Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,779 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

800 Commits

Author SHA1 Message Date
Hassene Laaribi 7694aa27cf Add jwt-bearer authorization grant 
Closes gh-6053
 2021-04-09 06:22:29 -04:00
Joe Grandja 9c97970e26 Add Jwt Client Authentication support 
Closes gh-8175
 2021-04-08 15:44:33 -04:00
Rob Winch 8323590b6c Update r2dbc-spi-test to 0.8.4.RELEASE 
Closes gh-9551
 2021-04-05 22:23:59 -05:00
Rob Winch 60d3db5798 add management platform(project(":spring-security-dependencies")) 
Closes gh-9540
 2021-04-05 10:36:36 -05:00
Rob Winch 1a76ee7442 Update Gradle configuration names 
Closes gh-9540
 2021-04-05 10:36:36 -05:00
Hassene Laaribi b8e47882aa Fix test to use non-expired token 
Closes gh-9506
 2021-03-17 17:38:08 +01:00
Eleftheria Stein 4a492846f1 Revert "Lock dependencies for 2.5.0-M3" 
This reverts commit f05cc6269c.
 2021-03-15 23:18:45 +01:00
Eleftheria Stein f05cc6269c Lock dependencies for 2.5.0-M3 2021-03-15 11:00:19 +01:00
Josh Cummings 71e0967b53
Revert "Lock Dependencies for Release" 
This reverts commit 8c04074264.
 2021-02-17 15:59:48 -07:00
Josh Cummings 8c04074264
Lock Dependencies for Release 2021-02-17 14:59:17 -07:00
Josh Cummings 5e5ff27109
Configure Jackson for nanosecond precision 
Closes gh-9461
 2021-02-17 11:53:36 -07:00
Josh Cummings a0a9718b8b
Use Instant with micro-second precision 
Closes gh-9449
 2021-02-17 11:31:23 -07:00
Josh Cummings cf032d86d6
Revert "Lock Dependencies" 
This reverts commit 9535a41d5a.
 2021-02-11 18:38:07 -07:00
Josh Cummings 9535a41d5a
Lock Dependencies 2021-02-11 17:43:39 -07:00
Josh Cummings f449da8b78
Revert "Lock Dependencies" 
This reverts commit d17ebf53f9.
 2021-02-11 17:28:01 -07:00
Josh Cummings d17ebf53f9
Lock Dependencies 2021-02-11 16:56:28 -07:00
Josh Cummings c4be1c6a56
Revert "Lock Dependencies" 
This reverts commit a85caa4098.
 2021-02-11 15:49:59 -07:00
Josh Cummings a85caa4098
Lock Dependencies 2021-02-11 15:00:38 -07:00
Rob Winch 71f9876c48 Revert "Lock dependencies" 
This reverts commit dca4858d81.
 2021-02-11 13:38:50 -06:00
Rob Winch dca4858d81 Lock dependencies 2021-02-11 13:00:32 -06:00
Rob Winch ec8f6014d4 Revert "Lock dependencies" 
This reverts commit fa5f789beb.
 2021-02-11 09:51:54 -06:00
Rob Winch fa5f789beb Lock dependencies 2021-02-11 08:53:40 -06:00
Benjamin Faal 98399c920a Make user info response status check error only 
Closes gh-9336
 2021-01-25 11:10:03 -05:00
Benjamin Faal 0f7360e8fa Make user info response status check error only 
Closes gh-9336
 2021-01-25 10:46:07 -05:00
Benjamin Faal f6b678f137 Make user info response status check error only 
Closes gh-9336
 2021-01-25 10:23:49 -05:00
Benjamin Faal d85a7cfc4a Make user info response status check error only 
Closes gh-9336
 2021-01-25 10:02:58 -05:00
tristanessquare 580b988e7f
Fix NullPointerException 
- Caused by a malformed WWW-Authenticate value

Closes gh-9364
 2021-01-21 16:22:29 -07:00
tristanessquare 56db058fd0
Fix NullPointerException 
- Caused by a malformed WWW-Authenticate value
 2021-01-21 16:18:23 -07:00
Josh Cummings 1af21a9d02
Revert "Lock Dependencies for 5.4.2" 
This reverts commit 046bc9789f.
 2020-12-02 22:21:02 -07:00
Josh Cummings 7c2010f507
Revert "Lock Dependencies for 5.3.6" 
This reverts commit a153012056.
 2020-12-02 19:32:03 -07:00
Josh Cummings 046bc9789f
Lock Dependencies for 5.4.2 2020-12-02 17:36:26 -07:00
Josh Cummings a153012056
Lock Dependencies for 5.3.6 2020-12-02 16:31:52 -07:00
Joe Grandja 58e3235093 Deprecate ClientAuthenticationMethod BASIC and POST 
Closes gh-9220
 2020-11-25 15:13:28 -05:00
Joe Grandja b95e1aa209 Revert "Lock dependencies for 5.5.0-M1" 
This reverts commit 25a7482c8c.
 2020-11-03 19:53:28 -05:00
Joe Grandja c069692ab9 Extract OAuth2Token from AbstractOAuth2Token 
Closes gh-5502
 2020-11-02 20:35:08 -05:00
Rob Winch 25a7482c8c Lock dependencies for 5.5.0-M1 2020-10-30 17:52:03 -05:00
Ovidiu Popa 6724e3e514 Provide a R2dbc implementation of ReactiveOuath2AuthorizedClientService 
Implement R2dbcReactiveOuath2AuthorizedClientService which persists the
Oauth2AuthorizedClient in a sql database

R2dbcReactiveOuath2AuthorizedClientService is using the spring-r2dbc
module to persist/load Oauth2AuthorizedClient to/from a sql database

Add optional depedency to the spring-r2dbc module
Add test compile dependencies to r2dbc-h2 and r2dbc-test

Closes gh-7890
 2020-10-29 15:44:12 -04:00
Craig Andrews 42a787d1f6 Add Postgres sql for JDBC implementation of OAuth2AuthorizedClientService 
Postgres doesn't have a BLOB type, but it does have an equivalent BYTEA
type.
This approach and naming convention follows the convention established
in Spring Session JDBC which has sql for each RDBMS with files names in
the pattern *-{dbname}.sql, for example:
schema-db2.sql
schema-derby.sql
schema-h2.sql
schema-mysql.sql
schema-postgresql.sql

See https://github.com/spring-projects/spring-session/tree/2.3.1.RELEASE/spring-session-jdbc/src/main/resources/org/springframework/session/jdbc

Issue gh-9070
 2020-10-22 09:56:20 -04:00
Craig Andrews 05dc326389 Use LobHandler in JdbcOAuth2AuthorizedClientService 
LobHandler provides an abstraction for handling large binary fields and large text
fields in specific databases, no matter if represented as simple types or
Large OBjects.

Its use provides compatibility with many databases eliminating the need
for custom OAuth2AuthorizedClientParametersMapper and
OAuth2AuthorizedClientRowMapper implementations.

Closes gh-9070
 2020-10-22 09:56:20 -04:00
Josh Cummings 2dcfda7fac
Revert "Lock Dependencies for 5.3.5.RELEASE" 
This reverts commit 846a5a962c.
 2020-10-07 16:39:28 -06:00
Josh Cummings 84737e7b23
Revert "Lock Dependencies for 5.4.1" 
This reverts commit 48ac47418d.
 2020-10-07 16:38:48 -06:00
Josh Cummings 48ac47418d
Lock Dependencies for 5.4.1 2020-10-07 16:01:34 -06:00
Josh Cummings 846a5a962c
Lock Dependencies for 5.3.5.RELEASE 2020-10-07 13:18:01 -06:00
Phillip Webb c502312719 Replace expected @Test attributes with AssertJ 
Replace JUnit expected @Test attributes with AssertJ calls.
 2020-09-22 16:13:51 -06:00
Phillip Webb 20baa7d409 Replace ExpectedException @Rules with AssertJ 
Replace JUnit ExpectedException @Rules with AssertJ calls.
 2020-09-22 16:13:51 -06:00
Joe Grandja 6e6d382357 Adapt to WebClient's new exception wrapping 
See https://github.com/spring-projects/spring-framework/issues/23842

Closes gh-9031
 2020-09-17 12:21:51 -04:00
Joe Grandja 7b1f574769 Revert "Lock Dependency Versions for 5.4.0" 
This reverts commit 3d0e459182.
 2020-09-09 18:14:12 -04:00
Joe Grandja 3d0e459182 Lock Dependency Versions for 5.4.0 2020-09-09 13:45:03 -04:00
Rob Winch 2abf59b695 Merge Formatting Changes 
Issue gh-8945
 2020-08-24 17:33:23 -05:00
Rob Winch dc47a7575e Polish oauth-client format 
Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb 319d3364aa Migrate to assertThatExceptionOfType 
Consistently use `assertThatExceptionOfType(...).isThrownBy(...)`
rather than `assertThatCode` or `assertThatThrownBy`. This aligns with
Spring Boot and Spring Cloud. It also allows the convenience
`assertThatIllegalArgument` and `assertThatIllegalState` methods to
be used.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb 2f8e835b11 Use assertThatObject to save casting 
Update tests that use `assertThat((Object) ...)` to use the convenience
`assertThatObject(...)` method instead.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb a5aa6b3d7f Remove blank lines from all tests 
Remove all blank lines from test code so that test methods are
visually grouped together. This generally helps to make the test
classes easer to scan, however, the "given" / "when" / "then"
blocks used by some tests are now not as easy to discern.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb 7a715f9086 Polish spring-security-oauth2-client main code 
Manually polish `spring-security-oauth-cleint` following the
formatting and checkstyle fixes.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb 834dcf5bcf Use consistent ternary expression style 
Update all ternary expressions so that the condition is always in
parentheses and "not equals" is used in the test. This helps to bring
consistency across the codebase which makes ternary expression easier
to scan.

For example: `a = (a != null) ? a : b`

Issue gh-8945
 2020-08-24 17:33:08 -05:00
Phillip Webb 8d3f039f76 Reduce method visibility when possible 
Reduce method visibility for package private classes when possible.

In the case of abstract classes that will eventually be made public,
the class has been made public and a package-private constructor has
been added.

Issue gh-8945
 2020-08-24 17:33:08 -05:00
Phillip Webb 612fb22a7f Remove unnecessary lambda blocks 
Remove lambda blocks that aren't needed and replace instead with a
simple expression.

Issue gh-8945
 2020-08-24 17:33:08 -05:00
Phillip Webb 52f20b5281 Use parenthesis with single-arg lambdas 
Use regular expression search/replace to ensure all single-arg
lambdas have parenthesis. This aligns with the style used in Spring
Boot and ensure that single-arg and multi-arg lambdas are consistent.

Issue gh-8945
 2020-08-24 17:33:08 -05:00
Phillip Webb 01d90c9881 Hide utility class constructors 
Update all utility classes so that they have a private constructor. This
prevents users from accidentally creating an instance, when they should
just use the static methods directly.

Issue gh-8945
 2020-08-24 17:33:08 -05:00
Phillip Webb ff94944313 Add whitespace after copyright header 
Add an additional lines after the copyright header and before the
`package` declaration. This aligns with the style used by Spring
Framework.

Issue gh-8945
 2020-08-24 17:33:08 -05:00
Phillip Webb 8d80166aaf Update exception variable names 
Consistently use `ex` for caught exception and `cause` for Exception
constructor arguments.

Issue gh-8945
 2020-08-24 17:33:08 -05:00
Phillip Webb e9130489a6 Remove restricted static imports 
Replace static imports with class referenced methods. With the exception
of a few well known static imports, checkstyle restricts the static
imports that a class can use. For example, `asList(...)` would be
replaced with `Arrays.asList(...)`.

Issue gh-8945
 2020-08-24 17:33:08 -05:00
Phillip Webb db55ef4b3b Migrate to BDD Mockito 
Migrate Mockito imports to use the BDD variant. This aligns better with
the "given" / "when" / "then" style used in most tests since the "given"
block now uses Mockito `given(...)` calls.

The commit also updates a few tests that were accidentally using
Power Mockito when regular Mockito could be used.

Issue gh-8945
 2020-08-24 17:33:08 -05:00
Phillip Webb 18f3d13363 Fix parenthesis padding issues 
Fix a few parenthesis padding issues caused by the formatter.

Issue gh-8945
 2020-08-24 17:33:08 -05:00
Phillip Webb a0b9442265 Use consistent modifier order 
Update code to use a consistent modifier order that aligns with that
used in the "Java Language specification".

Issue gh-8945
 2020-08-24 17:33:07 -05:00
Phillip Webb a2f2e9ac8d Move inner-types so that they are always last 
Move all inner-types so that they are consistently the last item
defined. This aligns with the style used by Spring Framework and
the consistency generally makes it easier to scan the source.

