0483b3e042
Polish RequestRejectedHandler
...
Issue gh-5007
2020-05-01 10:51:11 -05:00
b826c798f7
Add RequestRejectedHandler
...
Closes gh-5007
2020-05-01 10:51:01 -05:00
b7d3acc02c
Add constructors to AbstractAuthenticationProcessingFilter
...
Closes gh-8309
2020-04-09 13:53:06 -05:00
6bdd5f710f
Fix example in javadoc of FilterChainProxy
2020-04-07 21:05:12 +03:00
91728ef53b
Fix HttpServlet3RequestFactory Logout Handlers
...
Previously there was a problem with Servlet API logout integration
when Servlet API was configured before log out.
This ensures that logout handlers is a reference to the logout handlers
vs copying the logout handlers. This ensures that the ordering does not
matter.
Closes gh-4760
2020-03-30 17:50:28 -05:00
eed71243cb
SwitchUserFilter Defaults to POST
...
Fixes gh-4183
2020-03-27 13:41:49 -06:00
935c547dde
Fix exception for empty basic auth header token
...
fixes spring-projectsgh-7976
2020-03-16 12:57:13 -04:00
47011eb9e2
Polish transfer session's max inactive interval
...
Issue: gh-2693
2020-03-12 12:11:14 -04:00
02b7d04027
Transfer session's max inactive interval
...
Fixes: gh-2693
2020-03-12 10:11:59 -04:00
b2ea0ba775
Polish SessionIdChangedEvent
...
Add AbstractSessionEvent; clean up license headers and Javadocs
Fixes: gh-5438
2020-03-06 12:04:49 -05:00
5fc6414377
SessionRegistryImpl is now aware of SessionIdChangedEvent
2020-03-06 12:04:01 -05:00
ae532c080c
Add server request cache that uses cookie
...
Fixes: gh-8033
2020-03-05 15:36:47 -05:00
38979b1b09
Add test for ServerRequestCacheWebFilter
2020-03-05 14:57:07 -05:00
6eadf7b140
Unlock dependencies for 5.3.0.RELEASE
...
This reverts commit 147d7dadd7
2020-03-04 12:02:48 -07:00
147d7dadd7
Lock dependencies for 5.3.0.RELEASE
2020-03-04 10:28:39 -07:00
2ce9eef95e
Fix typo in AntPathRequestMatcher contructor comment
2020-03-02 07:14:27 -06:00
82cd203791
Remove unnecessary mocking
...
Fixes gh-8012
2020-02-23 19:35:16 -05:00
5bdf57d1e5
Remove Groovy and Spock Dependencies
...
Fixes gh-4939
2020-02-10 10:38:40 -07:00
bae50ecc05
AbstractSecurityWebApplicationInitializerTests groovy->java
...
Issue gh-4939
2020-02-10 10:38:39 -07:00
84b8a5abd7
Unlock dependencies for next development version
...
This reverts commit 064616f1ef
2020-02-05 15:53:04 +01:00
064616f1ef
Lock dependencies for 5.3.0.RC1
2020-02-05 10:20:05 +01:00
cb9fd09150
Change AuthenticationWebFilter's constructor
...
Fixes gh-7872
2020-01-31 09:31:28 -07:00
e62fb755e8
Set charset of BasicAuthenticationFilter converter
...
Allow BasicAuthenticationFilter to pick up the given credentials charset.
Fixes: gh-7835
2020-01-23 15:34:35 +01:00
1f6381d970
Set secure on cookie when logging out
...
Mark cookie secure flag to ensure cookie identity is the same
2020-01-13 11:01:33 +01:00
ffccec953f
Fix HttpHeaderWriterWebFilterTests
...
Ensure setComplete() is subscribed to
2020-01-09 14:24:35 -06:00
fcc6457bef
Unlock dependencies for next development version
...
This reverts commit 93acf8f0f1
2020-01-08 22:15:17 +01:00
93acf8f0f1
Lock dependencies for 5.3.0.M1
2020-01-08 19:41:10 +01:00
2015f392ef
Set secure when cancelling remember-me cookie
...
AbstractRememberMeServices is setting remember-me cookie with checking request is secure or secure usage is independently set to a fixed flag.
But when cancelling a cookie, cookie is not being marked secure or not. It produces an inconsistency when using secure flag as a part to identity of cookie.
2019-12-20 16:04:31 +01:00
a8331ba7ed
CompositeServerHttpHeadersWriter Executes Sequentially
...
Fixes gh-7731
2019-12-12 11:23:56 -06:00
64e063d948
switches web authentication principal resolver to use reactive context
...
gh #6598
Signed-off-by: David Herberth <github@dav1d.de>
2019-12-12 15:33:23 +01:00
8e53c3f269
DelegatingServerAuthenticationSuccessHandler Executes Sequentially
...
Fixes gh-7728
2019-12-12 08:32:44 -06:00
73babc3314
DelegatingServerLogoutHandler Executes Sequentially
...
Fixes gh-7723
2019-12-11 15:39:27 -06:00
4d9cee116c
Display general error message when WebFlux oauth2Login() fails
...
Issue gh-5562 gh-6484
2019-12-05 16:54:31 -05:00
796859333f
Log full failed authentication exception in BasicAuthenticationFilter
2019-11-27 14:56:24 +01:00
5f17032ffd
Restore Removed Throws Clauses
...
In a recent clean-up, certain exceptions were removed from various
throws clauses.
This PR re-introduces throws clauses that are important for one of the
following reasons:
1. It's a method on a public interface
2. It's a method clearly designed for inheritance, for example, a
method stub, an abstract method, or indicated as such in the docs.
Fixes gh-7541
2019-10-30 12:13:54 -06:00
635f7e1edd
CsrfWebFilter supports multipart/form-data
...
Fixes gh-7576
2019-10-28 14:06:10 -05:00
b9f122230b
Align javadoc of continueFilterChainOnUnsuccessfulAuthentication with actual behaviour
2019-10-23 14:50:57 -04:00
d26f40f062
DefaultRedirectStrategy should redirect to root if the context-relative URL does not contain the context-path.
2019-10-23 09:41:00 -04:00
62c7de03c3
Add RequestMatcher to AbstractPreAuthenticatedProcessingFilter
...
Moved the existing auth check logic to the matcher.
Issue: gh-5928
2019-10-22 16:55:54 -04:00
264daec697
Test context relative URL with multiple schemes
2019-10-16 15:32:02 -04:00
b764af6b9b
CookieServerCsrfTokenRepositoryTests Leading Dot
...
ResponseCookie removed support for having a leading dot in the cookie
domain.
Fixes gh-7500
2019-09-30 08:39:45 -06:00
7949dd492a
Move DelegatingServerAuthenticationSuccessHandlerTests
...
Moved from src/test/groovy to src/test/java
Issue gh-5332
2019-09-27 16:57:43 -06:00
5f905232cb
Polish CurrentSecurityContextArgumentResolvers
...
Fixes gh-7487
2019-09-27 13:19:08 -06:00
00f8991fac
Merge Remove Redudant Throws
...
Fixes gh-7301
2019-09-19 11:04:53 -05:00
034b5e9e93
Introduce LogoutSuccessEvent
...
LogoutSuccessEvent is a simple AbstractAuthenticationEvent implementation which indicates successful logout.
By default, LogoutConfigurer will add a new LogoutHandler called LogoutSuccessEventPublishingLogoutHandler to publish this event.
This PR will also fix ConcurrentSessionFilter's composite logoutHandler, now will get LogoutHandler instances from LogoutConfigurer for consistency.
Fixes gh-2900
2019-09-18 10:57:16 -05:00
7576dc44d7
AuthenticationFilter Session Fixation Protection
...
Fixes gh-7446
2019-09-17 08:17:09 -06:00
496a2cdc60
Make AuthenticationFilter methods private
...
Fixes gh-7447
2019-09-17 08:06:21 -06:00
aa12748c9b
Add Request-level CSRF Skip
...
Fixes gh-7367
2019-09-13 19:04:05 +01:00
9f0986a093
Fix javadoc typo for invalid session strategy
2019-09-09 16:51:14 -04:00
08d50868c9
Merge pull request #7260 from fhanik/feature/saml2-sp-mvp
...
Add SAML Service Provider Support
2019-09-05 17:04:14 -07:00
e9a44bc0ce
HttpSecurity.saml2login() - MVP Core Code
...
Implements minimal SAML 2.0 login/authentication functionality with the
following feature set:
- Supports IDP initiated login at the default url of /login/saml2/sso/{registrationId}
- Supports SP initiated login at the default url of /saml2/authenticate/{registrationId}
- Supports basic java-configuration via DSL
- Provides an integration sample using Spring Boot
Not implemented with this MVP
- Single Logout
- Dynamic Service Provider Metadata
Fixes gh-6019
2019-09-05 14:40:08 -07:00
2a1f3f6aa7
Remove Package Tangle in HeaderWriterFilter
...
Fixes gh-7380
2019-09-05 16:08:45 -05:00
39e84013f7
ClearSiteDataHeaderWriter Directives
...
Fixes gh-7347
2019-09-03 15:57:10 -06:00
ad0d3e9702
Polish remember me username check
2019-09-03 11:48:46 -04:00
26ae590c68
Check that userdetails for username exists. #7251
2019-09-03 11:48:46 -04:00
f6c650db47
Replace Streams with Loops
...
First version of replacing streams
fix wwwAuthenticate and codestyle
fix errors in implementation to pass tests
Fix review notes
Remove uneccessary final to align with cb
Short circuit way to authorize
Simplify error message, make code readably
Return error while duplicate key found
Delete check for duplicate, checkstyle issues
Return duplicate error
Fixes gh-7154
2019-09-02 15:30:48 -06:00
95511331fa
fix checkstyle
2019-08-26 22:42:26 +02:00
2c2e8e5f24
Remove internal Optional usage in favor of null checks
...
Issue gh-7155
2019-08-26 09:27:40 -04:00
34dd5fea30
Remove redundant throws clauses
...
Removes exceptions that are declared in a method's signature but never thrown by the method itself or its implementations/derivatives.
2019-08-23 01:03:54 +02:00
1a233a58c7
Add OnCommittedResponseWrapper.setContentLengthLong
...
Add setContentLengthLong tracking to OnCommittedResponseWrapper in
order to detect commits on servlets that use setContentLengthLong to
announce the entity size they are about to write (as used in the
Apache Tomcat's DefaultServlet).
Fixes gh-7261
2019-08-19 21:14:41 -04:00
4bc231872f
Expire as many sessions as exceed maximum allowed
...
Fixes: gh-7166
2019-08-15 09:48:42 -05:00
9735a718cc
Remove MultiTenantAuthenticationManagerResolver
...
Fixes gh-7259
2019-08-14 11:14:47 -06:00
c1db1aad91
Cleanup Code Style Issues
...
Cleanup Code Style Issues
2019-08-12 13:06:49 -05:00
ec6ca97226
Fix tests
2019-08-11 21:09:10 +02:00
ff1070df36
remove redundant modifiers found by checkstyle
2019-08-10 00:18:56 +02:00
38de737663
Java 8: Statement lambda can be replaced with expression lambda
2019-08-09 16:59:07 -05:00
7b2a7847e5
Java 8: Single Map method can be used
2019-08-09 16:59:07 -05:00
25c06be1eb
Java 7: Identical 'catch' branches in 'try' statement
2019-08-09 16:59:07 -05:00
578d628774
'Collection.toArray()' call style
2019-08-09 16:57:31 -05:00
b388976ac8
fix checkstyle
2019-08-09 02:46:20 +02:00
35bdf1f009
Unnecessary semicolon
2019-08-09 00:43:13 +02:00
d9c1f03b84
Unnecessary interface modifier
2019-08-09 00:42:35 +02:00
40bee457f9
Unnecessary enum modifier
2019-08-09 00:42:07 +02:00
8d0ca14e55
Unnecessary conversion to String
2019-08-09 00:41:46 +02:00
fb39d9c255
Anonymous type can be replaced with lambda
2019-08-08 17:09:09 -04:00
05f42a4995
Remove unused imports
2019-08-08 14:22:31 -04:00
2056834432
Cleanup unnecessary unboxing
...
Unboxing is unnecessary under Java 5 and newer, and can be safely removed.
2019-08-06 10:17:38 -04:00
2306d987e9
Cleanup unnecessary boxing
2019-08-06 10:17:38 -04:00
2055466ad7
Add Javadoc
2019-08-05 19:43:00 -04:00
ddf68821cb
Add RequestMatcher.matcher(HttpServletRequest)
...
Step 3 - Usage of RequestVariablesExtractor or types that are assigned
to AntPathRequestMatcher should be replaced with the new method.
[closes #7148 ]
2019-08-05 19:43:00 -04:00
496579dde2
Add match result for servlet requests
...
