7 +452,7 @@ public class BCrypt {
 
 	/**
 	 * Perform the "enhanced key schedule" step described by Provos and Mazieres in
-	 * "A Future-Adaptable Password Scheme" http://www.openbsd.org/papers/bcrypt-paper.ps
+	 * "A Future-Adaptable Password Scheme" https://www.openbsd.org/papers/bcrypt-paper.ps
 	 * @param data salt information
 	 * @param key password information
 	 */
diff --git a/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java b/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
index 047d7c263b..bda10f5d45 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
@@ -18,7 +18,7 @@ package org.springframework.security.crypto.codec;
 /**
  * Base64 encoder which is a reduced version of Robert Harder's public domain
  * implementation (version 2.3.7). See http://iharder.net/base64 for more information.
+ * href="http://iharder.sourceforge.net/current/java/base64/">http://iharder.sourceforge.net/current/java/base64/ for more information.
  * 

  * For internal use only.
  *
@@ -42,7 +42,7 @@ public final class Base64 {
 	/**
 	 * Encode using Base64-like encoding that is URL- and Filename-safe as described in
 	 * Section 4 of RFC3548: http://www.faqs
+	 * href="http://www.faqs.org/rfcs/rfc3548.html">https://www.faqs
 	 * .org/rfcs/rfc3548.html. It is important to note that data encoded this way is
 	 * not officially valid Base64, or at the very least should not be called
 	 * Base64 without also specifying that is was encoded using the URL- and Filename-safe
@@ -192,7 +192,7 @@ public final class Base64 {
 	/**
 	 * I don't get the point of this technique, but someone requested it, and it is
 	 * described here: http://www.faqs.org/
+	 * href="http://www.faqs.org/qa/rfcc-1940.html">http://www.faqs.org/faqs/
 	 * qa/rfcc-1940.html.
 	 */
 	private final static byte[] _ORDERED_ALPHABET = { (byte) '-', (byte) '0', (byte) '1',
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoder.java
index 6afa93ddcc..c0fb1435cb 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoder.java
@@ -90,7 +90,7 @@ public class MessageDigestPasswordEncoder implements PasswordEncoder {
 
 	/**
 	 * The digest algorithm to use Supports the named
-	 * 
+	 * 
 	 * Message Digest Algorithms in the Java environment.
 	 *
 	 * @param algorithm
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java
index 60ddcdf455..93a983c03d 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java
@@ -92,7 +92,7 @@ public class Pbkdf2PasswordEncoder implements PasswordEncoder {
 
 	/**
 	 * Sets the algorithm to use. See
-	 * SecretKeyFactory Algorithms
+	 * SecretKeyFactory Algorithms
 	 * @param secretKeyFactoryAlgorithm the algorithm to use (i.e.
 	 * {@code SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA1},
 	 * {@code SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA256},
diff --git a/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java
index d99b5de1e3..d4fa8e60d0 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java
@@ -44,7 +44,7 @@ import org.springframework.security.crypto.password.PasswordEncoder;
  * 
  • Scrypt is based on Salsa20 which performs poorly in Java (on par with
  * AES) but performs awesome (~4-5x faster) on SIMD capable platforms
    • 
  * 
  • While there are some that would disagree, consider reading -
- * 
+ * 
  * Why I Don't Recommend Scrypt (for password storage)
    • 
  * 
  *
diff --git a/docs/guides/src/docs/asciidoc/_hello-includes/secure-the-application-boot.asc b/docs/guides/src/docs/asciidoc/_hello-includes/secure-the-application-boot.asc
index d6e27d82a3..674917664e 100644
--- a/docs/guides/src/docs/asciidoc/_hello-includes/secure-the-application-boot.asc
+++ b/docs/guides/src/docs/asciidoc/_hello-includes/secure-the-application-boot.asc
@@ -32,7 +32,7 @@ In order to use Spring Security you must add the necessary dependencies. For the
 
 ----
 
-<1> We are using http://www.thymeleaf.org/[Thymeleaf] for our view template engine
+<1> We are using https://www.thymeleaf.org/[Thymeleaf] for our view template engine
 and need to add an additional dependency for the https://github.com/thymeleaf/thymeleaf-extras-springsecurity[Thymeleaf - Spring Security integration module].
 
 After you have completed this, you need to ensure that STS knows about the updated dependencies by:
@@ -101,18 +101,18 @@ The <> will:
 * Specifies the URL to send users to for form-based login
 * Allow the user with the *Username* _user_ and the *Password* _password_ to authenticate with form based authentication
 * Allow the user to logout
-* http://en.wikipedia.org/wiki/Cross-site_request_forgery[CSRF attack] prevention
-* http://en.wikipedia.org/wiki/Session_fixation[Session Fixation] protection
+* https://en.wikipedia.org/wiki/Cross-site_request_forgery[CSRF attack] prevention
+* https://en.wikipedia.org/wiki/Session_fixation[Session Fixation] protection
 * Security Header integration
-** http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security[HTTP Strict Transport Security] for secure requests
-** http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx[X-Content-Type-Options] integration
+** https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security[HTTP Strict Transport Security] for secure requests
+** https://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx[X-Content-Type-Options] integration
 ** Cache Control (can be overridden later by your application to allow caching of your static resources)
-** http://msdn.microsoft.com/en-us/library/dd565647(v=vs.85).aspx[X-XSS-Protection] integration
-** X-Frame-Options integration to help prevent http://en.wikipedia.org/wiki/Clickjacking[Clickjacking]
+** https://msdn.microsoft.com/en-us/library/dd565647(v=vs.85).aspx[X-XSS-Protection] integration
+** X-Frame-Options integration to help prevent https://en.wikipedia.org/wiki/Clickjacking[Clickjacking]
 * Integrate with the following Servlet API methods
-** http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getRemoteUser()[HttpServletRequest#getRemoteUser()]
-** http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getUserPrincipal()[HttpServletRequest.html#getUserPrincipal()]
-** http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#isUserInRole(java.lang.String)[HttpServletRequest.html#isUserInRole(java.lang.String)]
-** http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#login(java.lang.String,%20java.lang.String)[HttpServletRequest.html#login(java.lang.String, java.lang.String)]
-** http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#logout()[HttpServletRequest.html#logout()]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getRemoteUser()[HttpServletRequest#getRemoteUser()]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getUserPrincipal()[HttpServletRequest.html#getUserPrincipal()]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#isUserInRole(java.lang.String)[HttpServletRequest.html#isUserInRole(java.lang.String)]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#login(java.lang.String,%20java.lang.String)[HttpServletRequest.html#login(java.lang.String, java.lang.String)]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#logout()[HttpServletRequest.html#logout()]
 
diff --git a/docs/guides/src/docs/asciidoc/_hello-includes/secure-the-application-javaconfig.asc b/docs/guides/src/docs/asciidoc/_hello-includes/secure-the-application-javaconfig.asc
index 67ff008038..7dc183a393 100644
--- a/docs/guides/src/docs/asciidoc/_hello-includes/secure-the-application-javaconfig.asc
+++ b/docs/guides/src/docs/asciidoc/_hello-includes/secure-the-application-javaconfig.asc
@@ -75,18 +75,18 @@ The <> will:
 * Generate a login form for you
 * Allow the user with the *Username* _user_ and the *Password* _password_ to authenticate with form based authentication
 * Allow the user to logout
-* http://en.wikipedia.org/wiki/Cross-site_request_forgery[CSRF attack] prevention
-* http://en.wikipedia.org/wiki/Session_fixation[Session Fixation] protection
+* https://en.wikipedia.org/wiki/Cross-site_request_forgery[CSRF attack] prevention
+* https://en.wikipedia.org/wiki/Session_fixation[Session Fixation] protection
 * Security Header integration
-** http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security[HTTP Strict Transport Security] for secure requests
-** http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx[X-Content-Type-Options] integration
+** https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security[HTTP Strict Transport Security] for secure requests
+** https://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx[X-Content-Type-Options] integration
 ** Cache Control (can be overridden later by your application to allow caching of your static resources)
-** http://msdn.microsoft.com/en-us/library/dd565647(v=vs.85).aspx[X-XSS-Protection] integration
-** X-Frame-Options integration to help prevent http://en.wikipedia.org/wiki/Clickjacking[Clickjacking]
+** https://msdn.microsoft.com/en-us/library/dd565647(v=vs.85).aspx[X-XSS-Protection] integration
+** X-Frame-Options integration to help prevent https://en.wikipedia.org/wiki/Clickjacking[Clickjacking]
 * Integrate with the following Servlet API methods
-** http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getRemoteUser()[HttpServletRequest#getRemoteUser()]
-** http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getUserPrincipal()[HttpServletRequest.html#getUserPrincipal()]
-** http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#isUserInRole(java.lang.String)[HttpServletRequest.html#isUserInRole(java.lang.String)]
-** http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#login(java.lang.String,%20java.lang.String)[HttpServletRequest.html#login(java.lang.String, java.lang.String)]
-** http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#logout()[HttpServletRequest.html#logout()]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getRemoteUser()[HttpServletRequest#getRemoteUser()]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getUserPrincipal()[HttpServletRequest.html#getUserPrincipal()]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#isUserInRole(java.lang.String)[HttpServletRequest.html#isUserInRole(java.lang.String)]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#login(java.lang.String,%20java.lang.String)[HttpServletRequest.html#login(java.lang.String, java.lang.String)]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#logout()[HttpServletRequest.html#logout()]
 
diff --git a/docs/guides/src/docs/asciidoc/_hello-includes/secure-the-application-xml.asc b/docs/guides/src/docs/asciidoc/_hello-includes/secure-the-application-xml.asc
index 1119a3482d..0d47daf040 100644
--- a/docs/guides/src/docs/asciidoc/_hello-includes/secure-the-application-xml.asc
+++ b/docs/guides/src/docs/asciidoc/_hello-includes/secure-the-application-xml.asc
@@ -53,8 +53,8 @@ The next step is to create a Spring Security configuration.
 
+		 xsi:schemaLocation="http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd
+						http://www.springframework.org/schema/security https://www.springframework.org/schema/security/spring-security.xsd">
 
 	
 
@@ -72,18 +72,18 @@ The <> will:
 * Generate a login form for you
 * Allow the user with the *Username* _user_ and the *Password* _password_ to authenticate with form based authentication
 * Allow the user to logout
-* http://en.wikipedia.org/wiki/Cross-site_request_forgery[CSRF attack] prevention
-* http://en.wikipedia.org/wiki/Session_fixation[Session Fixation] protection
+* https://en.wikipedia.org/wiki/Cross-site_request_forgery[CSRF attack] prevention
+* https://en.wikipedia.org/wiki/Session_fixation[Session Fixation] protection
 * Security Header integration
-** http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security[HTTP Strict Transport Security] for secure requests
-** http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx[X-Content-Type-Options] integration
+** https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security[HTTP Strict Transport Security] for secure requests
+** https://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx[X-Content-Type-Options] integration
 ** Cache Control (can be overridden later by your application to allow caching of your static resources)
-** http://msdn.microsoft.com/en-us/library/dd565647(v=vs.85).aspx[X-XSS-Protection] integration
-** X-Frame-Options integration to help prevent http://en.wikipedia.org/wiki/Clickjacking[Clickjacking]
+** https://msdn.microsoft.com/en-us/library/dd565647(v=vs.85).aspx[X-XSS-Protection] integration
+** X-Frame-Options integration to help prevent https://en.wikipedia.org/wiki/Clickjacking[Clickjacking]
 * Integrate with the following Servlet API methods
-** http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getRemoteUser()[HttpServletRequest#getRemoteUser()]
-** http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getUserPrincipal()[HttpServletRequest.html#getUserPrincipal()]
-** http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#isUserInRole(java.lang.String)[HttpServletRequest.html#isUserInRole(java.lang.String)]
-** http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#login(java.lang.String,%20java.lang.String)[HttpServletRequest.html#login(java.lang.String, java.lang.String)]
-** http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#logout()[HttpServletRequest.html#logout()]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getRemoteUser()[HttpServletRequest#getRemoteUser()]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getUserPrincipal()[HttpServletRequest.html#getUserPrincipal()]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#isUserInRole(java.lang.String)[HttpServletRequest.html#isUserInRole(java.lang.String)]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#login(java.lang.String,%20java.lang.String)[HttpServletRequest.html#login(java.lang.String, java.lang.String)]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#logout()[HttpServletRequest.html#logout()]
 
diff --git a/docs/guides/src/docs/asciidoc/form-javaconfig.asc b/docs/guides/src/docs/asciidoc/form-javaconfig.asc
index dfb78a47ea..2771bb0b32 100644
--- a/docs/guides/src/docs/asciidoc/form-javaconfig.asc
+++ b/docs/guides/src/docs/asciidoc/form-javaconfig.asc
@@ -162,7 +162,7 @@ Our existing configuration means that all we need to do is create a *login.html*
 .src/main/resources/views/login.html
 [source,xml]
 ----
-
+
   