Issue gh-8945
 2020-08-24 17:33:07 -05:00
Phillip Webb 418c3d6808 Avoid inner assignments 
Replace code of the form `a = b =c` with distinct statements. Although
this results in more lines of code, they are usually easier to
understand.

Issue gh-8945
 2020-08-24 17:33:07 -05:00
Phillip Webb 9e08b51ed3 Apply code cleanup rules to projects 
Apply automated cleanup rules to add `@Override` and `@Deprecated`
annotations and to fix class references used with static methods.

Issue gh-8945
 2020-08-24 17:33:07 -05:00
Phillip Webb 8866fa6fb0 Always use 'this.' when accessing fields 
Apply an Eclipse cleanup rules to ensure that fields are always accessed
using `this.`. This aligns with the style used by Spring Framework and
helps users quickly see the difference between a local and member
variable.

Issue gh-8945
 2020-08-24 17:33:07 -05:00
Phillip Webb 6894ff5d12 Make classes final where possible 
Update classes that have private constructors so that they are also
declared final. In a few cases, inner-classes used private constructors
but were subclassed. These have now been changed to have package-private
constructors.

Issue gh-8945
 2020-08-24 17:33:07 -05:00
Phillip Webb 37fa94fafc Organize imports 
Use "organize imports" from Eclipse to cleanup import statements so
that they appear in a consistent and well defined order.

Issue gh-8945
 2020-08-24 17:33:07 -05:00
Phillip Webb 5f64f53c3f Use consistent "@" tag order in Javadoc 
Ensure that Javadoc "@" tags appear in a consistent and well defined
order.

Issue gh-8945
 2020-08-24 17:33:07 -05:00
Phillip Webb b7fc18262d Reformat code using spring-javaformat 
Run `./gradlew format` to reformat all java files.

Issue gh-8945
 2020-08-24 17:32:56 -05:00
Martin Vietz 0486d5add9 scopes_supported metadata not used as default in ClientRegistrations 
Closes gh-8514
 2020-08-20 08:09:54 -04:00
Phillip Webb 27ac046d8a Rename *Test.java -> *Tests.java 
Rename a few test classes that accidentally ended in `Test` instead of
`Tests`.

Issue gh-8945
 2020-08-10 16:24:44 -05:00
Joe Grandja 1d74d556c2 Revert "Lock Dependency Versions for 5.4.0-RC1" 
This reverts commit f3a1e5d40c.
 2020-08-05 14:59:11 -04:00
Joe Grandja f3a1e5d40c Lock Dependency Versions for 5.4.0-RC1 2020-08-05 13:46:11 -04:00
Eleftheria Stein d8bef76a0f Unlock dependencies 
This reverts commit b619d298aa.
 2020-08-05 18:18:02 +02:00
Eleftheria Stein b619d298aa Lock Dependencies for 5.3.4.RELEASE 2020-08-05 12:33:31 +02:00
Joe Grandja 3bc0b8c144 Revert "Fix snapshot build failure related to reactor-netty" 
This reverts commit f37714a26f.
 2020-08-04 14:24:32 -04:00
Joe Grandja f37714a26f Fix snapshot build failure related to reactor-netty 
Closes gh-8909
 2020-08-04 14:17:03 -04:00
Joe Grandja 8146b1fdda Deprecate CustomUserTypesOAuth2UserService 
Closes gh-8908
 2020-08-04 13:23:44 -04:00
Joe Grandja 73e550a867 Polish gh-8906 2020-08-04 11:16:26 -04:00
Joe Grandja 0ed919f072 Deprecate ClientRegistration.redirectUriTemplate 
Closes gh-8906
 2020-08-04 11:03:29 -04:00
Joe Grandja a0c10f2df6 Allow for custom ClientRegistration.clientAuthenticationMethod 
Closes gh-8903
 2020-08-04 08:48:56 -04:00
Joe Grandja 4e5a304a8a Remove use of Mono.deferWithContext() 
Closes gh-8901
 2020-08-04 07:26:32 -04:00
Dennis Neufeld 57db8e5d4a Add OAuth2AuthenticationException to allowlist 
Add mixins for
- OAuth2AuthenticationException
- OAuth2Error

Closes gh-8797
 2020-07-21 10:15:44 -04:00
Dennis Neufeld de572be8e9 Add OAuth2AuthenticationException to allowlist 
Add mixins for
- OAuth2AuthenticationException
- OAuth2Error

Closes gh-8797
 2020-07-21 10:14:45 -04:00
Joe Grandja b69bcf88e0 Improve error message when invalid content-type for UserInfo response 
Closes gh-8764
 2020-07-09 14:10:14 -04:00
Josh Cummings 146d0b6358
Revert "Lock Dependency Versions for 5.4.0-M2" 
This reverts commit 68538897c8.
 2020-07-01 13:11:50 -06:00
Josh Cummings 68538897c8
Lock Dependency Versions for 5.4.0-M2 2020-07-01 12:40:29 -06:00
Eleftheria Stein 7af5804d56 Compare Timestamps up to the millisecond 
Issue gh-8782
 2020-07-01 11:30:27 +02:00
Eleftheria Stein eb7b27695d Compare Timestamps up to the millisecond 
Issue gh-8782
 2020-07-01 11:12:55 +02:00
Joe Grandja da4b626bf1 OAuth2LoginAuthenticationWebFilter should handle OAuth2AuthorizationException 
Issue gh-8609
 2020-06-09 17:28:21 -04:00
Joe Grandja 4c902bb857 OAuth2AuthorizationCodeGrantWebFilter should handle OAuth2AuthorizationException 
Fixes gh-8609
 2020-06-09 17:28:21 -04:00
Joe Grandja 674e2c0a8e OAuth2LoginAuthenticationWebFilter should handle OAuth2AuthorizationException 
Issue gh-8609
 2020-06-09 16:24:00 -04:00
Joe Grandja 11c1236261 OAuth2AuthorizationCodeGrantWebFilter should handle OAuth2AuthorizationException 
Fixes gh-8609
 2020-06-09 16:24:00 -04:00
Joe Grandja 38c1e3ffa8 OAuth2LoginAuthenticationWebFilter should handle OAuth2AuthorizationException 
Issue gh-8609
 2020-06-09 15:27:32 -04:00
Joe Grandja acf56f24a6 OAuth2AuthorizationCodeGrantWebFilter should handle OAuth2AuthorizationException 
Fixes gh-8609
 2020-06-09 15:21:07 -04:00
Josh Cummings 1d821a2664
Add Ticket Number to Test 
Issue gh-8650
 2020-06-05 14:24:49 -06:00
Erik Bakker cd3fd6762f
Don't Consume Request Body 
Per the servlet spec, getParameter(name) consumes the request body for
POST requests.

This commit prevents DefaultOAuth2AuthorizationRequestResolver from
consuming the request body for non-Authorization requests.

Closes gh-8650
 2020-06-05 14:21:00 -06:00
Josh Cummings bbd2a9ebae
Revert "Lock Dependencies for 5.3.3.RELEASE" 
This reverts commit 116bfe01e6.
 2020-06-03 16:11:59 -06:00
Josh Cummings 116bfe01e6
Lock Dependencies for 5.3.3.RELEASE 2020-06-03 13:14:07 -06:00
Parikshit Dutta 28d2cfa14a Add ServerRequestCache setter in OAuth2AuthorizationCodeGrantWebFilter 
Fixes gh-8536
 2020-06-02 21:54:09 -04:00
Parikshit Dutta 1e211b6558 Add RequestCache setter in OAuth2AuthorizationCodeGrantFilter 
Fixes gh-8120
 2020-05-15 15:13:15 -04:00
Joe Grandja c1abc9b134 Polish gh-8501 2020-05-15 13:26:09 -04:00
Thomas Vitale 78fa859798 Add issuerUri to ClientRegistration.providerDetails 
- Add "issuerUri" attribute to ClientRegistration.providerDetails for OpenID Connect Discovery 1.0 or OAuth 2.0 Authorization Server Metadata.
- Validate OidcIdToken "iss" claim against the OpenID Provider "issuerUri" value.
- Update documentation for client registration: it includes issuer-uri property now.

Fixes gh-8326
 2020-05-14 17:13:07 -04:00
Joe Grandja 86ca6b013c Unlock dependencies 
This reverts commit 206960cf44.
 2020-05-06 17:27:35 -04:00
Joe Grandja 206960cf44 Lock dependencies for 5.4.0-M1 2020-05-06 17:13:04 -04:00
Joe Grandja 413dfc8679 Unlock dependencies 
This reverts commit a61145f74c.
 2020-05-06 15:29:45 -04:00
Joe Grandja a61145f74c Lock dependencies for 5.3.2.RELEASE 2020-05-06 15:06:08 -04:00
Stav Shamir 6f2359ccae Support update when saving with JdbcOAuth2AuthorizedClientService 
Before this commit, JdbcOAuth2AuthorizedClientService threw DuplicateKeyException when re-authorizing or when authorizing the same user from a different client.

This commit makes JdbcOAuth2AuthorizedClientService's saveAuthorizedClient method consistent with that of InMemoryOAuth2AuthorizedClientService.

Fixes gh-8425
 2020-04-29 09:18:54 -04:00
Stav Shamir a783fbc641 Support update when saving with JdbcOAuth2AuthorizedClientService 
Before this commit, JdbcOAuth2AuthorizedClientService threw DuplicateKeyException when re-authorizing or when authorizing the same user from a different client.

This commit makes JdbcOAuth2AuthorizedClientService's saveAuthorizedClient method consistent with that of InMemoryOAuth2AuthorizedClientService.

Fixes gh-8425
 2020-04-29 07:37:57 -04:00
Daniel Furtlehner 32ce94d2dd Validate ID Token Issuer 
When the issuer is set in the provider metadata, we validate the iss
field of the ID Token against it.

The OpenID Connect Specification says this must always be validated.
But this would be a breaking change for applications configured other
than with ClientRegistrations.fromOidcIssuerLocation(issuer). This will
be done later with #8326

Fixes gh-8321
 2020-04-21 20:30:01 -04:00
Antonin Arquey 5cd1ec7bb3 Add AuthoritiesMapper setter for reactive OAuth2Login 
Allow the configuration of a custom GrantedAuthorityMapper for reactive OAuth2Login

- Add setter in OidcAuthorizationCodeReactiveAuthenticationManager
  and OAuth2LoginReactiveAuthenticationManager

- Use an available GrantedAuthorityMapper bean to configure the default ReactiveAuthenticationManager

Fixes gh-8324
 2020-04-17 16:55:05 -04:00
Joe Grandja a78872f268 Unlock dependencies for 5.3.1.RELEASE 
This reverts commit 88c02684bb.
 2020-03-31 17:53:13 -04:00
Joe Grandja 88c02684bb Lock dependencies for 5.3.1.RELEASE 2020-03-31 17:28:36 -04:00
Ruby Hartono 401597c673 Improve OAuth2LoginAuthenticationProvider 
1. update OAuth2LoginAuthenticationProvider to use
OAuth2AuthorizationCodeAuthenticationProvider
2. apply fix gh-5368 for OAuth2AuthorizationCodeAuthenticationProvider
to return additionalParameters value from accessTokenResponse

Fixes gh-5633
 2020-03-30 21:09:17 -04:00
Ruby Hartono 45eb34c9a6 Improve OAuth2LoginAuthenticationProvider 
1. update OAuth2LoginAuthenticationProvider to use
OAuth2AuthorizationCodeAuthenticationProvider
2. apply fix gh-5368 for OAuth2AuthorizationCodeAuthenticationProvider
to return additionalParameters value from accessTokenResponse

Fixes gh-5633
 2020-03-30 21:08:59 -04:00
Ruby Hartono 71b4248fe6 Improve OAuth2LoginAuthenticationProvider 
1. update OAuth2LoginAuthenticationProvider to use
OAuth2AuthorizationCodeAuthenticationProvider
2. apply fix gh-5368 for OAuth2AuthorizationCodeAuthenticationProvider
to return additionalParameters value from accessTokenResponse

