Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-30 22:28:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,642 Commits 48 Branches 362 Tags
Commit Graph

1309 Commits

Author SHA1 Message Date
Josh Cummings
7200fa2dce
Copy Token Introspection Attributes Map 
Dereference Map passed into constructor for
OAuth2IntrospectionAuthenticationToken.

Fixes: gh-6843
 2019-05-07 13:19:02 -06:00
Sharad Alury
2850b273ea Reactive JwkSource Builder Parameter Type 
Changed the parameter type from JWT to SignedJWT

Fixes: gh-6771
 2019-05-01 09:10:17 -06:00
Elena Felder
e6ac9759e2 Extract bearer token from arbitrary header. 2019-04-30 10:41:20 -06:00
Josh Cummings
b1195e7789 Opaque Token Intermediate Type 
Introducing OAuth2TokenIntrospectionClient and also
ReactiveOAuth2TokenIntrospectionClient as configuration points.

The DSL looks in the application context for these types in the same
way it looks for JwtDecoder and ReactiveJwtDecoder, and exposes
similar configuration methods.

Fixes: gh-6632
 2019-04-29 13:39:53 -06:00
Joe Grandja
bed3371b80 Support symmetric key for JwtDecoder 
Fixes gh-5465
 2019-04-12 13:21:50 -04:00
Vishal Raj
45891941b0 OidcIdTokenValidator ensures clockSkew is positive number 
Fixes gh-6443
 2019-04-10 15:17:59 -04:00
Phil Clay
9520e3a1c0 Make UnAuthenticatedServerOAuth2AuthorizedClientRepository threadsafe 
Previously UnAuthenticatedServerOAuth2AuthorizedClientRepository used a HashMap for storing OAuth2AuthorizedClients.
UnAuthenticatedServerOAuth2AuthorizedClientRepository and its HashMap are potentially accessed by multiple threads without any synchronization.
Since HashMap is not threadsafe itself, this makes UnAuthenticatedServerOAuth2AuthorizedClientRepository not threadsafe.

Now UnAuthenticatedServerOAuth2AuthorizedClientRepository uses a ConcurrentHashMap for storing OAuth2AuthorizedClients.
Since ConcurrentHashMap is threadsafe, UnAuthenticatedServerOAuth2AuthorizedClientRepository will now be threadsafe as well.

Fixes gh-6717
 2019-04-01 17:03:58 -04:00
Phil Clay
9593f9cae2 Defer downstream filter execution if no OAuth2AuthorizedClient is found 
Prior to this change, ServerOAuth2AuthorizedClientExchangeFilterFunction would invoke next.exchange:
- first at assembly time inside the .switchIfEmpty call.
- second at execution time inside .flatMap when a OAuth2AuthorizedClient is found.

While this double-call should not technically cause any functional problems, since the Mono returned by the first call will not be subscribed if a OAuth2AuthorizedClient is found,
it does result in a lot of unnecessary execution and object creation.  There is no technical need to invoke the downstream filters twice.

This change defers the call inside .switchIfEmpty, so that it will only execute at execution time if an OAuth2AuthorizedClient is not found.

After this change, ServerOAuth2AuthorizedClientExchangeFilterFunction will not invoke next.exchange at assembly time, and will only execute next.exchange once per subscription at execution time.

Fixes gh-6719
 2019-04-01 16:15:46 -04:00
Josh Cummings
7e8aadeb96 Multi-tenancy for Resource Server 
Fixes: gh-5351
 2019-03-29 15:00:48 -06:00
Rob Winch
e9e7f7d9bc Polish URL Cleanup 
Fixes: gh-6628
 2019-03-20 00:26:43 -05:00
Spring Operator
3b89754926 URL Cleanup 
This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).

# HTTP URLs that Could Not Be Fixed
These URLs were unable to be fixed. Please review them to see if they can be manually resolved.

* http://blog.opensecurityresearch.com/2012/02/json-csrf-with-parameter-padding.html (200) with 1 occurrences could not be migrated:
   ([https](https://blog.opensecurityresearch.com/2012/02/json-csrf-with-parameter-padding.html) result ClosedChannelException).
* http://bouncy-castle.1462172.n4.nabble.com/Java-Bouncy-Castle-scrypt-implementation-td4656832.html (200) with 1 occurrences could not be migrated:
   ([https](https://bouncy-castle.1462172.n4.nabble.com/Java-Bouncy-Castle-scrypt-implementation-td4656832.html) result SSLHandshakeException).
* http://cujojs.com/ (200) with 1 occurrences could not be migrated:
   ([https](https://cujojs.com/) result SSLHandshakeException).
* http://erik.eae.net/archives/2007/07/27/18.54.15/ (200) with 1 occurrences could not be migrated:
   ([https](https://erik.eae.net/archives/2007/07/27/18.54.15/) result SSLHandshakeException).
* http://javascript.nwbox.com/IEContentLoaded/ (200) with 1 occurrences could not be migrated:
   ([https](https://javascript.nwbox.com/IEContentLoaded/) result SSLHandshakeException).
* http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2011-February/007533.html (200) with 1 occurrences could not be migrated:
   ([https](https://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2011-February/007533.html) result SSLHandshakeException).
* http://monkeymachine.co.uk/ (200) with 2 occurrences could not be migrated:
   ([https](https://monkeymachine.co.uk/) result SSLHandshakeException).
* http://perfectionkills.com/detecting-event-support-without-browser-sniffing/ (200) with 1 occurrences could not be migrated:
   ([https](https://perfectionkills.com/detecting-event-support-without-browser-sniffing/) result SSLHandshakeException).
* http://somesite.com/login (200) with 3 occurrences could not be migrated:
   ([https](https://somesite.com/login) result AnnotatedConnectException).
* http://someurl.com/ (200) with 2 occurrences could not be migrated:
   ([https](https://someurl.com/) result SSLHandshakeException).
* http://sscce.org/ (200) with 1 occurrences could not be migrated:
   ([https](https://sscce.org/) result SSLHandshakeException).
* http://webblaze.cs.berkeley.edu/papers/barth-caballero-song.pdf (200) with 2 occurrences could not be migrated:
   ([https](https://webblaze.cs.berkeley.edu/papers/barth-caballero-song.pdf) result 404).
* http://www.example.com:80/ (200) with 1 occurrences could not be migrated:
   ([https](https://www.example.com:80/) result NotSslRecordException).
* http://www.faqs.org/qa/rfcc-1940.html (200) with 3 occurrences could not be migrated:
   ([https](https://www.faqs.org/qa/rfcc-1940.html) result AnnotatedConnectException).
* http://www.faqs.org/rfcs/rfc1945.html (200) with 2 occurrences could not be migrated:
   ([https](https://www.faqs.org/rfcs/rfc1945.html) result AnnotatedConnectException).
* http://www.faqs.org/rfcs/rfc3548.html (200) with 3 occurrences could not be migrated:
   ([https](https://www.faqs.org/rfcs/rfc3548.html) result AnnotatedConnectException).
* http://www.zytrax.com/books/ldap/ (200) with 2 occurrences could not be migrated:
   ([https](https://www.zytrax.com/books/ldap/) result AnnotatedConnectException).
* http://blindsignals.com/index.php/2009/07/jquery-delay/ (301) with 1 occurrences could not be migrated:
   ([https](https://blindsignals.com/index.php/2009/07/jquery-delay/) result SSLHandshakeException).
* http://www.faqs.org/ (301) with 1 occurrences could not be migrated:
   ([https](https://www.faqs.org/) result AnnotatedConnectException).
* http://sam.zoy.org/wtfpl/ (301) with 2 occurrences could not be migrated:
   ([https](https://sam.zoy.org/wtfpl/) result SSLHandshakeException).
* http://hey.openid.com/ (302) with 1 occurrences could not be migrated:
   ([https](https://hey.openid.com/) result SSLHandshakeException).
* http://iharder.net/base64 (303) with 2 occurrences could not be migrated:
   ([https](https://iharder.net/base64) result AnnotatedConnectException).
* http://jaspan.com/improved_persistent_login_cookie_best_practice (500) with 3 occurrences could not be migrated:
   ([https](https://jaspan.com/improved_persistent_login_cookie_best_practice) result AnnotatedConnectException).

