Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-22 12:02:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Manual URL Cleanup

Browse Source
This commit is contained in:
Joe Grandja 2019-03-28 14:37:42 -04:00
parent 7bd7843c65
commit d3840c262d
18 changed files with 475 additions and 483 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java
View File

@ -119,7 +119,7 @@ public class OpenIDConfigTests {
OpenIDAuthenticationFilter openIDFilter = getFilter(OpenIDAuthenticationFilter.class); OpenIDAuthenticationFilter openIDFilter = getFilter(OpenIDAuthenticationFilter.class);
String openIdEndpointUrl = "http://testopenid.com?openid.return_to="; String openIdEndpointUrl = "https://testopenid.com?openid.return_to=";
Set<String> returnToUrlParameters = new HashSet<>(); Set<String> returnToUrlParameters = new HashSet<>();
returnToUrlParameters.add(AbstractRememberMeServices.DEFAULT_PARAMETER); returnToUrlParameters.add(AbstractRememberMeServices.DEFAULT_PARAMETER);
openIDFilter.setReturnToUrlParameters(returnToUrlParameters); openIDFilter.setReturnToUrlParameters(returnToUrlParameters);
@ -142,7 +142,7 @@ public class OpenIDConfigTests {
.andExpect(content().string(containsString(AbstractRememberMeServices.DEFAULT_PARAMETER))); .andExpect(content().string(containsString(AbstractRememberMeServices.DEFAULT_PARAMETER)));
this.mvc.perform(get("/login/openid") this.mvc.perform(get("/login/openid")
.param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, "http://ww1.openid.com") .param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, "https://ww1.openid.com")
.param(AbstractRememberMeServices.DEFAULT_PARAMETER, "on")) .param(AbstractRememberMeServices.DEFAULT_PARAMETER, "on"))
.andExpect(status().isFound()) .andExpect(status().isFound())
.andExpect(redirectedUrl(openIdEndpointUrl + expectedReturnTo)); .andExpect(redirectedUrl(openIdEndpointUrl + expectedReturnTo));

16
crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
View File

@ -44,8 +44,8 @@ public final class Base64 {
/** /**
* Encode using Base64-like encoding that is URL- and Filename-safe as described in * Encode using Base64-like encoding that is URL- and Filename-safe as described in
* Section 4 of RFC3548: <a * Section 4 of RFC3548: <a
* href="http://www.faqs.org/rfcs/rfc3548.html">https://www.faqs * href="https://tools.ietf.org/html/rfc3548">https://tools.ietf.org/html/rfc3548</a>.
* .org/rfcs/rfc3548.html</a>. It is important to note that data encoded this way is * It is important to note that data encoded this way is
* <em>not</em> officially valid Base64, or at the very least should not be called * <em>not</em> officially valid Base64, or at the very least should not be called
* Base64 without also specifying that is was encoded using the URL- and Filename-safe * Base64 without also specifying that is was encoded using the URL- and Filename-safe
* dialect. * dialect.
@ -53,9 +53,7 @@ public final class Base64 {
public final static int URL_SAFE = 16; public final static int URL_SAFE = 16;
/** /**
* Encode using the special "ordered" dialect of Base64 described here: <a * Encode using the special "ordered" dialect of Base64.
* href="http://www.faqs.org/qa/rfcc-1940.html"
* >http://www.faqs.org/qa/rfcc-1940.html</a>.
*/ */
public final static int ORDERED = 32; public final static int ORDERED = 32;
@ -131,7 +129,7 @@ public final class Base64 {
/** /**
* Used in the URL- and Filename-safe dialect described in Section 4 of RFC3548: <a * Used in the URL- and Filename-safe dialect described in Section 4 of RFC3548: <a
* href * href
* ="http://www.faqs.org/rfcs/rfc3548.html">http://www.faqs.org/rfcs/rfc3548.html</a>. * ="https://tools.ietf.org/html/rfc3548">https://tools.ietf.org/html/rfc3548</a>.
* Notice that the last two bytes become "hyphen" and "underscore" instead of "plus" * Notice that the last two bytes become "hyphen" and "underscore" instead of "plus"
* and "slash." * and "slash."
*/ */
@ -191,12 +189,6 @@ public final class Base64 {
/* ******** O R D E R E D B A S E 6 4 A L P H A B E T ******** */ /* ******** O R D E R E D B A S E 6 4 A L P H A B E T ******** */
/**
* I don't get the point of this technique, but someone requested it, and it is
* described here: <a
* href="http://www.faqs.org/qa/rfcc-1940.html">http://www.faqs.org/faqs/
* qa/rfcc-1940.html</a>.
*/
private final static byte[] _ORDERED_ALPHABET = { (byte) '-', (byte) '0', (byte) '1', private final static byte[] _ORDERED_ALPHABET = { (byte) '-', (byte) '0', (byte) '1',
(byte) '2', (byte) '3', (byte) '4', (byte) '5', (byte) '6', (byte) '7', (byte) '2', (byte) '3', (byte) '4', (byte) '5', (byte) '6', (byte) '7',
(byte) '8', (byte) '9', (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D', (byte) '8', (byte) '9', (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D',

2
docs/manual/src/docs/asciidoc/_includes/servlet/web/csrf.adoc
View File

@ -257,7 +257,7 @@ $(document).ajaxSend(function(e, xhr, options) {
}); });
---- ----
As an alternative to jQuery, we recommend using http://cujojs.com/[cujoJS's] rest.js. As an alternative to jQuery, we recommend using https://github.com/cujojs[cujoJS's] rest.js.
The https://github.com/cujojs/rest[rest.js] module provides advanced support for working with HTTP requests and responses in RESTful ways. The https://github.com/cujojs/rest[rest.js] module provides advanced support for working with HTTP requests and responses in RESTful ways.
A core capability is the ability to contextualize the HTTP client adding behavior as needed by chaining interceptors on to the client. A core capability is the ability to contextualize the HTTP client adding behavior as needed by chaining interceptors on to the client.