Fixes gh-5633
 2020-03-30 20:55:43 -04:00
Martin Nemec a9a9c2c0fd OAuth2 ClientRegistrations NPE fix when userinfo missing 
Fixes gh-8187
 2020-03-27 06:15:25 -04:00
Martin Nemec dfc25dc245 OAuth2 ClientRegistrations NPE fix when userinfo missing 
Fixes gh-8187
 2020-03-27 06:13:50 -04:00
Martin Nemec 75c05d0bb4 OAuth2 ClientRegistrations NPE fix when userinfo missing 
Fixes gh-8187
 2020-03-27 05:58:28 -04:00
Joe Grandja a1bcd4ed00 Fix OAuth2AuthorizationRequest additionalParameters/attributes Consumer 
Fixes gh-8177
 2020-03-24 13:59:36 -04:00
Joe Grandja 46baf38f59 Fix OAuth2AuthorizationRequest additionalParameters/attributes Consumer 
Fixes gh-8177
 2020-03-24 13:44:09 -04:00
Joe Grandja 2d8242c5c1 Assign sensible default for OAuth2AuthorizedClientProvider 
Fixes gh-8150
 2020-03-19 11:50:48 -04:00
Joe Grandja a9dabf6efb Assign sensible default for OAuth2AuthorizedClientProvider 
Fixes gh-8150
 2020-03-19 11:44:30 -04:00
Josh Cummings 6eadf7b140
Unlock dependencies for 5.3.0.RELEASE 
This reverts commit 147d7dadd7.
 2020-03-04 12:02:48 -07:00
Josh Cummings 147d7dadd7
Lock dependencies for 5.3.0.RELEASE 2020-03-04 10:28:39 -07:00
Josh Cummings 968ebb194b
baseUrl placeholder for OidcLogoutSuccessHandlers 
Fixes gh-7842
 2020-02-25 13:35:50 -07:00
Joe Grandja fa73b1397a Add missing @FunctionalInterface in oauth2 modules 
Fixes gh-8020
 2020-02-24 11:53:30 -05:00
Joe Grandja 3e5600f83f Add configurable Clock in OidcIdTokenValidator 
Fixes gh-8019
 2020-02-24 11:21:03 -05:00
Joe Grandja 7734d049eb Polish javadoc gh-7511 2020-02-24 10:35:58 -05:00
Joe Grandja d32c98b1c5 Add OAuth2AuthorizeRequest.Builder.principal(String) 
Fixes gh-8018
 2020-02-24 09:58:38 -05:00
Joe Grandja c6da7b2dd6 Polish gh-7840 2020-02-24 09:28:00 -05:00
Joe Grandja 65b5d468fb Deprecate UnAuthenticatedServerOAuth2AuthorizedClientRepository 
Fixes gh-8016
 2020-02-24 06:50:58 -05:00
Joe Grandja 4e2f1988f2 Polish Fix package tangles 
Issue #7699 #7840
 2020-02-24 06:42:00 -05:00
Joe Grandja 82cd203791 Remove unnecessary mocking 
Fixes gh-8012
 2020-02-23 19:35:16 -05:00
Joe Grandja c8cc9717c9 Fix package tangles 
Issue #7699 #7840
 2020-02-23 07:24:36 -05:00
Joe Grandja f2da2c56be Resolve OAuth2Error from WWW-Authenticate header 
Issue gh-7699
 2020-02-21 15:12:58 -05:00
Joe Grandja 69156b741d Add OAuth2Authorization success/failure handlers 
Fixes gh-7840
 2020-02-21 15:12:58 -05:00
Joe Grandja 23ce717380 Simplify customizing OAuth2AuthorizationRequest 
Fixes gh-7696
 2020-02-19 06:22:07 -05:00
Joe Grandja de8b558561 Add JDBC implementation of OAuth2AuthorizedClientService 
Fixes gh-7655
 2020-02-13 12:17:29 -05:00
Joe Grandja 8acdb82e6a OAuth2AuthorizationCodeGrantWebFilter matches on query parameters 
Fixes gh-7966
 2020-02-10 15:28:06 -05:00
Joe Grandja 0809c04aa2 OAuth2AuthorizationCodeGrantWebFilter matches on query parameters 
Fixes gh-7966
 2020-02-10 15:11:04 -05:00
Joe Grandja 6141132cfa Fix test gh-7963 2020-02-10 05:53:00 -05:00
Joe Grandja cc7ea4acd3 OAuth2AuthorizationCodeGrantFilter matches on query parameters 
Fixes gh-7963
 2020-02-10 05:24:14 -05:00
Joe Grandja 3c86239b39 OAuth2AuthorizationCodeGrantFilter matches on query parameters 
Fixes gh-7963
 2020-02-10 05:13:47 -05:00
Stephane Maldini 851be025e9 Don't force downcasting of RequestAttributes to ServletRequestAttributes 
Fixes gh-7952
 2020-02-07 20:44:19 -05:00
Stephane Maldini 0012e24c46 Don't force downcasting of RequestAttributes to ServletRequestAttributes 
Fixes gh-7953
 2020-02-07 20:18:50 -05:00
Eleftheria Stein 84b8a5abd7 Unlock dependencies for next development version 
This reverts commit 064616f1ef.
 2020-02-05 15:53:04 +01:00
Eleftheria Stein 064616f1ef Lock dependencies for 5.3.0.RC1 2020-02-05 10:20:05 +01:00
Joe Grandja 25d029b092 Fix test gh-7873 2020-02-04 12:00:55 -05:00
Joe Grandja 04f3fe8af9 Add Jackson support for oauth2-client session related classes 
Fixes gh-4886
 2020-02-04 09:01:12 -05:00
Phil Clay e5fca61810 Introduce Reactive OAuth2Authorization success/failure handlers 
All ReactiveOAuth2AuthorizedClientManagers now have authorization success/failure handlers.
A success handler is provided to save authorized clients for future requests.
A failure handler is provided to remove previously saved authorized clients.

ServerOAuth2AuthorizedClientExchangeFilterFunction also makes use of a
failure handler in the case of unauthorized or forbidden http status code.

The main use cases now handled are
- remove authorized client when an authorization server indicates that a refresh token is no longer valid (when authorization server returns invalid_grant)
- remove authorized client when a resource server indicates that an access token is no longer valid (when resource server returns invalid_token)

Introduced ClientAuthorizationException to capture details needed when removing an authorized client.
All ReactiveOAuth2AccessTokenResponseClients now throw a ClientAuthorizationException on failures.

Created AbstractWebClientReactiveOAuth2AccessTokenResponseClient to unify common logic between all ReactiveOAuth2AccessTokenResponseClients.

Fixes gh-7699
 2020-01-16 15:24:55 -05:00
Eleftheria Stein fcc6457bef Unlock dependencies for next development version 
This reverts commit 93acf8f0f1.
 2020-01-08 22:15:17 +01:00
Eleftheria Stein 93acf8f0f1 Lock dependencies for 5.3.0.M1 2020-01-08 19:41:10 +01:00
Rob Winch 65981444f1 Use Version Ranges 
Fixes gh-7788
 2020-01-06 14:46:48 -06:00
Josh Cummings 02f161aba7
Use OidcIdToken.Builder 
Issue gh-7592
 2019-12-12 07:37:15 -07:00
Phil Clay 840d3aa986 Polish #7589 
Rename OAuth2AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager to AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.

Handle empty mono returned from contextAttributesMapper.

Handle empty map returned from contextAttributesMapper.

Fix DefaultContextAttributesMapper so that it doesn't access ServerWebExchange.

Fix unit tests so that they pass.

Use StepVerifier in unit tests, rather than .subscribe().

Fixes gh-7569
 2019-12-10 14:37:34 -05:00
Ankur Pathak 4c5c4f6cce Reactive Implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager 
ReactiveOAuth2AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager is reactive
version of AuthorizedClientServiceOAuth2AuthorizedClientManager

Fixes: gh-7569
 2019-12-10 14:37:25 -05:00
Phil Clay cffad1be02 Polish #7589 
Rename OAuth2AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager to AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.

Handle empty mono returned from contextAttributesMapper.

Handle empty map returned from contextAttributesMapper.

Fix DefaultContextAttributesMapper so that it doesn't access ServerWebExchange.

Fix unit tests so that they pass.

Use StepVerifier in unit tests, rather than .subscribe().

Fixes gh-7569
 2019-12-10 13:59:51 -05:00
Ankur Pathak c29309d744 Reactive Implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager 
ReactiveOAuth2AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager is reactive
version of AuthorizedClientServiceOAuth2AuthorizedClientManager

Fixes: gh-7569
 2019-12-10 13:59:51 -05:00
Joe Grandja 148b570a98 Remove redundant validation for redirect-uri 
Fixes gh-7706
 2019-12-06 12:01:19 -05:00
Joe Grandja 24500fa3ca Remove redundant validation for redirect-uri 
Fixes gh-7706
 2019-12-06 11:55:31 -05:00
Josh Cummings bb8706977d
Polish DefaultOAuth2AuthorizedClientManager 2019-12-02 16:05:17 -07:00
Joe Grandja b905cb8aaa Polish OAuth2AuthorizedClientArgumentResolver 2019-11-28 10:31:29 -05:00
Joe Grandja 19c2209a12 ServerOAuth2AuthorizedClientExchangeFilterFunction works with UnAuthenticatedServerOAuth2AuthorizedClientRepository 
Fixes gh-7544
 2019-11-28 10:31:18 -05:00
Joe Grandja 18f48e4a16 DefaultReactiveOAuth2AuthorizedClientManager requires non-null serverWebExchange 
Issue gh-7544
 2019-11-28 10:31:06 -05:00
Joe Grandja 65513f2e3b Polish OAuth2AuthorizedClientArgumentResolver 2019-11-28 09:48:01 -05:00
Joe Grandja 80f256e425 ServerOAuth2AuthorizedClientExchangeFilterFunction works with UnAuthenticatedServerOAuth2AuthorizedClientRepository 
Fixes gh-7544
 2019-11-28 09:48:01 -05:00
Joe Grandja 07b8aa0b1f DefaultReactiveOAuth2AuthorizedClientManager requires non-null serverWebExchange 
Issue gh-7544
 2019-11-28 09:48:01 -05:00
Josh Cummings 22ae3eb765
Polish Error-handling Tests 
Tests should assert the error message content that Spring Security
controls.

Fixes gh-7647
 2019-11-14 16:13:39 -07:00
Rafiullah Hamedy 58ca81d500 Make jwks_uri optional for RFC 8414 and Required for OpenID Connect 
OpenID Connect Discovery 1.0 expects the OpenId Provider Metadata 
response is expected to return a valid jwks_uri, however, this field is 
optional in the Authorization Server Metadata response as per RFC 8414
specification.

Fixes gh-7512
 2019-11-11 10:34:06 -07:00
Phil Clay 8584b12c8d Make saveAuthorizedClient save the authorized client 
Previously, saveAuthorizedClient never actually saved the authorized
client, because it ignored the Mono<Void> returned from
authorizedClientRepository.saveAuthorizedClient.

Now, it does not ignore the Mono<Void> returned from
authorizedClientRepository.saveAuthorizedClient, and includes it in
the stream, and therefore it will properly save the authorized client.

Fixes gh-7546
 2019-10-23 12:12:23 -04:00
Joe Grandja 1c53a7859b Fix access token expiry check with clock skew 
Fixes gh-7511
 2019-10-22 21:54:55 -04:00
Everett Irwin 6ad328f909 Add Clock Skew Tests 
Fixes gh-7511

Co-authored-by: Isaac Cummings <josh.cummings+zac@gmail.com>
 2019-10-17 20:19:47 -06:00
Josh Cummings adf9769eed
Add ClientRegistration.withClientRegistration 
Fixes gh-7486
 2019-09-27 14:17:50 -06:00
Joe Grandja 7217bb5eb0 Remove FIXME in OAuth2LoginReactiveAuthenticationManager 2019-09-27 12:13:13 -04:00
Joe Grandja 2a5bd6e719 Align Servlet ExchangeFilterFunction CoreSubscriber 
Fixes gh-7422
 2019-09-26 16:17:17 -04:00
Joe Grandja d3b7a47ef8 Polish gh-4442 2019-09-25 21:37:31 -04:00
Mark Heckler da9f027fa4 Add nonce to OIDC Authentication Request 
Fixes gh-4442
 2019-09-25 14:57:54 -04:00
Joe Grandja 9f18c2e21a OAuth2AuthorizationCodeGrantWebFilter matches on registered redirect-uri 
Fixes gh-7036
 2019-09-24 11:07:36 -04:00
Rob Winch ff54eb878a Use Schedulers.boundedElastic() 
Fixes gh-7457
 2019-09-19 13:51:06 -05:00
Rob Winch 00f8991fac Merge Remove Redudant Throws 
Fixes gh-7301
 2019-09-19 11:04:53 -05:00
Josh Cummings 05caf3d8fb
Use Jwt.Builder 
Fixes gh-7443
 2019-09-16 14:00:25 -06:00
Joe Grandja 88c749263b Polish javadoc for OAuth2AuthorizedClientManager 2019-09-12 19:25:49 -04:00
Joe Grandja dcdeab596d DefaultReactiveOAuth2AuthorizedClientManager defaults ServerWebExchange 
Fixes gh-7390
 2019-09-10 11:40:28 -04:00
Eddú Meléndez 91bf1c782a Make OAuth2User extends OAuth2AuthenticatedPrincipal 
Fixes gh-7378
 2019-09-09 14:36:35 +01:00
Joe Grandja 93cda94969 Add attributes Consumer to OAuth2AuthorizationContext 
Fixes gh-7385
 2019-09-06 08:01:59 -04:00
Joe Grandja f7d03858f1 OAuth2AuthorizedClientManager implementation works outside of request 
Fixes gh-6780
 2019-09-06 06:10:36 -04:00
Joe Grandja a60446836b OAuth2AuthorizeRequest supports attributes 
Fixes gh-7341
 2019-09-05 21:04:25 -04:00
Rob Winch 2a3bf9b6bb DefaultReactiveOAuth2UserService IOException 
Improve handling of IOException to report an
AuthenticationServiceExceptionThere are many reasons that a
DefaultReactiveOAuth2UserService might fail due to an IOException
(i.e. SSLHandshakeException). In those cases we should use a
AuthenticationServiceException so that users are aware there is likely
some misconfiguration.