# Fixed URLs

## Fixed But Review Recommended
These URLs were fixed, but the https status was not OK. However, the https status was the same as the http request or http redirected to an https URL, so they were migrated. Your review is recommended.

* http://www.relaxng.org/ (301) with 1 occurrences migrated to:
  https://relaxng.org/ ([https](https://www.relaxng.org/) result SSLHandshakeException).
* http://www.relaxng.org (301) with 1 occurrences migrated to:
  https://relaxng.org/ ([https](https://www.relaxng.org) result SSLHandshakeException).
* http://tools.ietf.org/html/draft-ietf-websec-x-frame-options (301) with 2 occurrences migrated to:
  https://tools.ietf.org/html/draft-ietf-websec-x-frame-options ([https](https://tools.ietf.org/html/draft-ietf-websec-x-frame-options) result ReadTimeoutException).
* http://foo.test.com (302) with 2 occurrences migrated to:
  https://www.test.com ([https](https://foo.test.com) result SSLHandshakeException).
* http://abc.test.com (302) with 2 occurrences migrated to:
  https://www.test.com ([https](https://abc.test.com) result SSLHandshakeException).
* http://192.168.1:8080 (ConnectTimeoutException) with 2 occurrences migrated to:
  https://192.168.1:8080 ([https](https://192.168.1:8080) result ConnectTimeoutException).
* http://www.example.com:8080/mycontext/secure/page.html (ConnectTimeoutException) with 1 occurrences migrated to:
  https://www.example.com:8080/mycontext/secure/page.html ([https](https://www.example.com:8080/mycontext/secure/page.html) result ConnectTimeoutException).
* http://www.example.com:8888/bigWebApp/hello (ConnectTimeoutException) with 1 occurrences migrated to:
  https://www.example.com:8888/bigWebApp/hello ([https](https://www.example.com:8888/bigWebApp/hello) result ConnectTimeoutException).
* http://www.example.com:8888/bigWebApp/hello/pathInfo.html?open=true (ConnectTimeoutException) with 1 occurrences migrated to:
  https://www.example.com:8888/bigWebApp/hello/pathInfo.html?open=true ([https](https://www.example.com:8888/bigWebApp/hello/pathInfo.html?open=true) result ConnectTimeoutException).
* http://www.opensymphony.com/sitemesh/decorator (ConnectTimeoutException) with 1 occurrences migrated to:
  https://www.opensymphony.com/sitemesh/decorator ([https](https://www.opensymphony.com/sitemesh/decorator) result ConnectTimeoutException).
* http://www.opensymphony.com/sitemesh/page (ConnectTimeoutException) with 1 occurrences migrated to:
  https://www.opensymphony.com/sitemesh/page ([https](https://www.opensymphony.com/sitemesh/page) result ConnectTimeoutException).
* http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd (ReadTimeoutException) with 1 occurrences migrated to:
  https://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd ([https](https://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd) result ReadTimeoutException).
* http://axschema.org/ (UnknownHostException) with 2 occurrences migrated to:
  https://axschema.org/ ([https](https://axschema.org/) result UnknownHostException).
* http://axschema.org/contact/email (UnknownHostException) with 23 occurrences migrated to:
  https://axschema.org/contact/email ([https](https://axschema.org/contact/email) result UnknownHostException).
* http://axschema.org/namePerson (UnknownHostException) with 5 occurrences migrated to:
  https://axschema.org/namePerson ([https](https://axschema.org/namePerson) result UnknownHostException).
* http://axschema.org/namePerson/first (UnknownHostException) with 4 occurrences migrated to:
  https://axschema.org/namePerson/first ([https](https://axschema.org/namePerson/first) result UnknownHostException).
* http://axschema.org/namePerson/last (UnknownHostException) with 4 occurrences migrated to:
  https://axschema.org/namePerson/last ([https](https://axschema.org/namePerson/last) result UnknownHostException).
* http://context.blah.com/context/remainder (UnknownHostException) with 1 occurrences migrated to:
  https://context.blah.com/context/remainder ([https](https://context.blah.com/context/remainder) result UnknownHostException).
* http://default (UnknownHostException) with 12 occurrences migrated to:
  https://default ([https](https://default) result UnknownHostException).
* http://endpoint (UnknownHostException) with 4 occurrences migrated to:
  https://endpoint ([https](https://endpoint) result UnknownHostException).
* http://endpoint?id_token_hint=id-token (UnknownHostException) with 2 occurrences migrated to:
  https://endpoint?id_token_hint=id-token ([https](https://endpoint?id_token_hint=id-token) result UnknownHostException).
* http://example.com&param1=value1&param2=value2 (UnknownHostException) with 1 occurrences migrated to:
  https://example.com&param1=value1&param2=value2 ([https](https://example.com&param1=value1&param2=value2) result UnknownHostException).
* http://host/myapp/index.html;jsessionid=blah (UnknownHostException) with 1 occurrences migrated to:
  https://host/myapp/index.html;jsessionid=blah ([https](https://host/myapp/index.html;jsessionid=blah) result UnknownHostException).
* http://http://context.blah.com/context/remainder (UnknownHostException) with 1 occurrences migrated to:
  https://http://context.blah.com/context/remainder ([https](https://https://context.blah.com/context/remainder) result UnknownHostException).
* http://id.openid.zz (UnknownHostException) with 2 occurrences migrated to:
  https://id.openid.zz ([https](https://id.openid.zz) result UnknownHostException).
* http://invalid-provider.com/oauth2/token (UnknownHostException) with 4 occurrences migrated to:
  https://invalid-provider.com/oauth2/token ([https](https://invalid-provider.com/oauth2/token) result UnknownHostException).
* http://invalid-provider.com/user (UnknownHostException) with 4 occurrences migrated to:
  https://invalid-provider.com/user ([https](https://invalid-provider.com/user) result UnknownHostException).
* http://issuer/.well-known/jwks.json (UnknownHostException) with 2 occurrences migrated to:
  https://issuer/.well-known/jwks.json ([https](https://issuer/.well-known/jwks.json) result UnknownHostException).
* http://issuer/certs (UnknownHostException) with 1 occurrences migrated to:
  https://issuer/certs ([https](https://issuer/certs) result UnknownHostException).
* http://jimi.hendrix.myopenid.com/ (UnknownHostException) with 1 occurrences migrated to:
  https://jimi.hendrix.myopenid.com/ ([https](https://jimi.hendrix.myopenid.com/) result UnknownHostException).
* http://joe.myopenid.com/ (UnknownHostException) with 3 occurrences migrated to:
  https://joe.myopenid.com/ ([https](https://joe.myopenid.com/) result UnknownHostException).
* http://logout (UnknownHostException) with 2 occurrences migrated to:
  https://logout ([https](https://logout) result UnknownHostException).
* http://logout?id_token_hint=id-token (UnknownHostException) with 2 occurrences migrated to:
  https://logout?id_token_hint=id-token ([https](https://logout?id_token_hint=id-token) result UnknownHostException).
* http://openid.aol.com/ (UnknownHostException) with 2 occurrences migrated to:
  https://openid.aol.com/ ([https](https://openid.aol.com/) result UnknownHostException).
* http://pip.verisignlabs.com/server (UnknownHostException) with 2 occurrences migrated to:
  https://pip.verisignlabs.com/server ([https](https://pip.verisignlabs.com/server) result UnknownHostException).
* http://postlogout?encodedparam%3Dvalue (UnknownHostException) with 2 occurrences migrated to:
  https://postlogout?encodedparam%3Dvalue ([https](https://postlogout?encodedparam%3Dvalue) result UnknownHostException).
* http://postlogout?encodedparam=value (UnknownHostException) with 2 occurrences migrated to:
  https://postlogout?encodedparam=value ([https](https://postlogout?encodedparam=value) result UnknownHostException).
* http://schema.openid.net/contact/email (UnknownHostException) with 5 occurrences migrated to:
  https://schema.openid.net/contact/email ([https](https://schema.openid.net/contact/email) result UnknownHostException).
* http://schema.openid.net/namePerson (UnknownHostException) with 2 occurrences migrated to:
  https://schema.openid.net/namePerson ([https](https://schema.openid.net/namePerson) result UnknownHostException).
* http://some.site.org/index.html (UnknownHostException) with 1 occurrences migrated to:
  https://some.site.org/index.html ([https](https://some.site.org/index.html) result UnknownHostException).
* http://something/ (UnknownHostException) with 1 occurrences migrated to:
  https://something/ ([https](https://something/) result UnknownHostException).
* http://specs.openid.net/auth/2.0 (UnknownHostException) with 2 occurrences migrated to:
  https://specs.openid.net/auth/2.0 ([https](https://specs.openid.net/auth/2.0) result UnknownHostException).
* http://specs.openid.net/auth/2.0/identifier_select (UnknownHostException) with 4 occurrences migrated to:
  https://specs.openid.net/auth/2.0/identifier_select ([https](https://specs.openid.net/auth/2.0/identifier_select) result UnknownHostException).
* http://wiki.fasterxml.com/JacksonFeatureModules (UnknownHostException) with 1 occurrences migrated to:
  https://wiki.fasterxml.com/JacksonFeatureModules ([https](https://wiki.fasterxml.com/JacksonFeatureModules) result UnknownHostException).
* http://www.faqs (UnknownHostException) with 1 occurrences migrated to:
  https://www.faqs ([https](https://www.faqs) result UnknownHostException).
* http://www.test123.com (UnknownHostException) with 1 occurrences migrated to:
  https://www.test123.com ([https](https://www.test123.com) result UnknownHostException).
* http://en.wikipedia.org/wiki/Defense_in_depth_%28computing%29 (301) with 1 occurrences migrated to:
  https://en.wikipedia.org/wiki/Defense_in_depth_%2528computing%2529 ([https](https://en.wikipedia.org/wiki/Defense_in_depth_%28computing%29) result 400).
* http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ForwardedRequestCustomizer.html (404) with 1 occurrences migrated to:
  https://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ForwardedRequestCustomizer.html ([https](https://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ForwardedRequestCustomizer.html) result 404).
* http://example.com/auth (404) with 2 occurrences migrated to:
  https://example.com/auth ([https](https://example.com/auth) result 404).
* http://example.com/info (404) with 2 occurrences migrated to:
  https://example.com/info ([https](https://example.com/info) result 404).
* http://example.com/jwkset (404) with 2 occurrences migrated to:
  https://example.com/jwkset ([https](https://example.com/jwkset) result 404).
* http://example.com/login/oauth2/code/registration-id (404) with 1 occurrences migrated to:
  https://example.com/login/oauth2/code/registration-id ([https](https://example.com/login/oauth2/code/registration-id) result 404).
* http://example.com/login/oauth2/code/registration-id-2 (404) with 1 occurrences migrated to:
  https://example.com/login/oauth2/code/registration-id-2 ([https](https://example.com/login/oauth2/code/registration-id-2) result 404).
* http://example.com/path?a=b&c=d (404) with 1 occurrences migrated to:
  https://example.com/path?a=b&c=d ([https](https://example.com/path?a=b&c=d) result 404).
* http://example.com/pkp-report (404) with 5 occurrences migrated to:
  https://example.com/pkp-report ([https](https://example.com/pkp-report) result 404).
* http://example.com/token (404) with 2 occurrences migrated to:
  https://example.com/token ([https](https://example.com/token) result 404).
* http://example.net/pkp-report (404) with 7 occurrences migrated to:
  https://example.net/pkp-report ([https](https://example.net/pkp-report) result 404).
* http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/ (301) with 1 occurrences migrated to:
  https://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/ ([https](https://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/) result 404).
* http://html5shim.googlecode.com/svn/trunk/html5.js (404) with 6 occurrences migrated to:
  https://html5shim.googlecode.com/svn/trunk/html5.js ([https](https://html5shim.googlecode.com/svn/trunk/html5.js) result 404).
* http://json.org/json2.js (404) with 1 occurrences migrated to:
  https://json.org/json2.js ([https](https://json.org/json2.js) result 404).
* http://openid-selector.googlecode.com/svn/trunk/ (404) with 2 occurrences migrated to:
  https://openid-selector.googlecode.com/svn/trunk/ ([https](https://openid-selector.googlecode.com/svn/trunk/) result 404).
* http://provider.com/user (302) with 2 occurrences migrated to:
  https://provider.com/user ([https](https://provider.com/user) result 404).
* http://relaxng.org/ns/compatibility/annotations/1.0 (301) with 8 occurrences migrated to:
  https://relaxng.org/ns/compatibility/annotations/1.0 ([https](https://relaxng.org/ns/compatibility/annotations/1.0) result 404).
* http://www.example.com/bigWebApp/hello (404) with 2 occurrences migrated to:
  https://www.example.com/bigWebApp/hello ([https](https://www.example.com/bigWebApp/hello) result 404).
* http://www.example.com/bigWebApp/hello/pathInfo.html?open=true (404) with 1 occurrences migrated to:
  https://www.example.com/bigWebApp/hello/pathInfo.html?open=true ([https](https://www.example.com/bigWebApp/hello/pathInfo.html?open=true) result 404).
* http://www.example.com/identity (404) with 1 occurrences migrated to:
  https://www.example.com/identity ([https](https://www.example.com/identity) result 404).
* http://www.example.com/login/openid (404) with 2 occurrences migrated to:
  https://www.example.com/login/openid ([https](https://www.example.com/login/openid) result 404).
* http://www.example.com/mycontext/HelloWorld (404) with 1 occurrences migrated to:
  https://www.example.com/mycontext/HelloWorld ([https](https://www.example.com/mycontext/HelloWorld) result 404).
* http://www.example.com/mycontext/HelloWorld/some/more/segments.html (404) with 1 occurrences migrated to:
  https://www.example.com/mycontext/HelloWorld/some/more/segments.html ([https](https://www.example.com/mycontext/HelloWorld/some/more/segments.html) result 404).
* http://www.example.com/mycontext/HelloWorld?foo=bar (404) with 1 occurrences migrated to:
  https://www.example.com/mycontext/HelloWorld?foo=bar ([https](https://www.example.com/mycontext/HelloWorld?foo=bar) result 404).
* http://www.example.com/mycontext/secure/page.html (404) with 3 occurrences migrated to:
  https://www.example.com/mycontext/secure/page.html ([https](https://www.example.com/mycontext/secure/page.html) result 404).
* http://www.example.com/realm (404) with 1 occurrences migrated to:
  https://www.example.com/realm ([https](https://www.example.com/realm) result 404).
* http://www.example.com/redirect (404) with 1 occurrences migrated to:
  https://www.example.com/redirect ([https](https://www.example.com/redirect) result 404).
* http://www.example.org/do/something (404) with 4 occurrences migrated to:
  https://www.example.org/do/something ([https](https://www.example.org/do/something) result 404).
* http://www.ibm.com/developerworks/tivoli/library/t-ldap-controls/ (301) with 1 occurrences migrated to:
  https://www.ibm.com/developerworks/tivoli/library/t-ldap-controls/ ([https](https://www.ibm.com/developerworks/tivoli/library/t-ldap-controls/) result 404).
* http://www.json.org/json2.js (404) with 1 occurrences migrated to:
  https://www.json.org/json2.js ([https](https://www.json.org/json2.js) result 404).
* http://www.thymeleaf.org/thymeleaf-extras-springsecurity5 (301) with 5 occurrences migrated to:
  https://www.thymeleaf.org/thymeleaf-extras-springsecurity5 ([https](https://www.thymeleaf.org/thymeleaf-extras-springsecurity5) result 404).