     Please Login
   
diff --git a/docs/guides/src/docs/asciidoc/hellomvc-javaconfig.asc b/docs/guides/src/docs/asciidoc/hellomvc-javaconfig.asc
index 258269866d..c913e2c4ad 100644
--- a/docs/guides/src/docs/asciidoc/hellomvc-javaconfig.asc
+++ b/docs/guides/src/docs/asciidoc/hellomvc-javaconfig.asc
@@ -97,9 +97,9 @@ Now that we have authenticated, let's see how our application is displaying the
 
 ----
 
-In our samples we use http://www.thymeleaf.org/[Thymeleaf], but any view technology will work. Any technology can inspect the `HttpServletRequest#getRemoteUser()` to view the current user since Spring Security integrates with the <>.
+In our samples we use https://www.thymeleaf.org/[Thymeleaf], but any view technology will work. Any technology can inspect the `HttpServletRequest#getRemoteUser()` to view the current user since Spring Security integrates with the <>.
 
-WARNING: The Thymeleaf ensures the username is escaped to avoid http://en.wikipedia.org/wiki/Cross-site_scripting[XSS vulnerabilities] Regardless of how an application renders user inputed values, it should ensure that the values are properly escaped.
+WARNING: The Thymeleaf ensures the username is escaped to avoid https://en.wikipedia.org/wiki/Cross-site_scripting[XSS vulnerabilities] Regardless of how an application renders user inputed values, it should ensure that the values are properly escaped.
 
 ==== Logging out
 
@@ -113,7 +113,7 @@ We can view the user name, but how are we able to log out? Below you can see how
 
 ----
 
-In order to help protect against http://en.wikipedia.org/wiki/Cross-site_request_forgery[CSRF attacks], by default, Spring Security Java Configuration log out requires:
+In order to help protect against https://en.wikipedia.org/wiki/Cross-site_request_forgery[CSRF attacks], by default, Spring Security Java Configuration log out requires:
 
 * the HTTP method must be a POST
 * the CSRF token must be added to the request. Since we have used `@EnableWebSecurity` and are using Thymeleaf, the CSRF token is automatically added as a hidden input for you (view the source to see it).
diff --git a/docs/guides/src/docs/asciidoc/helloworld-boot.asc b/docs/guides/src/docs/asciidoc/helloworld-boot.asc
index 33619ddb26..2704e7d18f 100644
--- a/docs/guides/src/docs/asciidoc/helloworld-boot.asc
+++ b/docs/guides/src/docs/asciidoc/helloworld-boot.asc
@@ -32,7 +32,7 @@ Now that we have authenticated, let's update the application to display the user
 [source,html]
 ----
 
-
+
     
         Hello Spring Security
         
@@ -57,7 +57,7 @@ Now that we have authenticated, let's update the application to display the user
 
 ----
 
-NOTE: We are using http://www.thymeleaf.org/[Thymeleaf] for our view template engine and
+NOTE: We are using https://www.thymeleaf.org/[Thymeleaf] for our view template engine and
 https://github.com/thymeleaf/thymeleaf-extras-springsecurity[Thymeleaf - Spring Security integration modules]
 in order to utilize the _sec:authentication_ and _sec:authorize_ attributes.
 
@@ -76,7 +76,7 @@ The last step is to update the _secured_ page to also display the currently auth
 [source,html]
 ----
 
-
+
     
         Hello Spring Security
         
diff --git a/docs/guides/src/docs/asciidoc/helloworld-javaconfig.asc b/docs/guides/src/docs/asciidoc/helloworld-javaconfig.asc
index 5fdee917c2..d418e918a2 100644
--- a/docs/guides/src/docs/asciidoc/helloworld-javaconfig.asc
+++ b/docs/guides/src/docs/asciidoc/helloworld-javaconfig.asc
@@ -73,7 +73,7 @@ Now that we have authenticated, let's update the application to display the user
 
 ----
 
-WARNING: The `` tag ensures the username is escaped to avoid http://en.wikipedia.org/wiki/Cross-site_scripting[XSS vulnerabilities] Regardless of how an application renders user inputed values, it should ensure that the values are properly escaped.
+WARNING: The `` tag ensures the username is escaped to avoid https://en.wikipedia.org/wiki/Cross-site_scripting[XSS vulnerabilities] Regardless of how an application renders user inputed values, it should ensure that the values are properly escaped.
 
 Refresh the page at http://localhost:8080/sample/ and you will see the user name displayed. This works because Spring Security integrates with the <>
 
@@ -99,7 +99,7 @@ Now that we can view the user name, let's update the application to allow loggin
 
 ----
 
-In order to help protect against http://en.wikipedia.org/wiki/Cross-site_request_forgery[CSRF attacks], by default, Spring Security Java Configuration log out requires:
+In order to help protect against https://en.wikipedia.org/wiki/Cross-site_request_forgery[CSRF attacks], by default, Spring Security Java Configuration log out requires:
 
 * the HTTP method must be a POST
 * the CSRF token must be added to the request. You can access it on the ServletRequest using the attribute _csrf as illustrated above.
diff --git a/docs/guides/src/docs/asciidoc/helloworld-xml.asc b/docs/guides/src/docs/asciidoc/helloworld-xml.asc
index 78f5e69f2d..c04f05a5fe 100644
--- a/docs/guides/src/docs/asciidoc/helloworld-xml.asc
+++ b/docs/guides/src/docs/asciidoc/helloworld-xml.asc
@@ -37,7 +37,7 @@ We have created the Spring Security configuration, but we still need to register
 
+  https://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
 
 	
 ` block, where you
 
 			// using XMLHttpRequest directly to send an x-www-form-urlencoded request
 			var ajax = new XMLHttpRequest();
-			ajax.open("POST", "http://www.example.org/do/something", true);
+			ajax.open("POST", "https://www.example.org/do/something", true);
 			ajax.setRequestHeader("Content-Type", "application/x-www-form-urlencoded data");
 			ajax.send(csrfParameter + "=" + csrfToken + "&name=John&...");
 
 			// using XMLHttpRequest directly to send a non-x-www-form-urlencoded request
 			var ajax = new XMLHttpRequest();
-			ajax.open("POST", "http://www.example.org/do/something", true);
+			ajax.open("POST", "https://www.example.org/do/something", true);
 			ajax.setRequestHeader(csrfHeader, csrfToken);
 			ajax.send("...");
 
@@ -6045,7 +6045,7 @@ You should place `csrfMetaTags` within an HTML `` block, where you
 			data["name"] = "John";
 			...
 			$.ajax({
-				url: "http://www.example.org/do/something",
+				url: "https://www.example.org/do/something",
 				type: "POST",
 				data: data,
 				...
@@ -6055,7 +6055,7 @@ You should place `csrfMetaTags` within an HTML `` block, where you
 			var headers = {};
 			headers[csrfHeader] = csrfToken;
 			$.ajax({
-				url: "http://www.example.org/do/something",
+				url: "https://www.example.org/do/something",
 				type: "POST",
 				headers: headers,
 				...
@@ -6167,7 +6167,7 @@ class="org.springframework.security.authentication.jaas.DefaultJaasAuthenticatio
 
 [[jaas-jaasauthenticationprovider]]
 === JaasAuthenticationProvider
-The `JaasAuthenticationProvider` assumes the default `Configuration` is an instance of http://download.oracle.com/javase/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/login/ConfigFile.html[ ConfigFile]. This assumption is made in order to attempt to update the `Configuration`. The `JaasAuthenticationProvider` then uses the default `Configuration` to create the `LoginContext`.
+The `JaasAuthenticationProvider` assumes the default `Configuration` is an instance of https://download.oracle.com/javase/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/login/ConfigFile.html[ ConfigFile]. This assumption is made in order to attempt to update the `Configuration`. The `JaasAuthenticationProvider` then uses the default `Configuration` to create the `LoginContext`.
 
 Let's assume we have a JAAS login configuration file, `/WEB-INF/login.conf`, with the following contents:
 
@@ -6221,7 +6221,7 @@ This integration can easily be configured using the <> to provide transp
 
 ==== Automatic Token Inclusion
 
-Spring Security will automatically <> within forms that use the http://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/view.html#view-jsp-formtaglib-formtag[Spring MVC form tag]. For example, the following JSP:
+Spring Security will automatically <> within forms that use the https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/view.html#view-jsp-formtaglib-formtag[Spring MVC form tag]. For example, the following JSP:
 
 [source,xml]
 ----
@@ -7673,7 +7673,7 @@ END;
 
 [[appendix-namespace]]
 == The Security Namespace
-This appendix provides a reference to the elements available in the security namespace and information on the underlying beans they create (a knowledge of the individual classes and how they work together is assumed - you can find more information in the project Javadoc and elsewhere in this document). If you haven't used the namespace before, please read the <> on namespace configuration, as this is intended as a supplement to the information there. Using a good quality XML editor while editing a configuration based on the schema is recommended as this will provide contextual information on which elements and attributes are available as well as comments explaining their purpose. The namespace is written in http://www.relaxng.org/[RELAX NG] Compact format and later converted into an XSD schema. If you are familiar with this format, you may wish to examine the https://raw.githubusercontent.com/spring-projects/spring-security/master/config/src/main/resources/org/springframework/security/config/spring-security-4.1.rnc[schema file] directly.
+This appendix provides a reference to the elements available in the security namespace and information on the underlying beans they create (a knowledge of the individual classes and how they work together is assumed - you can find more information in the project Javadoc and elsewhere in this document). If you haven't used the namespace before, please read the <> on namespace configuration, as this is intended as a supplement to the information there. Using a good quality XML editor while editing a configuration based on the schema is recommended as this will provide contextual information on which elements and attributes are available as well as comments explaining their purpose. The namespace is written in https://relaxng.org/[RELAX NG] Compact format and later converted into an XSD schema. If you are familiar with this format, you may wish to examine the https://raw.githubusercontent.com/spring-projects/spring-security/master/config/src/main/resources/org/springframework/security/config/spring-security-4.1.rnc[schema file] directly.
 