4
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
View File

@ -163,7 +163,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId(); String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId();
MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
request.setScheme("http"); request.setScheme("http");
request.setServerName("example.com"); request.setServerName("localhost");
request.setServerPort(80); request.setServerPort(80);
request.setServletPath(requestUri); request.setServletPath(requestUri);
@ -172,7 +172,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
.matches("https://example.com/login/oauth/authorize\\?" + .matches("https://example.com/login/oauth/authorize\\?" +
"response_type=code&client_id=client-id&" + "response_type=code&client_id=client-id&" +
"scope=read:user&state=.{15,}&" + "scope=read:user&state=.{15,}&" +
"redirect_uri=http://example.com/login/oauth2/code/registration-id"); "redirect_uri=http://localhost/login/oauth2/code/registration-id");
} }
@Test @Test

4
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
View File

@ -308,7 +308,7 @@ public class OAuth2LoginAuthenticationFilterTests {
String state = "state"; String state = "state";
MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
request.setScheme("http"); request.setScheme("http");
request.setServerName("example.com"); request.setServerName("localhost");
request.setServerPort(80); request.setServerPort(80);
request.setServletPath(requestUri); request.setServletPath(requestUri);
request.addParameter(OAuth2ParameterNames.CODE, "code"); request.addParameter(OAuth2ParameterNames.CODE, "code");
@ -329,7 +329,7 @@ public class OAuth2LoginAuthenticationFilterTests {
OAuth2AuthorizationRequest authorizationRequest = authentication.getAuthorizationExchange().getAuthorizationRequest(); OAuth2AuthorizationRequest authorizationRequest = authentication.getAuthorizationExchange().getAuthorizationRequest();
OAuth2AuthorizationResponse authorizationResponse = authentication.getAuthorizationExchange().getAuthorizationResponse(); OAuth2AuthorizationResponse authorizationResponse = authentication.getAuthorizationExchange().getAuthorizationResponse();
String expectedRedirectUri = "http://example.com/login/oauth2/code/registration-id-2"; String expectedRedirectUri = "http://localhost/login/oauth2/code/registration-id-2";
assertThat(authorizationRequest.getRedirectUri()).isEqualTo(expectedRedirectUri); assertThat(authorizationRequest.getRedirectUri()).isEqualTo(expectedRedirectUri);
assertThat(authorizationResponse.getRedirectUri()).isEqualTo(expectedRedirectUri); assertThat(authorizationResponse.getRedirectUri()).isEqualTo(expectedRedirectUri);
} }

4
openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
View File

@ -254,8 +254,8 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
* *
* If no mapping is provided then the returnToUrl will be parsed to extract the * If no mapping is provided then the returnToUrl will be parsed to extract the
* protocol, hostname and port followed by a trailing slash. This means that * protocol, hostname and port followed by a trailing slash. This means that
* <tt>https://www.example.com/login/openid</tt> will automatically become * <tt>https://foo.example.com/login/openid</tt> will automatically become
* <tt>http://www.example.com:80/</tt> * <tt>http://foo.example.com:80/</tt>
* *
* @param realmMapping containing returnToUrl -&gt; realm mappings * @param realmMapping containing returnToUrl -&gt; realm mappings
*/ */

8
remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java
View File

@ -57,11 +57,11 @@ public class AuthenticationSimpleHttpInvokerRequestExecutorTests {
// Create a connection and ensure our executor sets its // Create a connection and ensure our executor sets its
// properties correctly // properties correctly
AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor(); AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor();
HttpURLConnection conn = new MockHttpURLConnection(new URL("http://localhost/")); HttpURLConnection conn = new MockHttpURLConnection(new URL("https://localhost/"));
executor.prepareConnection(conn, 10); executor.prepareConnection(conn, 10);
// Check connection properties // Check connection properties
// See http://www.faqs.org/rfcs/rfc1945.html section 11.1 for example // See https://tools.ietf.org/html/rfc1945 section 11.1 for example
// we are comparing against // we are comparing against
assertThat(conn.getRequestProperty("Authorization")).isEqualTo( assertThat(conn.getRequestProperty("Authorization")).isEqualTo(
"Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="); "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==");
@ -74,7 +74,7 @@ public class AuthenticationSimpleHttpInvokerRequestExecutorTests {
// Create a connection and ensure our executor sets its // Create a connection and ensure our executor sets its
// properties correctly // properties correctly
AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor(); AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor();
HttpURLConnection conn = new MockHttpURLConnection(new URL("http://localhost/")); HttpURLConnection conn = new MockHttpURLConnection(new URL("https://localhost/"));
executor.prepareConnection(conn, 10); executor.prepareConnection(conn, 10);
// Check connection properties (shouldn't be an Authorization header) // Check connection properties (shouldn't be an Authorization header)
@ -91,7 +91,7 @@ public class AuthenticationSimpleHttpInvokerRequestExecutorTests {
// Create a connection and ensure our executor sets its // Create a connection and ensure our executor sets its
// properties correctly // properties correctly
AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor(); AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor();
HttpURLConnection conn = new MockHttpURLConnection(new URL("http://localhost/")); HttpURLConnection conn = new MockHttpURLConnection(new URL("https://localhost/"));
executor.prepareConnection(conn, 10); executor.prepareConnection(conn, 10);
// Check connection properties (shouldn't be an Authorization header) // Check connection properties (shouldn't be an Authorization header)