## Fixed Success
These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.

* http://blog.ircmaxell.com/2014/03/why-i-dont-recommend-scrypt.html with 1 occurrences migrated to:
  https://blog.ircmaxell.com/2014/03/why-i-dont-recommend-scrypt.html ([https](https://blog.ircmaxell.com/2014/03/why-i-dont-recommend-scrypt.html) result 200).
* http://bugs.jquery.com/ticket/12282 with 1 occurrences migrated to:
  https://bugs.jquery.com/ticket/12282 ([https](https://bugs.jquery.com/ticket/12282) result 200).
* http://bugs.jquery.com/ticket/12359 with 1 occurrences migrated to:
  https://bugs.jquery.com/ticket/12359 ([https](https://bugs.jquery.com/ticket/12359) result 200).
* http://claimid.com/ with 2 occurrences migrated to:
  https://claimid.com/ ([https](https://claimid.com/) result 200).
* http://dist.springsource.org/snapshot/GRECLIPSE/e4.7/ with 1 occurrences migrated to:
  https://dist.springsource.org/snapshot/GRECLIPSE/e4.7/ ([https](https://dist.springsource.org/snapshot/GRECLIPSE/e4.7/) result 200).
* http://docs.oracle.com/javaee/6/api/javax/servlet/AsyncContext.html with 1 occurrences migrated to:
  https://docs.oracle.com/javaee/6/api/javax/servlet/AsyncContext.html ([https](https://docs.oracle.com/javaee/6/api/javax/servlet/AsyncContext.html) result 200).
* http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html with 26 occurrences migrated to:
  https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html ([https](https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html) result 200).
* http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html with 1 occurrences migrated to:
  https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html ([https](https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html) result 200).
* http://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html with 1 occurrences migrated to:
  https://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html ([https](https://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html) result 200).
* http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html with 1 occurrences migrated to:
  https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html ([https](https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html) result 200).
* http://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html with 1 occurrences migrated to:
  https://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html ([https](https://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html) result 200).
* http://docs.spring.io/spring-framework/docs/4.0.x/spring-framework-reference/htmlsingle/ with 2 occurrences migrated to:
  https://docs.spring.io/spring-framework/docs/4.0.x/spring-framework-reference/htmlsingle/ ([https](https://docs.spring.io/spring-framework/docs/4.0.x/spring-framework-reference/htmlsingle/) result 200).
* http://static.springsource.org/spring-security/site/docs/3.0.x/reference/remember-me.html (301) with 1 occurrences migrated to:
  https://docs.spring.io/spring-security/site/docs/3.0.x/reference/remember-me.html ([https](https://static.springsource.org/spring-security/site/docs/3.0.x/reference/remember-me.html) result 200).
* http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html (301) with 1 occurrences migrated to:
  https://docs.spring.io/spring-security/site/docs/3.1.x/reference/springsecurity-single.html ([https](https://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html) result 200).
* http://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/ with 1 occurrences migrated to:
  https://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/ ([https](https://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/) result 200).
* http://docs.spring.io/spring-security/site/docs/current/api/ with 1 occurrences migrated to:
  https://docs.spring.io/spring-security/site/docs/current/api/ ([https](https://docs.spring.io/spring-security/site/docs/current/api/) result 200).
* http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/ with 3 occurrences migrated to:
  https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/ ([https](https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/) result 200).
* http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html (301) with 1 occurrences migrated to:
  https://docs.spring.io/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html ([https](https://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html) result 200).
* http://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/beans.html with 1 occurrences migrated to:
  https://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/beans.html ([https](https://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/beans.html) result 200).
* http://docs.spring.io/spring/docs/3.2.x/javadoc-api/org/springframework/web/multipart/support/MultipartFilter.html with 1 occurrences migrated to:
  https://docs.spring.io/spring/docs/3.2.x/javadoc-api/org/springframework/web/multipart/support/MultipartFilter.html ([https](https://docs.spring.io/spring/docs/3.2.x/javadoc-api/org/springframework/web/multipart/support/MultipartFilter.html) result 200).
* http://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/mvc.html with 3 occurrences migrated to:
  https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/mvc.html ([https](https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/mvc.html) result 200).
* http://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/view.html with 1 occurrences migrated to:
  https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/view.html ([https](https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/view.html) result 200).
* http://en.wikipedia.org/wiki/Clickjacking with 9 occurrences migrated to:
  https://en.wikipedia.org/wiki/Clickjacking ([https](https://en.wikipedia.org/wiki/Clickjacking) result 200).
* http://en.wikipedia.org/wiki/Content_sniffing with 2 occurrences migrated to:
  https://en.wikipedia.org/wiki/Content_sniffing ([https](https://en.wikipedia.org/wiki/Content_sniffing) result 200).
* http://en.wikipedia.org/wiki/Cross-site_request_forgery with 11 occurrences migrated to:
  https://en.wikipedia.org/wiki/Cross-site_request_forgery ([https](https://en.wikipedia.org/wiki/Cross-site_request_forgery) result 200).
* http://en.wikipedia.org/wiki/Cross-site_scripting with 7 occurrences migrated to:
  https://en.wikipedia.org/wiki/Cross-site_scripting ([https](https://en.wikipedia.org/wiki/Cross-site_scripting) result 200).
* http://en.wikipedia.org/wiki/Firesheep with 1 occurrences migrated to:
  https://en.wikipedia.org/wiki/Firesheep ([https](https://en.wikipedia.org/wiki/Firesheep) result 200).
* http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security with 4 occurrences migrated to:
  https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security ([https](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) result 200).
* http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol with 1 occurrences migrated to:
  https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol ([https](https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol) result 200).
* http://en.wikipedia.org/wiki/Man-in-the-middle_attack with 2 occurrences migrated to:
  https://en.wikipedia.org/wiki/Man-in-the-middle_attack ([https](https://en.wikipedia.org/wiki/Man-in-the-middle_attack) result 200).
* http://en.wikipedia.org/wiki/Null_Object_pattern with 1 occurrences migrated to:
  https://en.wikipedia.org/wiki/Null_Object_pattern ([https](https://en.wikipedia.org/wiki/Null_Object_pattern) result 200).
* http://en.wikipedia.org/wiki/SRV_record with 2 occurrences migrated to:
  https://en.wikipedia.org/wiki/SRV_record ([https](https://en.wikipedia.org/wiki/SRV_record) result 200).
* http://en.wikipedia.org/wiki/Same-origin_policy with 1 occurrences migrated to:
  https://en.wikipedia.org/wiki/Same-origin_policy ([https](https://en.wikipedia.org/wiki/Same-origin_policy) result 200).
* http://en.wikipedia.org/wiki/Session_fixation with 6 occurrences migrated to:
  https://en.wikipedia.org/wiki/Session_fixation ([https](https://en.wikipedia.org/wiki/Session_fixation) result 200).
* http://example.com with 8 occurrences migrated to:
  https://example.com ([https](https://example.com) result 200).
* http://example.com/ with 1 occurrences migrated to:
  https://example.com/ ([https](https://example.com/) result 200).
* http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice with 2 occurrences migrated to:
  https://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice ([https](https://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice) result 200).
* http://flywaydb.org/ with 1 occurrences migrated to:
  https://flywaydb.org/ ([https](https://flywaydb.org/) result 200).
* http://getbootstrap.com/docs/4.0/examples/signin/signin.css with 1 occurrences migrated to:
  https://getbootstrap.com/docs/4.0/examples/signin/signin.css ([https](https://getbootstrap.com/docs/4.0/examples/signin/signin.css) result 200).
* http://gradle.org with 1 occurrences migrated to:
  https://gradle.org ([https](https://gradle.org) result 200).
* http://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/ with 2 occurrences migrated to:
  https://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/ ([https](https://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/) result 200).
* http://joshlong.com/jl/blogPost/tech_tip_geting_started_with_spring_boot.html with 2 occurrences migrated to:
  https://joshlong.com/jl/blogPost/tech_tip_geting_started_with_spring_boot.html ([https](https://joshlong.com/jl/blogPost/tech_tip_geting_started_with_spring_boot.html) result 200).
* http://jquery.com/ with 1 occurrences migrated to:
  https://jquery.com/ ([https](https://jquery.com/) result 200).
* http://knockoutjs.com/ with 1 occurrences migrated to:
  https://knockoutjs.com/ ([https](https://knockoutjs.com/) result 200).
* http://marketplace.eclipse.org/content/anyedit-tools with 1 occurrences migrated to:
  https://marketplace.eclipse.org/content/anyedit-tools ([https](https://marketplace.eclipse.org/content/anyedit-tools) result 200).
* http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html with 1 occurrences migrated to:
  https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html ([https](https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html) result 200).
* http://openid.net with 1 occurrences migrated to:
  https://openid.net ([https](https://openid.net) result 200).
* http://openid.net/ with 1 occurrences migrated to:
  https://openid.net/ ([https](https://openid.net/) result 200).
* http://openid.net/certification/ with 4 occurrences migrated to:
  https://openid.net/certification/ ([https](https://openid.net/certification/) result 200).
* http://openid.net/connect/ with 4 occurrences migrated to:
  https://openid.net/connect/ ([https](https://openid.net/connect/) result 200).
* http://openid.net/specs/openid-attribute-exchange-1_0.html with 3 occurrences migrated to:
  https://openid.net/specs/openid-attribute-exchange-1_0.html ([https](https://openid.net/specs/openid-attribute-exchange-1_0.html) result 200).
* http://openid.net/specs/openid-connect-core-1_0.html with 50 occurrences migrated to:
  https://openid.net/specs/openid-connect-core-1_0.html ([https](https://openid.net/specs/openid-connect-core-1_0.html) result 200).
* http://openid.net/specs/openid-connect-session-1_0.html with 2 occurrences migrated to:
  https://openid.net/specs/openid-connect-session-1_0.html ([https](https://openid.net/specs/openid-connect-session-1_0.html) result 200).
* http://sizzlejs.com/ with 2 occurrences migrated to:
  https://sizzlejs.com/ ([https](https://sizzlejs.com/) result 200).
* http://spring.io/blog/2009/01/03/spring-security-customization-part-2-adjusting-secured-session-in-real-time with 1 occurrences migrated to:
  https://spring.io/blog/2009/01/03/spring-security-customization-part-2-adjusting-secured-session-in-real-time ([https](https://spring.io/blog/2009/01/03/spring-security-customization-part-2-adjusting-secured-session-in-real-time) result 200).
* http://blog.springsource.com/2010/03/06/behind-the-spring-security-namespace/ (301) with 1 occurrences migrated to:
  https://spring.io/blog/2010/03/06/behind-the-spring-security-namespace/ ([https](https://blog.springsource.com/2010/03/06/behind-the-spring-security-namespace/) result 200).
* http://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/ (301) with 1 occurrences migrated to:
  https://spring.io/blog/2010/08/02/spring-security-in-google-app-engine/ ([https](https://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/) result 200).
* http://spring.io/projects with 1 occurrences migrated to:
  https://spring.io/projects ([https](https://spring.io/projects) result 200).
* http://spring.io/services with 1 occurrences migrated to:
  https://spring.io/services ([https](https://spring.io/services) result 200).
* http://stackoverflow.com/questions/tagged/spring-security with 1 occurrences migrated to:
  https://stackoverflow.com/questions/tagged/spring-security ([https](https://stackoverflow.com/questions/tagged/spring-security) result 200).
* http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html with 2 occurrences migrated to:
  https://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html ([https](https://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html) result 200).
* http://tools.ietf.org/html/rfc6797 with 15 occurrences migrated to:
  https://tools.ietf.org/html/rfc6797 ([https](https://tools.ietf.org/html/rfc6797) result 200).
* http://tools.ietf.org/html/rfc7469 with 18 occurrences migrated to:
  https://tools.ietf.org/html/rfc7469 ([https](https://tools.ietf.org/html/rfc7469) result 200).
* http://vimeo.com/34436402 with 1 occurrences migrated to:
  https://vimeo.com/34436402 ([https](https://vimeo.com/34436402) result 200).
* http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails/ with 1 occurrences migrated to:
  https://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails/ ([https](https://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails/) result 200).
* http://www.ja-sig.org/cas (301) with 1 occurrences migrated to:
  https://www.apereo.org ([https](https://www.ja-sig.org/cas) result 200).
* http://ehcache.sourceforge.net (301) with 2 occurrences migrated to:
  https://www.ehcache.org/ ([https](https://ehcache.sourceforge.net) result 200).
* http://www.html5rocks.com/en/tutorials/security/content-security-policy/ with 2 occurrences migrated to:
  https://www.html5rocks.com/en/tutorials/security/content-security-policy/ ([https](https://www.html5rocks.com/en/tutorials/security/content-security-policy/) result 200).
* http://www.ietf.org/rfc/rfc2396.txt with 3 occurrences migrated to:
  https://www.ietf.org/rfc/rfc2396.txt ([https](https://www.ietf.org/rfc/rfc2396.txt) result 200).
* http://www.ietf.org/rfc/rfc2617.txt with 1 occurrences migrated to:
  https://www.ietf.org/rfc/rfc2617.txt ([https](https://www.ietf.org/rfc/rfc2617.txt) result 200).
* http://www.liquibase.org/ with 1 occurrences migrated to:
  https://www.liquibase.org/ ([https](https://www.liquibase.org/) result 200).
* http://www.openbsd.org/papers/bcrypt-paper.ps with 1 occurrences migrated to:
  https://www.openbsd.org/papers/bcrypt-paper.ps ([https](https://www.openbsd.org/papers/bcrypt-paper.ps) result 200).
* http://www.springframework.org/schema/aop/spring-aop-2.5.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/aop/spring-aop-2.5.xsd ([https](https://www.springframework.org/schema/aop/spring-aop-2.5.xsd) result 200).
* http://www.springframework.org/schema/beans/spring-beans-2.5.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/beans/spring-beans-2.5.xsd ([https](https://www.springframework.org/schema/beans/spring-beans-2.5.xsd) result 200).
* http://www.springframework.org/schema/beans/spring-beans-3.0.xsd with 2 occurrences migrated to:
  https://www.springframework.org/schema/beans/spring-beans-3.0.xsd ([https](https://www.springframework.org/schema/beans/spring-beans-3.0.xsd) result 200).
* http://www.springframework.org/schema/beans/spring-beans.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/beans/spring-beans.xsd ([https](https://www.springframework.org/schema/beans/spring-beans.xsd) result 200).
* http://www.springframework.org/schema/context/spring-context-2.5.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/context/spring-context-2.5.xsd ([https](https://www.springframework.org/schema/context/spring-context-2.5.xsd) result 200).
* http://www.springframework.org/schema/mvc/spring-mvc.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/mvc/spring-mvc.xsd ([https](https://www.springframework.org/schema/mvc/spring-mvc.xsd) result 200).
* http://www.springframework.org/schema/security/spring-security.xsd with 3 occurrences migrated to:
  https://www.springframework.org/schema/security/spring-security.xsd ([https](https://www.springframework.org/schema/security/spring-security.xsd) result 200).
* http://www.springframework.org/schema/websocket/spring-websocket.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/websocket/spring-websocket.xsd ([https](https://www.springframework.org/schema/websocket/spring-websocket.xsd) result 200).
* http://www.test.com with 9 occurrences migrated to:
  https://www.test.com ([https](https://www.test.com) result 200).
* http://www.thymeleaf.org with 25 occurrences migrated to:
  https://www.thymeleaf.org ([https](https://www.thymeleaf.org) result 200).
* http://www.thymeleaf.org/ with 3 occurrences migrated to:
  https://www.thymeleaf.org/ ([https](https://www.thymeleaf.org/) result 200).
* http://www.thymeleaf.org/dtd/xhtml1-strict-thymeleaf-spring4-3.dtd with 1 occurrences migrated to:
  https://www.thymeleaf.org/dtd/xhtml1-strict-thymeleaf-spring4-3.dtd ([https](https://www.thymeleaf.org/dtd/xhtml1-strict-thymeleaf-spring4-3.dtd) result 200).
* http://www.thymeleaf.org/whatsnew21.html with 1 occurrences migrated to:
  https://www.thymeleaf.org/whatsnew21.html ([https](https://www.thymeleaf.org/whatsnew21.html) result 200).
* http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html with 2 occurrences migrated to:
  https://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html ([https](https://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html) result 200).
* http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html with 1 occurrences migrated to:
  https://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html ([https](https://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html) result 200).
* http://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html with 1 occurrences migrated to:
  https://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html ([https](https://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html) result 200).
* http://www.w3.org/TR/2011/REC-css3-selectors-20110929/ with 2 occurrences migrated to:
  https://www.w3.org/TR/2011/REC-css3-selectors-20110929/ ([https](https://www.w3.org/TR/2011/REC-css3-selectors-20110929/) result 200).
* http://www.w3.org/TR/CSS21/syndata.html with 1 occurrences migrated to:
  https://www.w3.org/TR/CSS21/syndata.html ([https](https://www.w3.org/TR/CSS21/syndata.html) result 200).
* http://www.w3.org/TR/selectors/ with 3 occurrences migrated to:
  https://www.w3.org/TR/selectors/ ([https](https://www.w3.org/TR/selectors/) result 200).
* http://www.youtube.com/watch?v=3mk0RySeNsU with 2 occurrences migrated to:
  https://www.youtube.com/watch?v=3mk0RySeNsU ([https](https://www.youtube.com/watch?v=3mk0RySeNsU) result 200).
* http://api.jquery.com/jQuery.browser with 1 occurrences migrated to:
  https://api.jquery.com/jQuery.browser ([https](https://api.jquery.com/jQuery.browser) result 301).
* http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx with 1 occurrences migrated to:
  https://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx ([https](https://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx) result 301).
* http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx with 2 occurrences migrated to:
  https://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx ([https](https://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx) result 301).
* http://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx with 2 occurrences migrated to:
  https://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx ([https](https://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx) result 301).
* http://code.google.com/p/openid-selector/ with 3 occurrences migrated to:
  https://code.google.com/p/openid-selector/ ([https](https://code.google.com/p/openid-selector/) result 301).
* http://contributor-covenant.org with 1 occurrences migrated to:
  https://contributor-covenant.org ([https](https://contributor-covenant.org) result 301).
* http://contributor-covenant.org/version/1/3/0/ with 1 occurrences migrated to:
  https://contributor-covenant.org/version/1/3/0/ ([https](https://contributor-covenant.org/version/1/3/0/) result 301).
* http://dev.w3.org/csswg/cssom/ with 1 occurrences migrated to:
  https://dev.w3.org/csswg/cssom/ ([https](https://dev.w3.org/csswg/cssom/) result 301).
* http://docs.spring.io with 1 occurrences migrated to:
  https://docs.spring.io ([https](https://docs.spring.io) result 301).