Fixes gh-7370
 2019-09-05 13:31:30 -05:00
Andreas Kluth c46b224ec4 Remove OAuth2AuthorizationRequest when a distributed session is used 
Dirties the WebSession by putting the amended AUTHORIZATION_REQUEST map into
the WebSession even it was already in the map. This causes common SessionRepository
implementations like Redis to persist the updated attribute.

Fixes gh-7327

Author: Andreas Kluth <mail@andreaskluth.net>
 2019-09-05 09:31:32 -04:00
Joe Grandja e6618d4d50 Removed unused OAuth2AuthorizedClientResolver 
Fixes gh-7357
 2019-09-04 16:56:40 -04:00
Josh Cummings 833bfd0c22 Add Authorities from Access Token 2019-09-04 14:15:28 -06:00
Josh Cummings aa1c80c801 Grant Individual Authorities From Claims 
Fixes gh-7339
 2019-09-04 14:15:28 -06:00
Joe Grandja 409285fb3d Fix test 
Issue gh-7350
 2019-09-04 14:27:01 -04:00
Joe Grandja 0ac8618eac Align DefaultOAuth2AuthorizedClientManager.DefaultContextAttributesMapper 
Fixes gh-7350
 2019-09-04 14:07:45 -04:00
Joe Grandja dcd997ea43 Add support for Resource Owner Password Credentials grant 
Fixes gh-6003
 2019-09-04 14:07:45 -04:00
Josh Cummings 5e98b92273
In-memory ClientRegistration Repo Duplicate Check 
Fixes gh-7338
 2019-09-02 15:30:48 -06:00
kostya05983 f6c650db47
Replace Streams with Loops 
First version of replacing streams

fix wwwAuthenticate and codestyle

fix errors in implementation to pass tests

Fix review notes

Remove uneccessary final to align with cb

Short circuit way to authorize

Simplify error message, make code readably

Return error while duplicate key found

Delete check for duplicate, checkstyle issues

Return duplicate error

Fixes gh-7154
 2019-09-02 15:30:48 -06:00
Roman Matiushchenko ffc43e02c3 Fix NPE in RequestContextSubscriber 
RequestContextSubscriber could cause NPE if Mono/Flux.subscribe()
was invoked outside of Web Context.
In addition it replaced source Context with its own without respect
to old data.
Now Request Context Data is Propagated within holder class and
it is added to existing reactor Context if Holder is not empty.

Fixes gh-7228
 2019-08-30 16:49:38 +03:00
Lars Grefer 95511331fa fix checkstyle 2019-08-26 22:42:26 +02:00
Eleftheria Stein 323cf9fa92 Polish OAuth2AuthorizedClientResolver 2019-08-26 11:04:19 -04:00
watsta 2c2e8e5f24 Remove internal Optional usage in favor of null checks 
Issue gh-7155
 2019-08-26 09:27:40 -04:00
Ebert Toribio 2c2d3b5d85 Use ConcurrentHashMap in InMemoryReactiveClientRegistrationRepository 
Fixes gh-7299
 2019-08-23 20:12:29 -04:00
Joe Grandja bc38a4a3cc Provide configurable Clock in OAuth2AuthorizedClientProvider impls 
Fixes gh-7114
 2019-08-23 16:43:32 -04:00
Lars Grefer 34dd5fea30 Remove redundant throws clauses 
Removes exceptions that are declared in a method's signature but never thrown by the method itself or its implementations/derivatives.
 2019-08-23 01:03:54 +02:00
Joe Grandja f0515a021c Polish #7116 2019-08-22 12:01:10 -04:00
Joe Grandja 46756d2e6b Introduce Reactive OAuth2AuthorizedClient Manager/Provider 
Fixes gh-7116
 2019-08-21 14:12:38 -04:00
Rob Winch a377581951 Fix WebClient Memory Leaks 
WebClient exchange requires that the body is consumed. Before this commit
there were places where an Exception was thrown without consuming the body
if the status was not successful. There was also the potential for the
statusCode invocation to throw an Exception of the status code was not
defined which would cause a leak.

This commit ensures that before the Exception is thrown the body is
consumed. It also uses the http status in a way that will ensure an
Exception is not thrown.

Fixes gh-7293
 2019-08-21 12:46:11 -05:00
Josh Cummings aa026f8526
Nimbus JWK Set Builders Take SignatureAlgorithm 
Fixes gh-7270
 2019-08-17 01:10:12 -06:00
Rob Winch c1db1aad91
Cleanup Code Style Issues 
Cleanup Code Style Issues
 2019-08-12 13:06:49 -05:00
Lars Grefer ff1070df36 remove redundant modifiers found by checkstyle 2019-08-10 00:18:56 +02:00
Lars Grefer 38de737663 Java 8: Statement lambda can be replaced with expression lambda 2019-08-09 16:59:07 -05:00
Lars Grefer 05f42a4995 Remove unused imports 2019-08-08 14:22:31 -04:00
Eddú Meléndez 496579dde2 Add match result for servlet requests 
Fixes gh-7148
 2019-08-05 19:43:00 -04:00
Joe Grandja 4ca9e15595 Fix blocking in ServletOAuth2AuthorizedClientExchangeFilterFunction 
Fixes gh-6589
 2019-07-26 14:02:17 -04:00
Joe Grandja c05b0765c1 Introduce OAuth2AuthorizedClient Manager/Provider 
Fixes gh-6845
 2019-07-25 11:12:54 -04:00
Joe Grandja e554547593 Revert Map constructor for InMemoryReactiveClientRegistrationRepository 
This commit reverts f6414e9a52 and
partial revert of e1b095df32.
NOTE: InMemoryReactiveClientRegistrationRepository should not expose a
Map constructor as it would allow the caller to pass in a 'distributed' (remote) Map,
which would result in a blocking I/O operation.
 2019-07-08 15:32:52 -04:00
Joe Grandja 23d61d43e5 Polish #5994 2019-07-08 14:50:38 -04:00
Vedran Pavic 9432670f1d Allow InMemoryOAuth2AuthorizedClientService to be constructed with a Map 
Fixes gh-5994
 2019-07-08 12:46:26 -04:00
Édouard Hue 3c1472501f Fixed validation in ClientRegistration.Builder 
ClientRegistration.Builder defaulted to validating as an
authorization_code registration, though a custom grant type could be in
use. The actual grant_type is now verified for every case.
 - Fixed validation in ClientRegistration.Builder
 - New test that fails unless the issue is fixed.

Also made OAuth2AuthorizationGrantRequestEntityUtils public to help
implementing custom token response clients.

Fixes gh-7040
 2019-07-03 16:07:19 -05:00
Joe Grandja 3f2108921e Allow configurable accessible scopes for UserInfo resource 
Fixes gh-6886
 2019-06-20 10:32:58 -04:00
Dennis Devriendt b7ea7083c9 OAuth2LoginAuthenticationFilter sets AuthenticationDetails 
Fixes gh-6866
 2019-06-17 15:44:41 -05:00
Joe Grandja ac38232a9e ID Token validation uses JwtTimestampValidator 
Fixes gh-6964
 2019-06-11 16:11:48 -04:00
Josh Cummings 1739ef8d3c
Polish ClientRegistrations, (Reactive)JwtDecoders 
Simplifed some of the branching logic in the implementations. Updated
the JavaDocs. Simplified some of the test support.

Issue: gh-6500
 2019-06-10 10:31:30 -06:00
Rafiullah Hamedy f5b7706942
Support for OAuth 2.0 Authorization Server Metadata 
Added support for OAuth 2.0 Authorization Server Metadata as per the
RFC 8414 specification. Updated the existing implementation of OpenId to
comply with the Compatibility Section of RFC 8414 specification.

Fixes: gh-6500
 2019-06-10 10:31:30 -06:00
Marek Sabo 7cfb17a8a3 Finer variables for OAuth2 redirectUriTemplate expansion 
Fixes #6239
 2019-06-07 12:08:21 -05:00
Joe Grandja aa767ec8bf Externalize coercion in ClaimAccessor 
Fixes gh-6245
 2019-06-04 17:16:39 -04:00
Rob Winch 3c7aa4243f DefaultServerOAuth2AuthorizationRequestResolver uses fromUri 
Fixes gh-6952
 2019-06-04 15:28:29 -05:00
Joe Grandja 38ba70bbdd client_credentials client should not set Authorization header when ClientAuthenticationMethod.POST 
Fixes gh-6911
 2019-05-31 14:54:17 -04:00
Daniel Meier 56f1991240 Update AssertJ to version 3.12.2 
Update the AssertJ dependency to version 3.12.2. Additionally fix
some tests not compiling due to API changes of AssertJ.

Fixes gh-6786
 2019-05-31 11:45:20 -06:00
Joe Grandja bed3371b80 Support symmetric key for JwtDecoder 
Fixes gh-5465
 2019-04-12 13:21:50 -04:00
Vishal Raj 45891941b0 OidcIdTokenValidator ensures clockSkew is positive number 
Fixes gh-6443
 2019-04-10 15:17:59 -04:00
Phil Clay 9520e3a1c0 Make UnAuthenticatedServerOAuth2AuthorizedClientRepository threadsafe 
Previously UnAuthenticatedServerOAuth2AuthorizedClientRepository used a HashMap for storing OAuth2AuthorizedClients.
UnAuthenticatedServerOAuth2AuthorizedClientRepository and its HashMap are potentially accessed by multiple threads without any synchronization.
Since HashMap is not threadsafe itself, this makes UnAuthenticatedServerOAuth2AuthorizedClientRepository not threadsafe.

Now UnAuthenticatedServerOAuth2AuthorizedClientRepository uses a ConcurrentHashMap for storing OAuth2AuthorizedClients.
Since ConcurrentHashMap is threadsafe, UnAuthenticatedServerOAuth2AuthorizedClientRepository will now be threadsafe as well.

Fixes gh-6717
 2019-04-01 17:03:58 -04:00
Phil Clay 9593f9cae2 Defer downstream filter execution if no OAuth2AuthorizedClient is found 
Prior to this change, ServerOAuth2AuthorizedClientExchangeFilterFunction would invoke next.exchange:
- first at assembly time inside the .switchIfEmpty call.
- second at execution time inside .flatMap when a OAuth2AuthorizedClient is found.

While this double-call should not technically cause any functional problems, since the Mono returned by the first call will not be subscribed if a OAuth2AuthorizedClient is found,
it does result in a lot of unnecessary execution and object creation.  There is no technical need to invoke the downstream filters twice.

This change defers the call inside .switchIfEmpty, so that it will only execute at execution time if an OAuth2AuthorizedClient is not found.

After this change, ServerOAuth2AuthorizedClientExchangeFilterFunction will not invoke next.exchange at assembly time, and will only execute next.exchange once per subscription at execution time.

Fixes gh-6719
 2019-04-01 16:15:46 -04:00
Rob Winch e9e7f7d9bc Polish URL Cleanup 
Fixes: gh-6628
 2019-03-20 00:26:43 -05:00
Spring Operator 3b89754926 URL Cleanup 
This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).

# HTTP URLs that Could Not Be Fixed
These URLs were unable to be fixed. Please review them to see if they can be manually resolved.