 [[nsa-web]]
 === Web Application Security
@@ -7864,9 +7864,9 @@ This element allows for configuring additional (security) headers to be send wit
 
 ** `Cache-Control`, `Pragma`, and `Expires` - Can be set using the <> element. This ensures that the browser does not cache your secured pages.
 ** `Strict-Transport-Security` - Can be set using the <> element. This ensures that the browser automatically requests HTTPS for future requests.
-** `X-Frame-Options` - Can be set using the <> element. The http://en.wikipedia.org/wiki/Clickjacking#X-Frame-Options[X-Frame-Options] header can be used to prevent clickjacking attacks.
-** `X-XSS-Protection` - Can be set using the <> element. The http://en.wikipedia.org/wiki/Cross-site_scripting[X-XSS-Protection ] header can be used by browser to do basic control.
-** `X-Content-Type-Options` - Can be set using the <> element. The http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx[X-Content-Type-Options] header prevents Internet Explorer from MIME-sniffing a response away from the declared content-type. This also applies to Google Chrome, when downloading extensions.
+** `X-Frame-Options` - Can be set using the <> element. The https://en.wikipedia.org/wiki/Clickjacking#X-Frame-Options[X-Frame-Options] header can be used to prevent clickjacking attacks.
+** `X-XSS-Protection` - Can be set using the <> element. The https://en.wikipedia.org/wiki/Cross-site_scripting[X-XSS-Protection ] header can be used by browser to do basic control.
+** `X-Content-Type-Options` - Can be set using the <> element. The https://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx[X-Content-Type-Options] header prevents Internet Explorer from MIME-sniffing a response away from the declared content-type. This also applies to Google Chrome, when downloading extensions.
 ** `Public-Key-Pinning` or `Public-Key-Pinning-Report-Only` - Can be set using the <> element. This allows HTTPS websites to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates.
 ** `Content-Security-Policy` or `Content-Security-Policy-Report-Only` - Can be set using the <> element. https://www.w3.org/TR/CSP2/[Content Security Policy (CSP)] is a mechanism that web applications can leverage to mitigate content injection vulnerabilities, such as cross-site scripting (XSS).
 ** `Referrer-Policy` - Can be set using the <> element, https://www.w3.org/TR/referrer-policy/[Referrer-Policy] is a mechanism that web applications can leverage to manage the referrer field, which contains the last page the user was on.
@@ -7931,7 +7931,7 @@ Specifies if Cache Control should be disabled. Default false.
 
 [[nsa-hsts]]
 ==== 
-When enabled adds the http://tools.ietf.org/html/rfc6797[Strict-Transport-Security] header to the response for any secure request. This allows the server to instruct browsers to automatically use HTTPS for future requests.
+When enabled adds the https://tools.ietf.org/html/rfc6797[Strict-Transport-Security] header to the response for any secure request. This allows the server to instruct browsers to automatically use HTTPS for future requests.
 
 
 [[nsa-hsts-attributes]]
@@ -8073,7 +8073,7 @@ The policy for the Referrer-Policy header. Default "no-referrer".
 
 [[nsa-frame-options]]
 ==== 
-When enabled adds the http://tools.ietf.org/html/draft-ietf-websec-x-frame-options[X-Frame-Options header] to the response, this allows newer browsers to do some security checks and prevent http://en.wikipedia.org/wiki/Clickjacking[clickjacking] attacks.
+When enabled adds the https://tools.ietf.org/html/draft-ietf-websec-x-frame-options[X-Frame-Options header] to the response, this allows newer browsers to do some security checks and prevent https://en.wikipedia.org/wiki/Clickjacking[clickjacking] attacks.
 
 
 [[nsa-frame-options-attributes]]
@@ -8128,7 +8128,7 @@ Specify the name of the request parameter to use when using regexp or whitelist
 
 [[nsa-xss-protection]]
 ==== 
-Adds the http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx[X-XSS-Protection header] to the response to assist in protecting against http://en.wikipedia.org/wiki/Cross-site_scripting#Non-Persistent[reflected / Type-1 Cross-Site Scripting (XSS)] attacks. This is in no-way a full protection to XSS attacks!
+Adds the https://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx[X-XSS-Protection header] to the response to assist in protecting against https://en.wikipedia.org/wiki/Cross-site_scripting#Non-Persistent[reflected / Type-1 Cross-Site Scripting (XSS)] attacks. This is in no-way a full protection to XSS attacks!
 
 
 [[nsa-xss-protection-attributes]]
@@ -8137,12 +8137,12 @@ Adds the http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-
 
 [[nsa-xss-protection-disabled]]
 * **xss-protection-disabled**
-Do not include the header for http://en.wikipedia.org/wiki/Cross-site_scripting#Non-Persistent[reflected / Type-1 Cross-Site Scripting (XSS)] protection.
+Do not include the header for https://en.wikipedia.org/wiki/Cross-site_scripting#Non-Persistent[reflected / Type-1 Cross-Site Scripting (XSS)] protection.
 
 
 [[nsa-xss-protection-enabled]]
 * **xss-protection-enabled**
-Explicitly enable or disable http://en.wikipedia.org/wiki/Cross-site_scripting#Non-Persistent[reflected / Type-1 Cross-Site Scripting (XSS)] protection.
+Explicitly enable or disable https://en.wikipedia.org/wiki/Cross-site_scripting#Non-Persistent[reflected / Type-1 Cross-Site Scripting (XSS)] protection.
 
 
 [[nsa-xss-protection-block]]
@@ -8159,7 +8159,7 @@ When true and xss-protection-enabled is true, adds mode=block to the header. Thi
 
 [[nsa-content-type-options]]
 ==== 
-Add the X-Content-Type-Options header with the value of nosniff to the response. This http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx[disables MIME-sniffing] for IE8+ and Chrome extensions.
+Add the X-Content-Type-Options header with the value of nosniff to the response. This https://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx[disables MIME-sniffing] for IE8+ and Chrome extensions.
 
 
 [[nsa-content-type-options-attributes]]
@@ -8248,7 +8248,7 @@ The username that should be assigned to the anonymous request. This allows the p
 
 [[nsa-csrf]]
 ==== 
-This element will add http://en.wikipedia.org/wiki/Cross-site_request_forgery[Cross Site Request Forger (CSRF)] protection to the application. It also updates the default RequestCache to only replay "GET" requests upon successful authentication. Additional information can be found in the <> section of the reference.
+This element will add https://en.wikipedia.org/wiki/Cross-site_request_forgery[Cross Site Request Forger (CSRF)] protection to the application. It also updates the default RequestCache to only replay "GET" requests upon successful authentication. Additional information can be found in the <> section of the reference.
 
 
 [[nsa-csrf-parents]]
@@ -8707,7 +8707,7 @@ A regular expression which will be compared against the claimed identity, when d
 
 [[nsa-openid-attribute]]
 ==== 
-Attributes used when making an OpenID AX http://openid.net/specs/openid-attribute-exchange-1_0.html#fetch_request[ Fetch Request]
+Attributes used when making an OpenID AX https://openid.net/specs/openid-attribute-exchange-1_0.html#fetch_request[ Fetch Request]
 
 
 [[nsa-openid-attribute-parents]]
@@ -8739,7 +8739,7 @@ Specifies if this attribute is required to the OP, but does not error out if the
 
 [[nsa-openid-attribute-type]]
 * **type**
-Specifies the attribute type. For example, http://axschema.org/contact/email. See your OP's documentation for valid attribute types.
+Specifies the attribute type. For example, https://axschema.org/contact/email. See your OP's documentation for valid attribute types.
 
 
 [[nsa-port-mappings]]
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java
index 2a2f77c7d9..8381f2efcb 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java
@@ -108,7 +108,7 @@ import org.springframework.util.Assert;
  * this means that if the LDAP directory is configured to allow unauthenticated access, it
  * might be possible to authenticate as any user just by supplying an empty
  * password. More information on the misuse of unauthenticated access can be found in
- *  draft
+ *  draft
  * -ietf-ldapbis-authmeth-19.txt.
  *
  *
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
index 268be51f6d..a0cb9204a6 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
@@ -51,7 +51,7 @@ import java.util.regex.Pattern;
  * conventions.
  * 
    
  * It will authenticate using the Active Directory 
+ * href="https://msdn.microsoft.com/en-us/library/ms680857%28VS.85%29.aspx">
  * {@code userPrincipalName} or a custom {@link #setSearchFilter(String) searchFilter}
  * in the form {@code username@domain}. If the username does not already end with the
  * domain name, the {@code userPrincipalName} will be built by appending the configured
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java
index 95caaefae3..9d45957fa3 100755
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java
@@ -23,7 +23,7 @@ import javax.naming.ldap.Control;
  * A Password Policy request control.
  * 
    
  * Based on the information in the corresponding  internet draft on LDAP password policy
  *
  * @author Stefan Zoerner
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java
index f7c9ae2a44..86e3240a18 100755
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java
@@ -46,7 +46,7 @@ import org.springframework.dao.DataRetrievalFailureException;
  * @author Luke Taylor
  *
  * @see org.springframework.security.ldap.ppolicy.PasswordPolicyControl
- * @see Stefan
+ * @see Stefan
  * Zoerner's IBM developerworks article on LDAP controls.
  */
 public class PasswordPolicyResponseControl extends PasswordPolicyControl {
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/package-info.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/package-info.java
index 5780575f61..8bbbc99b7a 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/package-info.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/package-info.java
@@ -15,7 +15,7 @@
  */
 /**
  * Implementation of password policy functionality based on the
- * 
+ * 
  * Password Policy for LDAP Directories.
  * 
    
  * This code will not work with servers such as Active Directory, which do not implement this standard.
diff --git a/notice.txt b/notice.txt
index dde652c658..2336a37696 100644
--- a/notice.txt
+++ b/notice.txt
@@ -7,7 +7,7 @@
    must include the following acknowledgement:
 
      "This product includes software developed by Spring Security
-      Project (http://www.springframework.org/security)."
+      Project (https://www.springframework.org/security)."
 
    Alternately, this acknowledgement may appear in the software itself,
    if and wherever such third-party acknowledgements normally appear.
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
index 536174fe61..88b9726c79 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
@@ -249,12 +249,12 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 	 * Maps the return_to url to a realm, for example:
 	 *
 	 * 
    -	 * http://www.example.com/login/openid -> http://www.example.com/realm
+	 * https://www.example.com/login/openid -> https://www.example.com/realm
 	 * 
    
 	 *
 	 * If no mapping is provided then the returnToUrl will be parsed to extract the
 	 * protocol, hostname and port followed by a trailing slash. This means that
-	 * http://www.example.com/login/openid will automatically become
+	 * https://www.example.com/login/openid will automatically become
 	 * http://www.example.com:80/
 	 *
 	 * @param realmMapping containing returnToUrl -> realm mappings
diff --git a/openid/src/main/java/org/springframework/security/openid/package.html b/openid/src/main/java/org/springframework/security/openid/package.html
index c940ab8aee..80e7f0c0f4 100644
--- a/openid/src/main/java/org/springframework/security/openid/package.html
+++ b/openid/src/main/java/org/springframework/security/openid/package.html
@@ -1,5 +1,5 @@
 
 
-Authenticates standard web browser users via OpenID.
+Authenticates standard web browser users via OpenID.
 