10
samples/javaconfig/hellojs/src/main/resources/resources/js/jquery-1.8.3.js vendored
View File

@ -881,7 +881,7 @@ jQuery.ready.promise = function( obj ) {
try { try {
// Use the trick by Diego Perini // Use the trick by Diego Perini
// http://javascript.nwbox.com/IEContentLoaded/ // https://javascript.nwbox.com/IEContentLoaded/
top.doScroll("left"); top.doScroll("left");
} catch(e) { } catch(e) {
return setTimeout( doScrollCheck, 50 ); return setTimeout( doScrollCheck, 50 );
@ -1390,7 +1390,7 @@ jQuery.support = (function() {
fragment.appendChild( div ); fragment.appendChild( div );
// Technique from Juriy Zaytsev // Technique from Juriy Zaytsev
// http://perfectionkills.com/detecting-event-support-without-browser-sniffing/ // https://perfectionkills.com/detecting-event-support-without-browser-sniffing/
// We only care about the case where non-standard event systems // We only care about the case where non-standard event systems
// are used, namely in IE. Short-circuiting here helps us to // are used, namely in IE. Short-circuiting here helps us to
// avoid an eval call (in setAttribute) which can cause CSP // avoid an eval call (in setAttribute) which can cause CSP
@ -1945,7 +1945,7 @@ jQuery.fn.extend({
}); });
}, },
// Based off of the plugin by Clint Helfers, with permission. // Based off of the plugin by Clint Helfers, with permission.
// http://blindsignals.com // https://blindsignals.com
delay: function( time, type ) { delay: function( time, type ) {
time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time; time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time;
type = type || "fx"; type = type || "fx";
@ -6867,7 +6867,7 @@ if ( window.getComputedStyle ) {
} }
// From the awesome hack by Dean Edwards // From the awesome hack by Dean Edwards
// http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291 // https://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291
// If we're not dealing with a regular pixel number // If we're not dealing with a regular pixel number
// but a number that has a weird ending, we need to convert it to pixels // but a number that has a weird ending, we need to convert it to pixels
@ -9469,4 +9469,4 @@ if ( typeof define === "function" && define.amd && define.amd.jQuery ) {
define( "jquery", [], function () { return jQuery; } ); define( "jquery", [], function () { return jQuery; } );
} }
})( window ); })( window );

440
samples/javaconfig/openid/src/main/resources/resources/js/openid-client/jquery.query-2.1.3.js
View File