* http://docs.spring.io/spring/docs/current/spring-framework-reference/html/testing.html with 1 occurrences migrated to:
  https://docs.spring.io/spring/docs/current/spring-framework-reference/html/testing.html ([https](https://docs.spring.io/spring/docs/current/spring-framework-reference/html/testing.html) result 301).
* http://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html with 7 occurrences migrated to:
  https://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html ([https](https://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html) result 301).
* http://forum.springsource.org/showthread.php?102783-How-to-use-hasIpAddress&p=343971 (301) with 1 occurrences migrated to:
  https://forum.spring.io/showthread.php?102783-How-to-use-hasIpAddress&p=343971 ([https](https://forum.springsource.org/showthread.php?102783-How-to-use-hasIpAddress&p=343971) result 301).
* http://help.github.com/set-up-git-redirect with 1 occurrences migrated to:
  https://help.github.com/set-up-git-redirect ([https](https://help.github.com/set-up-git-redirect) result 301).
* http://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_ with 1 occurrences migrated to:
  https://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_ ([https](https://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_) result 301).
* http://jquery.org/license with 1 occurrences migrated to:
  https://jquery.org/license ([https](https://jquery.org/license) result 301).
* http://msdn.microsoft.com/en-us/library/dd565647 with 4 occurrences migrated to:
  https://msdn.microsoft.com/en-us/library/dd565647 ([https](https://msdn.microsoft.com/en-us/library/dd565647) result 301).
* http://msdn.microsoft.com/en-us/library/ie/gg622941 with 5 occurrences migrated to:
  https://msdn.microsoft.com/en-us/library/ie/gg622941 ([https](https://msdn.microsoft.com/en-us/library/ie/gg622941) result 301).
* http://openid.net/get/ with 2 occurrences migrated to:
  https://openid.net/get/ ([https](https://openid.net/get/) result 301).
* http://openid.net/what/ with 2 occurrences migrated to:
  https://openid.net/what/ ([https](https://openid.net/what/) result 301).
* http://technorati.com/people/technorati/ with 2 occurrences migrated to:
  https://technorati.com/people/technorati/ ([https](https://technorati.com/people/technorati/) result 301).
* http://twitter.github.com/bootstrap/javascript.html with 13 occurrences migrated to:
  https://twitter.github.com/bootstrap/javascript.html ([https](https://twitter.github.com/bootstrap/javascript.html) result 301).
* http://www.jasig.org/cas with 1 occurrences migrated to:
  https://www.jasig.org/cas ([https](https://www.jasig.org/cas) result 301).
* http://www.modernizr.com/ with 1 occurrences migrated to:
  https://www.modernizr.com/ ([https](https://www.modernizr.com/) result 301).
* http://www.opensource.org/licenses/mit-license.php with 1 occurrences migrated to:
  https://www.opensource.org/licenses/mit-license.php ([https](https://www.opensource.org/licenses/mit-license.php) result 301).
* http://www.oracle.com/technetwork/java/javase/downloads with 1 occurrences migrated to:
  https://www.oracle.com/technetwork/java/javase/downloads ([https](https://www.oracle.com/technetwork/java/javase/downloads) result 301).
* http://www.springframework.org/security with 1 occurrences migrated to:
  https://www.springframework.org/security ([https](https://www.springframework.org/security) result 301).
* http://www.springsource.com/ with 2 occurrences migrated to:
  https://www.springsource.com/ ([https](https://www.springsource.com/) result 301).
* http://www.springsource.org with 1 occurrences migrated to:
  https://www.springsource.org ([https](https://www.springsource.org) result 301).
* http://www.springsource.org/sts with 1 occurrences migrated to:
  https://www.springsource.org/sts ([https](https://www.springsource.org/sts) result 301).
* http://www.thoughtcrime.org/software/sslstrip/ with 1 occurrences migrated to:
  https://www.thoughtcrime.org/software/sslstrip/ ([https](https://www.thoughtcrime.org/software/sslstrip/) result 301).
* http://www.w3.org/TR/css3-selectors/ with 2 occurrences migrated to:
  https://www.w3.org/TR/css3-selectors/ ([https](https://www.w3.org/TR/css3-selectors/) result 301).
* http://www.w3.org/TR/css3-syntax/ with 1 occurrences migrated to:
  https://www.w3.org/TR/css3-syntax/ ([https](https://www.w3.org/TR/css3-syntax/) result 301).
* http://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/ with 2 occurrences migrated to:
  https://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/ ([https](https://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/) result 302).
* http://download.oracle.com/javase/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/login/ConfigFile.html with 1 occurrences migrated to:
  https://download.oracle.com/javase/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/login/ConfigFile.html ([https](https://download.oracle.com/javase/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/login/ConfigFile.html) result 302).
* http://example2.com with 3 occurrences migrated to:
  https://example2.com ([https](https://example2.com) result 302).
* http://flickr.com/ with 2 occurrences migrated to:
  https://flickr.com/ ([https](https://flickr.com/) result 302).
* http://git-scm.com/book/cs/ch7-3.html with 1 occurrences migrated to:
  https://git-scm.com/book/cs/ch7-3.html ([https](https://git-scm.com/book/cs/ch7-3.html) result 302).
* http://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd with 1 occurrences migrated to:
  https://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd ([https](https://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd) result 302).
* http://java.sun.com/j2se/1.4.2/docs/api/javax/naming/directory/DirContext.html with 1 occurrences migrated to:
  https://java.sun.com/j2se/1.4.2/docs/api/javax/naming/directory/DirContext.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/naming/directory/DirContext.html) result 302).
* http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html with 4 occurrences migrated to:
  https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html) result 302).
* http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html with 1 occurrences migrated to:
  https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html) result 302).
* http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/NameCallback.html with 1 occurrences migrated to:
  https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/NameCallback.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/NameCallback.html) result 302).
* http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/PasswordCallback.html with 1 occurrences migrated to:
  https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/PasswordCallback.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/PasswordCallback.html) result 302).
* http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html with 1 occurrences migrated to:
  https://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html ([https](https://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html) result 302).
* http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/callback/CallbackHandler.html with 2 occurrences migrated to:
  https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/callback/CallbackHandler.html ([https](https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/callback/CallbackHandler.html) result 302).
* http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html with 1 occurrences migrated to:
  https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html ([https](https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html) result 302).
* http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html with 2 occurrences migrated to:
  https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html ([https](https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html) result 302).
* http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html with 3 occurrences migrated to:
  https://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html ([https](https://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html) result 302).
* http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd with 1 occurrences migrated to:
  https://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd ([https](https://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd) result 302).
* http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd with 1 occurrences migrated to:
  https://java.sun.com/xml/ns/javaee/web-app_2_5.xsd ([https](https://java.sun.com/xml/ns/javaee/web-app_2_5.xsd) result 302).
* http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd with 2 occurrences migrated to:
  https://java.sun.com/xml/ns/javaee/web-app_3_0.xsd ([https](https://java.sun.com/xml/ns/javaee/web-app_3_0.xsd) result 302).
* http://msdn.microsoft.com/en-us/library/ms680857%28VS.85%29.aspx with 1 occurrences migrated to:
  https://msdn.microsoft.com/en-us/library/ms680857%28VS.85%29.aspx ([https](https://msdn.microsoft.com/en-us/library/ms680857%28VS.85%29.aspx) result 302).
* http://spring.io/spring-security with 1 occurrences migrated to:
  https://spring.io/spring-security ([https](https://spring.io/spring-security) result 302).
* http://spring.io/spring-security/ with 2 occurrences migrated to:
  https://spring.io/spring-security/ ([https](https://spring.io/spring-security/) result 302).
* http://spring.io/tools/sts with 1 occurrences migrated to:
  https://spring.io/tools/sts ([https](https://spring.io/tools/sts) result 302).
* http://tools.ietf.org/draft/draft-behera-ldap-password-policy/draft-behera-ldap-password-policy-09.txt with 2 occurrences migrated to:
  https://tools.ietf.org/draft/draft-behera-ldap-password-policy/draft-behera-ldap-password-policy-09.txt ([https](https://tools.ietf.org/draft/draft-behera-ldap-password-policy/draft-behera-ldap-password-policy-09.txt) result 302).
* http://webauth.stanford.edu/manual/mod/mod_webauth.html with 1 occurrences migrated to:
  https://webauth.stanford.edu/manual/mod/mod_webauth.html ([https](https://webauth.stanford.edu/manual/mod/mod_webauth.html) result 302).
* http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context with 1 occurrences migrated to:
  https://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context ([https](https://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context) result 302).
* http://www.ietf.org/internet-drafts/draft-ietf-ldapbis-authmeth-19.txt with 1 occurrences migrated to:
  https://www.ietf.org/internet-drafts/draft-ietf-ldapbis-authmeth-19.txt ([https](https://www.ietf.org/internet-drafts/draft-ietf-ldapbis-authmeth-19.txt) result 302).