 
\ No newline at end of file
diff --git a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
index 85be75fa12..1622c3ff59 100644
--- a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
+++ b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
@@ -36,8 +36,8 @@ import org.springframework.security.web.authentication.SavedRequestAwareAuthenti
 public class OpenIDAuthenticationFilterTests {
 
 	OpenIDAuthenticationFilter filter;
-	private static final String REDIRECT_URL = "http://www.example.com/redirect";
-	private static final String CLAIMED_IDENTITY_URL = "http://www.example.com/identity";
+	private static final String REDIRECT_URL = "https://www.example.com/redirect";
+	private static final String CLAIMED_IDENTITY_URL = "https://www.example.com/identity";
 	private static final String REQUEST_PATH = "/login/openid";
 	private static final String FILTER_PROCESS_URL = "http://localhost:8080"
 			+ REQUEST_PATH;
@@ -95,7 +95,7 @@ public class OpenIDAuthenticationFilterTests {
 	public void encodesUrlParameters() throws Exception {
 		// Arbitrary parameter name and value that will both need to be encoded:
 		String paramName = "foo&bar";
-		String paramValue = "http://example.com/path?a=b&c=d";
+		String paramValue = "https://example.com/path?a=b&c=d";
 		MockHttpServletRequest req = new MockHttpServletRequest("GET", REQUEST_PATH);
 		req.addParameter(paramName, paramValue);
 		filter.setReturnToUrlParameters(Collections.singleton(paramName));
diff --git a/remoting/src/main/java/org/springframework/security/remoting/dns/DnsResolver.java b/remoting/src/main/java/org/springframework/security/remoting/dns/DnsResolver.java
index 63d88a0379..f5d689cc59 100644
--- a/remoting/src/main/java/org/springframework/security/remoting/dns/DnsResolver.java
+++ b/remoting/src/main/java/org/springframework/security/remoting/dns/DnsResolver.java
@@ -57,7 +57,7 @@ public interface DnsResolver {
 	 * number in the DNS record) and if there are more than one records with the same
 	 * priority, it will return the one with the highest weight. You will find more
 	 * informatione about DNS service records at Wikipedia.
+	 * href="https://en.wikipedia.org/wiki/SRV_record">Wikipedia.
 	 *
 	 * @param serviceType The service type you are searching for, e.g. ldap, kerberos, ...
 	 * @param domain The domain, in which you are searching for the service
diff --git a/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java b/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java
index 314d0bfc9c..4f2aee1959 100644
--- a/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java
+++ b/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java
@@ -113,7 +113,7 @@ public class JndiDnsResolverTests {
 		BasicAttribute record = new BasicAttribute("SRV");
 		// the structure of the service records is:
 		// priority weight port hostname
-		// for more information: http://en.wikipedia.org/wiki/SRV_record
+		// for more information: https://en.wikipedia.org/wiki/SRV_record
 		record.add("20 80 389 kdc3.springsource.com.");
 		record.add("10 70 389 kdc.springsource.com.");
 		record.add("20 20 389 kdc4.springsource.com.");
diff --git a/samples/boot/helloworld/src/main/resources/templates/index.html b/samples/boot/helloworld/src/main/resources/templates/index.html
index cf6b234bb9..06df86fb13 100644
--- a/samples/boot/helloworld/src/main/resources/templates/index.html
+++ b/samples/boot/helloworld/src/main/resources/templates/index.html
@@ -1,5 +1,5 @@
 
-
+
     
         Hello Spring Security
         
diff --git a/samples/boot/helloworld/src/main/resources/templates/login.html b/samples/boot/helloworld/src/main/resources/templates/login.html
index d5a8c9520f..cec2b5b0da 100644
--- a/samples/boot/helloworld/src/main/resources/templates/login.html
+++ b/samples/boot/helloworld/src/main/resources/templates/login.html
@@ -1,5 +1,5 @@
 
-
+
     
         Login page
         
diff --git a/samples/boot/helloworld/src/main/resources/templates/user/index.html b/samples/boot/helloworld/src/main/resources/templates/user/index.html
index f0329e7bd6..53dd9319a5 100644
--- a/samples/boot/helloworld/src/main/resources/templates/user/index.html
+++ b/samples/boot/helloworld/src/main/resources/templates/user/index.html
@@ -1,5 +1,5 @@
 
-
+
     
         Hello Spring Security
         
diff --git a/samples/boot/insecure/src/main/resources/templates/index.html b/samples/boot/insecure/src/main/resources/templates/index.html
index edd7137287..ee9ccec618 100644
--- a/samples/boot/insecure/src/main/resources/templates/index.html
+++ b/samples/boot/insecure/src/main/resources/templates/index.html
@@ -1,5 +1,5 @@
 
-
+
     
         Hello Spring Security
         
diff --git a/samples/boot/insecure/src/main/resources/templates/login.html b/samples/boot/insecure/src/main/resources/templates/login.html
index d5a8c9520f..cec2b5b0da 100644
--- a/samples/boot/insecure/src/main/resources/templates/login.html
+++ b/samples/boot/insecure/src/main/resources/templates/login.html
@@ -1,5 +1,5 @@
 
-
+
     
         Login page
         
diff --git a/samples/boot/insecure/src/main/resources/templates/user/index.html b/samples/boot/insecure/src/main/resources/templates/user/index.html
index f00768aab1..3fd4ccc1a3 100644
--- a/samples/boot/insecure/src/main/resources/templates/user/index.html
+++ b/samples/boot/insecure/src/main/resources/templates/user/index.html
@@ -1,5 +1,5 @@
 
-
+
     
         Hello Spring Security
         
diff --git a/samples/javaconfig/form/src/main/resources/views/login.html b/samples/javaconfig/form/src/main/resources/views/login.html
index 18ac1b2b9c..c28c5b2add 100644
--- a/samples/javaconfig/form/src/main/resources/views/login.html
+++ b/samples/javaconfig/form/src/main/resources/views/login.html
@@ -1,4 +1,4 @@
-
+
 	
 		Please Login
 	
diff --git a/samples/javaconfig/hellojs/src/main/resources/resources/js/bootstrap.js b/samples/javaconfig/hellojs/src/main/resources/resources/js/bootstrap.js
index 3c639f57d3..ee5a14587b 100644
--- a/samples/javaconfig/hellojs/src/main/resources/resources/js/bootstrap.js
+++ b/samples/javaconfig/hellojs/src/main/resources/resources/js/bootstrap.js
@@ -1,6 +1,6 @@
 /* ===================================================
  * bootstrap-transition.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#transitions
+ * https://twitter.github.com/bootstrap/javascript.html#transitions
  * ===================================================
  * Copyright 2012 Twitter, Inc.
  *
@@ -23,7 +23,7 @@
   "use strict"; // jshint ;_;
 
 
-  /* CSS TRANSITION SUPPORT (http://www.modernizr.com/)
+  /* CSS TRANSITION SUPPORT (https://www.modernizr.com/)
    * ======================================================= */
 
   $(function () {
@@ -59,7 +59,7 @@
 
 }(window.jQuery);/* ==========================================================
  * bootstrap-alert.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#alerts
+ * https://twitter.github.com/bootstrap/javascript.html#alerts
  * ==========================================================
  * Copyright 2012 Twitter, Inc.
  *
@@ -157,7 +157,7 @@
 
 }(window.jQuery);/* ============================================================
  * bootstrap-button.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#buttons
+ * https://twitter.github.com/bootstrap/javascript.html#buttons
  * ============================================================
  * Copyright 2012 Twitter, Inc.
  *
@@ -261,7 +261,7 @@
 
 }(window.jQuery);/* ==========================================================
  * bootstrap-carousel.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#carousel
+ * https://twitter.github.com/bootstrap/javascript.html#carousel
  * ==========================================================
  * Copyright 2012 Twitter, Inc.
  *
@@ -467,7 +467,7 @@
 
 }(window.jQuery);/* =============================================================
  * bootstrap-collapse.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#collapse
+ * https://twitter.github.com/bootstrap/javascript.html#collapse
  * =============================================================
  * Copyright 2012 Twitter, Inc.
  *
@@ -633,7 +633,7 @@
 
 }(window.jQuery);/* ============================================================
  * bootstrap-dropdown.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#dropdowns
+ * https://twitter.github.com/bootstrap/javascript.html#dropdowns
  * ============================================================
  * Copyright 2012 Twitter, Inc.
  *
@@ -802,7 +802,7 @@
 }(window.jQuery);
 /* =========================================================
  * bootstrap-modal.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#modals
+ * https://twitter.github.com/bootstrap/javascript.html#modals
  * =========================================================
  * Copyright 2012 Twitter, Inc.
  *
@@ -1049,7 +1049,7 @@
 }(window.jQuery);
 /* ===========================================================
  * bootstrap-tooltip.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#tooltips
+ * https://twitter.github.com/bootstrap/javascript.html#tooltips
  * Inspired by the original jQuery.tipsy by Jason Frame
  * ===========================================================
  * Copyright 2012 Twitter, Inc.
@@ -1410,7 +1410,7 @@
 }(window.jQuery);
 /* ===========================================================
  * bootstrap-popover.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#popovers
+ * https://twitter.github.com/bootstrap/javascript.html#popovers
  * ===========================================================
  * Copyright 2012 Twitter, Inc.
  *
@@ -1524,7 +1524,7 @@
 }(window.jQuery);
 /* =============================================================
  * bootstrap-scrollspy.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#scrollspy
+ * https://twitter.github.com/bootstrap/javascript.html#scrollspy
  * =============================================================
  * Copyright 2012 Twitter, Inc.
  *
@@ -1685,7 +1685,7 @@
 
 }(window.jQuery);/* ========================================================
  * bootstrap-tab.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#tabs
+ * https://twitter.github.com/bootstrap/javascript.html#tabs
  * ========================================================
  * Copyright 2012 Twitter, Inc.
  *
@@ -1828,7 +1828,7 @@
 
 }(window.jQuery);/* =============================================================
  * bootstrap-typeahead.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#typeahead
+ * https://twitter.github.com/bootstrap/javascript.html#typeahead
  * =============================================================
  * Copyright 2012 Twitter, Inc.
  *
@@ -2163,7 +2163,7 @@
 }(window.jQuery);
 /* ==========================================================
  * bootstrap-affix.js v2.3.2
- * http://twitter.github.com/bootstrap/javascript.html#affix
+ * https://twitter.github.com/bootstrap/javascript.html#affix
  * ==========================================================
  * Copyright 2012 Twitter, Inc.
  *
diff --git a/samples/javaconfig/hellojs/src/main/resources/resources/js/jquery-1.8.3.js b/samples/javaconfig/hellojs/src/main/resources/resources/js/jquery-1.8.3.js
index e6e07fc6b7..29d7a3efe7 100644
--- a/samples/javaconfig/hellojs/src/main/resources/resources/js/jquery-1.8.3.js
+++ b/samples/javaconfig/hellojs/src/main/resources/resources/js/jquery-1.8.3.js
@@ -1,13 +1,13 @@
 /*!
  * jQuery JavaScript Library v1.8.3
- * http://jquery.com/
+ * https://jquery.com/
  *
  * Includes Sizzle.js
- * http://sizzlejs.com/
+ * https://sizzlejs.com/
  *
  * Copyright 2012 jQuery Foundation and other contributors
  * Released under the MIT license
- * http://jquery.org/license
+ * https://jquery.org/license
  *
  * Date: Tue Nov 13 2012 08:20:33 GMT-0500 (Eastern Standard Time)
  */
@@ -515,7 +515,7 @@ jQuery.extend({
 		}
 
 		// Make sure the incoming data is actual JSON
-		// Logic borrowed from http://json.org/json2.js
+		// Logic borrowed from https://json.org/json2.js
 		if ( rvalidchars.test( data.replace( rvalidescape, "@" )
 			.replace( rvalidtokens, "]" )
 			.replace( rvalidbraces, "")) ) {
@@ -554,7 +554,7 @@ jQuery.extend({
 
 	// Evaluates a script in a global context
 	// Workarounds based on findings by Jim Driscoll
-	// http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context
+	// https://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context
 	globalEval: function( data ) {
 		if ( data && core_rnotwhite.test( data ) ) {
 			// We use execScript on Internet Explorer
@@ -846,7 +846,7 @@ jQuery.ready.promise = function( obj ) {
 
 		// Catch cases where $(document).ready() is called after the browser event has already occurred.
 		// we once tried to use readyState "interactive" here, but it caused issues like the one
-		// discovered by ChrisS here: http://bugs.jquery.com/ticket/12282#comment:15
+		// discovered by ChrisS here: https://bugs.jquery.com/ticket/12282#comment:15
 		if ( document.readyState === "complete" ) {
 			// Handle it asynchronously to allow scripts the opportunity to delay ready
 			setTimeout( jQuery.ready, 1 );
@@ -1945,7 +1945,7 @@ jQuery.fn.extend({
 		});
 	},
 	// Based off of the plugin by Clint Helfers, with permission.
-	// http://blindsignals.com/index.php/2009/07/jquery-delay/
+	// http://blindsignals.com
 	delay: function( time, type ) {
 		time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time;
 		type = type || "fx";
@@ -2452,7 +2452,7 @@ jQuery.extend({
 		tabIndex: {
 			get: function( elem ) {
 				// elem.tabIndex doesn't always return the correct value when it hasn't been explicitly set
-				// http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/
+				// https://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/
 				var attributeNode = elem.getAttributeNode("tabindex");
 
 				return attributeNode && attributeNode.specified ?
@@ -3279,7 +3279,7 @@ function returnTrue() {
 }
 