@ -1,220 +1,220 @@
/** /**
* jQuery.query - Query String Modification and Creation for jQuery * jQuery.query - Query String Modification and Creation for jQuery
* Written by Blair Mitchelmore (blair DOT mitchelmore AT gmail DOT com) * Written by Blair Mitchelmore (blair DOT mitchelmore AT gmail DOT com)
* Licensed under the WTFPL (http://www.wtfpl.net/). * Licensed under the WTFPL (https://www.wtfpl.net/).
* Date: 2009/02/08 * Date: 2009/02/08
* *
* @author Blair Mitchelmore * @author Blair Mitchelmore
* @version 2.1.3 * @version 2.1.3
* *
**/ **/
new function(settings) { new function(settings) {
// Various Settings // Various Settings
var $separator = settings.separator || '&'; var $separator = settings.separator || '&';
var $spaces = settings.spaces === false ? false : true; var $spaces = settings.spaces === false ? false : true;
var $suffix = settings.suffix === false ? '' : '[]'; var $suffix = settings.suffix === false ? '' : '[]';
var $prefix = settings.prefix === false ? false : true; var $prefix = settings.prefix === false ? false : true;
var $hash = $prefix ? settings.hash === true ? "#" : "?" : ""; var $hash = $prefix ? settings.hash === true ? "#" : "?" : "";
var $numbers = settings.numbers === false ? false : true; var $numbers = settings.numbers === false ? false : true;
jQuery.query = new function() { jQuery.query = new function() {
var is = function(o, t) { var is = function(o, t) {
return o != undefined && o !== null && (!!t ? o.constructor == t : true); return o != undefined && o !== null && (!!t ? o.constructor == t : true);
}; };
var parse = function(path) { var parse = function(path) {
var m, rx = /\[([^[]*)\]/g, match = /^(\S+?)(\[\S*\])?$/.exec(path), base = match[1], tokens = []; var m, rx = /\[([^[]*)\]/g, match = /^(\S+?)(\[\S*\])?$/.exec(path), base = match[1], tokens = [];
while (m = rx.exec(match[2])) tokens.push(m[1]); while (m = rx.exec(match[2])) tokens.push(m[1]);
return [base, tokens]; return [base, tokens];
}; };
var set = function(target, tokens, value) { var set = function(target, tokens, value) {
var o, token = tokens.shift(); var o, token = tokens.shift();
if (typeof target != 'object') target = null; if (typeof target != 'object') target = null;
if (token === "") { if (token === "") {
if (!target) target = []; if (!target) target = [];
if (is(target, Array)) { if (is(target, Array)) {
target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value)); target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value));
} else if (is(target, Object)) { } else if (is(target, Object)) {
var i = 0; var i = 0;
while (target[i++] != null); while (target[i++] != null);
target[--i] = tokens.length == 0 ? value : set(target[i], tokens.slice(0), value); target[--i] = tokens.length == 0 ? value : set(target[i], tokens.slice(0), value);
} else { } else {
target = []; target = [];
target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value)); target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value));
} }
} else if (token && token.match(/^\s*[0-9]+\s*$/)) { } else if (token && token.match(/^\s*[0-9]+\s*$/)) {
var index = parseInt(token, 10); var index = parseInt(token, 10);
if (!target) target = []; if (!target) target = [];
target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value); target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value);
} else if (token) { } else if (token) {
var index = token.replace(/^\s*|\s*$/g, ""); var index = token.replace(/^\s*|\s*$/g, "");
if (!target) target = {}; if (!target) target = {};
if (is(target, Array)) { if (is(target, Array)) {
var temp = {}; var temp = {};
for (var i = 0; i < target.length; ++i) { for (var i = 0; i < target.length; ++i) {
temp[i] = target[i]; temp[i] = target[i];
} }
target = temp; target = temp;
} }
target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value); target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value);
} else { } else {
return value; return value;
} }
return target; return target;
}; };
var queryObject = function(a) { var queryObject = function(a) {
var self = this; var self = this;
self.keys = {}; self.keys = {};
if (a.queryObject) { if (a.queryObject) {
jQuery.each(a.get(), function(key, val) { jQuery.each(a.get(), function(key, val) {
self.SET(key, val); self.SET(key, val);
}); });
} else { } else {
jQuery.each(arguments, function() { jQuery.each(arguments, function() {
var q = "" + this; var q = "" + this;
q = decodeURIComponent(q); q = decodeURIComponent(q);
q = q.replace(/^[?#]/,''); // remove any leading ? || # q = q.replace(/^[?#]/,''); // remove any leading ? || #
q = q.replace(/[;&]$/,''); // remove any trailing & || ; q = q.replace(/[;&]$/,''); // remove any trailing & || ;
if ($spaces) q = q.replace(/[+]/g,' '); // replace +'s with spaces if ($spaces) q = q.replace(/[+]/g,' '); // replace +'s with spaces
jQuery.each(q.split(/[&;]/), function(){ jQuery.each(q.split(/[&;]/), function(){
var key = this.split('=')[0]; var key = this.split('=')[0];
var val = this.split('=')[1]; var val = this.split('=')[1];
if (!key) return; if (!key) return;
if ($numbers) { if ($numbers) {
if (/^[+-]?[0-9]+\.[0-9]*$/.test(val)) // simple float regex if (/^[+-]?[0-9]+\.[0-9]*$/.test(val)) // simple float regex
val = parseFloat(val); val = parseFloat(val);
else if (/^[+-]?[0-9]+$/.test(val)) // simple int regex else if (/^[+-]?[0-9]+$/.test(val)) // simple int regex
val = parseInt(val, 10); val = parseInt(val, 10);
} }
val = (!val && val !== 0) ? true : val; val = (!val && val !== 0) ? true : val;
if (val !== false && val !== true && typeof val != 'number') if (val !== false && val !== true && typeof val != 'number')
val = val; val = val;
self.SET(key, val); self.SET(key, val);
}); });
}); });
} }
return self; return self;
}; };
queryObject.prototype = { queryObject.prototype = {
queryObject: true, queryObject: true,
has: function(key, type) { has: function(key, type) {
var value = this.get(key); var value = this.get(key);
return is(value, type); return is(value, type);
}, },
GET: function(key) { GET: function(key) {
if (!is(key)) return this.keys; if (!is(key)) return this.keys;
var parsed = parse(key), base = parsed[0], tokens = parsed[1]; var parsed = parse(key), base = parsed[0], tokens = parsed[1];
var target = this.keys[base]; var target = this.keys[base];
while (target != null && tokens.length != 0) { while (target != null && tokens.length != 0) {
target = target[tokens.shift()]; target = target[tokens.shift()];
} }
return typeof target == 'number' ? target : target || ""; return typeof target == 'number' ? target : target || "";
}, },
get: function(key) { get: function(key) {
var target = this.GET(key); var target = this.GET(key);
if (is(target, Object)) if (is(target, Object))
return jQuery.extend(true, {}, target); return jQuery.extend(true, {}, target);
else if (is(target, Array)) else if (is(target, Array))
return target.slice(0); return target.slice(0);
return target; return target;
}, },
SET: function(key, val) { SET: function(key, val) {
var value = !is(val) ? null : val; var value = !is(val) ? null : val;
var parsed = parse(key), base = parsed[0], tokens = parsed[1]; var parsed = parse(key), base = parsed[0], tokens = parsed[1];
var target = this.keys[base]; var target = this.keys[base];
this.keys[base] = set(target, tokens.slice(0), value); this.keys[base] = set(target, tokens.slice(0), value);
return this; return this;
}, },
set: function(key, val) { set: function(key, val) {
return this.copy().SET(key, val); return this.copy().SET(key, val);
}, },
REMOVE: function(key) { REMOVE: function(key) {
return this.SET(key, null).COMPACT(); return this.SET(key, null).COMPACT();
}, },
remove: function(key) { remove: function(key) {
return this.copy().REMOVE(key); return this.copy().REMOVE(key);
}, },
EMPTY: function() { EMPTY: function() {
var self = this; var self = this;
jQuery.each(self.keys, function(key, value) { jQuery.each(self.keys, function(key, value) {
delete self.keys[key]; delete self.keys[key];
}); });
return self; return self;
}, },
load: function(url) { load: function(url) {
var hash = url.replace(/^.*?[#](.+?)(?:\?.+)?$/, "$1"); var hash = url.replace(/^.*?[#](.+?)(?:\?.+)?$/, "$1");
var search = url.replace(/^.*?[?](.+?)(?:#.+)?$/, "$1"); var search = url.replace(/^.*?[?](.+?)(?:#.+)?$/, "$1");
return new queryObject(url.length == search.length ? '' : search, url.length == hash.length ? '' : hash); return new queryObject(url.length == search.length ? '' : search, url.length == hash.length ? '' : hash);
}, },
empty: function() { empty: function() {
return this.copy().EMPTY(); return this.copy().EMPTY();
}, },
copy: function() { copy: function() {
return new queryObject(this); return new queryObject(this);
}, },
COMPACT: function() { COMPACT: function() {
function build(orig) { function build(orig) {
var obj = typeof orig == "object" ? is(orig, Array) ? [] : {} : orig; var obj = typeof orig == "object" ? is(orig, Array) ? [] : {} : orig;
if (typeof orig == 'object') { if (typeof orig == 'object') {
function add(o, key, value) { function add(o, key, value) {
if (is(o, Array)) if (is(o, Array))
o.push(value); o.push(value);
else else
o[key] = value; o[key] = value;
} }
jQuery.each(orig, function(key, value) { jQuery.each(orig, function(key, value) {
if (!is(value)) return true; if (!is(value)) return true;
add(obj, key, build(value)); add(obj, key, build(value));
}); });
} }
return obj; return obj;
} }
this.keys = build(this.keys); this.keys = build(this.keys);
return this; return this;
}, },
compact: function() { compact: function() {
return this.copy().COMPACT(); return this.copy().COMPACT();
}, },
toString: function() { toString: function() {
var i = 0, queryString = [], chunks = [], self = this; var i = 0, queryString = [], chunks = [], self = this;
var addFields = function(arr, key, value) { var addFields = function(arr, key, value) {
if (!is(value) || value === false) return; if (!is(value) || value === false) return;
var o = [encodeURIComponent(key)]; var o = [encodeURIComponent(key)];
if (value !== true) { if (value !== true) {
o.push("="); o.push("=");
o.push(encodeURIComponent(value)); o.push(encodeURIComponent(value));
} }
arr.push(o.join("")); arr.push(o.join(""));
}; };
var build = function(obj, base) { var build = function(obj, base) {
var newKey = function(key) { var newKey = function(key) {
return !base || base == "" ? [key].join("") : [base, "[", key, "]"].join(""); return !base || base == "" ? [key].join("") : [base, "[", key, "]"].join("");
}; };
jQuery.each(obj, function(key, value) { jQuery.each(obj, function(key, value) {
if (typeof value == 'object') if (typeof value == 'object')
build(value, newKey(key)); build(value, newKey(key));
else else
addFields(chunks, newKey(key), value); addFields(chunks, newKey(key), value);
}); });
}; };
build(this.keys); build(this.keys);
if (chunks.length > 0) queryString.push($hash); if (chunks.length > 0) queryString.push($hash);
queryString.push(chunks.join($separator)); queryString.push(chunks.join($separator));
return queryString.join(""); return queryString.join("");
} }
}; };
return new queryObject(location.search, location.hash); return new queryObject(location.search, location.hash);
}; };
}(jQuery.query || {}); // Pass in jQuery.query as settings object }(jQuery.query || {}); // Pass in jQuery.query as settings object