Fixes gh-7148
2019-08-05 19:43:00 -04:00
774a2e669c
Polish setAllowedHostnames
...
Added JavaDoc to method, including @since attribute
Issue gh-4310
2019-08-03 19:19:44 -06:00
f712c5598c
Add support for allowedHostnames in StrictHttpFirewall
...
Introduce a new method `setAllowedHostnames` which perform the validation
against untrusted hostnames.
Fixes gh-4310
2019-08-03 21:16:45 -04:00
a5cfd9fdb9
Downgrade AuthenticationFilter modifier
...
Fixes gh-7177
2019-08-03 21:14:33 -04:00
776a4c3760
Use org.mockito.ArgumentMatchers in favor of org.mockito.Matchers
2019-08-03 12:28:37 -04:00
ad2f999c25
Polish BasicAuthenticationConverter
...
This reverts to the old behavior from BasicAuthenticationFilter.
Specifically, if a token has an empty password, it still parses a username
and an empty String password.
Issue gh-7025
2019-08-02 09:04:55 -05:00
d157125c8e
Polish AuthenticationFilter
...
Updated member variable references to be prefixed with "this.".
Fixed typo in authentication manager resolver error message.
Issue: gh-6506
2019-08-01 16:26:54 -06:00
50adb6abcb
Fix javadoc
2019-07-31 15:36:30 -04:00
0b4502b2c5
Remove exceptions from lambda security configuration
...
Fixes: gh-7128
2019-07-30 08:31:37 -05:00
b55322b2cb
Make basic authentication scheme case-insensitive
...
Fixes: gh-7163
2019-07-29 16:30:03 -04:00
f1187bdfc2
issue/6506: AuthenticationConverter implementation
2019-07-23 17:31:21 -05:00
ab6440db10
Throws exception when passed IP address with too long mask
...
Fixes gh-2790
2019-07-19 06:25:58 -04:00
ea54d9014d
DSL nested builder for HTTP security
...
DSL nested builder for HTTP security
Fixes gh-5557
2019-07-12 16:09:19 -05:00
3ea9d376b2
Cleanup explicit type arguments
2019-07-10 09:32:41 -05:00
c5b5cc507c
Cleanup redundant type casts
2019-07-10 09:31:09 -05:00
758397f102
Allow configuration of headers through nested builder
...
Issue: gh-5557
2019-07-09 15:35:37 -04:00
43737a56bd
Use foreach where possible
2019-07-09 06:11:45 -06:00
8016a193b9
Optimize IpAddressMatcher
...
Get rid of byte array allocation in matcher and small optimizations
2019-07-03 23:27:12 -06:00
4b0fb19fff
Use MessageDigest.isEqual() where possible
...
fixes #7058
2019-07-03 05:40:20 -06:00
400e0c83b0
Add missing nullability annotation
2019-06-27 14:54:14 -05:00
f5da63118e
Add MultiTenantAuthenticationManagerResolver
...
A class with a number of handy request-based implementations of
AuthenticationManagerResolver targeted at common multi-tenancy
scenarios.
Fixes: gh-6976
2019-06-25 17:21:38 -06:00
878d262a26
Reimplement some hashCodes according to the currently recommended pattern.
...
These hashCode implementations seemed suspicious (field hashCodes XORed together with 31).
Included caseSensitive in AntPathRequestMatcher.hashCode() to be consistent with equals().
2019-06-18 12:44:57 -06:00
f6ed1db702
Introduced ReactiveAuthenticationManagerResolver
...
Suitable for multi-tenant reactive applications needing to branch
authentication strategies based on request details.
2019-06-13 08:52:19 -06:00
e66369f6c6
Added null checks and tests to constructors
...
RequestKey, JaasGrantedAuthority, and SwitchUserGrantedAuthority
assume certain final members are non-null.
Issue: gh-6892
2019-05-29 16:10:36 -06:00
98a8467e4c
Fix javadoc typo
2019-04-30 10:42:25 -06:00
9a67441507
Add x509 support for Reactive Security
...
[gh #5038 ]
2019-04-26 12:15:18 -05:00
2c136f7b6c
Add Reactive Clear-Site-Data Support
...
1. A new implementation of ServerHttpHeadersWriter has been created to
add Clear-Site-Data header support.
2. A new implementation of ServerLogoutHandler has been created which
can be configured to write response headers during logout.
3. Added unit tests for both implementations.
Fixes gh-6743
2019-04-19 17:46:37 -06:00
20a7bc4785
Improved DigestAuthenticationFilter Test Coverage
...
Issue: gh-5462
2019-04-13 20:27:08 -06:00
d88c2c19f0
Throw exception that was created but not thrown
...
Fixes gh-5462
2019-04-13 20:27:07 -06:00
22c8f63390
review phase2
2019-04-13 19:22:44 -06:00
570eb01733
review phase1
2019-04-13 19:22:44 -06:00
678e0b19e0
Introduce @CurrentSecurityContext for method arguments
2019-04-13 19:22:44 -06:00
19de13bdc7
Issue 6731 improve performance of checking headers
...
Improves the performance of checking headers for new lines.
Fixes: gh-6731
2019-04-08 10:10:53 -06:00
4e9c37b1ae
Manual URL Cleanup
2019-03-29 13:24:11 -04:00
a9a86cd826
Simplify MediaTypeRequestMatcher construction
...
Fixes: gh-6612
2019-03-28 22:02:12 -06:00
2daed8c003
Readability Polish
...
Heavily nested parentheses and lots of indentation can get hard to
read, so we should simplify this where we can.
Issue: gh-6639
2019-03-28 15:12:59 -06:00
281ccff907
Fixed NPE in HttpsRedirectWebFilter
...
A more descriptive IllegalStateException is now thrown instead
in the case that no such port mapping exists.
Fixes: gh-6639
2019-03-28 15:12:47 -06:00
e9e7f7d9bc
Polish URL Cleanup
...
Fixes: gh-6628
2019-03-20 00:26:43 -05:00
3b89754926
URL Cleanup
...
This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).
# HTTP URLs that Could Not Be Fixed
These URLs were unable to be fixed. Please review them to see if they can be manually resolved.
* http://blog.opensecurityresearch.com/2012/02/json-csrf-with-parameter-padding.html (200) with 1 occurrences could not be migrated:
([https](https://blog.opensecurityresearch.com/2012/02/json-csrf-with-parameter-padding.html ) result ClosedChannelException).
* http://bouncy-castle.1462172.n4.nabble.com/Java-Bouncy-Castle-scrypt-implementation-td4656832.html (200) with 1 occurrences could not be migrated:
([https](https://bouncy-castle.1462172.n4.nabble.com/Java-Bouncy-Castle-scrypt-implementation-td4656832.html ) result SSLHandshakeException).
* http://cujojs.com/ (200) with 1 occurrences could not be migrated:
([https](https://cujojs.com/ ) result SSLHandshakeException).
* http://erik.eae.net/archives/2007/07/27/18.54.15/ (200) with 1 occurrences could not be migrated:
([https](https://erik.eae.net/archives/2007/07/27/18.54.15/ ) result SSLHandshakeException).
* http://javascript.nwbox.com/IEContentLoaded/ (200) with 1 occurrences could not be migrated:
([https](https://javascript.nwbox.com/IEContentLoaded/ ) result SSLHandshakeException).
* http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2011-February/007533.html (200) with 1 occurrences could not be migrated:
([https](https://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2011-February/007533.html ) result SSLHandshakeException).
* http://monkeymachine.co.uk/ (200) with 2 occurrences could not be migrated:
([https](https://monkeymachine.co.uk/ ) result SSLHandshakeException).
* http://perfectionkills.com/detecting-event-support-without-browser-sniffing/ (200) with 1 occurrences could not be migrated:
([https](https://perfectionkills.com/detecting-event-support-without-browser-sniffing/ ) result SSLHandshakeException).
* http://somesite.com/login (200) with 3 occurrences could not be migrated:
([https](https://somesite.com/login ) result AnnotatedConnectException).
* http://someurl.com/ (200) with 2 occurrences could not be migrated:
([https](https://someurl.com/ ) result SSLHandshakeException).
* http://sscce.org/ (200) with 1 occurrences could not be migrated:
([https](https://sscce.org/ ) result SSLHandshakeException).
* http://webblaze.cs.berkeley.edu/papers/barth-caballero-song.pdf (200) with 2 occurrences could not be migrated:
([https](https://webblaze.cs.berkeley.edu/papers/barth-caballero-song.pdf ) result 404).
* http://www.example.com:80/ (200) with 1 occurrences could not be migrated:
([https](https://www.example.com:80/ ) result NotSslRecordException).
* http://www.faqs.org/qa/rfcc-1940.html (200) with 3 occurrences could not be migrated:
([https](https://www.faqs.org/qa/rfcc-1940.html ) result AnnotatedConnectException).
* http://www.faqs.org/rfcs/rfc1945.html (200) with 2 occurrences could not be migrated:
([https](https://www.faqs.org/rfcs/rfc1945.html ) result AnnotatedConnectException).
* http://www.faqs.org/rfcs/rfc3548.html (200) with 3 occurrences could not be migrated:
([https](https://www.faqs.org/rfcs/rfc3548.html ) result AnnotatedConnectException).
* http://www.zytrax.com/books/ldap/ (200) with 2 occurrences could not be migrated:
([https](https://www.zytrax.com/books/ldap/ ) result AnnotatedConnectException).
* http://blindsignals.com/index.php/2009/07/jquery-delay/ (301) with 1 occurrences could not be migrated:
([https](https://blindsignals.com/index.php/2009/07/jquery-delay/ ) result SSLHandshakeException).
* http://www.faqs.org/ (301) with 1 occurrences could not be migrated:
([https](https://www.faqs.org/ ) result AnnotatedConnectException).
* http://sam.zoy.org/wtfpl/ (301) with 2 occurrences could not be migrated:
([https](https://sam.zoy.org/wtfpl/ ) result SSLHandshakeException).
* http://hey.openid.com/ (302) with 1 occurrences could not be migrated:
([https](https://hey.openid.com/ ) result SSLHandshakeException).
* http://iharder.net/base64 (303) with 2 occurrences could not be migrated:
([https](https://iharder.net/base64 ) result AnnotatedConnectException).
* http://jaspan.com/improved_persistent_login_cookie_best_practice (500) with 3 occurrences could not be migrated:
([https](https://jaspan.com/improved_persistent_login_cookie_best_practice ) result AnnotatedConnectException).
# Fixed URLs
## Fixed But Review Recommended
These URLs were fixed, but the https status was not OK. However, the https status was the same as the http request or http redirected to an https URL, so they were migrated. Your review is recommended.
* http://www.relaxng.org/ (301) with 1 occurrences migrated to:
https://relaxng.org/ ([https](https://www.relaxng.org/ ) result SSLHandshakeException).
* http://www.relaxng.org (301) with 1 occurrences migrated to:
https://relaxng.org/ ([https](https://www.relaxng.org ) result SSLHandshakeException).
* http://tools.ietf.org/html/draft-ietf-websec-x-frame-options (301) with 2 occurrences migrated to:
https://tools.ietf.org/html/draft-ietf-websec-x-frame-options ([https](https://tools.ietf.org/html/draft-ietf-websec-x-frame-options ) result ReadTimeoutException).
* http://foo.test.com (302) with 2 occurrences migrated to:
https://www.test.com ([https](https://foo.test.com ) result SSLHandshakeException).
* http://abc.test.com (302) with 2 occurrences migrated to:
https://www.test.com ([https](https://abc.test.com ) result SSLHandshakeException).
* http://192.168.1:8080 (ConnectTimeoutException) with 2 occurrences migrated to:
https://192.168.1:8080 ([https](https://192.168.1:8080 ) result ConnectTimeoutException).
* http://www.example.com:8080/mycontext/secure/page.html (ConnectTimeoutException) with 1 occurrences migrated to:
https://www.example.com:8080/mycontext/secure/page.html ([https](https://www.example.com:8080/mycontext/secure/page.html ) result ConnectTimeoutException).
* http://www.example.com:8888/bigWebApp/hello (ConnectTimeoutException) with 1 occurrences migrated to:
https://www.example.com:8888/bigWebApp/hello ([https](https://www.example.com:8888/bigWebApp/hello ) result ConnectTimeoutException).
* http://www.example.com:8888/bigWebApp/hello/pathInfo.html?open=true (ConnectTimeoutException) with 1 occurrences migrated to:
https://www.example.com:8888/bigWebApp/hello/pathInfo.html?open=true ([https](https://www.example.com:8888/bigWebApp/hello/pathInfo.html?open=true ) result ConnectTimeoutException).