 // jQuery.Event is based on DOM3 Events as specified by the ECMAScript Language Binding
-// http://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html
+// https://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html
 jQuery.Event.prototype = {
 	preventDefault: function() {
 		this.isDefaultPrevented = returnTrue;
@@ -3664,7 +3664,7 @@ jQuery.each( ("blur focus focusin focusout load resize scroll unload click dblcl
  * Sizzle CSS Selector Engine
  * Copyright 2012 jQuery Foundation and other contributors
  * Released under the MIT license
- * http://sizzlejs.com/
+ * https://sizzlejs.com/
  */
 (function( window, undefined ) {
 
@@ -3731,17 +3731,17 @@ var cachedruns,
 
 	// Regex
 
-	// Whitespace characters http://www.w3.org/TR/css3-selectors/#whitespace
+	// Whitespace characters https://www.w3.org/TR/css3-selectors/#whitespace
 	whitespace = "[\\x20\\t\\r\\n\\f]",
-	// http://www.w3.org/TR/css3-syntax/#characters
+	// https://www.w3.org/TR/css3-syntax/#characters
 	characterEncoding = "(?:\\\\.|[-\\w]|[^\\x00-\\xa0])+",
 
 	// Loosely modeled on CSS identifier characters
-	// An unquoted value should be a CSS identifier (http://www.w3.org/TR/css3-selectors/#attribute-selectors)
-	// Proper syntax: http://www.w3.org/TR/CSS21/syndata.html#value-def-identifier
+	// An unquoted value should be a CSS identifier (https://www.w3.org/TR/css3-selectors/#attribute-selectors)
+	// Proper syntax: https://www.w3.org/TR/CSS21/syndata.html#value-def-identifier
 	identifier = characterEncoding.replace( "w", "w#" ),
 
-	// Acceptable operators http://www.w3.org/TR/selectors/#attribute-selectors
+	// Acceptable operators https://www.w3.org/TR/selectors/#attribute-selectors
 	operators = "([*^$|!~]?=)",
 	attributes = "\\[" + whitespace + "*(" + characterEncoding + ")" + whitespace +
 		"*(?:" + operators + whitespace + "*(?:(['\"])((?:\\\\.|[^\\\\])*?)\\3|(" + identifier + ")|)|)" + whitespace + "*\\]",
@@ -4350,7 +4350,7 @@ Expr = Sizzle.selectors = {
 
 		"PSEUDO": function( pseudo, argument ) {
 			// pseudo-class names are case-insensitive
-			// http://www.w3.org/TR/selectors/#pseudo-classes
+			// https://www.w3.org/TR/selectors/#pseudo-classes
 			// Prioritize by case sensitivity in case custom pseudos are added with uppercase letters
 			// Remember that setFilters inherits from pseudos
 			var args,
@@ -4437,7 +4437,7 @@ Expr = Sizzle.selectors = {
 
 		"checked": function( elem ) {
 			// In CSS3, :checked should return both checked and selected elements
-			// http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked
+			// https://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked
 			var nodeName = elem.nodeName.toLowerCase();
 			return (nodeName === "input" && !!elem.checked) || (nodeName === "option" && !!elem.selected);
 		},
@@ -4457,7 +4457,7 @@ Expr = Sizzle.selectors = {
 		},
 
 		"empty": function( elem ) {
-			// http://www.w3.org/TR/selectors/#empty-pseudo
+			// https://www.w3.org/TR/selectors/#empty-pseudo
 			// :empty is only affected by element nodes and content nodes(including text(3), cdata(4)),
 			//   not comment, processing instructions, or others
 			// Thanks to Diego Perini for the nodeName shortcut
@@ -5202,7 +5202,7 @@ if ( document.querySelectorAll ) {
 			// This is to test IE's treatment of not explictly
 			// setting a boolean content attribute,
 			// since its presence should be enough
-			// http://bugs.jquery.com/ticket/12359
+			// https://bugs.jquery.com/ticket/12359
 			div.innerHTML = "";
 
 			// IE8 - Some boolean attributes are not treated correctly
@@ -5211,7 +5211,7 @@ if ( document.querySelectorAll ) {
 			}
 
 			// Webkit/Opera - :checked should return selected option elements
-			// http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked
+			// https://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked
 			// IE8 throws error here (do not put tests after this one)
 			if ( !div.querySelectorAll(":checked").length ) {
 				rbuggyQSA.push(":checked");
@@ -6478,7 +6478,7 @@ jQuery.extend({
 var matched, browser;
 
 // Use of jQuery.browser is frowned upon.
-// More details: http://api.jquery.com/jQuery.browser
+// More details: https://api.jquery.com/jQuery.browser
 // jQuery.uaMatch maintained for back-compat
 jQuery.uaMatch = function( ua ) {
 	ua = ua.toLowerCase();
@@ -6837,7 +6837,7 @@ if ( window.getComputedStyle ) {
 			// A tribute to the "awesome hack by Dean Edwards"
 			// Chrome < 17 and Safari 5.0 uses "computed value" instead of "used value" for margin-right
 			// Safari 5.1.7 (at least) returns percentage for a larger set of values, but width seems to be reliably pixels
-			// this is against the CSSOM draft spec: http://dev.w3.org/csswg/cssom/#resolved-values
+			// this is against the CSSOM draft spec: https://dev.w3.org/csswg/cssom/#resolved-values
 			if ( rnumnonpx.test( ret ) && rmargin.test( name ) ) {
 				width = style.width;
 				minWidth = style.minWidth;
@@ -8444,7 +8444,7 @@ if ( jQuery.support.ajax ) {
 
 						// Firefox throws exceptions when accessing properties
 						// of an xhr when a network error occurred
-						// http://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_(NS_ERROR_NOT_AVAILABLE)
+						// https://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_(NS_ERROR_NOT_AVAILABLE)
 						try {
 
 							// Was never called and is aborted or complete
diff --git a/samples/javaconfig/hellojs/src/main/resources/resources/js/knockout-2.3.0.js b/samples/javaconfig/hellojs/src/main/resources/resources/js/knockout-2.3.0.js
index 73fd0e2d93..752a084f99 100644
--- a/samples/javaconfig/hellojs/src/main/resources/resources/js/knockout-2.3.0.js
+++ b/samples/javaconfig/hellojs/src/main/resources/resources/js/knockout-2.3.0.js
@@ -1,6 +1,6 @@
 // Knockout JavaScript library v2.3.0
-// (c) Steven Sanderson - http://knockoutjs.com/
-// License: MIT (http://www.opensource.org/licenses/mit-license.php)
+// (c) Steven Sanderson - https://knockoutjs.com/
+// License: MIT (https://www.opensource.org/licenses/mit-license.php)
 
 (function() {function F(q){return function(){return q}};(function(q){var w=this||(0,eval)("this"),s=w.document,H=w.navigator,t=w.jQuery,y=w.JSON;(function(q){"function"===typeof require&&"object"===typeof exports&&"object"===typeof module?q(module.exports||exports):"function"===typeof define&&define.amd?define(["exports"],q):q(w.ko={})})(function(C){function G(b,c,d,f){a.d[b]={init:function(b){a.a.f.set(b,I,{});return{controlsDescendantBindings:!0}},update:function(b,e,m,h,k){m=a.a.f.get(b,I);e=a.a.c(e());h=!d!==!e;var l=!m.fb;if(l||c||h!==m.vb)l&&(m.fb=
 a.a.Oa(a.e.childNodes(b),!0)),h?(l||a.e.P(b,a.a.Oa(m.fb)),a.Ja(f?f(k,e):k,b)):a.e.ba(b),m.vb=h}};a.g.S[b]=!1;a.e.L[b]=!0}function J(b,c,d){d&&c!==a.h.n(b)&&a.h.W(b,c);c!==a.h.n(b)&&a.q.I(a.a.Ga,null,[b,"change"])}var a="undefined"!==typeof C?C:{};a.b=function(b,c){for(var d=b.split("."),f=a,g=0;g=e)try{a.mergeAttributes(s.createElement(""),!1)}catch(c){}},Bb:function(a){9<=e&&(a=1==a.nodeType?a:a.parentNode,a.style&&(a.style.zoom=a.style.zoom))},zb:function(a){if(e){var b=a.style.width;a.style.width=0;a.style.width=
 b}},Qb:function(b,e){b=a.a.c(b);e=a.a.c(e);for(var c=[],d=b;d<=e;d++)c.push(d);return c},N:function(a){for(var b=[],e=0,c=a.length;e
+
   
     SecureMail
     
@@ -66,7 +66,7 @@
 
     
     
     
     
diff --git a/samples/javaconfig/helloworld/src/main/webapp/index.jsp b/samples/javaconfig/helloworld/src/main/webapp/index.jsp
index 4cec889f1f..8b4d7a3983 100644
--- a/samples/javaconfig/helloworld/src/main/webapp/index.jsp
+++ b/samples/javaconfig/helloworld/src/main/webapp/index.jsp
@@ -17,7 +17,7 @@
     
     
     
   
 
diff --git a/samples/javaconfig/messages/src/main/resources/views/layout.html b/samples/javaconfig/messages/src/main/resources/views/layout.html
index 1d56e76cf1..19ca32e283 100644
--- a/samples/javaconfig/messages/src/main/resources/views/layout.html
+++ b/samples/javaconfig/messages/src/main/resources/views/layout.html
@@ -1,6 +1,6 @@
-
+
 
+      xmlns:th="https://www.thymeleaf.org">
   
     SecureMail: <th:block th:include="${title}"></th:block>
     
@@ -68,7 +68,7 @@
 
     
     
     
   
@@ -114,7 +114,7 @@
 
     
   
diff --git a/samples/javaconfig/messages/src/main/resources/views/messages/compose.html b/samples/javaconfig/messages/src/main/resources/views/messages/compose.html
index 959d381eab..4e098d306f 100644
--- a/samples/javaconfig/messages/src/main/resources/views/messages/compose.html
+++ b/samples/javaconfig/messages/src/main/resources/views/messages/compose.html
@@ -1,4 +1,4 @@
-
+
   
       Create
   
diff --git a/samples/javaconfig/messages/src/main/resources/views/messages/inbox.html b/samples/javaconfig/messages/src/main/resources/views/messages/inbox.html
index 939c54a0f1..2b759bd90f 100644
--- a/samples/javaconfig/messages/src/main/resources/views/messages/inbox.html
+++ b/samples/javaconfig/messages/src/main/resources/views/messages/inbox.html
@@ -1,4 +1,4 @@
-
+
   
       View All
   
diff --git a/samples/javaconfig/messages/src/main/resources/views/messages/show.html b/samples/javaconfig/messages/src/main/resources/views/messages/show.html
index 8e8f9774e1..9c04cc7ae9 100644
--- a/samples/javaconfig/messages/src/main/resources/views/messages/show.html
+++ b/samples/javaconfig/messages/src/main/resources/views/messages/show.html
@@ -1,4 +1,4 @@
-
+
   