2
samples/xml/openid/src/main/webapp/WEB-INF/applicationContext-security.xml
View File

@ -54,7 +54,7 @@
<!-- <!--
<user-service id="userService"> <user-service id="userService">
<user name="https://luke.taylor.myopenid.com/" authorities="ROLE_SUPERVISOR,ROLE_USER" /> <user name="https://luke.taylor.myopenid.com/" authorities="ROLE_SUPERVISOR,ROLE_USER" />
<user name="http://luke.taylor.openid.cn/" authorities="ROLE_SUPERVISOR,ROLE_USER" /> <user name="https://luke.taylor.openid.cn/" authorities="ROLE_SUPERVISOR,ROLE_USER" />
<user name="https://raykrueger.blogspot.com/" authorities="ROLE_SUPERVISOR,ROLE_USER" /> <user name="https://raykrueger.blogspot.com/" authorities="ROLE_SUPERVISOR,ROLE_USER" />
<user name="https://spring.security.test.myopenid.com/" authorities="ROLE_SUPERVISOR,ROLE_USER" /> <user name="https://spring.security.test.myopenid.com/" authorities="ROLE_SUPERVISOR,ROLE_USER" />
</user-service> </user-service>

440
samples/xml/openid/src/main/webapp/js/openid-client/jquery.query-2.1.3.js
View File