* http://www.opensymphony.com/sitemesh/decorator (ConnectTimeoutException) with 1 occurrences migrated to:
https://www.opensymphony.com/sitemesh/decorator ([https](https://www.opensymphony.com/sitemesh/decorator ) result ConnectTimeoutException).
* http://www.opensymphony.com/sitemesh/page (ConnectTimeoutException) with 1 occurrences migrated to:
https://www.opensymphony.com/sitemesh/page ([https](https://www.opensymphony.com/sitemesh/page ) result ConnectTimeoutException).
* http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd (ReadTimeoutException) with 1 occurrences migrated to:
https://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd ([https](https://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd ) result ReadTimeoutException).
* http://axschema.org/ (UnknownHostException) with 2 occurrences migrated to:
https://axschema.org/ ([https](https://axschema.org/ ) result UnknownHostException).
* http://axschema.org/contact/email (UnknownHostException) with 23 occurrences migrated to:
https://axschema.org/contact/email ([https](https://axschema.org/contact/email ) result UnknownHostException).
* http://axschema.org/namePerson (UnknownHostException) with 5 occurrences migrated to:
https://axschema.org/namePerson ([https](https://axschema.org/namePerson ) result UnknownHostException).
* http://axschema.org/namePerson/first (UnknownHostException) with 4 occurrences migrated to:
https://axschema.org/namePerson/first ([https](https://axschema.org/namePerson/first ) result UnknownHostException).
* http://axschema.org/namePerson/last (UnknownHostException) with 4 occurrences migrated to:
https://axschema.org/namePerson/last ([https](https://axschema.org/namePerson/last ) result UnknownHostException).
* http://context.blah.com/context/remainder (UnknownHostException) with 1 occurrences migrated to:
https://context.blah.com/context/remainder ([https](https://context.blah.com/context/remainder ) result UnknownHostException).
* http://default (UnknownHostException) with 12 occurrences migrated to:
https://default ([https](https://default ) result UnknownHostException).
* http://endpoint (UnknownHostException) with 4 occurrences migrated to:
https://endpoint ([https](https://endpoint ) result UnknownHostException).
* http://endpoint?id_token_hint=id-token (UnknownHostException) with 2 occurrences migrated to:
https://endpoint?id_token_hint=id-token ([https](https://endpoint?id_token_hint=id-token ) result UnknownHostException).
* http://example.com¶m1=value1¶m2=value2 (UnknownHostException) with 1 occurrences migrated to:
https://example.com¶m1=value1¶m2=value2 ([https](https://example.com¶m1=value1¶m2=value2 ) result UnknownHostException).
* http://host/myapp/index.html;jsessionid=blah (UnknownHostException) with 1 occurrences migrated to:
https://host/myapp/index.html;jsessionid=blah ([https](https://host/myapp/index.html;jsessionid=blah ) result UnknownHostException).
* http://http://context.blah.com/context/remainder (UnknownHostException) with 1 occurrences migrated to:
https://http://context.blah.com/context/remainder ([https](https://https://context.blah.com/context/remainder ) result UnknownHostException).
* http://id.openid.zz (UnknownHostException) with 2 occurrences migrated to:
https://id.openid.zz ([https](https://id.openid.zz ) result UnknownHostException).
* http://invalid-provider.com/oauth2/token (UnknownHostException) with 4 occurrences migrated to:
https://invalid-provider.com/oauth2/token ([https](https://invalid-provider.com/oauth2/token ) result UnknownHostException).
* http://invalid-provider.com/user (UnknownHostException) with 4 occurrences migrated to:
https://invalid-provider.com/user ([https](https://invalid-provider.com/user ) result UnknownHostException).
* http://issuer/.well-known/jwks.json (UnknownHostException) with 2 occurrences migrated to:
https://issuer/.well-known/jwks.json ([https](https://issuer/.well-known/jwks.json ) result UnknownHostException).
* http://issuer/certs (UnknownHostException) with 1 occurrences migrated to:
https://issuer/certs ([https](https://issuer/certs ) result UnknownHostException).
* http://jimi.hendrix.myopenid.com/ (UnknownHostException) with 1 occurrences migrated to:
https://jimi.hendrix.myopenid.com/ ([https](https://jimi.hendrix.myopenid.com/ ) result UnknownHostException).
* http://joe.myopenid.com/ (UnknownHostException) with 3 occurrences migrated to:
https://joe.myopenid.com/ ([https](https://joe.myopenid.com/ ) result UnknownHostException).
* http://logout (UnknownHostException) with 2 occurrences migrated to:
https://logout ([https](https://logout ) result UnknownHostException).
* http://logout?id_token_hint=id-token (UnknownHostException) with 2 occurrences migrated to:
https://logout?id_token_hint=id-token ([https](https://logout?id_token_hint=id-token ) result UnknownHostException).
* http://openid.aol.com/ (UnknownHostException) with 2 occurrences migrated to:
https://openid.aol.com/ ([https](https://openid.aol.com/ ) result UnknownHostException).
* http://pip.verisignlabs.com/server (UnknownHostException) with 2 occurrences migrated to:
https://pip.verisignlabs.com/server ([https](https://pip.verisignlabs.com/server ) result UnknownHostException).
* http://postlogout?encodedparam%3Dvalue (UnknownHostException) with 2 occurrences migrated to:
https://postlogout?encodedparam%3Dvalue ([https](https://postlogout?encodedparam%3Dvalue ) result UnknownHostException).
* http://postlogout?encodedparam=value (UnknownHostException) with 2 occurrences migrated to:
https://postlogout?encodedparam=value ([https](https://postlogout?encodedparam=value ) result UnknownHostException).
* http://schema.openid.net/contact/email (UnknownHostException) with 5 occurrences migrated to:
https://schema.openid.net/contact/email ([https](https://schema.openid.net/contact/email ) result UnknownHostException).
* http://schema.openid.net/namePerson (UnknownHostException) with 2 occurrences migrated to:
https://schema.openid.net/namePerson ([https](https://schema.openid.net/namePerson ) result UnknownHostException).
* http://some.site.org/index.html (UnknownHostException) with 1 occurrences migrated to:
https://some.site.org/index.html ([https](https://some.site.org/index.html ) result UnknownHostException).
* http://something/ (UnknownHostException) with 1 occurrences migrated to:
https://something/ ([https](https://something/ ) result UnknownHostException).
* http://specs.openid.net/auth/2.0 (UnknownHostException) with 2 occurrences migrated to:
https://specs.openid.net/auth/2.0 ([https](https://specs.openid.net/auth/2.0 ) result UnknownHostException).
* http://specs.openid.net/auth/2.0/identifier_select (UnknownHostException) with 4 occurrences migrated to:
https://specs.openid.net/auth/2.0/identifier_select ([https](https://specs.openid.net/auth/2.0/identifier_select ) result UnknownHostException).
* http://wiki.fasterxml.com/JacksonFeatureModules (UnknownHostException) with 1 occurrences migrated to:
https://wiki.fasterxml.com/JacksonFeatureModules ([https](https://wiki.fasterxml.com/JacksonFeatureModules ) result UnknownHostException).
* http://www.faqs (UnknownHostException) with 1 occurrences migrated to:
https://www.faqs ([https](https://www.faqs ) result UnknownHostException).
* http://www.test123.com (UnknownHostException) with 1 occurrences migrated to:
https://www.test123.com ([https](https://www.test123.com ) result UnknownHostException).
* http://en.wikipedia.org/wiki/Defense_in_depth_%28computing%29 (301) with 1 occurrences migrated to:
https://en.wikipedia.org/wiki/Defense_in_depth_%2528computing%2529 ([https](https://en.wikipedia.org/wiki/Defense_in_depth_%28computing%29 ) result 400).
* http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ForwardedRequestCustomizer.html (404) with 1 occurrences migrated to:
https://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ForwardedRequestCustomizer.html ([https](https://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ForwardedRequestCustomizer.html ) result 404).
* http://example.com/auth (404) with 2 occurrences migrated to:
https://example.com/auth ([https](https://example.com/auth ) result 404).
* http://example.com/info (404) with 2 occurrences migrated to:
https://example.com/info ([https](https://example.com/info ) result 404).
* http://example.com/jwkset (404) with 2 occurrences migrated to:
https://example.com/jwkset ([https](https://example.com/jwkset ) result 404).
* http://example.com/login/oauth2/code/registration-id (404) with 1 occurrences migrated to:
https://example.com/login/oauth2/code/registration-id ([https](https://example.com/login/oauth2/code/registration-id ) result 404).
* http://example.com/login/oauth2/code/registration-id-2 (404) with 1 occurrences migrated to:
https://example.com/login/oauth2/code/registration-id-2 ([https](https://example.com/login/oauth2/code/registration-id-2 ) result 404).
* http://example.com/path?a=b&c=d (404) with 1 occurrences migrated to:
https://example.com/path?a=b&c=d ([https](https://example.com/path?a=b&c=d ) result 404).
* http://example.com/pkp-report (404) with 5 occurrences migrated to:
https://example.com/pkp-report ([https](https://example.com/pkp-report ) result 404).
* http://example.com/token (404) with 2 occurrences migrated to:
https://example.com/token ([https](https://example.com/token ) result 404).
* http://example.net/pkp-report (404) with 7 occurrences migrated to:
https://example.net/pkp-report ([https](https://example.net/pkp-report ) result 404).
* http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/ (301) with 1 occurrences migrated to:
https://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/ ([https](https://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/ ) result 404).
* http://html5shim.googlecode.com/svn/trunk/html5.js (404) with 6 occurrences migrated to:
https://html5shim.googlecode.com/svn/trunk/html5.js ([https](https://html5shim.googlecode.com/svn/trunk/html5.js ) result 404).
* http://json.org/json2.js (404) with 1 occurrences migrated to:
https://json.org/json2.js ([https](https://json.org/json2.js ) result 404).
* http://openid-selector.googlecode.com/svn/trunk/ (404) with 2 occurrences migrated to:
https://openid-selector.googlecode.com/svn/trunk/ ([https](https://openid-selector.googlecode.com/svn/trunk/ ) result 404).
* http://provider.com/user (302) with 2 occurrences migrated to:
https://provider.com/user ([https](https://provider.com/user ) result 404).
* http://relaxng.org/ns/compatibility/annotations/1.0 (301) with 8 occurrences migrated to:
https://relaxng.org/ns/compatibility/annotations/1.0 ([https](https://relaxng.org/ns/compatibility/annotations/1.0 ) result 404).
* http://www.example.com/bigWebApp/hello (404) with 2 occurrences migrated to:
https://www.example.com/bigWebApp/hello ([https](https://www.example.com/bigWebApp/hello ) result 404).
* http://www.example.com/bigWebApp/hello/pathInfo.html?open=true (404) with 1 occurrences migrated to:
https://www.example.com/bigWebApp/hello/pathInfo.html?open=true ([https](https://www.example.com/bigWebApp/hello/pathInfo.html?open=true ) result 404).
* http://www.example.com/identity (404) with 1 occurrences migrated to:
https://www.example.com/identity ([https](https://www.example.com/identity ) result 404).
* http://www.example.com/login/openid (404) with 2 occurrences migrated to:
https://www.example.com/login/openid ([https](https://www.example.com/login/openid ) result 404).
* http://www.example.com/mycontext/HelloWorld (404) with 1 occurrences migrated to:
https://www.example.com/mycontext/HelloWorld ([https](https://www.example.com/mycontext/HelloWorld ) result 404).
* http://www.example.com/mycontext/HelloWorld/some/more/segments.html (404) with 1 occurrences migrated to:
https://www.example.com/mycontext/HelloWorld/some/more/segments.html ([https](https://www.example.com/mycontext/HelloWorld/some/more/segments.html ) result 404).
* http://www.example.com/mycontext/HelloWorld?foo=bar (404) with 1 occurrences migrated to:
https://www.example.com/mycontext/HelloWorld?foo=bar ([https](https://www.example.com/mycontext/HelloWorld?foo=bar ) result 404).
* http://www.example.com/mycontext/secure/page.html (404) with 3 occurrences migrated to:
https://www.example.com/mycontext/secure/page.html ([https](https://www.example.com/mycontext/secure/page.html ) result 404).
* http://www.example.com/realm (404) with 1 occurrences migrated to:
https://www.example.com/realm ([https](https://www.example.com/realm ) result 404).
* http://www.example.com/redirect (404) with 1 occurrences migrated to:
https://www.example.com/redirect ([https](https://www.example.com/redirect ) result 404).
* http://www.example.org/do/something (404) with 4 occurrences migrated to:
https://www.example.org/do/something ([https](https://www.example.org/do/something ) result 404).
* http://www.ibm.com/developerworks/tivoli/library/t-ldap-controls/ (301) with 1 occurrences migrated to:
https://www.ibm.com/developerworks/tivoli/library/t-ldap-controls/ ([https](https://www.ibm.com/developerworks/tivoli/library/t-ldap-controls/ ) result 404).