       Create
   
diff --git a/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
index 002464c63b..0b21d482e9 100644
--- a/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@@ -36,35 +36,35 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 				.authenticationUserDetailsService(new CustomUserDetailsService())
 				.attributeExchange("https://www.google.com/.*")
 					.attribute("email")
-						.type("http://axschema.org/contact/email")
+						.type("https://axschema.org/contact/email")
 						.required(true)
 						.and()
 					.attribute("firstname")
-						.type("http://axschema.org/namePerson/first")
+						.type("https://axschema.org/namePerson/first")
 						.required(true)
 						.and()
 					.attribute("lastname")
-						.type("http://axschema.org/namePerson/last")
+						.type("https://axschema.org/namePerson/last")
 						.required(true)
 						.and()
 					.and()
 				.attributeExchange(".*yahoo.com.*")
 					.attribute("email")
-						.type("http://axschema.org/contact/email")
+						.type("https://axschema.org/contact/email")
 						.required(true)
 						.and()
 					.attribute("fullname")
-						.type("http://axschema.org/namePerson")
+						.type("https://axschema.org/namePerson")
 						.required(true)
 						.and()
 					.and()
 				.attributeExchange(".*myopenid.com.*")
 					.attribute("email")
-						.type("http://schema.openid.net/contact/email")
+						.type("https://schema.openid.net/contact/email")
 						.required(true)
 						.and()
 					.attribute("fullname")
-						.type("http://schema.openid.net/namePerson")
+						.type("https://schema.openid.net/namePerson")
 						.required(true);
 	}
 	// @formatter:on
diff --git a/samples/javaconfig/openid/src/main/resources/resources/js/openid-client/jquery.query-2.1.3.js b/samples/javaconfig/openid/src/main/resources/resources/js/openid-client/jquery.query-2.1.3.js
index 07519d134e..29611c080b 100644
--- a/samples/javaconfig/openid/src/main/resources/resources/js/openid-client/jquery.query-2.1.3.js
+++ b/samples/javaconfig/openid/src/main/resources/resources/js/openid-client/jquery.query-2.1.3.js
@@ -1,7 +1,7 @@
 /**
  * jQuery.query - Query String Modification and Creation for jQuery
  * Written by Blair Mitchelmore (blair DOT mitchelmore AT gmail DOT com)
- * Licensed under the WTFPL (http://sam.zoy.org/wtfpl/).
+ * Licensed under the WTFPL (http://www.wtfpl.net/).
  * Date: 2009/02/08
  *
  * @author Blair Mitchelmore
diff --git a/samples/javaconfig/openid/src/main/resources/resources/js/openid-client/openid-client-config.js b/samples/javaconfig/openid/src/main/resources/resources/js/openid-client/openid-client-config.js
index f8ffd07027..4cb0920c8e 100644
--- a/samples/javaconfig/openid/src/main/resources/resources/js/openid-client/openid-client-config.js
+++ b/samples/javaconfig/openid/src/main/resources/resources/js/openid-client/openid-client-config.js
@@ -1,7 +1,7 @@
 /*
 Defines the base of where the OpenID Provider redirects its response to.
  */
-var server_root = "http://openid-selector.googlecode.com/svn/trunk/"
+var server_root = "https://openid-selector.googlecode.com/svn/trunk/"
 
 /*
 On the server-side you'd accept an OpenID URL and perform discovery
@@ -16,5 +16,5 @@ var providers_endpoint = {
 	google: 'https://www.google.com/accounts/o8/ud',
 	yahoo: 'https://open.login.yahooapis.com/openid/op/auth',
 	aol: 'https://api.screenname.aol.com/auth/openidServer',
-	verisign: 'http://pip.verisignlabs.com/server'
+	verisign: 'https://pip.verisignlabs.com/server'
 }
\ No newline at end of file
diff --git a/samples/javaconfig/openid/src/main/resources/resources/js/openid-client/openid-client.js b/samples/javaconfig/openid/src/main/resources/resources/js/openid-client/openid-client.js
index 92c1d17c87..63f4f75bf6 100644
--- a/samples/javaconfig/openid/src/main/resources/resources/js/openid-client/openid-client.js
+++ b/samples/javaconfig/openid/src/main/resources/resources/js/openid-client/openid-client.js
@@ -41,14 +41,14 @@ function getBaseOpenIDProviderURL(provider, claimed, immediate) {
 	var providerEndpoint = providers_endpoint[provider];
     var providerURL = providerEndpoint; //From previous discovery
     providerURL += "?";
-    providerURL += "openid.ns=" + encodeURIComponent("http://specs.openid.net/auth/2.0");
+    providerURL += "openid.ns=" + encodeURIComponent("https://specs.openid.net/auth/2.0");
     if(providers[provider].label) {
         providerURL += "&openid.claimed_id=" + encodeURIComponent(claimed);
         providerURL += "&openid.identity=" + encodeURIComponent(claimed);    	
     }
     else {
-        providerURL += "&openid.claimed_id=" + encodeURIComponent("http://specs.openid.net/auth/2.0/identifier_select");
-        providerURL += "&openid.identity=" + encodeURIComponent("http://specs.openid.net/auth/2.0/identifier_select");
+        providerURL += "&openid.claimed_id=" + encodeURIComponent("https://specs.openid.net/auth/2.0/identifier_select");
+        providerURL += "&openid.identity=" + encodeURIComponent("https://specs.openid.net/auth/2.0/identifier_select");
     }
     if(immediate) {
         providerURL += "&openid.return_to=" + encodeURIComponent(server_root + "openid-client/checkid_immediate_response.html");
diff --git a/samples/javaconfig/openid/src/main/resources/resources/js/openid-jquery.js b/samples/javaconfig/openid/src/main/resources/resources/js/openid-jquery.js
index 82a19ec24d..e46d233e33 100644
--- a/samples/javaconfig/openid/src/main/resources/resources/js/openid-jquery.js
+++ b/samples/javaconfig/openid/src/main/resources/resources/js/openid-jquery.js
@@ -1,6 +1,6 @@
 /*
 Simple OpenID Plugin
-http://code.google.com/p/openid-selector/
+https://code.google.com/p/openid-selector/
 
 This code is licenced under the New BSD License.
 */
@@ -17,7 +17,7 @@ var providers_large = {
     aol: {
         name: 'AOL',
         label: 'Enter your AOL screenname.',
-        url: 'http://openid.aol.com/{username}'
+        url: 'https://openid.aol.com/{username}'
     },
     verisign: {
         name: 'Verisign',
@@ -44,12 +44,12 @@ var providers_small = {
     flickr: {
         name: 'Flickr',
         label: 'Enter your Flickr username.',
-        url: 'http://flickr.com/{username}/'
+        url: 'https://flickr.com/{username}/'
     },
     technorati: {
         name: 'Technorati',
         label: 'Enter your Technorati username.',
-        url: 'http://technorati.com/people/technorati/{username}/'
+        url: 'https://technorati.com/people/technorati/{username}/'
     },
     wordpress: {
         name: 'Wordpress',
@@ -69,7 +69,7 @@ var providers_small = {
     claimid: {
         name: 'ClaimID',
         label: 'Your ClaimID username',
-        url: 'http://claimid.com/{username}'
+        url: 'https://claimid.com/{username}'
     }
 };
 var providers = $.extend({}, providers_large, providers_small);
diff --git a/samples/javaconfig/openid/src/main/resources/views/login.html b/samples/javaconfig/openid/src/main/resources/views/login.html
index fb3aadb6e5..0d46e3b163 100644
--- a/samples/javaconfig/openid/src/main/resources/views/login.html
+++ b/samples/javaconfig/openid/src/main/resources/views/login.html
@@ -1,4 +1,4 @@
-
+
   
     Messages : Login
     
@@ -28,7 +28,7 @@
                 
                 
 	        
 	    
diff --git a/samples/javaconfig/openid/src/main/resources/views/user/show.html b/samples/javaconfig/openid/src/main/resources/views/user/show.html
index 9f2dc81bc5..d2a14f7ad4 100644
--- a/samples/javaconfig/openid/src/main/resources/views/user/show.html
+++ b/samples/javaconfig/openid/src/main/resources/views/user/show.html
@@ -1,4 +1,4 @@
-
+
   
     Messages : Login
     
diff --git a/samples/javaconfig/preauth/src/main/resources/views/login.html b/samples/javaconfig/preauth/src/main/resources/views/login.html
index 32e355ed04..225e08832b 100644
--- a/samples/javaconfig/preauth/src/main/resources/views/login.html
+++ b/samples/javaconfig/preauth/src/main/resources/views/login.html
@@ -1,4 +1,4 @@
-
+
     
         Please Login
     
diff --git a/samples/javaconfig/rememberme/src/main/resources/views/login.html b/samples/javaconfig/rememberme/src/main/resources/views/login.html
index f807b051ea..55b40468e3 100644
--- a/samples/javaconfig/rememberme/src/main/resources/views/login.html
+++ b/samples/javaconfig/rememberme/src/main/resources/views/login.html
@@ -1,4 +1,4 @@
-
+
 	
 		Please Login
 	
diff --git a/samples/javaconfig/x509/src/main/webapp/WEB-INF/decorators/main.jsp b/samples/javaconfig/x509/src/main/webapp/WEB-INF/decorators/main.jsp
index 29e25eb9d0..20726cb81e 100644
--- a/samples/javaconfig/x509/src/main/webapp/WEB-INF/decorators/main.jsp
+++ b/samples/javaconfig/x509/src/main/webapp/WEB-INF/decorators/main.jsp
@@ -2,8 +2,8 @@
 
     
   
 
diff --git a/samples/javaconfig/x509/src/main/webapp/WEB-INF/web.xml- b/samples/javaconfig/x509/src/main/webapp/WEB-INF/web.xml-
index c6fe21d9b3..b87ff75318 100644
--- a/samples/javaconfig/x509/src/main/webapp/WEB-INF/web.xml-
+++ b/samples/javaconfig/x509/src/main/webapp/WEB-INF/web.xml-
@@ -1,7 +1,7 @@
 
 
+    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee https://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
 
     
         FORM
diff --git a/samples/xml/contacts/src/main/webapp/WEB-INF/jsp/frames.jsp b/samples/xml/contacts/src/main/webapp/WEB-INF/jsp/frames.jsp
index 96e928967d..cf3ad2066a 100644
--- a/samples/xml/contacts/src/main/webapp/WEB-INF/jsp/frames.jsp
+++ b/samples/xml/contacts/src/main/webapp/WEB-INF/jsp/frames.jsp
@@ -3,8 +3,8 @@
 Frames
 
 
-
    This contains frames, but the frames will not be loaded due to the X-Frame-Options
-being specified as denied. This protects against clickjacking attacks
    
+
    This contains frames, but the frames will not be loaded due to the X-Frame-Options
+being specified as denied. This protects against clickjacking attacks
    
 
 
 
\ No newline at end of file
diff --git a/samples/xml/contacts/src/main/webapp/WEB-INF/spring.tld b/samples/xml/contacts/src/main/webapp/WEB-INF/spring.tld
index 1bc7091f03..9580c330a8 100644
--- a/samples/xml/contacts/src/main/webapp/WEB-INF/spring.tld
+++ b/samples/xml/contacts/src/main/webapp/WEB-INF/spring.tld
@@ -1,5 +1,5 @@
 
-
+
 
 
 
diff --git a/samples/xml/helloworld/src/main/webapp/index.jsp b/samples/xml/helloworld/src/main/webapp/index.jsp
index 4cec889f1f..8b4d7a3983 100644
--- a/samples/xml/helloworld/src/main/webapp/index.jsp
+++ b/samples/xml/helloworld/src/main/webapp/index.jsp
@@ -17,7 +17,7 @@
     
     
     
   
 
diff --git a/samples/xml/insecure/src/main/webapp/index.jsp b/samples/xml/insecure/src/main/webapp/index.jsp
index f07b5771c5..431136a503 100644
--- a/samples/xml/insecure/src/main/webapp/index.jsp
+++ b/samples/xml/insecure/src/main/webapp/index.jsp
@@ -17,7 +17,7 @@
     
     
     