@ -1,220 +1,220 @@
/** /**
* jQuery.query - Query String Modification and Creation for jQuery * jQuery.query - Query String Modification and Creation for jQuery
* Written by Blair Mitchelmore (blair DOT mitchelmore AT gmail DOT com) * Written by Blair Mitchelmore (blair DOT mitchelmore AT gmail DOT com)
* Licensed under the WTFPL (http://www.wtfpl.net/). * Licensed under the WTFPL (https://www.wtfpl.net/).
* Date: 2009/02/08 * Date: 2009/02/08
* *
* @author Blair Mitchelmore * @author Blair Mitchelmore
* @version 2.1.3 * @version 2.1.3
* *
**/ **/
new function(settings) { new function(settings) {
// Various Settings // Various Settings
var $separator = settings.separator || '&'; var $separator = settings.separator || '&';
var $spaces = settings.spaces === false ? false : true; var $spaces = settings.spaces === false ? false : true;
var $suffix = settings.suffix === false ? '' : '[]'; var $suffix = settings.suffix === false ? '' : '[]';
var $prefix = settings.prefix === false ? false : true; var $prefix = settings.prefix === false ? false : true;
var $hash = $prefix ? settings.hash === true ? "#" : "?" : ""; var $hash = $prefix ? settings.hash === true ? "#" : "?" : "";
var $numbers = settings.numbers === false ? false : true; var $numbers = settings.numbers === false ? false : true;
jQuery.query = new function() { jQuery.query = new function() {
var is = function(o, t) { var is = function(o, t) {
return o != undefined && o !== null && (!!t ? o.constructor == t : true); return o != undefined && o !== null && (!!t ? o.constructor == t : true);
}; };
var parse = function(path) { var parse = function(path) {
var m, rx = /\[([^[]*)\]/g, match = /^(\S+?)(\[\S*\])?$/.exec(path), base = match[1], tokens = []; var m, rx = /\[([^[]*)\]/g, match = /^(\S+?)(\[\S*\])?$/.exec(path), base = match[1], tokens = [];
while (m = rx.exec(match[2])) tokens.push(m[1]); while (m = rx.exec(match[2])) tokens.push(m[1]);
return [base, tokens]; return [base, tokens];
}; };
var set = function(target, tokens, value) { var set = function(target, tokens, value) {
var o, token = tokens.shift(); var o, token = tokens.shift();
if (typeof target != 'object') target = null; if (typeof target != 'object') target = null;
if (token === "") { if (token === "") {
if (!target) target = []; if (!target) target = [];
if (is(target, Array)) { if (is(target, Array)) {
target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value)); target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value));
} else if (is(target, Object)) { } else if (is(target, Object)) {
var i = 0; var i = 0;
while (target[i++] != null); while (target[i++] != null);
target[--i] = tokens.length == 0 ? value : set(target[i], tokens.slice(0), value); target[--i] = tokens.length == 0 ? value : set(target[i], tokens.slice(0), value);
} else { } else {
target = []; target = [];
target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value)); target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value));
} }
} else if (token && token.match(/^\s*[0-9]+\s*$/)) { } else if (token && token.match(/^\s*[0-9]+\s*$/)) {
var index = parseInt(token, 10); var index = parseInt(token, 10);
if (!target) target = []; if (!target) target = [];
target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value); target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value);
} else if (token) { } else if (token) {
var index = token.replace(/^\s*|\s*$/g, ""); var index = token.replace(/^\s*|\s*$/g, "");
if (!target) target = {}; if (!target) target = {};
if (is(target, Array)) { if (is(target, Array)) {
var temp = {}; var temp = {};
for (var i = 0; i < target.length; ++i) { for (var i = 0; i < target.length; ++i) {
temp[i] = target[i]; temp[i] = target[i];
} }
target = temp; target = temp;
} }
target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value); target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value);
} else { } else {
return value; return value;
} }
return target; return target;
}; };
var queryObject = function(a) { var queryObject = function(a) {
var self = this; var self = this;
self.keys = {}; self.keys = {};
if (a.queryObject) { if (a.queryObject) {
jQuery.each(a.get(), function(key, val) { jQuery.each(a.get(), function(key, val) {
self.SET(key, val); self.SET(key, val);
}); });
} else { } else {
jQuery.each(arguments, function() { jQuery.each(arguments, function() {
var q = "" + this; var q = "" + this;
q = decodeURIComponent(q); q = decodeURIComponent(q);
q = q.replace(/^[?#]/,''); // remove any leading ? || # q = q.replace(/^[?#]/,''); // remove any leading ? || #
q = q.replace(/[;&]$/,''); // remove any trailing & || ; q = q.replace(/[;&]$/,''); // remove any trailing & || ;
if ($spaces) q = q.replace(/[+]/g,' '); // replace +'s with spaces if ($spaces) q = q.replace(/[+]/g,' '); // replace +'s with spaces
jQuery.each(q.split(/[&;]/), function(){ jQuery.each(q.split(/[&;]/), function(){
var key = this.split('=')[0]; var key = this.split('=')[0];
var val = this.split('=')[1]; var val = this.split('=')[1];
if (!key) return; if (!key) return;
if ($numbers) { if ($numbers) {
if (/^[+-]?[0-9]+\.[0-9]*$/.test(val)) // simple float regex if (/^[+-]?[0-9]+\.[0-9]*$/.test(val)) // simple float regex
val = parseFloat(val); val = parseFloat(val);
else if (/^[+-]?[0-9]+$/.test(val)) // simple int regex else if (/^[+-]?[0-9]+$/.test(val)) // simple int regex
val = parseInt(val, 10); val = parseInt(val, 10);
} }
val = (!val && val !== 0) ? true : val; val = (!val && val !== 0) ? true : val;
if (val !== false && val !== true && typeof val != 'number') if (val !== false && val !== true && typeof val != 'number')
val = val; val = val;