* http://www.json.org/json2.js (404) with 1 occurrences migrated to:
https://www.json.org/json2.js ([https](https://www.json.org/json2.js ) result 404).
* http://www.thymeleaf.org/thymeleaf-extras-springsecurity5 (301) with 5 occurrences migrated to:
https://www.thymeleaf.org/thymeleaf-extras-springsecurity5 ([https](https://www.thymeleaf.org/thymeleaf-extras-springsecurity5 ) result 404).
## Fixed Success
These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.
* http://blog.ircmaxell.com/2014/03/why-i-dont-recommend-scrypt.html with 1 occurrences migrated to:
https://blog.ircmaxell.com/2014/03/why-i-dont-recommend-scrypt.html ([https](https://blog.ircmaxell.com/2014/03/why-i-dont-recommend-scrypt.html ) result 200).
* http://bugs.jquery.com/ticket/12282 with 1 occurrences migrated to:
https://bugs.jquery.com/ticket/12282 ([https](https://bugs.jquery.com/ticket/12282 ) result 200).
* http://bugs.jquery.com/ticket/12359 with 1 occurrences migrated to:
https://bugs.jquery.com/ticket/12359 ([https](https://bugs.jquery.com/ticket/12359 ) result 200).
* http://claimid.com/ with 2 occurrences migrated to:
https://claimid.com/ ([https](https://claimid.com/ ) result 200).
* http://dist.springsource.org/snapshot/GRECLIPSE/e4.7/ with 1 occurrences migrated to:
https://dist.springsource.org/snapshot/GRECLIPSE/e4.7/ ([https](https://dist.springsource.org/snapshot/GRECLIPSE/e4.7/ ) result 200).
* http://docs.oracle.com/javaee/6/api/javax/servlet/AsyncContext.html with 1 occurrences migrated to:
https://docs.oracle.com/javaee/6/api/javax/servlet/AsyncContext.html ([https](https://docs.oracle.com/javaee/6/api/javax/servlet/AsyncContext.html ) result 200).
* http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html with 26 occurrences migrated to:
https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html ([https](https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html ) result 200).
* http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html with 1 occurrences migrated to:
https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html ([https](https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html ) result 200).
* http://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html with 1 occurrences migrated to:
https://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html ([https](https://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html ) result 200).
* http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html with 1 occurrences migrated to:
https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html ([https](https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html ) result 200).
* http://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html with 1 occurrences migrated to:
https://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html ([https](https://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html ) result 200).
* http://docs.spring.io/spring-framework/docs/4.0.x/spring-framework-reference/htmlsingle/ with 2 occurrences migrated to:
https://docs.spring.io/spring-framework/docs/4.0.x/spring-framework-reference/htmlsingle/ ([https](https://docs.spring.io/spring-framework/docs/4.0.x/spring-framework-reference/htmlsingle/ ) result 200).
* http://static.springsource.org/spring-security/site/docs/3.0.x/reference/remember-me.html (301) with 1 occurrences migrated to:
https://docs.spring.io/spring-security/site/docs/3.0.x/reference/remember-me.html ([https](https://static.springsource.org/spring-security/site/docs/3.0.x/reference/remember-me.html ) result 200).
* http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html (301) with 1 occurrences migrated to:
https://docs.spring.io/spring-security/site/docs/3.1.x/reference/springsecurity-single.html ([https](https://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html ) result 200).
* http://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/ with 1 occurrences migrated to:
https://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/ ([https](https://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/ ) result 200).
* http://docs.spring.io/spring-security/site/docs/current/api/ with 1 occurrences migrated to:
https://docs.spring.io/spring-security/site/docs/current/api/ ([https](https://docs.spring.io/spring-security/site/docs/current/api/ ) result 200).
* http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/ with 3 occurrences migrated to:
https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/ ([https](https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/ ) result 200).
* http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html (301) with 1 occurrences migrated to:
https://docs.spring.io/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html ([https](https://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html ) result 200).
* http://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/beans.html with 1 occurrences migrated to:
https://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/beans.html ([https](https://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/beans.html ) result 200).
* http://docs.spring.io/spring/docs/3.2.x/javadoc-api/org/springframework/web/multipart/support/MultipartFilter.html with 1 occurrences migrated to:
https://docs.spring.io/spring/docs/3.2.x/javadoc-api/org/springframework/web/multipart/support/MultipartFilter.html ([https](https://docs.spring.io/spring/docs/3.2.x/javadoc-api/org/springframework/web/multipart/support/MultipartFilter.html ) result 200).
* http://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/mvc.html with 3 occurrences migrated to:
https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/mvc.html ([https](https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/mvc.html ) result 200).
* http://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/view.html with 1 occurrences migrated to:
https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/view.html ([https](https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/view.html ) result 200).
* http://en.wikipedia.org/wiki/Clickjacking with 9 occurrences migrated to:
https://en.wikipedia.org/wiki/Clickjacking ([https](https://en.wikipedia.org/wiki/Clickjacking ) result 200).
* http://en.wikipedia.org/wiki/Content_sniffing with 2 occurrences migrated to:
https://en.wikipedia.org/wiki/Content_sniffing ([https](https://en.wikipedia.org/wiki/Content_sniffing ) result 200).
* http://en.wikipedia.org/wiki/Cross-site_request_forgery with 11 occurrences migrated to:
https://en.wikipedia.org/wiki/Cross-site_request_forgery ([https](https://en.wikipedia.org/wiki/Cross-site_request_forgery ) result 200).
* http://en.wikipedia.org/wiki/Cross-site_scripting with 7 occurrences migrated to:
https://en.wikipedia.org/wiki/Cross-site_scripting ([https](https://en.wikipedia.org/wiki/Cross-site_scripting ) result 200).
* http://en.wikipedia.org/wiki/Firesheep with 1 occurrences migrated to:
https://en.wikipedia.org/wiki/Firesheep ([https](https://en.wikipedia.org/wiki/Firesheep ) result 200).
* http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security with 4 occurrences migrated to:
https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security ([https](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security ) result 200).
* http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol with 1 occurrences migrated to:
https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol ([https](https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol ) result 200).
* http://en.wikipedia.org/wiki/Man-in-the-middle_attack with 2 occurrences migrated to:
https://en.wikipedia.org/wiki/Man-in-the-middle_attack ([https](https://en.wikipedia.org/wiki/Man-in-the-middle_attack ) result 200).
* http://en.wikipedia.org/wiki/Null_Object_pattern with 1 occurrences migrated to:
https://en.wikipedia.org/wiki/Null_Object_pattern ([https](https://en.wikipedia.org/wiki/Null_Object_pattern ) result 200).
* http://en.wikipedia.org/wiki/SRV_record with 2 occurrences migrated to:
https://en.wikipedia.org/wiki/SRV_record ([https](https://en.wikipedia.org/wiki/SRV_record ) result 200).
* http://en.wikipedia.org/wiki/Same-origin_policy with 1 occurrences migrated to:
https://en.wikipedia.org/wiki/Same-origin_policy ([https](https://en.wikipedia.org/wiki/Same-origin_policy ) result 200).
* http://en.wikipedia.org/wiki/Session_fixation with 6 occurrences migrated to:
https://en.wikipedia.org/wiki/Session_fixation ([https](https://en.wikipedia.org/wiki/Session_fixation ) result 200).
* http://example.com with 8 occurrences migrated to:
https://example.com ([https](https://example.com ) result 200).
* http://example.com/ with 1 occurrences migrated to:
https://example.com/ ([https](https://example.com/ ) result 200).
* http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice with 2 occurrences migrated to:
https://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice ([https](https://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice ) result 200).
* http://flywaydb.org/ with 1 occurrences migrated to:
https://flywaydb.org/ ([https](https://flywaydb.org/ ) result 200).
* http://getbootstrap.com/docs/4.0/examples/signin/signin.css with 1 occurrences migrated to:
https://getbootstrap.com/docs/4.0/examples/signin/signin.css ([https](https://getbootstrap.com/docs/4.0/examples/signin/signin.css ) result 200).
* http://gradle.org with 1 occurrences migrated to:
https://gradle.org ([https](https://gradle.org ) result 200).
* http://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/ with 2 occurrences migrated to:
https://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/ ([https](https://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/ ) result 200).
* http://joshlong.com/jl/blogPost/tech_tip_geting_started_with_spring_boot.html with 2 occurrences migrated to:
https://joshlong.com/jl/blogPost/tech_tip_geting_started_with_spring_boot.html ([https](https://joshlong.com/jl/blogPost/tech_tip_geting_started_with_spring_boot.html ) result 200).
* http://jquery.com/ with 1 occurrences migrated to:
https://jquery.com/ ([https](https://jquery.com/ ) result 200).
* http://knockoutjs.com/ with 1 occurrences migrated to:
https://knockoutjs.com/ ([https](https://knockoutjs.com/ ) result 200).
* http://marketplace.eclipse.org/content/anyedit-tools with 1 occurrences migrated to:
https://marketplace.eclipse.org/content/anyedit-tools ([https](https://marketplace.eclipse.org/content/anyedit-tools ) result 200).
* http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html with 1 occurrences migrated to:
https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html ([https](https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html ) result 200).
* http://openid.net with 1 occurrences migrated to:
https://openid.net ([https](https://openid.net ) result 200).
* http://openid.net/ with 1 occurrences migrated to:
https://openid.net/ ([https](https://openid.net/ ) result 200).
* http://openid.net/certification/ with 4 occurrences migrated to:
https://openid.net/certification/ ([https](https://openid.net/certification/ ) result 200).
* http://openid.net/connect/ with 4 occurrences migrated to:
https://openid.net/connect/ ([https](https://openid.net/connect/ ) result 200).
* http://openid.net/specs/openid-attribute-exchange-1_0.html with 3 occurrences migrated to:
https://openid.net/specs/openid-attribute-exchange-1_0.html ([https](https://openid.net/specs/openid-attribute-exchange-1_0.html ) result 200).
* http://openid.net/specs/openid-connect-core-1_0.html with 50 occurrences migrated to:
https://openid.net/specs/openid-connect-core-1_0.html ([https](https://openid.net/specs/openid-connect-core-1_0.html ) result 200).
* http://openid.net/specs/openid-connect-session-1_0.html with 2 occurrences migrated to:
https://openid.net/specs/openid-connect-session-1_0.html ([https](https://openid.net/specs/openid-connect-session-1_0.html ) result 200).
* http://sizzlejs.com/ with 2 occurrences migrated to:
https://sizzlejs.com/ ([https](https://sizzlejs.com/ ) result 200).
* http://spring.io/blog/2009/01/03/spring-security-customization-part-2-adjusting-secured-session-in-real-time with 1 occurrences migrated to:
https://spring.io/blog/2009/01/03/spring-security-customization-part-2-adjusting-secured-session-in-real-time ([https](https://spring.io/blog/2009/01/03/spring-security-customization-part-2-adjusting-secured-session-in-real-time ) result 200).
* http://blog.springsource.com/2010/03/06/behind-the-spring-security-namespace/ (301) with 1 occurrences migrated to:
https://spring.io/blog/2010/03/06/behind-the-spring-security-namespace/ ([https](https://blog.springsource.com/2010/03/06/behind-the-spring-security-namespace/ ) result 200).
* http://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/ (301) with 1 occurrences migrated to:
https://spring.io/blog/2010/08/02/spring-security-in-google-app-engine/ ([https](https://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/ ) result 200).
* http://spring.io/projects with 1 occurrences migrated to:
https://spring.io/projects ([https](https://spring.io/projects ) result 200).
* http://spring.io/services with 1 occurrences migrated to:
https://spring.io/services ([https](https://spring.io/services ) result 200).
* http://stackoverflow.com/questions/tagged/spring-security with 1 occurrences migrated to:
https://stackoverflow.com/questions/tagged/spring-security ([https](https://stackoverflow.com/questions/tagged/spring-security ) result 200).
* http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html with 2 occurrences migrated to:
https://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html ([https](https://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html ) result 200).
* http://tools.ietf.org/html/rfc6797 with 15 occurrences migrated to:
https://tools.ietf.org/html/rfc6797 ([https](https://tools.ietf.org/html/rfc6797 ) result 200).
* http://tools.ietf.org/html/rfc7469 with 18 occurrences migrated to:
https://tools.ietf.org/html/rfc7469 ([https](https://tools.ietf.org/html/rfc7469 ) result 200).
* http://vimeo.com/34436402 with 1 occurrences migrated to:
https://vimeo.com/34436402 ([https](https://vimeo.com/34436402 ) result 200).
* http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails/ with 1 occurrences migrated to:
https://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails/ ([https](https://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails/ ) result 200).