   
 
diff --git a/samples/xml/openid/src/main/webapp/js/openid-client/jquery.query-2.1.3.js b/samples/xml/openid/src/main/webapp/js/openid-client/jquery.query-2.1.3.js
index 07519d134e..29611c080b 100644
--- a/samples/xml/openid/src/main/webapp/js/openid-client/jquery.query-2.1.3.js
+++ b/samples/xml/openid/src/main/webapp/js/openid-client/jquery.query-2.1.3.js
@@ -1,7 +1,7 @@
 /**
  * jQuery.query - Query String Modification and Creation for jQuery
  * Written by Blair Mitchelmore (blair DOT mitchelmore AT gmail DOT com)
- * Licensed under the WTFPL (http://sam.zoy.org/wtfpl/).
+ * Licensed under the WTFPL (http://www.wtfpl.net/).
  * Date: 2009/02/08
  *
  * @author Blair Mitchelmore
diff --git a/samples/xml/openid/src/main/webapp/js/openid-client/openid-client-config.js b/samples/xml/openid/src/main/webapp/js/openid-client/openid-client-config.js
index f8ffd07027..4cb0920c8e 100644
--- a/samples/xml/openid/src/main/webapp/js/openid-client/openid-client-config.js
+++ b/samples/xml/openid/src/main/webapp/js/openid-client/openid-client-config.js
@@ -1,7 +1,7 @@
 /*
 Defines the base of where the OpenID Provider redirects its response to.
  */
-var server_root = "http://openid-selector.googlecode.com/svn/trunk/"
+var server_root = "https://openid-selector.googlecode.com/svn/trunk/"
 
 /*
 On the server-side you'd accept an OpenID URL and perform discovery
@@ -16,5 +16,5 @@ var providers_endpoint = {
 	google: 'https://www.google.com/accounts/o8/ud',
 	yahoo: 'https://open.login.yahooapis.com/openid/op/auth',
 	aol: 'https://api.screenname.aol.com/auth/openidServer',
-	verisign: 'http://pip.verisignlabs.com/server'
+	verisign: 'https://pip.verisignlabs.com/server'
 }
\ No newline at end of file
diff --git a/samples/xml/openid/src/main/webapp/js/openid-client/openid-client.js b/samples/xml/openid/src/main/webapp/js/openid-client/openid-client.js
index 92c1d17c87..63f4f75bf6 100644
--- a/samples/xml/openid/src/main/webapp/js/openid-client/openid-client.js
+++ b/samples/xml/openid/src/main/webapp/js/openid-client/openid-client.js
@@ -41,14 +41,14 @@ function getBaseOpenIDProviderURL(provider, claimed, immediate) {
 	var providerEndpoint = providers_endpoint[provider];
     var providerURL = providerEndpoint; //From previous discovery
     providerURL += "?";
-    providerURL += "openid.ns=" + encodeURIComponent("http://specs.openid.net/auth/2.0");
+    providerURL += "openid.ns=" + encodeURIComponent("https://specs.openid.net/auth/2.0");
     if(providers[provider].label) {
         providerURL += "&openid.claimed_id=" + encodeURIComponent(claimed);
         providerURL += "&openid.identity=" + encodeURIComponent(claimed);    	
     }
     else {
-        providerURL += "&openid.claimed_id=" + encodeURIComponent("http://specs.openid.net/auth/2.0/identifier_select");
-        providerURL += "&openid.identity=" + encodeURIComponent("http://specs.openid.net/auth/2.0/identifier_select");
+        providerURL += "&openid.claimed_id=" + encodeURIComponent("https://specs.openid.net/auth/2.0/identifier_select");
+        providerURL += "&openid.identity=" + encodeURIComponent("https://specs.openid.net/auth/2.0/identifier_select");
     }
     if(immediate) {
         providerURL += "&openid.return_to=" + encodeURIComponent(server_root + "openid-client/checkid_immediate_response.html");
diff --git a/samples/xml/openid/src/main/webapp/js/openid-jquery.js b/samples/xml/openid/src/main/webapp/js/openid-jquery.js
index 3a333daa60..e64a7ea90a 100644
--- a/samples/xml/openid/src/main/webapp/js/openid-jquery.js
+++ b/samples/xml/openid/src/main/webapp/js/openid-jquery.js
@@ -1,6 +1,6 @@
 /*
 Simple OpenID Plugin
-http://code.google.com/p/openid-selector/
+https://code.google.com/p/openid-selector/
 
 This code is licenced under the New BSD License.
 */
@@ -17,7 +17,7 @@ var providers_large = {
     aol: {
         name: 'AOL',     
         label: 'Enter your AOL screenname.',
-        url: 'http://openid.aol.com/{username}'
+        url: 'https://openid.aol.com/{username}'
     },
     verisign: {
         name: 'Verisign',
@@ -44,12 +44,12 @@ var providers_small = {
     flickr: {
         name: 'Flickr',        
         label: 'Enter your Flickr username.',
-        url: 'http://flickr.com/{username}/'
+        url: 'https://flickr.com/{username}/'
     },
     technorati: {
         name: 'Technorati',
         label: 'Enter your Technorati username.',
-        url: 'http://technorati.com/people/technorati/{username}/'
+        url: 'https://technorati.com/people/technorati/{username}/'
     },
     wordpress: {
         name: 'Wordpress',
@@ -69,7 +69,7 @@ var providers_small = {
     claimid: {
         name: 'ClaimID',
         label: 'Your ClaimID username',
-        url: 'http://claimid.com/{username}'
+        url: 'https://claimid.com/{username}'
     }
 };
 var providers = $.extend({}, providers_large, providers_small);
diff --git a/samples/xml/openid/src/main/webapp/openidlogin.jsp b/samples/xml/openid/src/main/webapp/openidlogin.jsp
index 8abc898910..17fde568ff 100644
--- a/samples/xml/openid/src/main/webapp/openidlogin.jsp
+++ b/samples/xml/openid/src/main/webapp/openidlogin.jsp
@@ -1,7 +1,7 @@
 <%@ taglib prefix='c' uri='http://java.sun.com/jsp/jstl/core' %>
 <%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
 
-
+
 
 
     OpenID Login
@@ -55,7 +55,7 @@
             
             
     
 
diff --git a/taglibs/src/main/resources/META-INF/security.tld b/taglibs/src/main/resources/META-INF/security.tld
index 043f30e36f..b9986f8903 100644
--- a/taglibs/src/main/resources/META-INF/security.tld
+++ b/taglibs/src/main/resources/META-INF/security.tld
@@ -16,7 +16,7 @@
 -->
 
     Spring Security Authorization Tag Library
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
index 3f8427ff8d..5f7cf4b839 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
@@ -245,7 +245,7 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 	 * current invocation.
 	 * 
    
 	 * It strips any parameters from the "path" section of the request URL (such as the
-	 * jsessionid parameter in http://host/myapp/index.html;jsessionid=blah)
+	 * jsessionid parameter in https://host/myapp/index.html;jsessionid=blah)
 	 * before matching against the filterProcessesUrl property.
 	 * 
    
 	 * Subclasses may override for special requirements, such as Tapestry integration.
diff --git a/web/src/main/java/org/springframework/security/web/authentication/RememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/RememberMeServices.java
index cf7c1fd212..2dd1464e7f 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/RememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/RememberMeServices.java
@@ -34,8 +34,8 @@ import org.springframework.security.core.Authentication;
  * 
    
  * Implementations may implement any type of remember-me capability they wish. Rolling
  * cookies (as per 
- * http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice) can
+ * href="https://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice">
+ * https://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice) can
  * be used, as can simple implementations that don't require a persistent store.
  * Implementations also determine the validity period of a remember-me cookie. This
  * interface has been designed to accommodate any of these remember-me models.
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java
index 05d5b897a2..4769060bc8 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java
@@ -22,7 +22,7 @@ import org.springframework.util.Assert;
 /**
  * A simple pre-authenticated filter which obtains the username from request attributes,
  * for use with SSO systems such as
- * Stanford WebAuth or
+ * Stanford WebAuth or
  * Shibboleth.
  * 
    
  * As with most pre-authenticated scenarios, it is essential that the external
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/package-info.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/package-info.java
index 370fccc067..b45f6feb1c 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/package-info.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/package-info.java
@@ -17,7 +17,7 @@
  * Support for remembering a user between different web sessions.
  * 
    
  * Comes with two default implementations. See the
- * Remember-Me
+ * Remember-Me
  * Authentication chapter of the reference manual.
  */
 package org.springframework.security.web.authentication.rememberme;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
index 8db52dfcbb..0131386781 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
@@ -57,7 +57,7 @@ import org.springframework.web.filter.GenericFilterBean;
  * SecurityContextHolder.
  * 
    
  * For a detailed background on what this filter is designed to process, refer to
- * RFC 2617 (which superseded RFC 2069,
+ * RFC 2617 (which superseded RFC 2069,
  * although this filter support clients that implement either RFC 2617 or RFC 2069).
  * 
    
  * This filter can be used to provide Digest authentication services to both remoting
diff --git a/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java b/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java
index deac47bd00..b08ad8c1af 100644
--- a/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java
+++ b/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java
@@ -252,7 +252,7 @@ public abstract class AbstractSecurityWebApplicationInitializer
 	 *
 	 * 
    
 	 * Note that {@link SessionTrackingMode#URL} is intentionally omitted to help
-	 * protected against session
+	 * protected against session
 	 * fixation attacks. {@link SessionTrackingMode#SSL} is omitted because SSL
 	 * configuration is required for this to work.
 	 * 
    
diff --git a/web/src/main/java/org/springframework/security/web/firewall/DefaultHttpFirewall.java b/web/src/main/java/org/springframework/security/web/firewall/DefaultHttpFirewall.java
index 5d57500a73..c7efac6b90 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/DefaultHttpFirewall.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/DefaultHttpFirewall.java
@@ -27,7 +27,7 @@ import javax.servlet.http.HttpServletResponse;
  * Default implementation which wraps requests in order to provide consistent
  * values of the {@code servletPath} and {@code pathInfo}, which do not contain
  * path parameters (as defined in
- * RFC 2396). Different
+ * RFC 2396). Different
  * servlet containers interpret the servlet spec differently as to how path
  * parameters are treated and it is possible they might be added in order to
  * bypass particular security constraints. When using this implementation, they
diff --git a/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java b/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java
index 1b6608fe8d..a5a1d76b35 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java
@@ -30,7 +30,7 @@ import java.util.*;
  * and extra consecutive '/' characters.
  *
  * 
    Path Parameters
     Parameters (as defined in RFC 2396) are stripped from the path
+ * href="https://www.ietf.org/rfc/rfc2396.txt">RFC 2396) are stripped from the path
  * segments of the {@code servletPath} and {@code pathInfo} values of the request.
  * 
    
  * The parameter sequence is demarcated by a semi-colon, so each segment is checked for
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
index d8c04727ea..52accbad5c 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/HpkpHeaderWriter.java
@@ -29,16 +29,16 @@ import java.util.LinkedHashMap;
 import java.util.Map;
 
 /**
- * Provides support for HTTP Public Key Pinning (HPKP).
+ * Provides support for HTTP Public Key Pinning (HPKP).
  *
  * 
    
- * Since Section 4.1 states
+ * Since Section 4.1 states
  * that a value on the order of 60 days (5,184,000 seconds) may be considered a good balance,
  * we use this value as the default. This can be customized using {@link #setMaxAgeInSeconds(long)}.
  * 
    
  *
  * 
    
- * Because Appendix B recommends
+ * Because Appendix B recommends
  * that operators should first deploy public key pinning by using the report-only mode,
  * we opted to use this mode as default. This can be customized using {@link #setReportOnly(boolean)}.
  * 
    
@@ -84,7 +84,7 @@ import java.util.Map;
  * Public-Key-Pins: max-age=5184000;
  * 		pin-sha256="E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=";
  * 		pin-sha256="LPJNul+wow4m6DsqxbninhsWHlwfp0JecwQzYpOLmCQ=";
- * 		report-uri="http://example.com/pkp-report"
+ * 		report-uri="https://example.com/pkp-report"
  *
  * Public-Key-Pins-Report-Only: max-age=5184000;
  * 		pin-sha256="E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=";
@@ -193,7 +193,7 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 	 * 
    
 	 * The pin directive specifies a way for web host operators to indicate
 	 * a cryptographic identity that should be bound to a given web host.
-	 * See Section 2.1.1 for additional details.
+	 * See Section 2.1.1 for additional details.
 	 * 
    