* http://blog.opensecurityresearch.com/2012/02/json-csrf-with-parameter-padding.html (200) with 1 occurrences could not be migrated:
   ([https](https://blog.opensecurityresearch.com/2012/02/json-csrf-with-parameter-padding.html) result ClosedChannelException).
* http://bouncy-castle.1462172.n4.nabble.com/Java-Bouncy-Castle-scrypt-implementation-td4656832.html (200) with 1 occurrences could not be migrated:
   ([https](https://bouncy-castle.1462172.n4.nabble.com/Java-Bouncy-Castle-scrypt-implementation-td4656832.html) result SSLHandshakeException).
* http://cujojs.com/ (200) with 1 occurrences could not be migrated:
   ([https](https://cujojs.com/) result SSLHandshakeException).
* http://erik.eae.net/archives/2007/07/27/18.54.15/ (200) with 1 occurrences could not be migrated:
   ([https](https://erik.eae.net/archives/2007/07/27/18.54.15/) result SSLHandshakeException).
* http://javascript.nwbox.com/IEContentLoaded/ (200) with 1 occurrences could not be migrated:
   ([https](https://javascript.nwbox.com/IEContentLoaded/) result SSLHandshakeException).
* http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2011-February/007533.html (200) with 1 occurrences could not be migrated:
   ([https](https://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2011-February/007533.html) result SSLHandshakeException).
* http://monkeymachine.co.uk/ (200) with 2 occurrences could not be migrated:
   ([https](https://monkeymachine.co.uk/) result SSLHandshakeException).
* http://perfectionkills.com/detecting-event-support-without-browser-sniffing/ (200) with 1 occurrences could not be migrated:
   ([https](https://perfectionkills.com/detecting-event-support-without-browser-sniffing/) result SSLHandshakeException).
* http://somesite.com/login (200) with 3 occurrences could not be migrated:
   ([https](https://somesite.com/login) result AnnotatedConnectException).
* http://someurl.com/ (200) with 2 occurrences could not be migrated:
   ([https](https://someurl.com/) result SSLHandshakeException).
* http://sscce.org/ (200) with 1 occurrences could not be migrated:
   ([https](https://sscce.org/) result SSLHandshakeException).
* http://webblaze.cs.berkeley.edu/papers/barth-caballero-song.pdf (200) with 2 occurrences could not be migrated:
   ([https](https://webblaze.cs.berkeley.edu/papers/barth-caballero-song.pdf) result 404).
* http://www.example.com:80/ (200) with 1 occurrences could not be migrated:
   ([https](https://www.example.com:80/) result NotSslRecordException).
* http://www.faqs.org/qa/rfcc-1940.html (200) with 3 occurrences could not be migrated:
   ([https](https://www.faqs.org/qa/rfcc-1940.html) result AnnotatedConnectException).
* http://www.faqs.org/rfcs/rfc1945.html (200) with 2 occurrences could not be migrated:
   ([https](https://www.faqs.org/rfcs/rfc1945.html) result AnnotatedConnectException).
* http://www.faqs.org/rfcs/rfc3548.html (200) with 3 occurrences could not be migrated:
   ([https](https://www.faqs.org/rfcs/rfc3548.html) result AnnotatedConnectException).
* http://www.zytrax.com/books/ldap/ (200) with 2 occurrences could not be migrated:
   ([https](https://www.zytrax.com/books/ldap/) result AnnotatedConnectException).
* http://blindsignals.com/index.php/2009/07/jquery-delay/ (301) with 1 occurrences could not be migrated:
   ([https](https://blindsignals.com/index.php/2009/07/jquery-delay/) result SSLHandshakeException).
* http://www.faqs.org/ (301) with 1 occurrences could not be migrated:
   ([https](https://www.faqs.org/) result AnnotatedConnectException).
* http://sam.zoy.org/wtfpl/ (301) with 2 occurrences could not be migrated:
   ([https](https://sam.zoy.org/wtfpl/) result SSLHandshakeException).
* http://hey.openid.com/ (302) with 1 occurrences could not be migrated:
   ([https](https://hey.openid.com/) result SSLHandshakeException).
* http://iharder.net/base64 (303) with 2 occurrences could not be migrated:
   ([https](https://iharder.net/base64) result AnnotatedConnectException).
* http://jaspan.com/improved_persistent_login_cookie_best_practice (500) with 3 occurrences could not be migrated:
   ([https](https://jaspan.com/improved_persistent_login_cookie_best_practice) result AnnotatedConnectException).

# Fixed URLs

## Fixed But Review Recommended
These URLs were fixed, but the https status was not OK. However, the https status was the same as the http request or http redirected to an https URL, so they were migrated. Your review is recommended.

* http://www.relaxng.org/ (301) with 1 occurrences migrated to:
  https://relaxng.org/ ([https](https://www.relaxng.org/) result SSLHandshakeException).
* http://www.relaxng.org (301) with 1 occurrences migrated to:
  https://relaxng.org/ ([https](https://www.relaxng.org) result SSLHandshakeException).
* http://tools.ietf.org/html/draft-ietf-websec-x-frame-options (301) with 2 occurrences migrated to:
  https://tools.ietf.org/html/draft-ietf-websec-x-frame-options ([https](https://tools.ietf.org/html/draft-ietf-websec-x-frame-options) result ReadTimeoutException).
* http://foo.test.com (302) with 2 occurrences migrated to:
  https://www.test.com ([https](https://foo.test.com) result SSLHandshakeException).
* http://abc.test.com (302) with 2 occurrences migrated to:
  https://www.test.com ([https](https://abc.test.com) result SSLHandshakeException).
* http://192.168.1:8080 (ConnectTimeoutException) with 2 occurrences migrated to:
  https://192.168.1:8080 ([https](https://192.168.1:8080) result ConnectTimeoutException).
* http://www.example.com:8080/mycontext/secure/page.html (ConnectTimeoutException) with 1 occurrences migrated to:
  https://www.example.com:8080/mycontext/secure/page.html ([https](https://www.example.com:8080/mycontext/secure/page.html) result ConnectTimeoutException).
* http://www.example.com:8888/bigWebApp/hello (ConnectTimeoutException) with 1 occurrences migrated to:
  https://www.example.com:8888/bigWebApp/hello ([https](https://www.example.com:8888/bigWebApp/hello) result ConnectTimeoutException).
* http://www.example.com:8888/bigWebApp/hello/pathInfo.html?open=true (ConnectTimeoutException) with 1 occurrences migrated to:
  https://www.example.com:8888/bigWebApp/hello/pathInfo.html?open=true ([https](https://www.example.com:8888/bigWebApp/hello/pathInfo.html?open=true) result ConnectTimeoutException).
* http://www.opensymphony.com/sitemesh/decorator (ConnectTimeoutException) with 1 occurrences migrated to:
  https://www.opensymphony.com/sitemesh/decorator ([https](https://www.opensymphony.com/sitemesh/decorator) result ConnectTimeoutException).
* http://www.opensymphony.com/sitemesh/page (ConnectTimeoutException) with 1 occurrences migrated to:
  https://www.opensymphony.com/sitemesh/page ([https](https://www.opensymphony.com/sitemesh/page) result ConnectTimeoutException).
* http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd (ReadTimeoutException) with 1 occurrences migrated to:
  https://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd ([https](https://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd) result ReadTimeoutException).
* http://axschema.org/ (UnknownHostException) with 2 occurrences migrated to:
  https://axschema.org/ ([https](https://axschema.org/) result UnknownHostException).
* http://axschema.org/contact/email (UnknownHostException) with 23 occurrences migrated to:
  https://axschema.org/contact/email ([https](https://axschema.org/contact/email) result UnknownHostException).
* http://axschema.org/namePerson (UnknownHostException) with 5 occurrences migrated to:
  https://axschema.org/namePerson ([https](https://axschema.org/namePerson) result UnknownHostException).
* http://axschema.org/namePerson/first (UnknownHostException) with 4 occurrences migrated to:
  https://axschema.org/namePerson/first ([https](https://axschema.org/namePerson/first) result UnknownHostException).
* http://axschema.org/namePerson/last (UnknownHostException) with 4 occurrences migrated to:
  https://axschema.org/namePerson/last ([https](https://axschema.org/namePerson/last) result UnknownHostException).
* http://context.blah.com/context/remainder (UnknownHostException) with 1 occurrences migrated to:
  https://context.blah.com/context/remainder ([https](https://context.blah.com/context/remainder) result UnknownHostException).
* http://default (UnknownHostException) with 12 occurrences migrated to:
  https://default ([https](https://default) result UnknownHostException).
* http://endpoint (UnknownHostException) with 4 occurrences migrated to:
  https://endpoint ([https](https://endpoint) result UnknownHostException).
* http://endpoint?id_token_hint=id-token (UnknownHostException) with 2 occurrences migrated to:
  https://endpoint?id_token_hint=id-token ([https](https://endpoint?id_token_hint=id-token) result UnknownHostException).
* http://example.com&param1=value1&param2=value2 (UnknownHostException) with 1 occurrences migrated to:
  https://example.com&param1=value1&param2=value2 ([https](https://example.com&param1=value1&param2=value2) result UnknownHostException).
* http://host/myapp/index.html;jsessionid=blah (UnknownHostException) with 1 occurrences migrated to:
  https://host/myapp/index.html;jsessionid=blah ([https](https://host/myapp/index.html;jsessionid=blah) result UnknownHostException).
* http://http://context.blah.com/context/remainder (UnknownHostException) with 1 occurrences migrated to:
  https://http://context.blah.com/context/remainder ([https](https://https://context.blah.com/context/remainder) result UnknownHostException).
* http://id.openid.zz (UnknownHostException) with 2 occurrences migrated to:
  https://id.openid.zz ([https](https://id.openid.zz) result UnknownHostException).
* http://invalid-provider.com/oauth2/token (UnknownHostException) with 4 occurrences migrated to:
  https://invalid-provider.com/oauth2/token ([https](https://invalid-provider.com/oauth2/token) result UnknownHostException).
* http://invalid-provider.com/user (UnknownHostException) with 4 occurrences migrated to:
  https://invalid-provider.com/user ([https](https://invalid-provider.com/user) result UnknownHostException).
* http://issuer/.well-known/jwks.json (UnknownHostException) with 2 occurrences migrated to:
  https://issuer/.well-known/jwks.json ([https](https://issuer/.well-known/jwks.json) result UnknownHostException).
* http://issuer/certs (UnknownHostException) with 1 occurrences migrated to:
  https://issuer/certs ([https](https://issuer/certs) result UnknownHostException).
* http://jimi.hendrix.myopenid.com/ (UnknownHostException) with 1 occurrences migrated to:
  https://jimi.hendrix.myopenid.com/ ([https](https://jimi.hendrix.myopenid.com/) result UnknownHostException).
* http://joe.myopenid.com/ (UnknownHostException) with 3 occurrences migrated to:
  https://joe.myopenid.com/ ([https](https://joe.myopenid.com/) result UnknownHostException).
* http://logout (UnknownHostException) with 2 occurrences migrated to:
  https://logout ([https](https://logout) result UnknownHostException).
* http://logout?id_token_hint=id-token (UnknownHostException) with 2 occurrences migrated to:
  https://logout?id_token_hint=id-token ([https](https://logout?id_token_hint=id-token) result UnknownHostException).
* http://openid.aol.com/ (UnknownHostException) with 2 occurrences migrated to:
  https://openid.aol.com/ ([https](https://openid.aol.com/) result UnknownHostException).
* http://pip.verisignlabs.com/server (UnknownHostException) with 2 occurrences migrated to:
  https://pip.verisignlabs.com/server ([https](https://pip.verisignlabs.com/server) result UnknownHostException).
* http://postlogout?encodedparam%3Dvalue (UnknownHostException) with 2 occurrences migrated to:
  https://postlogout?encodedparam%3Dvalue ([https](https://postlogout?encodedparam%3Dvalue) result UnknownHostException).
* http://postlogout?encodedparam=value (UnknownHostException) with 2 occurrences migrated to:
  https://postlogout?encodedparam=value ([https](https://postlogout?encodedparam=value) result UnknownHostException).
* http://schema.openid.net/contact/email (UnknownHostException) with 5 occurrences migrated to:
  https://schema.openid.net/contact/email ([https](https://schema.openid.net/contact/email) result UnknownHostException).
* http://schema.openid.net/namePerson (UnknownHostException) with 2 occurrences migrated to:
  https://schema.openid.net/namePerson ([https](https://schema.openid.net/namePerson) result UnknownHostException).
* http://some.site.org/index.html (UnknownHostException) with 1 occurrences migrated to:
  https://some.site.org/index.html ([https](https://some.site.org/index.html) result UnknownHostException).
* http://something/ (UnknownHostException) with 1 occurrences migrated to:
  https://something/ ([https](https://something/) result UnknownHostException).
* http://specs.openid.net/auth/2.0 (UnknownHostException) with 2 occurrences migrated to:
  https://specs.openid.net/auth/2.0 ([https](https://specs.openid.net/auth/2.0) result UnknownHostException).
* http://specs.openid.net/auth/2.0/identifier_select (UnknownHostException) with 4 occurrences migrated to:
  https://specs.openid.net/auth/2.0/identifier_select ([https](https://specs.openid.net/auth/2.0/identifier_select) result UnknownHostException).
* http://wiki.fasterxml.com/JacksonFeatureModules (UnknownHostException) with 1 occurrences migrated to:
  https://wiki.fasterxml.com/JacksonFeatureModules ([https](https://wiki.fasterxml.com/JacksonFeatureModules) result UnknownHostException).
* http://www.faqs (UnknownHostException) with 1 occurrences migrated to:
  https://www.faqs ([https](https://www.faqs) result UnknownHostException).
* http://www.test123.com (UnknownHostException) with 1 occurrences migrated to:
  https://www.test123.com ([https](https://www.test123.com) result UnknownHostException).
* http://en.wikipedia.org/wiki/Defense_in_depth_%28computing%29 (301) with 1 occurrences migrated to:
  https://en.wikipedia.org/wiki/Defense_in_depth_%2528computing%2529 ([https](https://en.wikipedia.org/wiki/Defense_in_depth_%28computing%29) result 400).
* http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ForwardedRequestCustomizer.html (404) with 1 occurrences migrated to:
  https://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ForwardedRequestCustomizer.html ([https](https://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ForwardedRequestCustomizer.html) result 404).
* http://example.com/auth (404) with 2 occurrences migrated to:
  https://example.com/auth ([https](https://example.com/auth) result 404).
* http://example.com/info (404) with 2 occurrences migrated to:
  https://example.com/info ([https](https://example.com/info) result 404).
* http://example.com/jwkset (404) with 2 occurrences migrated to:
  https://example.com/jwkset ([https](https://example.com/jwkset) result 404).
* http://example.com/login/oauth2/code/registration-id (404) with 1 occurrences migrated to:
  https://example.com/login/oauth2/code/registration-id ([https](https://example.com/login/oauth2/code/registration-id) result 404).
* http://example.com/login/oauth2/code/registration-id-2 (404) with 1 occurrences migrated to:
  https://example.com/login/oauth2/code/registration-id-2 ([https](https://example.com/login/oauth2/code/registration-id-2) result 404).
* http://example.com/path?a=b&c=d (404) with 1 occurrences migrated to:
  https://example.com/path?a=b&c=d ([https](https://example.com/path?a=b&c=d) result 404).
* http://example.com/pkp-report (404) with 5 occurrences migrated to:
  https://example.com/pkp-report ([https](https://example.com/pkp-report) result 404).
* http://example.com/token (404) with 2 occurrences migrated to:
  https://example.com/token ([https](https://example.com/token) result 404).
* http://example.net/pkp-report (404) with 7 occurrences migrated to:
  https://example.net/pkp-report ([https](https://example.net/pkp-report) result 404).
* http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/ (301) with 1 occurrences migrated to:
  https://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/ ([https](https://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/) result 404).
* http://html5shim.googlecode.com/svn/trunk/html5.js (404) with 6 occurrences migrated to:
  https://html5shim.googlecode.com/svn/trunk/html5.js ([https](https://html5shim.googlecode.com/svn/trunk/html5.js) result 404).
* http://json.org/json2.js (404) with 1 occurrences migrated to:
  https://json.org/json2.js ([https](https://json.org/json2.js) result 404).
* http://openid-selector.googlecode.com/svn/trunk/ (404) with 2 occurrences migrated to:
  https://openid-selector.googlecode.com/svn/trunk/ ([https](https://openid-selector.googlecode.com/svn/trunk/) result 404).
* http://provider.com/user (302) with 2 occurrences migrated to:
  https://provider.com/user ([https](https://provider.com/user) result 404).
* http://relaxng.org/ns/compatibility/annotations/1.0 (301) with 8 occurrences migrated to:
  https://relaxng.org/ns/compatibility/annotations/1.0 ([https](https://relaxng.org/ns/compatibility/annotations/1.0) result 404).
* http://www.example.com/bigWebApp/hello (404) with 2 occurrences migrated to:
  https://www.example.com/bigWebApp/hello ([https](https://www.example.com/bigWebApp/hello) result 404).
* http://www.example.com/bigWebApp/hello/pathInfo.html?open=true (404) with 1 occurrences migrated to:
  https://www.example.com/bigWebApp/hello/pathInfo.html?open=true ([https](https://www.example.com/bigWebApp/hello/pathInfo.html?open=true) result 404).
* http://www.example.com/identity (404) with 1 occurrences migrated to:
  https://www.example.com/identity ([https](https://www.example.com/identity) result 404).
* http://www.example.com/login/openid (404) with 2 occurrences migrated to:
  https://www.example.com/login/openid ([https](https://www.example.com/login/openid) result 404).
* http://www.example.com/mycontext/HelloWorld (404) with 1 occurrences migrated to:
  https://www.example.com/mycontext/HelloWorld ([https](https://www.example.com/mycontext/HelloWorld) result 404).
* http://www.example.com/mycontext/HelloWorld/some/more/segments.html (404) with 1 occurrences migrated to:
  https://www.example.com/mycontext/HelloWorld/some/more/segments.html ([https](https://www.example.com/mycontext/HelloWorld/some/more/segments.html) result 404).
* http://www.example.com/mycontext/HelloWorld?foo=bar (404) with 1 occurrences migrated to:
  https://www.example.com/mycontext/HelloWorld?foo=bar ([https](https://www.example.com/mycontext/HelloWorld?foo=bar) result 404).
* http://www.example.com/mycontext/secure/page.html (404) with 3 occurrences migrated to:
  https://www.example.com/mycontext/secure/page.html ([https](https://www.example.com/mycontext/secure/page.html) result 404).
* http://www.example.com/realm (404) with 1 occurrences migrated to:
  https://www.example.com/realm ([https](https://www.example.com/realm) result 404).
* http://www.example.com/redirect (404) with 1 occurrences migrated to:
  https://www.example.com/redirect ([https](https://www.example.com/redirect) result 404).
* http://www.example.org/do/something (404) with 4 occurrences migrated to:
  https://www.example.org/do/something ([https](https://www.example.org/do/something) result 404).
* http://www.ibm.com/developerworks/tivoli/library/t-ldap-controls/ (301) with 1 occurrences migrated to:
  https://www.ibm.com/developerworks/tivoli/library/t-ldap-controls/ ([https](https://www.ibm.com/developerworks/tivoli/library/t-ldap-controls/) result 404).
* http://www.json.org/json2.js (404) with 1 occurrences migrated to:
  https://www.json.org/json2.js ([https](https://www.json.org/json2.js) result 404).
* http://www.thymeleaf.org/thymeleaf-extras-springsecurity5 (301) with 5 occurrences migrated to:
  https://www.thymeleaf.org/thymeleaf-extras-springsecurity5 ([https](https://www.thymeleaf.org/thymeleaf-extras-springsecurity5) result 404).