self.SET(key, val); self.SET(key, val);
}); });
}); });
} }
return self; return self;
}; };
queryObject.prototype = { queryObject.prototype = {
queryObject: true, queryObject: true,
has: function(key, type) { has: function(key, type) {
var value = this.get(key); var value = this.get(key);
return is(value, type); return is(value, type);
}, },
GET: function(key) { GET: function(key) {
if (!is(key)) return this.keys; if (!is(key)) return this.keys;
var parsed = parse(key), base = parsed[0], tokens = parsed[1]; var parsed = parse(key), base = parsed[0], tokens = parsed[1];
var target = this.keys[base]; var target = this.keys[base];
while (target != null && tokens.length != 0) { while (target != null && tokens.length != 0) {
target = target[tokens.shift()]; target = target[tokens.shift()];
} }
return typeof target == 'number' ? target : target || ""; return typeof target == 'number' ? target : target || "";
}, },
get: function(key) { get: function(key) {
var target = this.GET(key); var target = this.GET(key);
if (is(target, Object)) if (is(target, Object))
return jQuery.extend(true, {}, target); return jQuery.extend(true, {}, target);
else if (is(target, Array)) else if (is(target, Array))
return target.slice(0); return target.slice(0);
return target; return target;
}, },
SET: function(key, val) { SET: function(key, val) {
var value = !is(val) ? null : val; var value = !is(val) ? null : val;
var parsed = parse(key), base = parsed[0], tokens = parsed[1]; var parsed = parse(key), base = parsed[0], tokens = parsed[1];
var target = this.keys[base]; var target = this.keys[base];
this.keys[base] = set(target, tokens.slice(0), value); this.keys[base] = set(target, tokens.slice(0), value);
return this; return this;
}, },
set: function(key, val) { set: function(key, val) {
return this.copy().SET(key, val); return this.copy().SET(key, val);
}, },
REMOVE: function(key) { REMOVE: function(key) {
return this.SET(key, null).COMPACT(); return this.SET(key, null).COMPACT();
}, },
remove: function(key) { remove: function(key) {
return this.copy().REMOVE(key); return this.copy().REMOVE(key);
}, },
EMPTY: function() { EMPTY: function() {
var self = this; var self = this;
jQuery.each(self.keys, function(key, value) { jQuery.each(self.keys, function(key, value) {
delete self.keys[key]; delete self.keys[key];
}); });
return self; return self;
}, },
load: function(url) { load: function(url) {
var hash = url.replace(/^.*?[#](.+?)(?:\?.+)?$/, "$1"); var hash = url.replace(/^.*?[#](.+?)(?:\?.+)?$/, "$1");
var search = url.replace(/^.*?[?](.+?)(?:#.+)?$/, "$1"); var search = url.replace(/^.*?[?](.+?)(?:#.+)?$/, "$1");
return new queryObject(url.length == search.length ? '' : search, url.length == hash.length ? '' : hash); return new queryObject(url.length == search.length ? '' : search, url.length == hash.length ? '' : hash);
}, },
empty: function() { empty: function() {
return this.copy().EMPTY(); return this.copy().EMPTY();
}, },
copy: function() { copy: function() {
return new queryObject(this); return new queryObject(this);
}, },
COMPACT: function() { COMPACT: function() {
function build(orig) { function build(orig) {
var obj = typeof orig == "object" ? is(orig, Array) ? [] : {} : orig; var obj = typeof orig == "object" ? is(orig, Array) ? [] : {} : orig;
if (typeof orig == 'object') { if (typeof orig == 'object') {
function add(o, key, value) { function add(o, key, value) {
if (is(o, Array)) if (is(o, Array))
o.push(value); o.push(value);
else else
o[key] = value; o[key] = value;
} }
jQuery.each(orig, function(key, value) { jQuery.each(orig, function(key, value) {
if (!is(value)) return true; if (!is(value)) return true;
add(obj, key, build(value)); add(obj, key, build(value));
}); });
} }
return obj; return obj;
} }
this.keys = build(this.keys); this.keys = build(this.keys);
return this; return this;
}, },
compact: function() { compact: function() {
return this.copy().COMPACT(); return this.copy().COMPACT();
}, },
toString: function() { toString: function() {
var i = 0, queryString = [], chunks = [], self = this; var i = 0, queryString = [], chunks = [], self = this;
var addFields = function(arr, key, value) { var addFields = function(arr, key, value) {
if (!is(value) || value === false) return; if (!is(value) || value === false) return;
var o = [encodeURIComponent(key)]; var o = [encodeURIComponent(key)];
if (value !== true) { if (value !== true) {
o.push("="); o.push("=");
o.push(encodeURIComponent(value)); o.push(encodeURIComponent(value));
} }
arr.push(o.join("")); arr.push(o.join(""));
}; };
var build = function(obj, base) { var build = function(obj, base) {
var newKey = function(key) { var newKey = function(key) {
return !base || base == "" ? [key].join("") : [base, "[", key, "]"].join(""); return !base || base == "" ? [key].join("") : [base, "[", key, "]"].join("");
}; };
jQuery.each(obj, function(key, value) { jQuery.each(obj, function(key, value) {
if (typeof value == 'object') if (typeof value == 'object')
build(value, newKey(key)); build(value, newKey(key));
else else
addFields(chunks, newKey(key), value); addFields(chunks, newKey(key), value);
}); });
}; };
build(this.keys); build(this.keys);
if (chunks.length > 0) queryString.push($hash); if (chunks.length > 0) queryString.push($hash);
queryString.push(chunks.join($separator)); queryString.push(chunks.join($separator));
return queryString.join(""); return queryString.join("");
} }
}; };
return new queryObject(location.search, location.hash); return new queryObject(location.search, location.hash);
}; };
}(jQuery.query || {}); // Pass in jQuery.query as settings object }(jQuery.query || {}); // Pass in jQuery.query as settings object