* http://www.ja-sig.org/cas (301) with 1 occurrences migrated to:
https://www.apereo.org ([https](https://www.ja-sig.org/cas ) result 200).
* http://ehcache.sourceforge.net (301) with 2 occurrences migrated to:
https://www.ehcache.org/ ([https](https://ehcache.sourceforge.net ) result 200).
* http://www.html5rocks.com/en/tutorials/security/content-security-policy/ with 2 occurrences migrated to:
https://www.html5rocks.com/en/tutorials/security/content-security-policy/ ([https](https://www.html5rocks.com/en/tutorials/security/content-security-policy/ ) result 200).
* http://www.ietf.org/rfc/rfc2396.txt with 3 occurrences migrated to:
https://www.ietf.org/rfc/rfc2396.txt ([https](https://www.ietf.org/rfc/rfc2396.txt ) result 200).
* http://www.ietf.org/rfc/rfc2617.txt with 1 occurrences migrated to:
https://www.ietf.org/rfc/rfc2617.txt ([https](https://www.ietf.org/rfc/rfc2617.txt ) result 200).
* http://www.liquibase.org/ with 1 occurrences migrated to:
https://www.liquibase.org/ ([https](https://www.liquibase.org/ ) result 200).
* http://www.openbsd.org/papers/bcrypt-paper.ps with 1 occurrences migrated to:
https://www.openbsd.org/papers/bcrypt-paper.ps ([https](https://www.openbsd.org/papers/bcrypt-paper.ps ) result 200).
* http://www.springframework.org/schema/aop/spring-aop-2.5.xsd with 1 occurrences migrated to:
https://www.springframework.org/schema/aop/spring-aop-2.5.xsd ([https](https://www.springframework.org/schema/aop/spring-aop-2.5.xsd ) result 200).
* http://www.springframework.org/schema/beans/spring-beans-2.5.xsd with 1 occurrences migrated to:
https://www.springframework.org/schema/beans/spring-beans-2.5.xsd ([https](https://www.springframework.org/schema/beans/spring-beans-2.5.xsd ) result 200).
* http://www.springframework.org/schema/beans/spring-beans-3.0.xsd with 2 occurrences migrated to:
https://www.springframework.org/schema/beans/spring-beans-3.0.xsd ([https](https://www.springframework.org/schema/beans/spring-beans-3.0.xsd ) result 200).
* http://www.springframework.org/schema/beans/spring-beans.xsd with 1 occurrences migrated to:
https://www.springframework.org/schema/beans/spring-beans.xsd ([https](https://www.springframework.org/schema/beans/spring-beans.xsd ) result 200).
* http://www.springframework.org/schema/context/spring-context-2.5.xsd with 1 occurrences migrated to:
https://www.springframework.org/schema/context/spring-context-2.5.xsd ([https](https://www.springframework.org/schema/context/spring-context-2.5.xsd ) result 200).
* http://www.springframework.org/schema/mvc/spring-mvc.xsd with 1 occurrences migrated to:
https://www.springframework.org/schema/mvc/spring-mvc.xsd ([https](https://www.springframework.org/schema/mvc/spring-mvc.xsd ) result 200).
* http://www.springframework.org/schema/security/spring-security.xsd with 3 occurrences migrated to:
https://www.springframework.org/schema/security/spring-security.xsd ([https](https://www.springframework.org/schema/security/spring-security.xsd ) result 200).
* http://www.springframework.org/schema/websocket/spring-websocket.xsd with 1 occurrences migrated to:
https://www.springframework.org/schema/websocket/spring-websocket.xsd ([https](https://www.springframework.org/schema/websocket/spring-websocket.xsd ) result 200).
* http://www.test.com with 9 occurrences migrated to:
https://www.test.com ([https](https://www.test.com ) result 200).
* http://www.thymeleaf.org with 25 occurrences migrated to:
https://www.thymeleaf.org ([https](https://www.thymeleaf.org ) result 200).
* http://www.thymeleaf.org/ with 3 occurrences migrated to:
https://www.thymeleaf.org/ ([https](https://www.thymeleaf.org/ ) result 200).
* http://www.thymeleaf.org/dtd/xhtml1-strict-thymeleaf-spring4-3.dtd with 1 occurrences migrated to:
https://www.thymeleaf.org/dtd/xhtml1-strict-thymeleaf-spring4-3.dtd ([https](https://www.thymeleaf.org/dtd/xhtml1-strict-thymeleaf-spring4-3.dtd ) result 200).
* http://www.thymeleaf.org/whatsnew21.html with 1 occurrences migrated to:
https://www.thymeleaf.org/whatsnew21.html ([https](https://www.thymeleaf.org/whatsnew21.html ) result 200).
* http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html with 2 occurrences migrated to:
https://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html ([https](https://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html ) result 200).
* http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html with 1 occurrences migrated to:
https://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html ([https](https://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html ) result 200).
* http://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html with 1 occurrences migrated to:
https://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html ([https](https://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html ) result 200).
* http://www.w3.org/TR/2011/REC-css3-selectors-20110929/ with 2 occurrences migrated to:
https://www.w3.org/TR/2011/REC-css3-selectors-20110929/ ([https](https://www.w3.org/TR/2011/REC-css3-selectors-20110929/ ) result 200).
* http://www.w3.org/TR/CSS21/syndata.html with 1 occurrences migrated to:
https://www.w3.org/TR/CSS21/syndata.html ([https](https://www.w3.org/TR/CSS21/syndata.html ) result 200).
* http://www.w3.org/TR/selectors/ with 3 occurrences migrated to:
https://www.w3.org/TR/selectors/ ([https](https://www.w3.org/TR/selectors/ ) result 200).
* http://www.youtube.com/watch?v=3mk0RySeNsU with 2 occurrences migrated to:
https://www.youtube.com/watch?v=3mk0RySeNsU ([https](https://www.youtube.com/watch?v=3mk0RySeNsU ) result 200).
* http://api.jquery.com/jQuery.browser with 1 occurrences migrated to:
https://api.jquery.com/jQuery.browser ([https](https://api.jquery.com/jQuery.browser ) result 301).
* http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx with 1 occurrences migrated to:
https://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx ([https](https://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx ) result 301).
* http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx with 2 occurrences migrated to:
https://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx ([https](https://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx ) result 301).
* http://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx with 2 occurrences migrated to:
https://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx ([https](https://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx ) result 301).
* http://code.google.com/p/openid-selector/ with 3 occurrences migrated to:
https://code.google.com/p/openid-selector/ ([https](https://code.google.com/p/openid-selector/ ) result 301).
* http://contributor-covenant.org with 1 occurrences migrated to:
https://contributor-covenant.org ([https](https://contributor-covenant.org ) result 301).
* http://contributor-covenant.org/version/1/3/0/ with 1 occurrences migrated to:
https://contributor-covenant.org/version/1/3/0/ ([https](https://contributor-covenant.org/version/1/3/0/ ) result 301).
* http://dev.w3.org/csswg/cssom/ with 1 occurrences migrated to:
https://dev.w3.org/csswg/cssom/ ([https](https://dev.w3.org/csswg/cssom/ ) result 301).
* http://docs.spring.io with 1 occurrences migrated to:
https://docs.spring.io ([https](https://docs.spring.io ) result 301).
* http://docs.spring.io/spring/docs/current/spring-framework-reference/html/testing.html with 1 occurrences migrated to:
https://docs.spring.io/spring/docs/current/spring-framework-reference/html/testing.html ([https](https://docs.spring.io/spring/docs/current/spring-framework-reference/html/testing.html ) result 301).
* http://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html with 7 occurrences migrated to:
https://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html ([https](https://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html ) result 301).
* http://forum.springsource.org/showthread.php?102783-How-to-use-hasIpAddress&p=343971 (301) with 1 occurrences migrated to:
https://forum.spring.io/showthread.php?102783-How-to-use-hasIpAddress&p=343971 ([https](https://forum.springsource.org/showthread.php?102783-How-to-use-hasIpAddress&p=343971 ) result 301).
* http://help.github.com/set-up-git-redirect with 1 occurrences migrated to:
https://help.github.com/set-up-git-redirect ([https](https://help.github.com/set-up-git-redirect ) result 301).
* http://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_ with 1 occurrences migrated to:
https://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_ ([https](https://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_ ) result 301).
* http://jquery.org/license with 1 occurrences migrated to:
https://jquery.org/license ([https](https://jquery.org/license ) result 301).
* http://msdn.microsoft.com/en-us/library/dd565647 with 4 occurrences migrated to:
https://msdn.microsoft.com/en-us/library/dd565647 ([https](https://msdn.microsoft.com/en-us/library/dd565647 ) result 301).
* http://msdn.microsoft.com/en-us/library/ie/gg622941 with 5 occurrences migrated to:
https://msdn.microsoft.com/en-us/library/ie/gg622941 ([https](https://msdn.microsoft.com/en-us/library/ie/gg622941 ) result 301).
* http://openid.net/get/ with 2 occurrences migrated to:
https://openid.net/get/ ([https](https://openid.net/get/ ) result 301).
* http://openid.net/what/ with 2 occurrences migrated to:
https://openid.net/what/ ([https](https://openid.net/what/ ) result 301).
* http://technorati.com/people/technorati/ with 2 occurrences migrated to:
https://technorati.com/people/technorati/ ([https](https://technorati.com/people/technorati/ ) result 301).
* http://twitter.github.com/bootstrap/javascript.html with 13 occurrences migrated to:
https://twitter.github.com/bootstrap/javascript.html ([https](https://twitter.github.com/bootstrap/javascript.html ) result 301).
* http://www.jasig.org/cas with 1 occurrences migrated to:
https://www.jasig.org/cas ([https](https://www.jasig.org/cas ) result 301).
* http://www.modernizr.com/ with 1 occurrences migrated to:
https://www.modernizr.com/ ([https](https://www.modernizr.com/ ) result 301).
* http://www.opensource.org/licenses/mit-license.php with 1 occurrences migrated to:
https://www.opensource.org/licenses/mit-license.php ([https](https://www.opensource.org/licenses/mit-license.php ) result 301).
* http://www.oracle.com/technetwork/java/javase/downloads with 1 occurrences migrated to:
https://www.oracle.com/technetwork/java/javase/downloads ([https](https://www.oracle.com/technetwork/java/javase/downloads ) result 301).
* http://www.springframework.org/security with 1 occurrences migrated to:
https://www.springframework.org/security ([https](https://www.springframework.org/security ) result 301).
* http://www.springsource.com/ with 2 occurrences migrated to:
https://www.springsource.com/ ([https](https://www.springsource.com/ ) result 301).
* http://www.springsource.org with 1 occurrences migrated to:
https://www.springsource.org ([https](https://www.springsource.org ) result 301).
* http://www.springsource.org/sts with 1 occurrences migrated to:
https://www.springsource.org/sts ([https](https://www.springsource.org/sts ) result 301).
* http://www.thoughtcrime.org/software/sslstrip/ with 1 occurrences migrated to:
https://www.thoughtcrime.org/software/sslstrip/ ([https](https://www.thoughtcrime.org/software/sslstrip/ ) result 301).
* http://www.w3.org/TR/css3-selectors/ with 2 occurrences migrated to:
https://www.w3.org/TR/css3-selectors/ ([https](https://www.w3.org/TR/css3-selectors/ ) result 301).
* http://www.w3.org/TR/css3-syntax/ with 1 occurrences migrated to:
https://www.w3.org/TR/css3-syntax/ ([https](https://www.w3.org/TR/css3-syntax/ ) result 301).
* http://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/ with 2 occurrences migrated to:
https://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/ ([https](https://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/ ) result 302).
* http://download.oracle.com/javase/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/login/ConfigFile.html with 1 occurrences migrated to:
https://download.oracle.com/javase/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/login/ConfigFile.html ([https](https://download.oracle.com/javase/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/login/ConfigFile.html ) result 302).
* http://example2.com with 3 occurrences migrated to:
https://example2.com ([https](https://example2.com ) result 302).
* http://flickr.com/ with 2 occurrences migrated to:
https://flickr.com/ ([https](https://flickr.com/ ) result 302).
* http://git-scm.com/book/cs/ch7-3.html with 1 occurrences migrated to:
https://git-scm.com/book/cs/ch7-3.html ([https](https://git-scm.com/book/cs/ch7-3.html ) result 302).
* http://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd with 1 occurrences migrated to:
https://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd ([https](https://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd ) result 302).
* http://java.sun.com/j2se/1.4.2/docs/api/javax/naming/directory/DirContext.html with 1 occurrences migrated to:
https://java.sun.com/j2se/1.4.2/docs/api/javax/naming/directory/DirContext.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/naming/directory/DirContext.html ) result 302).
* http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html with 4 occurrences migrated to:
https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html ) result 302).