## Fixed Success
These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.

* http://blog.ircmaxell.com/2014/03/why-i-dont-recommend-scrypt.html with 1 occurrences migrated to:
  https://blog.ircmaxell.com/2014/03/why-i-dont-recommend-scrypt.html ([https](https://blog.ircmaxell.com/2014/03/why-i-dont-recommend-scrypt.html) result 200).
* http://bugs.jquery.com/ticket/12282 with 1 occurrences migrated to:
  https://bugs.jquery.com/ticket/12282 ([https](https://bugs.jquery.com/ticket/12282) result 200).
* http://bugs.jquery.com/ticket/12359 with 1 occurrences migrated to:
  https://bugs.jquery.com/ticket/12359 ([https](https://bugs.jquery.com/ticket/12359) result 200).
* http://claimid.com/ with 2 occurrences migrated to:
  https://claimid.com/ ([https](https://claimid.com/) result 200).
* http://dist.springsource.org/snapshot/GRECLIPSE/e4.7/ with 1 occurrences migrated to:
  https://dist.springsource.org/snapshot/GRECLIPSE/e4.7/ ([https](https://dist.springsource.org/snapshot/GRECLIPSE/e4.7/) result 200).
* http://docs.oracle.com/javaee/6/api/javax/servlet/AsyncContext.html with 1 occurrences migrated to:
  https://docs.oracle.com/javaee/6/api/javax/servlet/AsyncContext.html ([https](https://docs.oracle.com/javaee/6/api/javax/servlet/AsyncContext.html) result 200).
* http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html with 26 occurrences migrated to:
  https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html ([https](https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html) result 200).
* http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html with 1 occurrences migrated to:
  https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html ([https](https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html) result 200).
* http://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html with 1 occurrences migrated to:
  https://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html ([https](https://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html) result 200).
* http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html with 1 occurrences migrated to:
  https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html ([https](https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html) result 200).
* http://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html with 1 occurrences migrated to:
  https://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html ([https](https://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html) result 200).
* http://docs.spring.io/spring-framework/docs/4.0.x/spring-framework-reference/htmlsingle/ with 2 occurrences migrated to:
  https://docs.spring.io/spring-framework/docs/4.0.x/spring-framework-reference/htmlsingle/ ([https](https://docs.spring.io/spring-framework/docs/4.0.x/spring-framework-reference/htmlsingle/) result 200).
* http://static.springsource.org/spring-security/site/docs/3.0.x/reference/remember-me.html (301) with 1 occurrences migrated to:
  https://docs.spring.io/spring-security/site/docs/3.0.x/reference/remember-me.html ([https](https://static.springsource.org/spring-security/site/docs/3.0.x/reference/remember-me.html) result 200).
* http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html (301) with 1 occurrences migrated to:
  https://docs.spring.io/spring-security/site/docs/3.1.x/reference/springsecurity-single.html ([https](https://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html) result 200).
* http://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/ with 1 occurrences migrated to:
  https://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/ ([https](https://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/) result 200).
* http://docs.spring.io/spring-security/site/docs/current/api/ with 1 occurrences migrated to:
  https://docs.spring.io/spring-security/site/docs/current/api/ ([https](https://docs.spring.io/spring-security/site/docs/current/api/) result 200).
* http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/ with 3 occurrences migrated to:
  https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/ ([https](https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/) result 200).
* http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html (301) with 1 occurrences migrated to:
  https://docs.spring.io/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html ([https](https://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html) result 200).
* http://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/beans.html with 1 occurrences migrated to:
  https://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/beans.html ([https](https://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/beans.html) result 200).
* http://docs.spring.io/spring/docs/3.2.x/javadoc-api/org/springframework/web/multipart/support/MultipartFilter.html with 1 occurrences migrated to:
  https://docs.spring.io/spring/docs/3.2.x/javadoc-api/org/springframework/web/multipart/support/MultipartFilter.html ([https](https://docs.spring.io/spring/docs/3.2.x/javadoc-api/org/springframework/web/multipart/support/MultipartFilter.html) result 200).
* http://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/mvc.html with 3 occurrences migrated to:
  https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/mvc.html ([https](https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/mvc.html) result 200).
* http://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/view.html with 1 occurrences migrated to:
  https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/view.html ([https](https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/view.html) result 200).
* http://en.wikipedia.org/wiki/Clickjacking with 9 occurrences migrated to:
  https://en.wikipedia.org/wiki/Clickjacking ([https](https://en.wikipedia.org/wiki/Clickjacking) result 200).
* http://en.wikipedia.org/wiki/Content_sniffing with 2 occurrences migrated to:
  https://en.wikipedia.org/wiki/Content_sniffing ([https](https://en.wikipedia.org/wiki/Content_sniffing) result 200).
* http://en.wikipedia.org/wiki/Cross-site_request_forgery with 11 occurrences migrated to:
  https://en.wikipedia.org/wiki/Cross-site_request_forgery ([https](https://en.wikipedia.org/wiki/Cross-site_request_forgery) result 200).
* http://en.wikipedia.org/wiki/Cross-site_scripting with 7 occurrences migrated to:
  https://en.wikipedia.org/wiki/Cross-site_scripting ([https](https://en.wikipedia.org/wiki/Cross-site_scripting) result 200).
* http://en.wikipedia.org/wiki/Firesheep with 1 occurrences migrated to:
  https://en.wikipedia.org/wiki/Firesheep ([https](https://en.wikipedia.org/wiki/Firesheep) result 200).
* http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security with 4 occurrences migrated to:
  https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security ([https](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) result 200).
* http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol with 1 occurrences migrated to:
  https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol ([https](https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol) result 200).
* http://en.wikipedia.org/wiki/Man-in-the-middle_attack with 2 occurrences migrated to:
  https://en.wikipedia.org/wiki/Man-in-the-middle_attack ([https](https://en.wikipedia.org/wiki/Man-in-the-middle_attack) result 200).
* http://en.wikipedia.org/wiki/Null_Object_pattern with 1 occurrences migrated to:
  https://en.wikipedia.org/wiki/Null_Object_pattern ([https](https://en.wikipedia.org/wiki/Null_Object_pattern) result 200).
* http://en.wikipedia.org/wiki/SRV_record with 2 occurrences migrated to:
  https://en.wikipedia.org/wiki/SRV_record ([https](https://en.wikipedia.org/wiki/SRV_record) result 200).
* http://en.wikipedia.org/wiki/Same-origin_policy with 1 occurrences migrated to:
  https://en.wikipedia.org/wiki/Same-origin_policy ([https](https://en.wikipedia.org/wiki/Same-origin_policy) result 200).
* http://en.wikipedia.org/wiki/Session_fixation with 6 occurrences migrated to:
  https://en.wikipedia.org/wiki/Session_fixation ([https](https://en.wikipedia.org/wiki/Session_fixation) result 200).
* http://example.com with 8 occurrences migrated to:
  https://example.com ([https](https://example.com) result 200).
* http://example.com/ with 1 occurrences migrated to:
  https://example.com/ ([https](https://example.com/) result 200).
* http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice with 2 occurrences migrated to:
  https://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice ([https](https://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice) result 200).
* http://flywaydb.org/ with 1 occurrences migrated to:
  https://flywaydb.org/ ([https](https://flywaydb.org/) result 200).
* http://getbootstrap.com/docs/4.0/examples/signin/signin.css with 1 occurrences migrated to:
  https://getbootstrap.com/docs/4.0/examples/signin/signin.css ([https](https://getbootstrap.com/docs/4.0/examples/signin/signin.css) result 200).
* http://gradle.org with 1 occurrences migrated to:
  https://gradle.org ([https](https://gradle.org) result 200).
* http://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/ with 2 occurrences migrated to:
  https://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/ ([https](https://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/) result 200).
* http://joshlong.com/jl/blogPost/tech_tip_geting_started_with_spring_boot.html with 2 occurrences migrated to:
  https://joshlong.com/jl/blogPost/tech_tip_geting_started_with_spring_boot.html ([https](https://joshlong.com/jl/blogPost/tech_tip_geting_started_with_spring_boot.html) result 200).
* http://jquery.com/ with 1 occurrences migrated to:
  https://jquery.com/ ([https](https://jquery.com/) result 200).
* http://knockoutjs.com/ with 1 occurrences migrated to:
  https://knockoutjs.com/ ([https](https://knockoutjs.com/) result 200).
* http://marketplace.eclipse.org/content/anyedit-tools with 1 occurrences migrated to:
  https://marketplace.eclipse.org/content/anyedit-tools ([https](https://marketplace.eclipse.org/content/anyedit-tools) result 200).
* http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html with 1 occurrences migrated to:
  https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html ([https](https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html) result 200).
* http://openid.net with 1 occurrences migrated to:
  https://openid.net ([https](https://openid.net) result 200).
* http://openid.net/ with 1 occurrences migrated to:
  https://openid.net/ ([https](https://openid.net/) result 200).
* http://openid.net/certification/ with 4 occurrences migrated to:
  https://openid.net/certification/ ([https](https://openid.net/certification/) result 200).
* http://openid.net/connect/ with 4 occurrences migrated to:
  https://openid.net/connect/ ([https](https://openid.net/connect/) result 200).
* http://openid.net/specs/openid-attribute-exchange-1_0.html with 3 occurrences migrated to:
  https://openid.net/specs/openid-attribute-exchange-1_0.html ([https](https://openid.net/specs/openid-attribute-exchange-1_0.html) result 200).
* http://openid.net/specs/openid-connect-core-1_0.html with 50 occurrences migrated to:
  https://openid.net/specs/openid-connect-core-1_0.html ([https](https://openid.net/specs/openid-connect-core-1_0.html) result 200).
* http://openid.net/specs/openid-connect-session-1_0.html with 2 occurrences migrated to:
  https://openid.net/specs/openid-connect-session-1_0.html ([https](https://openid.net/specs/openid-connect-session-1_0.html) result 200).
* http://sizzlejs.com/ with 2 occurrences migrated to:
  https://sizzlejs.com/ ([https](https://sizzlejs.com/) result 200).
* http://spring.io/blog/2009/01/03/spring-security-customization-part-2-adjusting-secured-session-in-real-time with 1 occurrences migrated to:
  https://spring.io/blog/2009/01/03/spring-security-customization-part-2-adjusting-secured-session-in-real-time ([https](https://spring.io/blog/2009/01/03/spring-security-customization-part-2-adjusting-secured-session-in-real-time) result 200).
* http://blog.springsource.com/2010/03/06/behind-the-spring-security-namespace/ (301) with 1 occurrences migrated to:
  https://spring.io/blog/2010/03/06/behind-the-spring-security-namespace/ ([https](https://blog.springsource.com/2010/03/06/behind-the-spring-security-namespace/) result 200).
* http://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/ (301) with 1 occurrences migrated to:
  https://spring.io/blog/2010/08/02/spring-security-in-google-app-engine/ ([https](https://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/) result 200).
* http://spring.io/projects with 1 occurrences migrated to:
  https://spring.io/projects ([https](https://spring.io/projects) result 200).
* http://spring.io/services with 1 occurrences migrated to:
  https://spring.io/services ([https](https://spring.io/services) result 200).
* http://stackoverflow.com/questions/tagged/spring-security with 1 occurrences migrated to:
  https://stackoverflow.com/questions/tagged/spring-security ([https](https://stackoverflow.com/questions/tagged/spring-security) result 200).
* http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html with 2 occurrences migrated to:
  https://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html ([https](https://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html) result 200).
* http://tools.ietf.org/html/rfc6797 with 15 occurrences migrated to:
  https://tools.ietf.org/html/rfc6797 ([https](https://tools.ietf.org/html/rfc6797) result 200).
* http://tools.ietf.org/html/rfc7469 with 18 occurrences migrated to:
  https://tools.ietf.org/html/rfc7469 ([https](https://tools.ietf.org/html/rfc7469) result 200).
* http://vimeo.com/34436402 with 1 occurrences migrated to:
  https://vimeo.com/34436402 ([https](https://vimeo.com/34436402) result 200).
* http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails/ with 1 occurrences migrated to:
  https://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails/ ([https](https://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails/) result 200).
* http://www.ja-sig.org/cas (301) with 1 occurrences migrated to:
  https://www.apereo.org ([https](https://www.ja-sig.org/cas) result 200).
* http://ehcache.sourceforge.net (301) with 2 occurrences migrated to:
  https://www.ehcache.org/ ([https](https://ehcache.sourceforge.net) result 200).
* http://www.html5rocks.com/en/tutorials/security/content-security-policy/ with 2 occurrences migrated to:
  https://www.html5rocks.com/en/tutorials/security/content-security-policy/ ([https](https://www.html5rocks.com/en/tutorials/security/content-security-policy/) result 200).
* http://www.ietf.org/rfc/rfc2396.txt with 3 occurrences migrated to:
  https://www.ietf.org/rfc/rfc2396.txt ([https](https://www.ietf.org/rfc/rfc2396.txt) result 200).
* http://www.ietf.org/rfc/rfc2617.txt with 1 occurrences migrated to:
  https://www.ietf.org/rfc/rfc2617.txt ([https](https://www.ietf.org/rfc/rfc2617.txt) result 200).
* http://www.liquibase.org/ with 1 occurrences migrated to:
  https://www.liquibase.org/ ([https](https://www.liquibase.org/) result 200).
* http://www.openbsd.org/papers/bcrypt-paper.ps with 1 occurrences migrated to:
  https://www.openbsd.org/papers/bcrypt-paper.ps ([https](https://www.openbsd.org/papers/bcrypt-paper.ps) result 200).
* http://www.springframework.org/schema/aop/spring-aop-2.5.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/aop/spring-aop-2.5.xsd ([https](https://www.springframework.org/schema/aop/spring-aop-2.5.xsd) result 200).
* http://www.springframework.org/schema/beans/spring-beans-2.5.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/beans/spring-beans-2.5.xsd ([https](https://www.springframework.org/schema/beans/spring-beans-2.5.xsd) result 200).
* http://www.springframework.org/schema/beans/spring-beans-3.0.xsd with 2 occurrences migrated to:
  https://www.springframework.org/schema/beans/spring-beans-3.0.xsd ([https](https://www.springframework.org/schema/beans/spring-beans-3.0.xsd) result 200).