# Ignored
These URLs were intentionally ignored.

* http://java.sun.com/JSP/Page with 14 occurrences
* http://java.sun.com/jsp/jstl/core with 31 occurrences
* http://java.sun.com/jsp/jstl/fmt with 6 occurrences
* http://java.sun.com/jsp/jstl/functions with 1 occurrences
* http://java.sun.com/jstl/core with 1 occurrences
* http://java.sun.com/xml/ns/j2ee with 2 occurrences
* http://java.sun.com/xml/ns/javaee with 6 occurrences
* http://localhost with 20 occurrences
* http://localhost/ with 6 occurrences
* http://localhost/Test</value></property&gt with 1 occurrences
* http://localhost/appcontext/page with 1 occurrences
* http://localhost/authenticated with 1 occurrences
* http://localhost/authentication/login with 2 occurrences
* http://localhost/authorize/oauth2/code/registration-id with 3 occurrences
* http://localhost/authorize/oauth2/implicit/registration-3 with 1 occurrences
* http://localhost/callback/client-1 with 1 occurrences
* http://localhost/callback/client-1?error=invalid_grant with 1 occurrences
* http://localhost/client-1 with 9 occurrences
* http://localhost/cookie with 1 occurrences
* http://localhost/cookie/delete with 1 occurrences
* http://localhost/custom-login with 1 occurrences
* http://localhost/custom-logout with 1 occurrences
* http://localhost/form-page with 1 occurrences
* http://localhost/iss with 1 occurrences
* http://localhost/issuer with 2 occurrences
* http://localhost/login with 38 occurrences
* http://localhost/login/oauth2/code/ with 4 occurrences
* http://localhost/login/oauth2/code/pkce-client-registration-id& with 1 occurrences
* http://localhost/login/oauth2/code/registration-id with 3 occurrences
* http://localhost/login/oauth2/code/registration-id& with 2 occurrences
* http://localhost/login/oauth2/code/registration-id-2 with 2 occurrences
* http://localhost/login/openid with 1 occurrences
* http://localhost/login2 with 1 occurrences
* http://localhost/loginPage with 2 occurrences
* http://localhost/logout with 1 occurrences
* http://localhost/messages with 4 occurrences
* http://localhost/oauth2/authorization/google with 1 occurrences
* http://localhost/openid-page with 1 occurrences
* http://localhost/saved-request with 1 occurrences
* http://localhost/secured with 2 occurrences
* http://localhost/signin with 1 occurrences
* http://localhost/some-url with 1 occurrences
* http://localhost/tosave with 1 occurrences
* http://localhost/user with 1 occurrences
* http://localhost:123456 with 3 occurrences
* http://localhost:1280/certs with 1 occurrences
* http://localhost:314 with 1 occurrences
* http://localhost:4080 with 1 occurrences
* http://localhost:543 with 1 occurrences
* http://localhost:8080 with 16 occurrences
* http://localhost:8080/ with 4 occurrences
* http://localhost:8080/SomeService with 1 occurrences
* http://localhost:8080/contacts with 1 occurrences
* http://localhost:8080/login/oauth2/code with 1 occurrences
* http://localhost:8080/login/oauth2/code/client-id with 2 occurrences
* http://localhost:8080/login/oauth2/code/facebook with 2 occurrences
* http://localhost:8080/login/oauth2/code/github with 2 occurrences
* http://localhost:8080/login/oauth2/code/google with 4 occurrences
* http://localhost:8080/login/oauth2/code/okta with 2 occurrences
* http://localhost:8080/path/page.html?query=string with 1 occurrences
* http://localhost:8080/sample/ with 15 occurrences
* http://localhost:8080/secure with 1 occurrences
* http://localhost:8080/spring-security-samples-tutorial/listAccounts.html with 4 occurrences
* http://localhost:8080/spring-security-samples-tutorial/post.html?id=1 with 4 occurrences
* http://localhost:9080/protected with 2 occurrences
* http://localhost:9080/secured with 1 occurrences
* http://localhost:9080/unsecured with 1 occurrences
* http://localhost:9080/user with 1 occurrences
* http://test.com with 1 occurrences
* http://test.foobar.com with 1 occurrences
* http://testopenid.com?openid.return_to= with 1 occurrences
* http://www.springframework.org/schema/aop with 2 occurrences
* http://www.springframework.org/schema/beans with 8 occurrences
* http://www.springframework.org/schema/context with 2 occurrences
* http://www.springframework.org/schema/mvc with 2 occurrences
* http://www.springframework.org/schema/security with 45 occurrences
* http://www.springframework.org/schema/security/spring-security- with 1 occurrences
* http://www.springframework.org/schema/websocket with 2 occurrences
* http://www.springframework.org/security/tags with 17 occurrences
* http://www.springframework.org/tags with 12 occurrences
* http://www.springframework.org/tags/form with 14 occurrences
* http://www.w3.org/1999/XSL/Transform with 1 occurrences
* http://www.w3.org/1999/xhtml with 26 occurrences
* http://www.w3.org/2001/XMLSchema with 15 occurrences
* http://www.w3.org/2001/XMLSchema-datatypes with 8 occurrences
* http://www.w3.org/2001/XMLSchema-instance with 9 occurrences
 2019-03-19 23:53:23 -05:00
Josh Cummings
a45df2c802 Move OIDC Reactive Packaging 2019-03-19 09:00:46 -06:00
Josh Cummings
8f5493acce Move OIDC Servlet Packaging 2019-03-19 09:00:46 -06:00
Josh Cummings
fba31dfb6a Reactive Oidc RP-Initiated Logout 
Issue: gh-5350
 2019-03-19 09:00:46 -06:00
Josh Cummings
248a8c030b Support for OIDC RP-Initiated Logout 
Fixes: gh-5350
 2019-03-19 09:00:46 -06:00
Josh Cummings
55e8df1efe NimbusReactiveJwtDecoder Takes Reactive Processor 
Fixes: gh-5937
 2019-03-18 12:32:44 -06:00
Josh Cummings
9478abebd2 Internalize Nimbus JwtDecoder Builder 
Issue: gh-6010
 2019-03-18 12:32:44 -06:00
Spring Operator
b93528138e URL Cleanup 
This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).