* http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html with 1 occurrences migrated to:
https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html ) result 302).
* http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/NameCallback.html with 1 occurrences migrated to:
https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/NameCallback.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/NameCallback.html ) result 302).
* http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/PasswordCallback.html with 1 occurrences migrated to:
https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/PasswordCallback.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/PasswordCallback.html ) result 302).
* http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html with 1 occurrences migrated to:
https://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html ([https](https://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html ) result 302).
* http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/callback/CallbackHandler.html with 2 occurrences migrated to:
https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/callback/CallbackHandler.html ([https](https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/callback/CallbackHandler.html ) result 302).
* http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html with 1 occurrences migrated to:
https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html ([https](https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html ) result 302).
* http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html with 2 occurrences migrated to:
https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html ([https](https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html ) result 302).
* http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html with 3 occurrences migrated to:
https://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html ([https](https://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html ) result 302).
* http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd with 1 occurrences migrated to:
https://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd ([https](https://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd ) result 302).
* http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd with 1 occurrences migrated to:
https://java.sun.com/xml/ns/javaee/web-app_2_5.xsd ([https](https://java.sun.com/xml/ns/javaee/web-app_2_5.xsd ) result 302).
* http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd with 2 occurrences migrated to:
https://java.sun.com/xml/ns/javaee/web-app_3_0.xsd ([https](https://java.sun.com/xml/ns/javaee/web-app_3_0.xsd ) result 302).
* http://msdn.microsoft.com/en-us/library/ms680857%28VS.85%29.aspx with 1 occurrences migrated to:
https://msdn.microsoft.com/en-us/library/ms680857%28VS.85%29.aspx ([https](https://msdn.microsoft.com/en-us/library/ms680857%28VS.85%29.aspx ) result 302).
* http://spring.io/spring-security with 1 occurrences migrated to:
https://spring.io/spring-security ([https](https://spring.io/spring-security ) result 302).
* http://spring.io/spring-security/ with 2 occurrences migrated to:
https://spring.io/spring-security/ ([https](https://spring.io/spring-security/ ) result 302).
* http://spring.io/tools/sts with 1 occurrences migrated to:
https://spring.io/tools/sts ([https](https://spring.io/tools/sts ) result 302).
* http://tools.ietf.org/draft/draft-behera-ldap-password-policy/draft-behera-ldap-password-policy-09.txt with 2 occurrences migrated to:
https://tools.ietf.org/draft/draft-behera-ldap-password-policy/draft-behera-ldap-password-policy-09.txt ([https](https://tools.ietf.org/draft/draft-behera-ldap-password-policy/draft-behera-ldap-password-policy-09.txt ) result 302).
* http://webauth.stanford.edu/manual/mod/mod_webauth.html with 1 occurrences migrated to:
https://webauth.stanford.edu/manual/mod/mod_webauth.html ([https](https://webauth.stanford.edu/manual/mod/mod_webauth.html ) result 302).
* http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context with 1 occurrences migrated to:
https://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context ([https](https://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context ) result 302).
* http://www.ietf.org/internet-drafts/draft-ietf-ldapbis-authmeth-19.txt with 1 occurrences migrated to:
https://www.ietf.org/internet-drafts/draft-ietf-ldapbis-authmeth-19.txt ([https](https://www.ietf.org/internet-drafts/draft-ietf-ldapbis-authmeth-19.txt ) result 302).
# Ignored
These URLs were intentionally ignored.
* http://java.sun.com/JSP/Page with 14 occurrences
* http://java.sun.com/jsp/jstl/core with 31 occurrences
* http://java.sun.com/jsp/jstl/fmt with 6 occurrences
* http://java.sun.com/jsp/jstl/functions with 1 occurrences
* http://java.sun.com/jstl/core with 1 occurrences
* http://java.sun.com/xml/ns/j2ee with 2 occurrences
* http://java.sun.com/xml/ns/javaee with 6 occurrences
* http://localhost with 20 occurrences
* http://localhost/ with 6 occurrences
* http://localhost/Test</value></property> with 1 occurrences
* http://localhost/appcontext/page with 1 occurrences
* http://localhost/authenticated with 1 occurrences
* http://localhost/authentication/login with 2 occurrences
* http://localhost/authorize/oauth2/code/registration-id with 3 occurrences
* http://localhost/authorize/oauth2/implicit/registration-3 with 1 occurrences
* http://localhost/callback/client-1 with 1 occurrences
* http://localhost/callback/client-1?error=invalid_grant with 1 occurrences
* http://localhost/client-1 with 9 occurrences
* http://localhost/cookie with 1 occurrences
* http://localhost/cookie/delete with 1 occurrences
* http://localhost/custom-login with 1 occurrences
* http://localhost/custom-logout with 1 occurrences
* http://localhost/form-page with 1 occurrences
* http://localhost/iss with 1 occurrences
* http://localhost/issuer with 2 occurrences
* http://localhost/login with 38 occurrences
* http://localhost/login/oauth2/code/ with 4 occurrences
* http://localhost/login/oauth2/code/pkce-client-registration-id& with 1 occurrences
* http://localhost/login/oauth2/code/registration-id with 3 occurrences
* http://localhost/login/oauth2/code/registration-id& with 2 occurrences
* http://localhost/login/oauth2/code/registration-id-2 with 2 occurrences
* http://localhost/login/openid with 1 occurrences
* http://localhost/login2 with 1 occurrences
* http://localhost/loginPage with 2 occurrences
* http://localhost/logout with 1 occurrences
* http://localhost/messages with 4 occurrences
* http://localhost/oauth2/authorization/google with 1 occurrences
* http://localhost/openid-page with 1 occurrences
* http://localhost/saved-request with 1 occurrences
* http://localhost/secured with 2 occurrences
* http://localhost/signin with 1 occurrences
* http://localhost/some-url with 1 occurrences
* http://localhost/tosave with 1 occurrences
* http://localhost/user with 1 occurrences
* http://localhost:123456 with 3 occurrences
* http://localhost:1280/certs with 1 occurrences
* http://localhost:314 with 1 occurrences
* http://localhost:4080 with 1 occurrences
* http://localhost:543 with 1 occurrences
* http://localhost:8080 with 16 occurrences
* http://localhost:8080/ with 4 occurrences
* http://localhost:8080/SomeService with 1 occurrences
* http://localhost:8080/contacts with 1 occurrences
* http://localhost:8080/login/oauth2/code with 1 occurrences
* http://localhost:8080/login/oauth2/code/client-id with 2 occurrences
* http://localhost:8080/login/oauth2/code/facebook with 2 occurrences
* http://localhost:8080/login/oauth2/code/github with 2 occurrences
* http://localhost:8080/login/oauth2/code/google with 4 occurrences
* http://localhost:8080/login/oauth2/code/okta with 2 occurrences
* http://localhost:8080/path/page.html?query=string with 1 occurrences
* http://localhost:8080/sample/ with 15 occurrences
* http://localhost:8080/secure with 1 occurrences
* http://localhost:8080/spring-security-samples-tutorial/listAccounts.html with 4 occurrences
* http://localhost:8080/spring-security-samples-tutorial/post.html?id=1 with 4 occurrences
* http://localhost:9080/protected with 2 occurrences
* http://localhost:9080/secured with 1 occurrences
* http://localhost:9080/unsecured with 1 occurrences
* http://localhost:9080/user with 1 occurrences
* http://test.com with 1 occurrences
* http://test.foobar.com with 1 occurrences
* http://testopenid.com?openid.return_to= with 1 occurrences
* http://www.springframework.org/schema/aop with 2 occurrences
* http://www.springframework.org/schema/beans with 8 occurrences
* http://www.springframework.org/schema/context with 2 occurrences
* http://www.springframework.org/schema/mvc with 2 occurrences
* http://www.springframework.org/schema/security with 45 occurrences
* http://www.springframework.org/schema/security/spring-security- with 1 occurrences
* http://www.springframework.org/schema/websocket with 2 occurrences
* http://www.springframework.org/security/tags with 17 occurrences
* http://www.springframework.org/tags with 12 occurrences
* http://www.springframework.org/tags/form with 14 occurrences
* http://www.w3.org/1999/XSL/Transform with 1 occurrences
* http://www.w3.org/1999/xhtml with 26 occurrences
* http://www.w3.org/2001/XMLSchema with 15 occurrences
* http://www.w3.org/2001/XMLSchema-datatypes with 8 occurrences
* http://www.w3.org/2001/XMLSchema-instance with 9 occurrences
2019-03-19 23:53:23 -05:00
2bf126f4cf
URL Cleanup
...
This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).
# HTTP URLs that Could Not Be Fixed
These URLs were unable to be fixed. Please review them to see if they can be manually resolved.
* http://luke.taylor.openid.cn/ (200) with 1 occurrences could not be migrated:
([https](https://luke.taylor.openid.cn/ ) result SSLHandshakeException).
# Fixed URLs
## Fixed But Review Recommended
These URLs were fixed, but the https status was not OK. However, the https status was the same as the http request or http redirected to an https URL, so they were migrated. Your review is recommended.
* http://axschema.org/contact/email (UnknownHostException) with 2 occurrences migrated to:
https://axschema.org/contact/email ([https](https://axschema.org/contact/email ) result UnknownHostException).
* http://axschema.org/namePerson (UnknownHostException) with 1 occurrences migrated to:
https://axschema.org/namePerson ([https](https://axschema.org/namePerson ) result UnknownHostException).
* http://axschema.org/namePerson/first (UnknownHostException) with 1 occurrences migrated to:
https://axschema.org/namePerson/first ([https](https://axschema.org/namePerson/first ) result UnknownHostException).
* http://axschema.org/namePerson/last (UnknownHostException) with 1 occurrences migrated to:
https://axschema.org/namePerson/last ([https](https://axschema.org/namePerson/last ) result UnknownHostException).
* http://luke.taylor.myopenid.com/ (UnknownHostException) with 1 occurrences migrated to:
https://luke.taylor.myopenid.com/ ([https](https://luke.taylor.myopenid.com/ ) result UnknownHostException).
* http://schema.openid.net/contact/email (UnknownHostException) with 2 occurrences migrated to:
https://schema.openid.net/contact/email ([https](https://schema.openid.net/contact/email ) result UnknownHostException).
* http://schema.openid.net/namePerson (UnknownHostException) with 1 occurrences migrated to:
https://schema.openid.net/namePerson ([https](https://schema.openid.net/namePerson ) result UnknownHostException).
* http://schema.openid.net/namePerson/friendly (UnknownHostException) with 1 occurrences migrated to:
https://schema.openid.net/namePerson/friendly ([https](https://schema.openid.net/namePerson/friendly ) result UnknownHostException).
* http://somehost/someUrl (UnknownHostException) with 1 occurrences migrated to:
https://somehost/someUrl ([https](https://somehost/someUrl ) result UnknownHostException).
* http://spring.security.test.myopenid.com/ (UnknownHostException) with 1 occurrences migrated to:
https://spring.security.test.myopenid.com/ ([https](https://spring.security.test.myopenid.com/ ) result UnknownHostException).
* http://example.net/pkp-report (404) with 1 occurrences migrated to:
https://example.net/pkp-report ([https](https://example.net/pkp-report ) result 404).
* http://www.oasis-open.org/docbook/xml/5.0/rng/docbook.rng (404) with 1 occurrences migrated to:
https://www.oasis-open.org/docbook/xml/5.0/rng/docbook.rng ([https](https://www.oasis-open.org/docbook/xml/5.0/rng/docbook.rng ) result 404).
* http://www.puppycrawl.com/dtds/configuration_1_3.dtd (404) with 1 occurrences migrated to:
https://www.puppycrawl.com/dtds/configuration_1_3.dtd ([https](https://www.puppycrawl.com/dtds/configuration_1_3.dtd ) result 404).
* http://www.puppycrawl.com/dtds/suppressions_1_1.dtd (404) with 1 occurrences migrated to:
https://www.puppycrawl.com/dtds/suppressions_1_1.dtd ([https](https://www.puppycrawl.com/dtds/suppressions_1_1.dtd ) result 404).
* http://www.se-radio.net/transcript-82-organization-large-code-bases-juergen-hoeller (404) with 1 occurrences migrated to:
https://www.se-radio.net/transcript-82-organization-large-code-bases-juergen-hoeller ([https](https://www.se-radio.net/transcript-82-organization-large-code-bases-juergen-hoeller ) result 404).
## Fixed Success
These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.
* http://raykrueger.blogspot.com/ with 1 occurrences migrated to:
https://raykrueger.blogspot.com/ ([https](https://raykrueger.blogspot.com/ ) result 200).
* http://www.infoq.com/presentations/code-organization-large-projects with 1 occurrences migrated to:
https://www.infoq.com/presentations/code-organization-large-projects ([https](https://www.infoq.com/presentations/code-organization-large-projects ) result 200).