* http://www.springframework.org/schema/beans/spring-beans.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/beans/spring-beans.xsd ([https](https://www.springframework.org/schema/beans/spring-beans.xsd) result 200).
* http://www.springframework.org/schema/context/spring-context-2.5.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/context/spring-context-2.5.xsd ([https](https://www.springframework.org/schema/context/spring-context-2.5.xsd) result 200).
* http://www.springframework.org/schema/mvc/spring-mvc.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/mvc/spring-mvc.xsd ([https](https://www.springframework.org/schema/mvc/spring-mvc.xsd) result 200).
* http://www.springframework.org/schema/security/spring-security.xsd with 3 occurrences migrated to:
  https://www.springframework.org/schema/security/spring-security.xsd ([https](https://www.springframework.org/schema/security/spring-security.xsd) result 200).
* http://www.springframework.org/schema/websocket/spring-websocket.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/websocket/spring-websocket.xsd ([https](https://www.springframework.org/schema/websocket/spring-websocket.xsd) result 200).
* http://www.test.com with 9 occurrences migrated to:
  https://www.test.com ([https](https://www.test.com) result 200).
* http://www.thymeleaf.org with 25 occurrences migrated to:
  https://www.thymeleaf.org ([https](https://www.thymeleaf.org) result 200).
* http://www.thymeleaf.org/ with 3 occurrences migrated to:
  https://www.thymeleaf.org/ ([https](https://www.thymeleaf.org/) result 200).
* http://www.thymeleaf.org/dtd/xhtml1-strict-thymeleaf-spring4-3.dtd with 1 occurrences migrated to:
  https://www.thymeleaf.org/dtd/xhtml1-strict-thymeleaf-spring4-3.dtd ([https](https://www.thymeleaf.org/dtd/xhtml1-strict-thymeleaf-spring4-3.dtd) result 200).
* http://www.thymeleaf.org/whatsnew21.html with 1 occurrences migrated to:
  https://www.thymeleaf.org/whatsnew21.html ([https](https://www.thymeleaf.org/whatsnew21.html) result 200).
* http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html with 2 occurrences migrated to:
  https://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html ([https](https://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html) result 200).
* http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html with 1 occurrences migrated to:
  https://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html ([https](https://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html) result 200).
* http://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html with 1 occurrences migrated to:
  https://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html ([https](https://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html) result 200).
* http://www.w3.org/TR/2011/REC-css3-selectors-20110929/ with 2 occurrences migrated to:
  https://www.w3.org/TR/2011/REC-css3-selectors-20110929/ ([https](https://www.w3.org/TR/2011/REC-css3-selectors-20110929/) result 200).
* http://www.w3.org/TR/CSS21/syndata.html with 1 occurrences migrated to:
  https://www.w3.org/TR/CSS21/syndata.html ([https](https://www.w3.org/TR/CSS21/syndata.html) result 200).
* http://www.w3.org/TR/selectors/ with 3 occurrences migrated to:
  https://www.w3.org/TR/selectors/ ([https](https://www.w3.org/TR/selectors/) result 200).
* http://www.youtube.com/watch?v=3mk0RySeNsU with 2 occurrences migrated to:
  https://www.youtube.com/watch?v=3mk0RySeNsU ([https](https://www.youtube.com/watch?v=3mk0RySeNsU) result 200).
* http://api.jquery.com/jQuery.browser with 1 occurrences migrated to:
  https://api.jquery.com/jQuery.browser ([https](https://api.jquery.com/jQuery.browser) result 301).
* http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx with 1 occurrences migrated to:
  https://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx ([https](https://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx) result 301).
* http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx with 2 occurrences migrated to:
  https://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx ([https](https://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx) result 301).
* http://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx with 2 occurrences migrated to:
  https://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx ([https](https://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx) result 301).
* http://code.google.com/p/openid-selector/ with 3 occurrences migrated to:
  https://code.google.com/p/openid-selector/ ([https](https://code.google.com/p/openid-selector/) result 301).
* http://contributor-covenant.org with 1 occurrences migrated to:
  https://contributor-covenant.org ([https](https://contributor-covenant.org) result 301).
* http://contributor-covenant.org/version/1/3/0/ with 1 occurrences migrated to:
  https://contributor-covenant.org/version/1/3/0/ ([https](https://contributor-covenant.org/version/1/3/0/) result 301).
* http://dev.w3.org/csswg/cssom/ with 1 occurrences migrated to:
  https://dev.w3.org/csswg/cssom/ ([https](https://dev.w3.org/csswg/cssom/) result 301).
* http://docs.spring.io with 1 occurrences migrated to:
  https://docs.spring.io ([https](https://docs.spring.io) result 301).
* http://docs.spring.io/spring/docs/current/spring-framework-reference/html/testing.html with 1 occurrences migrated to:
  https://docs.spring.io/spring/docs/current/spring-framework-reference/html/testing.html ([https](https://docs.spring.io/spring/docs/current/spring-framework-reference/html/testing.html) result 301).
* http://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html with 7 occurrences migrated to:
  https://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html ([https](https://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html) result 301).
* http://forum.springsource.org/showthread.php?102783-How-to-use-hasIpAddress&p=343971 (301) with 1 occurrences migrated to:
  https://forum.spring.io/showthread.php?102783-How-to-use-hasIpAddress&p=343971 ([https](https://forum.springsource.org/showthread.php?102783-How-to-use-hasIpAddress&p=343971) result 301).
* http://help.github.com/set-up-git-redirect with 1 occurrences migrated to:
  https://help.github.com/set-up-git-redirect ([https](https://help.github.com/set-up-git-redirect) result 301).
* http://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_ with 1 occurrences migrated to:
  https://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_ ([https](https://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_) result 301).
* http://jquery.org/license with 1 occurrences migrated to:
  https://jquery.org/license ([https](https://jquery.org/license) result 301).
* http://msdn.microsoft.com/en-us/library/dd565647 with 4 occurrences migrated to:
  https://msdn.microsoft.com/en-us/library/dd565647 ([https](https://msdn.microsoft.com/en-us/library/dd565647) result 301).
* http://msdn.microsoft.com/en-us/library/ie/gg622941 with 5 occurrences migrated to:
  https://msdn.microsoft.com/en-us/library/ie/gg622941 ([https](https://msdn.microsoft.com/en-us/library/ie/gg622941) result 301).
* http://openid.net/get/ with 2 occurrences migrated to:
  https://openid.net/get/ ([https](https://openid.net/get/) result 301).
* http://openid.net/what/ with 2 occurrences migrated to:
  https://openid.net/what/ ([https](https://openid.net/what/) result 301).
* http://technorati.com/people/technorati/ with 2 occurrences migrated to:
  https://technorati.com/people/technorati/ ([https](https://technorati.com/people/technorati/) result 301).
* http://twitter.github.com/bootstrap/javascript.html with 13 occurrences migrated to:
  https://twitter.github.com/bootstrap/javascript.html ([https](https://twitter.github.com/bootstrap/javascript.html) result 301).
* http://www.jasig.org/cas with 1 occurrences migrated to:
  https://www.jasig.org/cas ([https](https://www.jasig.org/cas) result 301).
* http://www.modernizr.com/ with 1 occurrences migrated to:
  https://www.modernizr.com/ ([https](https://www.modernizr.com/) result 301).
* http://www.opensource.org/licenses/mit-license.php with 1 occurrences migrated to:
  https://www.opensource.org/licenses/mit-license.php ([https](https://www.opensource.org/licenses/mit-license.php) result 301).
* http://www.oracle.com/technetwork/java/javase/downloads with 1 occurrences migrated to:
  https://www.oracle.com/technetwork/java/javase/downloads ([https](https://www.oracle.com/technetwork/java/javase/downloads) result 301).
* http://www.springframework.org/security with 1 occurrences migrated to:
  https://www.springframework.org/security ([https](https://www.springframework.org/security) result 301).
* http://www.springsource.com/ with 2 occurrences migrated to:
  https://www.springsource.com/ ([https](https://www.springsource.com/) result 301).
* http://www.springsource.org with 1 occurrences migrated to:
  https://www.springsource.org ([https](https://www.springsource.org) result 301).
* http://www.springsource.org/sts with 1 occurrences migrated to:
  https://www.springsource.org/sts ([https](https://www.springsource.org/sts) result 301).
* http://www.thoughtcrime.org/software/sslstrip/ with 1 occurrences migrated to:
  https://www.thoughtcrime.org/software/sslstrip/ ([https](https://www.thoughtcrime.org/software/sslstrip/) result 301).
* http://www.w3.org/TR/css3-selectors/ with 2 occurrences migrated to:
  https://www.w3.org/TR/css3-selectors/ ([https](https://www.w3.org/TR/css3-selectors/) result 301).
* http://www.w3.org/TR/css3-syntax/ with 1 occurrences migrated to:
  https://www.w3.org/TR/css3-syntax/ ([https](https://www.w3.org/TR/css3-syntax/) result 301).
* http://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/ with 2 occurrences migrated to:
  https://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/ ([https](https://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/) result 302).
* http://download.oracle.com/javase/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/login/ConfigFile.html with 1 occurrences migrated to:
  https://download.oracle.com/javase/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/login/ConfigFile.html ([https](https://download.oracle.com/javase/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/login/ConfigFile.html) result 302).
* http://example2.com with 3 occurrences migrated to:
  https://example2.com ([https](https://example2.com) result 302).
* http://flickr.com/ with 2 occurrences migrated to:
  https://flickr.com/ ([https](https://flickr.com/) result 302).
* http://git-scm.com/book/cs/ch7-3.html with 1 occurrences migrated to:
  https://git-scm.com/book/cs/ch7-3.html ([https](https://git-scm.com/book/cs/ch7-3.html) result 302).
* http://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd with 1 occurrences migrated to:
  https://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd ([https](https://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd) result 302).
* http://java.sun.com/j2se/1.4.2/docs/api/javax/naming/directory/DirContext.html with 1 occurrences migrated to:
  https://java.sun.com/j2se/1.4.2/docs/api/javax/naming/directory/DirContext.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/naming/directory/DirContext.html) result 302).
* http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html with 4 occurrences migrated to:
  https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html) result 302).
* http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html with 1 occurrences migrated to:
  https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html) result 302).
* http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/NameCallback.html with 1 occurrences migrated to:
  https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/NameCallback.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/NameCallback.html) result 302).
* http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/PasswordCallback.html with 1 occurrences migrated to:
  https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/PasswordCallback.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/PasswordCallback.html) result 302).
* http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html with 1 occurrences migrated to:
  https://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html ([https](https://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html) result 302).
* http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/callback/CallbackHandler.html with 2 occurrences migrated to:
  https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/callback/CallbackHandler.html ([https](https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/callback/CallbackHandler.html) result 302).
* http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html with 1 occurrences migrated to:
  https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html ([https](https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html) result 302).
* http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html with 2 occurrences migrated to:
  https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html ([https](https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html) result 302).
* http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html with 3 occurrences migrated to:
  https://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html ([https](https://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html) result 302).
* http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd with 1 occurrences migrated to:
  https://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd ([https](https://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd) result 302).
* http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd with 1 occurrences migrated to:
  https://java.sun.com/xml/ns/javaee/web-app_2_5.xsd ([https](https://java.sun.com/xml/ns/javaee/web-app_2_5.xsd) result 302).
* http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd with 2 occurrences migrated to:
  https://java.sun.com/xml/ns/javaee/web-app_3_0.xsd ([https](https://java.sun.com/xml/ns/javaee/web-app_3_0.xsd) result 302).
* http://msdn.microsoft.com/en-us/library/ms680857%28VS.85%29.aspx with 1 occurrences migrated to:
  https://msdn.microsoft.com/en-us/library/ms680857%28VS.85%29.aspx ([https](https://msdn.microsoft.com/en-us/library/ms680857%28VS.85%29.aspx) result 302).
* http://spring.io/spring-security with 1 occurrences migrated to:
  https://spring.io/spring-security ([https](https://spring.io/spring-security) result 302).
* http://spring.io/spring-security/ with 2 occurrences migrated to:
  https://spring.io/spring-security/ ([https](https://spring.io/spring-security/) result 302).
* http://spring.io/tools/sts with 1 occurrences migrated to:
  https://spring.io/tools/sts ([https](https://spring.io/tools/sts) result 302).
* http://tools.ietf.org/draft/draft-behera-ldap-password-policy/draft-behera-ldap-password-policy-09.txt with 2 occurrences migrated to:
  https://tools.ietf.org/draft/draft-behera-ldap-password-policy/draft-behera-ldap-password-policy-09.txt ([https](https://tools.ietf.org/draft/draft-behera-ldap-password-policy/draft-behera-ldap-password-policy-09.txt) result 302).
* http://webauth.stanford.edu/manual/mod/mod_webauth.html with 1 occurrences migrated to:
  https://webauth.stanford.edu/manual/mod/mod_webauth.html ([https](https://webauth.stanford.edu/manual/mod/mod_webauth.html) result 302).
* http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context with 1 occurrences migrated to:
  https://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context ([https](https://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context) result 302).
* http://www.ietf.org/internet-drafts/draft-ietf-ldapbis-authmeth-19.txt with 1 occurrences migrated to:
  https://www.ietf.org/internet-drafts/draft-ietf-ldapbis-authmeth-19.txt ([https](https://www.ietf.org/internet-drafts/draft-ietf-ldapbis-authmeth-19.txt) result 302).