2
web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
View File

@ -45,7 +45,7 @@ import org.springframework.web.filter.OncePerRequestFilter;
* *
* <p> * <p>
* For a detailed background on what this filter is designed to process, refer to * For a detailed background on what this filter is designed to process, refer to
* <a href="http://www.faqs.org/rfcs/rfc1945.html">RFC 1945, Section 11.1</a>. Any realm * <a href="https://tools.ietf.org/html/rfc1945">RFC 1945, Section 11.1</a>. Any realm
* name presented in the HTTP request is ignored. * name presented in the HTTP request is ignored.
* *
* <p> * <p>

2
web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java
View File

@ -52,7 +52,7 @@ public class DefaultRedirectStrategyTests {
MockHttpServletResponse response = new MockHttpServletResponse(); MockHttpServletResponse response = new MockHttpServletResponse();
rds.sendRedirect(request, response, rds.sendRedirect(request, response,
"https://http://context.blah.com/context/remainder"); "https://context.blah.com/context/remainder");
assertThat(response.getRedirectedUrl()).isEqualTo("remainder"); assertThat(response.getRedirectedUrl()).isEqualTo("remainder");
} }

4
web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java
View File

@ -85,7 +85,7 @@ public class RetryWithHttpEntryPointTests {
"/bigWebApp/hello/pathInfo.html"); "/bigWebApp/hello/pathInfo.html");
request.setQueryString("open=true"); request.setQueryString("open=true");
request.setScheme("https"); request.setScheme("https");
request.setServerName("www.example.com"); request.setServerName("localhost");
request.setServerPort(443); request.setServerPort(443);
MockHttpServletResponse response = new MockHttpServletResponse(); MockHttpServletResponse response = new MockHttpServletResponse();
@ -96,7 +96,7 @@ public class RetryWithHttpEntryPointTests {
ep.commence(request, response); ep.commence(request, response);
assertThat(response.getRedirectedUrl()).isEqualTo( assertThat(response.getRedirectedUrl()).isEqualTo(
"http://www.example.com/bigWebApp/hello/pathInfo.html?open=true"); "http://localhost/bigWebApp/hello/pathInfo.html?open=true");
} }
@Test @Test

4
web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java
View File

@ -385,7 +385,7 @@ public class AbstractAuthenticationProcessingFilterTests {
MockHttpServletResponse response = new MockHttpServletResponse(); MockHttpServletResponse response = new MockHttpServletResponse();
MockAuthenticationFilter filter = new MockAuthenticationFilter(false); MockAuthenticationFilter filter = new MockAuthenticationFilter(false);
successHandler.setDefaultTargetUrl("http://monkeymachine.co.uk/"); successHandler.setDefaultTargetUrl("https://monkeymachine.co.uk/");
filter.setAuthenticationSuccessHandler(successHandler); filter.setAuthenticationSuccessHandler(successHandler);
filter.doFilter(request, response, chain); filter.doFilter(request, response, chain);
@ -409,7 +409,7 @@ public class AbstractAuthenticationProcessingFilterTests {
ReflectionTestUtils.setField(filter, "logger", logger); ReflectionTestUtils.setField(filter, "logger", logger);
filter.exceptionToThrow = new InternalAuthenticationServiceException( filter.exceptionToThrow = new InternalAuthenticationServiceException(
"Mock requested to do so"); "Mock requested to do so");
successHandler.setDefaultTargetUrl("http://monkeymachine.co.uk/"); successHandler.setDefaultTargetUrl("https://monkeymachine.co.uk/");
filter.setAuthenticationSuccessHandler(successHandler); filter.setAuthenticationSuccessHandler(successHandler);
filter.doFilter(request, response, chain); filter.doFilter(request, response, chain);

6
web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java
View File

@ -249,7 +249,7 @@ public class LoginUrlAuthenticationEntryPointTests {
// SEC-1498 // SEC-1498
@Test @Test
public void absoluteLoginFormUrlIsSupported() throws Exception { public void absoluteLoginFormUrlIsSupported() throws Exception {
final String loginFormUrl = "http://somesite.com/login"; final String loginFormUrl = "https://somesite.com/login";
LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint( LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint(
loginFormUrl); loginFormUrl);
ep.afterPropertiesSet(); ep.afterPropertiesSet();
@ -260,9 +260,9 @@ public class LoginUrlAuthenticationEntryPointTests {
@Test(expected = IllegalArgumentException.class) @Test(expected = IllegalArgumentException.class)
public void absoluteLoginFormUrlCantBeUsedWithForwarding() throws Exception { public void absoluteLoginFormUrlCantBeUsedWithForwarding() throws Exception {
final String loginFormUrl = "http://somesite.com/login"; final String loginFormUrl = "https://somesite.com/login";
LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint( LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint(
"http://somesite.com/login"); "https://somesite.com/login");
ep.setUseForward(true); ep.setUseForward(true);
ep.afterPropertiesSet(); ep.afterPropertiesSet();
} }

4
web/src/test/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandlerTests.java
View File

@ -45,11 +45,11 @@ public class SimpleUrlLogoutSuccessHandlerTests {
@Test @Test
public void absoluteUrlIsSupported() throws Exception { public void absoluteUrlIsSupported() throws Exception {
SimpleUrlLogoutSuccessHandler lsh = new SimpleUrlLogoutSuccessHandler(); SimpleUrlLogoutSuccessHandler lsh = new SimpleUrlLogoutSuccessHandler();
lsh.setDefaultTargetUrl("http://someurl.com/"); lsh.setDefaultTargetUrl("https://someurl.com/");
MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse(); MockHttpServletResponse response = new MockHttpServletResponse();
lsh.onLogoutSuccess(request, response, mock(Authentication.class)); lsh.onLogoutSuccess(request, response, mock(Authentication.class));
assertThat(response.getRedirectedUrl()).isEqualTo("http://someurl.com/"); assertThat(response.getRedirectedUrl()).isEqualTo("https://someurl.com/");
} }
} }

2
web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java
View File

@ -86,7 +86,7 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests {
@Test @Test
public void writeHttpHeadersWhenHttpThenNoHeaders() { public void writeHttpHeadersWhenHttpThenNoHeaders() {
exchange = exchange(MockServerHttpRequest.get("http://example.com/")); exchange = exchange(MockServerHttpRequest.get("http://localhost/"));
hsts.writeHttpHeaders(exchange); hsts.writeHttpHeaders(exchange);