* http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd with 1 occurrences migrated to:
https://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd ([https](https://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd ) result 200).
* http://www.springframework.org/dtd/spring-beans.dtd with 4 occurrences migrated to:
https://www.springframework.org/dtd/spring-beans.dtd ([https](https://www.springframework.org/dtd/spring-beans.dtd ) result 200).
* http://www.springframework.org/schema/aop/spring-aop-3.0.xsd with 5 occurrences migrated to:
https://www.springframework.org/schema/aop/spring-aop-3.0.xsd ([https](https://www.springframework.org/schema/aop/spring-aop-3.0.xsd ) result 200).
* http://www.springframework.org/schema/aop/spring-aop-3.2.xsd with 1 occurrences migrated to:
https://www.springframework.org/schema/aop/spring-aop-3.2.xsd ([https](https://www.springframework.org/schema/aop/spring-aop-3.2.xsd ) result 200).
* http://www.springframework.org/schema/aop/spring-aop.xsd with 1 occurrences migrated to:
https://www.springframework.org/schema/aop/spring-aop.xsd ([https](https://www.springframework.org/schema/aop/spring-aop.xsd ) result 200).
* http://www.springframework.org/schema/beans/spring-beans-3.0.xsd with 20 occurrences migrated to:
https://www.springframework.org/schema/beans/spring-beans-3.0.xsd ([https](https://www.springframework.org/schema/beans/spring-beans-3.0.xsd ) result 200).
* http://www.springframework.org/schema/beans/spring-beans-3.1.xsd with 1 occurrences migrated to:
https://www.springframework.org/schema/beans/spring-beans-3.1.xsd ([https](https://www.springframework.org/schema/beans/spring-beans-3.1.xsd ) result 200).
* http://www.springframework.org/schema/beans/spring-beans.xsd with 267 occurrences migrated to:
https://www.springframework.org/schema/beans/spring-beans.xsd ([https](https://www.springframework.org/schema/beans/spring-beans.xsd ) result 200).
* http://www.springframework.org/schema/context/spring-context-3.0.xsd with 1 occurrences migrated to:
https://www.springframework.org/schema/context/spring-context-3.0.xsd ([https](https://www.springframework.org/schema/context/spring-context-3.0.xsd ) result 200).
* http://www.springframework.org/schema/context/spring-context-3.1.xsd with 1 occurrences migrated to:
https://www.springframework.org/schema/context/spring-context-3.1.xsd ([https](https://www.springframework.org/schema/context/spring-context-3.1.xsd ) result 200).
* http://www.springframework.org/schema/context/spring-context-3.2.xsd with 1 occurrences migrated to:
https://www.springframework.org/schema/context/spring-context-3.2.xsd ([https](https://www.springframework.org/schema/context/spring-context-3.2.xsd ) result 200).
* http://www.springframework.org/schema/context/spring-context.xsd with 6 occurrences migrated to:
https://www.springframework.org/schema/context/spring-context.xsd ([https](https://www.springframework.org/schema/context/spring-context.xsd ) result 200).
* http://www.springframework.org/schema/data/jpa/spring-jpa.xsd with 1 occurrences migrated to:
https://www.springframework.org/schema/data/jpa/spring-jpa.xsd ([https](https://www.springframework.org/schema/data/jpa/spring-jpa.xsd ) result 200).
* http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd with 1 occurrences migrated to:
https://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd ([https](https://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd ) result 200).
* http://www.springframework.org/schema/mvc/spring-mvc.xsd with 10 occurrences migrated to:
https://www.springframework.org/schema/mvc/spring-mvc.xsd ([https](https://www.springframework.org/schema/mvc/spring-mvc.xsd ) result 200).
* http://www.springframework.org/schema/security/spring-security-2.0.xsd with 1 occurrences migrated to:
https://www.springframework.org/schema/security/spring-security-2.0.xsd ([https](https://www.springframework.org/schema/security/spring-security-2.0.xsd ) result 200).
* http://www.springframework.org/schema/security/spring-security.xsd with 266 occurrences migrated to:
https://www.springframework.org/schema/security/spring-security.xsd ([https](https://www.springframework.org/schema/security/spring-security.xsd ) result 200).
* http://www.springframework.org/schema/tx/spring-tx-3.0.xsd with 1 occurrences migrated to:
https://www.springframework.org/schema/tx/spring-tx-3.0.xsd ([https](https://www.springframework.org/schema/tx/spring-tx-3.0.xsd ) result 200).
* http://www.springframework.org/schema/tx/spring-tx.xsd with 3 occurrences migrated to:
https://www.springframework.org/schema/tx/spring-tx.xsd ([https](https://www.springframework.org/schema/tx/spring-tx.xsd ) result 200).
* http://www.springframework.org/schema/util/spring-util-3.0.xsd with 3 occurrences migrated to:
https://www.springframework.org/schema/util/spring-util-3.0.xsd ([https](https://www.springframework.org/schema/util/spring-util-3.0.xsd ) result 200).
* http://www.springframework.org/schema/util/spring-util-3.1.xsd with 1 occurrences migrated to:
https://www.springframework.org/schema/util/spring-util-3.1.xsd ([https](https://www.springframework.org/schema/util/spring-util-3.1.xsd ) result 200).
* http://www.springframework.org/schema/util/spring-util.xsd with 4 occurrences migrated to:
https://www.springframework.org/schema/util/spring-util.xsd ([https](https://www.springframework.org/schema/util/spring-util.xsd ) result 200).
* http://www.springframework.org/schema/websocket/spring-websocket.xsd with 6 occurrences migrated to:
https://www.springframework.org/schema/websocket/spring-websocket.xsd ([https](https://www.springframework.org/schema/websocket/spring-websocket.xsd ) result 200).
* http://www.headwaysoftware.com with 1 occurrences migrated to:
https://www.headwaysoftware.com ([https](https://www.headwaysoftware.com ) result 301).
* http://java.sun.com/dtd/web-app_2_3.dtd with 2 occurrences migrated to:
https://java.sun.com/dtd/web-app_2_3.dtd ([https](https://java.sun.com/dtd/web-app_2_3.dtd ) result 302).
* http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd with 10 occurrences migrated to:
https://java.sun.com/xml/ns/javaee/web-app_2_5.xsd ([https](https://java.sun.com/xml/ns/javaee/web-app_2_5.xsd ) result 302).
* http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd with 2 occurrences migrated to:
https://java.sun.com/xml/ns/javaee/web-app_3_0.xsd ([https](https://java.sun.com/xml/ns/javaee/web-app_3_0.xsd ) result 302).
# Ignored
These URLs were intentionally ignored.
* http://appengine.google.com/ns/1.0 with 1 occurrences
* http://docbook.org/ns/docbook with 1 occurrences
* http://jakarta.apache.org/log4j/ with 1 occurrences
* http://java.sun.com/xml/ns/javaee with 22 occurrences
* http://www.springframework.org/schema/aop with 14 occurrences
* http://www.springframework.org/schema/beans with 576 occurrences
* http://www.springframework.org/schema/c with 6 occurrences
* http://www.springframework.org/schema/context with 18 occurrences
* http://www.springframework.org/schema/data/jpa with 2 occurrences
* http://www.springframework.org/schema/jdbc with 2 occurrences
* http://www.springframework.org/schema/mvc with 20 occurrences
* http://www.springframework.org/schema/p with 10 occurrences
* http://www.springframework.org/schema/security with 534 occurrences
* http://www.springframework.org/schema/tx with 10 occurrences
* http://www.springframework.org/schema/util with 16 occurrences
* http://www.springframework.org/schema/websocket with 12 occurrences
* http://www.w3.org/1999/xlink with 1 occurrences
* http://www.w3.org/2001/XMLSchema-instance with 299 occurrences
2019-03-19 17:33:29 -05:00
248a8c030b
Support for OIDC RP-Initiated Logout
...
Fixes: gh-5350
2019-03-19 09:00:46 -06:00
b93528138e
URL Cleanup
...
This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).
# Fixed URLs
## Fixed Success
These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.
* http://www.apache.org/licenses/ with 1 occurrences migrated to:
https://www.apache.org/licenses/ ([https](https://www.apache.org/licenses/ ) result 200).
* http://www.apache.org/licenses/LICENSE-2.0 with 2691 occurrences migrated to:
https://www.apache.org/licenses/LICENSE-2.0 ([https](https://www.apache.org/licenses/LICENSE-2.0 ) result 200).
* http://www.apache.org/licenses/LICENSE-2.0.html with 2 occurrences migrated to:
https://www.apache.org/licenses/LICENSE-2.0.html ([https](https://www.apache.org/licenses/LICENSE-2.0.html ) result 200).
2019-03-14 15:46:20 -05:00
d86550f64b
Polish Tests and Error Messages
...
MockMvc matchers are best matched with the MockMvc execution API -
it's a little odd to try and use them inside of an AssertJ assertion
since they do their own asserting.
It's more readable to place "this." in front of member variables.
It's best to test just one class at a time in a unit test.
Issue: gh-4187
2019-02-28 11:01:08 -07:00
82d527ed42
Add Support for Clear Site Data on Logout
...
Added an implementation of HeaderWriter for Clear-Site-Data HTTP
response header as welll as an implementation of LogoutHanlder
that accepts an implementation of HeaderWriter to write headers.
- Added ClearSiteDataHeaderWriter and HeaderWriterLogoutHandler
that implements HeaderWriter and LogoutHandler respectively
- Added unit tests for both implementations's behaviours
- Integration tests for HeaderWriterLogoutHandler that uses
ClearSiteDataHeaderWriter
- Updated the documentation to include link to
HeaderWriterLogoutHandler
Fixes gh-4187
2019-02-28 11:01:08 -07:00
ac13b55ecd
HeaderWriterFilter writes headers at beginning
...
Add support for HeaderWriterFilter to write headers at the beginning of the request
Fixes: gh-6501
2019-02-18 07:43:08 -07:00
67fb936c7e
Polish Formatting in Tests
...
Issue: gh-6454
2019-02-06 20:16:53 -07:00
93d6a38ffd
Consider having HeaderWriters check before writing
...
All HeadersWriter only write Header if its not already
written.
Fixes: gh-6454 gh-5193
2019-02-06 20:16:52 -07:00
ffe602fdbe
HTML markup fixed in DefaultLoginPageGeneratingFilter
...
Ending div moved out of condition.
Fixes: gh-6417
2019-01-22 13:20:35 -06:00
c82440ee82
Polish CompositeHeaderWriterTests
...
Changed test to favor mocks in order to provide a stronger
guarantee that the composite delegates to its components.
Issue: gh-6453
2019-01-21 14:50:09 -07:00
bb1b9d9b86
Polish Javadoc and Whitespacing
...
Issue: gh-6453
2019-01-21 14:50:09 -07:00
718641a1e5
Added CompositeHeaderWriter
...
1. Added new CompositeHeaderWriter
2. Improvement in HeaderWriterFilter using CompositeHeaderWriter.
Fixes: gh-6453
2019-01-21 14:50:09 -07:00
b7ed919cee
Add preload support to Strict-Transport-Security
...
1. Preload support in Servlet Security(XML & Java)
2. Preload support in Reactive Security
3. Test for preload support in Servlet Security
4. Test for preload support in Reactive Security
Fixes: gh-6312
2019-01-16 11:10:06 -06:00
3be11a22cd
Save query parameters in WebSessionServerRequestCache
...
Previously, URL query parameters were lost when saving a request
in WebSessionServerRequestCache. Now it is properly saved and
restored.
2019-01-15 13:44:29 -06:00
c0e66a9ba1
1. add customization support for double forwardslash in StrickHttpFirewall
...
2. add getEncodedUrlBlacklist() and getDecodedUrlBlacklist() method in StrickHttpFirewall
Fixes gh-6292
2019-01-15 13:42:33 -06:00
c94f13a971
Polish tests
2019-01-08 11:16:22 -06:00
d8d9abed2a
LazyCsrfTokenRepository: fix a typo in javadoc.
2019-01-07 13:35:00 -06:00
7a55af246e
Polish tests and javadoc
...
When using AssertJ, it's easy to commit the following error
assertThat(some boolean condition)
The above actually does nothing. It at least needs to be
assertThat(some boolean condition).isTrue()
This commit refines some assertions that were missing a verify
condition.
Also, one Javadoc was just a little bit confusing, so this
clarifies it.
Issue: gh-6259
2018-12-21 08:47:37 -07:00
086b105273
Remove Servlet 2.5 Support for Session Fixation
...
This commit removes existence validation of a method only available in Servlet 3.1.
Spring Framework baseline is Servlet 3.1 so is not longer required.