# Fixed URLs

## Fixed Success
These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.

* http://www.apache.org/licenses/ with 1 occurrences migrated to:
  https://www.apache.org/licenses/ ([https](https://www.apache.org/licenses/) result 200).
* http://www.apache.org/licenses/LICENSE-2.0 with 2691 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0 ([https](https://www.apache.org/licenses/LICENSE-2.0) result 200).
* http://www.apache.org/licenses/LICENSE-2.0.html with 2 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0.html ([https](https://www.apache.org/licenses/LICENSE-2.0.html) result 200).
 2019-03-14 15:46:20 -05:00
Stephen Doxsee
7739a0e91a Add PKCE OAuth2 client support 
- Support has been added for "RFC7636: Proof Key for Code Exchange by OAuth Public Clients" (PKCE, pronounced "pixy") to mitigate against attacks targeting the interception of the authorization code
 - PkceParameterNames was added for the 3 additional parameters used by PKCE (i.e. code_verifier, code_challenge, and code_challenge_method)
 - Default code_verifier length has been set to 128 characters--the maximum allowed by RFC7636
 - ClientAuthenticationMethod.NONE was added to allow clients to request tokens without providing a client secret

Fixes gh-6446
 2019-02-28 11:38:48 -05:00
Josh Cummings
fba25614bf Reactive Opaque Token Support 
Fixes: gh-6513
 2019-02-15 15:59:25 -06:00
Rob Winch
752733e8de Polish WebSessionOAuth2ServerAuthorizationRequestRepository Format 
Issue: gh-6215
 2019-02-15 15:01:11 -06:00
Zhanwei Wang
a60fd43534 Fix OAuth2 Client with Ditributed Session 
Fixes: gh-6215
 2019-02-15 15:01:11 -06:00
Joe Grandja
0c27f64338 ServletOAuth2AuthorizedClientExchangeFilterFunction supports chaining 
Fixes gh-6483
 2019-02-13 11:19:44 -05:00
Fabien Arrault
17e774d8c7 Preserve existing refresh token if new refresh token not returned 
During an oauth2 refresh if the authorization server doesn't return a new refresh token, preserve the existing one.

Fixes: gh-6503
 2019-02-07 15:11:23 -05:00
Josh Cummings
ef9c3e4771 Opaque Token Support 
Fixes: gh-5200
 2019-02-07 12:40:12 -07:00
Joe Grandja
594a169798 Introduce OAuth2AuthorizationRequest.attributes 
Fixes gh-5940
 2019-02-07 11:49:17 -05:00
Gerardo Roza
95e0e7243d Save original request on oauth2Client filter 
When we used the oauth2Client directive and requested an endpoint that
required client authorization on the authorization server, the
SPRING_SECURITY_SAVED_REQUEST was not persisted, and therefore after
creating the authorized client we were redirected to the root page ("/").

Now we are storing the session attribute and getting redirected back to
the original URI as expected.

Note that the attribute is stored only when a
ClientAuthorizationRequiredException is thrown in the chain, we dont
want to store it as a response to the
/oauth2/authorization/{registrationId} endpoint, since we would end
up in an infinite loop

Fixes gh-6341
 2019-01-25 09:15:44 -06:00
Joe Grandja
2a867997e2 Polish gh-6415 2019-01-14 13:33:58 -05:00
Rafael Dominguez
fe5f10e9a2 Extract the ID Token JwtDecoderFactory to enable user customization 
This commit ensures that the JwtDecoderFactory is not a private field inside
the Oidc authentication provider by extracting this class and giving the
possibility to customize the way different providers are validated.

Fixes: gh-6379
 2019-01-14 13:33:58 -05:00
Adrian Javorski
dd45a49f02 Update JwtTimestampValidator.java 
Changed MaxClockSkew variable to clockSkew to simplify the name.

Fixes gh-6380
 2019-01-14 10:33:38 -07:00
Joe Grandja
f234a5fbdb ID Token validation supports clock skew 
Fixes gh-5839
 2019-01-09 16:03:13 -05:00
Joe Grandja
d878dbf30e Polish gh-6349 2019-01-09 10:15:02 -05:00
Rafael Dominguez
057ed616c4 Improve error messages in OidcIdTokenValidator 
This commit ensures that error messages contain more specific
information regarding the reported error.

Fixes: gh-6323
 2019-01-09 10:15:02 -05:00
Johnny Lim
c94f13a971 Polish tests 2019-01-08 11:16:22 -06:00
Joe Grandja
673a2adf26 Polish oauth2 client ExchangeFilterFunction's 
Fixes gh-6355
 2019-01-07 14:39:25 -05:00
Joe Grandja
993e11dcd3 Polish gh-6127 2019-01-07 13:50:17 -05:00
Warren Bailey
1c9ab9197e When expired retrieve new Client Credentials token. 
Once client credentials access token has expired retrieve a new token from the OAuth2 authorization server.
These tokens can't be refreshed because they do not have a refresh token associated with. This is standard behaviour for Oauth 2 client credentails

Fixes gh-5893
 2019-01-07 13:50:17 -05:00
Josh Cummings
d77b12d229 authorization_uri Uses UriComponentsBuilder 
Because of this, authorization_uri can now be a fully-qualified url.

Fixes: gh-5760
 2018-12-21 13:23:47 -07:00
Joe Grandja
9c0d78da71 Extract OidcTokenValidator to an OAuth2TokenValidator 
Fixes gh-5930
 2018-12-21 11:06:40 -05:00
Joe Grandja
12f320851d Set openid scope in OAuth2LoginTests 2018-12-21 09:24:55 -06:00
Joe Grandja
8f4f52edb9 Support configurable JwtDecoder for IdToken verification 
Fixes gh-5717
 2018-12-21 09:24:55 -06:00
Eric Deandrea
0f7dff3774 Introduce ReactiveJwtAuthenticationConverter 
Some changes based on PR comments

Fixes gh-6273
 2018-12-17 14:12:53 -07:00
Josh Cummings
1bfa38b1bd
Validate Scopes in ClientRegistrationBuilder 
Fixes: gh-6256
 2018-12-14 10:41:29 -07:00
shraiysh
e25bea2cf7 Author: Shraiysh Vaishay cs17btech11050@iith.ac.in 
Add WebClientReactiveAuthorizationCodeTokenResponseClient.setWebClient

Fixes gh-6182
 2018-12-06 11:18:39 -06:00
Josh Cummings
566bc6a6e1
Test OpenID Discovery with Trailing Slash 
Fixes gh-6234
 2018-12-05 10:54:30 -07:00
Nicolas Le Bas
ba8a337f9a Accept a case-insensitive "Bearer" keyword 
The Authorization header was matched for OAuth2
against the "Bearer" keyword in a case sensitive
fashion.
According to RFC 2617, it should be case insensitive
and some oauth clients (including some earlier
versions of spring-security) expect it so.

This is the reactive counterpart to commit
63f2b6094f59cc9ded6a83ac3def4a1726890a8b .

Fixes gh-6195
 2018-12-02 09:32:27 -05:00
Nicolas Le Bas
63f2b6094f The "Bearer" keyword should be case-insensitive 
The Authorization header was matched for OAuth2
against the "Bearer" keyword in a case sensitive
fashion.
According to RFC 2617, it should be case insensitive
and some oauth clients (including some earlier
versions of spring-security) expect it so.
 2018-11-28 19:34:47 -07:00
jer051
fdc81822ec Add WebClientReactiveClientCredentialsTokenResponseClient setWebClient 
Added the ability to specify a custom WebClient in
WebClientReactiveClientCredentialsTokenResponseClient.
Also added testing to ensure the custom WebClient is not null and is
used.

Fixes: gh-6051
 2018-11-28 15:44:36 -06:00
Josh Cummings
2a8233d035
Remove PowerMock from oauth2-core and oauth2-jose 
Issue: gh-6025
 2018-11-20 14:02:10 -07:00
Josh Cummings
80e13bad41
Remove PowerMock from oauth2-client 
Issue: gh-6025
 2018-11-19 18:09:00 -07:00