 	 *
 	 * 
    
@@ -229,7 +229,7 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 	 * 
    
 	 * The pin directive specifies a way for web host operators to indicate
 	 * a cryptographic identity that should be bound to a given web host.
-	 * See Section 2.1.1 for additional details.
+	 * See Section 2.1.1 for additional details.
 	 * 
    
 	 *
 	 * 
    
@@ -263,7 +263,7 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 	 *
 	 * 
    
 	 * This instructs browsers how long they should regard the host (from whom the message was received)
-	 * as a known pinned host. See Section
+	 * as a known pinned host. See Section
 	 * 2.1.2 for additional details.
 	 * 
    
 	 *
@@ -300,7 +300,7 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 	 * 
    
 	 *
 	 * 
    
-	 * See Section 2.1.3
+	 * See Section 2.1.3
 	 * for additional details.
 	 * 
    
 	 *
@@ -330,7 +330,7 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 	 * 
    
 	 *
 	 * 
    
-	 * See Section 2.1
+	 * See Section 2.1
 	 * for additional details.
 	 * 
    
 	 *
@@ -356,7 +356,7 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 	 * 
    
 	 *
 	 * 
    
-	 * See Section 2.1.4
+	 * See Section 2.1.4
 	 * for additional details.
 	 * 
    
 	 *
@@ -387,7 +387,7 @@ public final class HpkpHeaderWriter implements HeaderWriter {
 	 * 
    
 	 *
 	 * 
    
-	 * See Section 2.1.4
+	 * See Section 2.1.4
 	 * for additional details.
 	 * 
    
 	 *
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java
index f4d633bf75..5e898e0bdb 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/HstsHeaderWriter.java
@@ -26,7 +26,7 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 
 /**
- * Provides support for HTTP Strict Transport
+ * Provides support for HTTP Strict Transport
  * Security (HSTS).
  *
  * 
    
@@ -36,7 +36,7 @@ import org.springframework.util.Assert;
  * 
    
  *
  * 
    
- * Since section 7.2 states
+ * Since section 7.2 states
  * that HSTS Host MUST NOT include the STS header in HTTP responses, the default behavior
  * is that the "Strict-Transport-Security" will only be added when
  * {@link HttpServletRequest#isSecure()} returns {@code true} . At times this may need to
@@ -154,7 +154,7 @@ public final class HstsHeaderWriter implements HeaderWriter {
 	 *
 	 * 
    
 	 * This instructs browsers how long to remember to keep this domain as a known HSTS
-	 * Host. See Section
+	 * Host. See Section
 	 * 6.1.1 for additional details.
 	 * 
    
 	 *
@@ -177,7 +177,7 @@ public final class HstsHeaderWriter implements HeaderWriter {
 	 * 
    
 	 *
 	 * 
    
-	 * See Section 6.1.2
+	 * See Section 6.1.2
 	 * for additional details.
 	 * 
    
 	 *
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java
index d93015d415..5b4a87527b 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java
@@ -22,7 +22,7 @@ import org.springframework.security.web.header.HeaderWriter;
 
 /**
  * Renders the X-XSS-Protection header.
  *
  * @author Rob Winch
diff --git a/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java b/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java
index 11e4e7cc1b..c542b070c9 100644
--- a/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java
@@ -36,7 +36,7 @@ public class DefaultRedirectStrategyTests {
 		request.setContextPath("/context");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
-		rds.sendRedirect(request, response, "http://context.blah.com/context/remainder");
+		rds.sendRedirect(request, response, "https://context.blah.com/context/remainder");
 
 		assertThat(response.getRedirectedUrl()).isEqualTo("remainder");
 	}
@@ -52,7 +52,7 @@ public class DefaultRedirectStrategyTests {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
 		rds.sendRedirect(request, response,
-				"http://http://context.blah.com/context/remainder");
+				"https://http://context.blah.com/context/remainder");
 
 		assertThat(response.getRedirectedUrl()).isEqualTo("remainder");
 	}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java
index 1e207c65ed..91ed96eb0b 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandlerTests.java
@@ -33,7 +33,7 @@ public class SavedRequestAwareAuthenticationSuccessHandlerTests {
 		SavedRequestAwareAuthenticationSuccessHandler handler = new SavedRequestAwareAuthenticationSuccessHandler();
 
 		handler.setDefaultTargetUrl("/acceptableRelativeUrl");
-		handler.setDefaultTargetUrl("http://some.site.org/index.html");
+		handler.setDefaultTargetUrl("https://some.site.org/index.html");
 		handler.setDefaultTargetUrl("https://some.site.org/index.html");
 
 		try {
diff --git a/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java
index 0769e537af..775f4251d3 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java
@@ -81,10 +81,10 @@ public class SimpleUrlAuthenticationSuccessHandlerTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		ash.setUseReferer(true);
-		request.addHeader("Referer", "http://www.springsource.com/");
+		request.addHeader("Referer", "https://www.springsource.com/");
 
 		ash.onAuthenticationSuccess(request, response, mock(Authentication.class));
-		assertThat(response.getRedirectedUrl()).isEqualTo("http://www.springsource.com/");
+		assertThat(response.getRedirectedUrl()).isEqualTo("https://www.springsource.com/");
 	}
 
 	/**
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
index f04c93f254..68c0a4a1cb 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
@@ -101,13 +101,13 @@ public class AbstractRememberMeServicesTests {
 
 	@Test
 	public void cookieWithOpenIDidentifierAsNameIsEncodedAndDecoded() throws Exception {
-		String[] cookie = new String[] { "http://id.openid.zz", "cookie", "tokens",
+		String[] cookie = new String[] { "https://id.openid.zz", "cookie", "tokens",
 			"blah" };
 		MockRememberMeServices services = new MockRememberMeServices(uds);
 
 		String[] decoded = services.decodeCookie(services.encodeCookie(cookie));
 		assertThat(decoded).hasSize(4);
-		assertThat(decoded[0]).isEqualTo("http://id.openid.zz");
+		assertThat(decoded[0]).isEqualTo("https://id.openid.zz");
 
 		// Check https (SEC-1410)
 		cookie[0] = "https://id.openid.zz";
diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
index a3e8f73cf4..56459dfd5f 100644
--- a/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
@@ -330,7 +330,7 @@ public class CsrfFilterTests {
 
 	/**
 	 * SEC-2292 Should not allow other cases through since spec states HTTP method is case
-	 * sensitive http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.1
+	 * sensitive https://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.1
 	 * @throws Exception if an error occurs
 	 *
 	 */
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java
index c0999a15c0..5925cb5ae6 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java
@@ -142,25 +142,25 @@ public class HpkpHeaderWriterTests {
 	@Test
 	public void writeHeadersTerminateConnectionWithURI() throws URISyntaxException {
 		writer.setReportOnly(false);
-		writer.setReportUri(new URI("http://example.com/pkp-report"));
+		writer.setReportUri(new URI("https://example.com/pkp-report"));
 
 		writer.writeHeaders(request, response);
 
 		assertThat(response.getHeaderNames()).hasSize(1);
 		assertThat(response.getHeader("Public-Key-Pins")).isEqualTo(
-				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"http://example.com/pkp-report\"");
+				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.com/pkp-report\"");
 	}
 
 	@Test
 	public void writeHeadersTerminateConnectionWithURIAsString() throws URISyntaxException {
 		writer.setReportOnly(false);
-		writer.setReportUri("http://example.com/pkp-report");
+		writer.setReportUri("https://example.com/pkp-report");
 
 		writer.writeHeaders(request, response);
 
 		assertThat(response.getHeaderNames()).hasSize(1);
 		assertThat(response.getHeader("Public-Key-Pins")).isEqualTo(
-				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"http://example.com/pkp-report\"");
+				"max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\" ; report-uri=\"https://example.com/pkp-report\"");
 	}
 
 	@Test
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java
index ae928b7d54..bacc63c825 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java
@@ -45,13 +45,13 @@ public class RegExpAllowFromStrategyTests {
 		strategy.setAllowFromParameterName("from");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 
-		request.setParameter("from", "http://abc.test.com");
+		request.setParameter("from", "http://www.test.com");
 		String result1 = strategy.getAllowFromValue(request);
-		assertThat(result1).isEqualTo("http://abc.test.com");
+		assertThat(result1).isEqualTo("http://www.test.com");
 
-		request.setParameter("from", "http://foo.test.com");
+		request.setParameter("from", "http://abc.test.com");
 		String result2 = strategy.getAllowFromValue(request);
-		assertThat(result2).isEqualTo("http://foo.test.com");
+		assertThat(result2).isEqualTo("http://abc.test.com");
 
 		request.setParameter("from", "http://test.foobar.com");
 		String result3 = strategy.getAllowFromValue(request);
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategyTests.java
index e3e250d07d..7d38c3b36f 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategyTests.java
@@ -33,7 +33,7 @@ public class StaticAllowFromStrategyTests {
 
 	@Test
 	public void shouldReturnUri() {
-		String uri = "http://www.test.com";
+		String uri = "https://www.test.com";
 		StaticAllowFromStrategy strategy = new StaticAllowFromStrategy(URI.create(uri));
 		assertThat(strategy.getAllowFromValue(new MockHttpServletRequest())).isEqualTo(uri);
 	}
diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java
index da69a738c3..48e77b9458 100644
--- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java
@@ -46,38 +46,38 @@ public class WhiteListedAllowFromStrategyTests {
 	@Test
 	public void listWithSingleElementShouldMatch() {
 		List allowed = new ArrayList();
-		allowed.add("http://www.test.com");
+		allowed.add("https://www.test.com");
 		WhiteListedAllowFromStrategy strategy = new WhiteListedAllowFromStrategy(allowed);
 		strategy.setAllowFromParameterName("from");
 		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.setParameter("from", "http://www.test.com");
+		request.setParameter("from", "https://www.test.com");
 
 		String result = strategy.getAllowFromValue(request);
-		assertThat(result).isEqualTo("http://www.test.com");
+		assertThat(result).isEqualTo("https://www.test.com");
 	}
 
 	@Test
 	public void listWithMultipleElementShouldMatch() {
 		List allowed = new ArrayList();
-		allowed.add("http://www.test.com");
-		allowed.add("http://www.springsource.org");
+		allowed.add("https://www.test.com");
+		allowed.add("https://www.springsource.org");
 		WhiteListedAllowFromStrategy strategy = new WhiteListedAllowFromStrategy(allowed);
 		strategy.setAllowFromParameterName("from");
 		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.setParameter("from", "http://www.test.com");
+		request.setParameter("from", "https://www.test.com");
 
 		String result = strategy.getAllowFromValue(request);
-		assertThat(result).isEqualTo("http://www.test.com");
+		assertThat(result).isEqualTo("https://www.test.com");
 	}
 
 	@Test
 	public void listWithSingleElementShouldNotMatch() {
 		List allowed = new ArrayList();
-		allowed.add("http://www.test.com");
+		allowed.add("https://www.test.com");
 		WhiteListedAllowFromStrategy strategy = new WhiteListedAllowFromStrategy(allowed);
 		strategy.setAllowFromParameterName("from");
 		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.setParameter("from", "http://www.test123.com");
+		request.setParameter("from", "https://www.test123.com");
 
 		String result = strategy.getAllowFromValue(request);
 		assertThat(result).isEqualTo("DENY");
@@ -86,7 +86,7 @@ public class WhiteListedAllowFromStrategyTests {
 	@Test
 	public void requestWithoutParameterShouldNotMatch() {
 		List allowed = new ArrayList();
-		allowed.add("http://www.test.com");
+		allowed.add("https://www.test.com");
 		WhiteListedAllowFromStrategy strategy = new WhiteListedAllowFromStrategy(allowed);
 		strategy.setAllowFromParameterName("from");
 		MockHttpServletRequest request = new MockHttpServletRequest();