Fixes: gh-6259
2018-12-21 08:47:37 -07:00
b838f7c7b7
Add WebFlux support for spring security web jackson module.
...
Fixes: gh-6303
2018-12-19 10:11:17 -06:00
a919b4e916
Remove servlet getHeader check and test
...
Fixes: gh-6265
2018-12-18 13:25:10 -07:00
9c7cab835f
Add conditionally servlet based support for spring security web jackson module.
2018-12-18 14:21:31 -06:00
3230cd653c
Remove Servlet Spec 2.5 Support for HttpSessionSecurityContextRepository
...
Fixes: gh-6261
2018-12-17 12:56:33 -07:00
733a380bc7
Remove Servlet Spec 2.5 Support for SecurityContextHolderAwareRequestFilter
...
Fixes: gh-6260
2018-12-17 12:52:59 -07:00
a90c217446
Fix LoginPageGeneratingWebFilter Markup
...
Fixes: gh-6295
2018-12-17 11:15:59 -06:00
9818da79fe
Fix DefaultLoginPageGeneratingFilter Markup
...
the `</h3>` should be `</h2>`.
2018-12-17 10:50:03 -06:00
fc802e1a7c
Remove Servlet 2.5 and 3.0 Support for Remember Me and CSRF
...
Fixes: gh-6263, Fixes: gh-6262
2018-12-14 06:47:21 -07:00
0d2af416aa
Add cookieDomain to CookieCsrfTokenRepository
...
Fixes: gh-4315
2018-12-13 15:01:24 -07:00
2b369cfe98
Added support for Anonymous Authentication
...
1. Created new WebFilter AnonymousAuthenticationWebFilter to
for anonymous authentication
2. Created class AnonymousSpec, method anonymous to configure
anonymous authentication in ServerHttpSecurity
3. Added ANONYMOUS_AUTHENTICATION order after AUTHENTICATION for
anonymous authentication in SecurityWebFiltersOrder
4. Added tests for anonymous authentication in
AnonymousAuthenticationWebFilterTests and ServerHttpSecurityTests
5. Added support for Controller in WebTestClientBuilder
Fixes: gh-5934
2018-12-12 16:05:30 -06:00
3c35f4cfab
SecurityContextCallableProcessingInterceptor thread visibility fix
...
Within class SecurityContextCallableProcessingInterceptor field securityContext should volatile.
Fixes gh-6143
2018-12-03 15:45:56 -06:00
90b9cfaf55
Use SpringUtils to check scheme
...
Fixes 6183
2018-11-29 20:42:39 -06:00
7618d236c4
CookieClearingLogoutHandler updates based on comments
...
Changed the implementation to use an anonymous function
Issue: gh-6078
2018-11-26 14:33:08 -06:00
14c2d96c86
Clean up code to conform to basic checkstyle
...
Issue: gh-6078
2018-11-26 14:33:08 -06:00
d05ad19276
CookieClearingLogoutHandler enhancement
...
Enabled the ability to pass in an array of Cookies to support clearing cookies on a different path other than the default context path
Issue: gh-6078
2018-11-26 14:33:08 -06:00
8a475e39be
Write Security Headers Before Servlet Include
...
HeaderWriterFilter wraps request dispatcher so it can write security
headers before the include occurs.
Fixes: gh-5499
2018-10-31 09:27:25 -05:00
2e6ff72c31
Update SubjectDnX509PrincipalExtractor.java
...
Added missing asterisk
2018-10-17 14:56:45 -05:00
b060ec050a
Automatically add CsrfServerLogoutHandler if csrf enabled
...
The configuration DSL should automatically add CsrfServerLogoutHandler if csrf is enabled
Fixes gh-5337
2018-09-21 00:59:36 -05:00
e4597b5213
WebSessionServerRequestCache ignores favicon and html
...
Fixes: gh-5874
2018-09-19 14:28:05 -05:00
8e4d540bfb
Default Log Out Pages Use HTTPS for CSS
...
Fixes: gh-5873
2018-09-19 13:52:35 -05:00
9c749bf556
Fix SwitchUserFilter matchers
...
Fixes: gh-4249
2018-09-14 09:45:41 -05:00
8b19f7a71a
AntPathRequestMatcher supports UrlPathHelper
...
Fixes: gh-5846
2018-09-14 09:45:41 -05:00
96d85ad2b5
Polish HttpsRedirectWebFilter
...
Issue: gh-5749
2018-09-07 14:29:46 -05:00
2c982a4168
Reactive Redirect to Https
...
This introduces the capability to configure Reactive Spring Security
to upgrade requests to HTTPS
Fixes: gh-5749
2018-09-07 14:25:58 -05:00
21e62683ab
Polish Commit on Reactive Http Basic Test
2018-09-07 10:01:11 -06:00
6df4dfe47b
Reactive HttpBasic Support For Coloned Passwords
...
This makes so that reactive httpBasic supports passwords containing
one or more colons.
2018-09-07 10:01:11 -06:00
1c74706232
Delegating ServerAccessDeniedHandler by exchange
...
Fixes: gh-5747
2018-08-31 10:33:11 -05:00
cb0ba58b58
Fix WhitespaceAfterCheck Checkstyle check
2018-08-27 10:45:35 -05:00
1640a1f462
Polish ServerAuthenticationConverter
...
Fix package tangles
Issue: gh-5338
2018-08-24 09:44:27 -05:00
416a276436
Expose Default Reactive CsrfProtectionMatcher
...
Make so that users can augment the default protection logic with
their own.
Fixes: gh-5725
2018-08-22 13:02:02 -06:00
f5701b5fe0
Fix OptimizeAntPathRequestMatcher
...
Previously the logic for determining if the pathInfo should be appended
was inverted.
This correctly concatenates url + pathInfo if url is a non empty String.
Fixes: gh-5473
2018-08-21 11:52:55 -05:00
4ccd2f7ebd
Optimize AntPathRequestMatcher.getRequestPath()
2018-08-21 11:46:37 -05:00
f382b69507
Add reactive support for Referrer-Policy security header
2018-08-20 10:10:59 -05:00
10621a0f2c
Add reactive support for Content-Security-Policy security header
2018-08-20 10:03:42 -05:00
29cfc3dd1d
Add reactive support for Feature-Policy security header
...
Closes gh-5672
2018-08-20 09:02:12 -05:00
f843da1942
Add OAuth2LoginAuthenticationWebFilter
...
This is necessary so that the saving of the authorized client occurs
outside of the ReactiveAuthenticationManager. It will allow for
saving with the ServerWebExchange when ReactiveOAuth2AuthorizedClientRepository
is added.
Issue: gh-5621
2018-08-19 21:11:43 -05:00
e3eaa99ad0
Polish ServerAuthenticationConverter
...
Update changes for ServerAuthenticationConverter to be passive.
Issue: gh-5338
2018-08-18 19:55:39 -05:00
b6afe66d32
Add ServerAuthenticationConverter interface
...
- Adding an ServerAuthenticationConverter interface
- Retro-fitting ServerOAuth2LoginAuthenticationTokenConverter,
ServerBearerTokenAuthentivationConverter, ServerFormLoginAuthenticationConverter,
and ServerHttpBasicAuthenticationConverter to implement ServerAuthenticationConverter
- Deprecate existing AuthenticationWebFilter.setAuthenticationConverter
and add overloaded one which takes ServerAuthenticationConverter
Fixes gh-5338
2018-08-18 19:55:39 -05:00
c6ea447cc0
Add support for Feature-Policy security header
2018-08-16 09:31:02 -05:00
68878a1675
Replace isEqualTo(null) with isNull()
2018-08-09 18:04:48 -06:00
973af94b42
Fix typo
2018-08-07 22:52:59 -05:00
0c26d1b98a
ServerHttpBasicAuthenticationConverter Validates Scheme Name
...
Fixes: gh-5414
2018-07-31 09:10:23 -05:00
e3d4d66917
BasicAuthenticationFilter case insenstive
...
Fixes: gh-5586
2018-07-31 09:10:10 -05:00
afa2d9cbc7
Remove ExchangeFilterFunctions
...
Issue: gh-5612
2018-07-30 15:34:44 -05:00
262c1a77c6
Remove SecurityHeaders
...
We no longer need this since Spring Framework now provides
HttpHeaders.setBearerAuth
Issue: gh-5612
2018-07-30 15:34:40 -05:00
483e25f821
HttpSessionRequestCache Allow Any SavedRequest
...
Fixes: gh-5585
2018-07-26 15:14:11 -05:00
fa0565109b
Add SimpleSavedRequest
...
Fixes: gh-5581
2018-07-26 15:14:11 -05:00
f48404a6a0
Default Log In Pages Use HTTPS for CSS
...
Fixes: gh-5539
2018-07-18 20:06:17 -05:00
d468d7e6da
Cache Control disabled for 304
...
Fixes: gh-5534
2018-07-17 22:13:33 -05:00
d595098823
Rename @TransientAuthentication to @Transient
...
It is quite likely we will need to prevent certain Exceptions from being
saved or from triggering a saved request. When we add support for this,
we can now leverage @Transient vs creating a new annotation.
Issue: gh-5481
2018-07-16 11:31:10 -05:00
28afb4e3d7
Access Denied Handling Defaults
...
This introduces the capability for users to wire denial handling
by request matcher, similar to how users can already do with
authentication entry points.
This is handy for when denial behavior differs based on the contents
of the request, for example, when the Authorization header indicates
an OAuth2 Bearer Token request vs Basic authentication.
Fixes: gh-5478
2018-07-16 10:40:46 -05:00
3c46727be1
Transient Authentication Tokens
...
This commit introduces support for transient authentication tokens
which indicate to the filter chain, specifically the
HttpSessionSecurityContextRepository, whether or not the token ought
to be persisted across requests.
To leverage this, simply annotate any Authentication implementation
with @TransientAuthentication, extend from an Authentication that uses
this annotation, or annotate a custom annotation.
Implementations of SecurityContextRepository may choose to not persist
tokens that are marked with @TransientAuthentication in the same way
that HttpSessionSecurityContextRepository does.
Fixes: gh-5481
2018-07-16 10:40:45 -05:00
a3210c96d9
Default Log Out Page
...
Fixes: gh-5516
2018-07-15 19:45:20 -05:00
05ed028f9d
Modernize Default Log In Page
...
Fixes: gh-5515
2018-07-15 19:43:42 -05:00
c3177a84a3
Override toString() in all RequestMatcher
...
It makes it easier to debug having custom
toString().
Fixes: gh-5446
2018-06-15 11:27:28 -05:00
48ef7c966d
DefaultLoginPageGeneratingFilter escapes OAuth2 ClientRegistrations
...
Fixes gh-5394
2018-05-29 10:14:50 -04:00
b3ca598679
Add WebClient Bearer token support
...
Fixes: gh-5389
2018-05-25 15:17:08 -05:00
6a12415d23
Add DelegatingServerLogoutHandler(List<ServerLogoutHandler> delegates)
...
Issue: gh-4839
2018-05-24 09:44:29 -05:00
8c3fdb3bcf
DelegatingServerLogoutHandler
...
Create a ServerLogoutHandler which delegates to a group of
ServerLogoutHandler implementations.
Fixes gh-4839
2018-05-24 09:39:12 -05:00
73345e7434
Add Cross Site Tracing (XST) & HTTP Method Tampering Protection
...
Fixes: gh-5377
2018-05-24 09:35:40 -05:00
f29e4cf91f
LoginPageGeneratingWebFilter conditionally renders formLogin
...
Issue: gh-4807
2018-05-14 16:38:13 -05:00
7013c6fd76
Add OAuth2LoginSpec
...
Issue: gh-4807
2018-05-11 04:19:50 -05:00
Rob Winch
Leonard Brünings
Oh Myung Woon
Mustafa Ulu
Josh Cummings
Zeeshan Adnan
Eleftheria Stein
Venkata Jaswanth U
AmitB
Joe Grandja
Peter Keller
Onur Kağan Özcan
David Herberth
Filip Hrisafov
Michel Palourdio
Tadaya Tsuyukubo
Filip Hanik
Scott Murphy
kostya05983
Lars Grefer
watsta
Daniel Wegener
Eddú Meléndez
Khy
sbespalov
Clement Ng
Bruno Studer
Bagyoni Attila
Rafiullah Hamedy
httpain
Alexey Nesterov
MD Sayem Ahmed
Thomas Vitale
Dan Zheng
Luke Butters
Scheidter,Ryan
Spring Operator
Ankur Pathak
Denis Washington
guo fei
Johnny Lim
Slava Semushin
Rafael Dominguez
finke-ba
Shawn Biesan
Dongmin Shin
Ian He
lmagyar
Bhavik Kumar
John Coyne
sunflower-seed
Eric Deandrea
Tim Koopman
Vedran Pavic
Christoph Dreis