# Ignored
These URLs were intentionally ignored.

* http://java.sun.com/JSP/Page with 14 occurrences
* http://java.sun.com/jsp/jstl/core with 31 occurrences
* http://java.sun.com/jsp/jstl/fmt with 6 occurrences
* http://java.sun.com/jsp/jstl/functions with 1 occurrences
* http://java.sun.com/jstl/core with 1 occurrences
* http://java.sun.com/xml/ns/j2ee with 2 occurrences
* http://java.sun.com/xml/ns/javaee with 6 occurrences
* http://localhost with 20 occurrences
* http://localhost/ with 6 occurrences
* http://localhost/Test&lt;/value&gt;&lt;/property&gt with 1 occurrences
* http://localhost/appcontext/page with 1 occurrences
* http://localhost/authenticated with 1 occurrences
* http://localhost/authentication/login with 2 occurrences
* http://localhost/authorize/oauth2/code/registration-id with 3 occurrences
* http://localhost/authorize/oauth2/implicit/registration-3 with 1 occurrences
* http://localhost/callback/client-1 with 1 occurrences
* http://localhost/callback/client-1?error=invalid_grant with 1 occurrences
* http://localhost/client-1 with 9 occurrences
* http://localhost/cookie with 1 occurrences
* http://localhost/cookie/delete with 1 occurrences
* http://localhost/custom-login with 1 occurrences
* http://localhost/custom-logout with 1 occurrences
* http://localhost/form-page with 1 occurrences
* http://localhost/iss with 1 occurrences
* http://localhost/issuer with 2 occurrences
* http://localhost/login with 38 occurrences
* http://localhost/login/oauth2/code/ with 4 occurrences
* http://localhost/login/oauth2/code/pkce-client-registration-id& with 1 occurrences
* http://localhost/login/oauth2/code/registration-id with 3 occurrences
* http://localhost/login/oauth2/code/registration-id& with 2 occurrences
* http://localhost/login/oauth2/code/registration-id-2 with 2 occurrences
* http://localhost/login/openid with 1 occurrences
* http://localhost/login2 with 1 occurrences
* http://localhost/loginPage with 2 occurrences
* http://localhost/logout with 1 occurrences
* http://localhost/messages with 4 occurrences
* http://localhost/oauth2/authorization/google with 1 occurrences
* http://localhost/openid-page with 1 occurrences
* http://localhost/saved-request with 1 occurrences
* http://localhost/secured with 2 occurrences
* http://localhost/signin with 1 occurrences
* http://localhost/some-url with 1 occurrences
* http://localhost/tosave with 1 occurrences
* http://localhost/user with 1 occurrences
* http://localhost:123456 with 3 occurrences
* http://localhost:1280/certs with 1 occurrences
* http://localhost:314 with 1 occurrences
* http://localhost:4080 with 1 occurrences
* http://localhost:543 with 1 occurrences
* http://localhost:8080 with 16 occurrences
* http://localhost:8080/ with 4 occurrences
* http://localhost:8080/SomeService with 1 occurrences
* http://localhost:8080/contacts with 1 occurrences
* http://localhost:8080/login/oauth2/code with 1 occurrences
* http://localhost:8080/login/oauth2/code/client-id with 2 occurrences
* http://localhost:8080/login/oauth2/code/facebook with 2 occurrences
* http://localhost:8080/login/oauth2/code/github with 2 occurrences
* http://localhost:8080/login/oauth2/code/google with 4 occurrences
* http://localhost:8080/login/oauth2/code/okta with 2 occurrences
* http://localhost:8080/path/page.html?query=string with 1 occurrences
* http://localhost:8080/sample/ with 15 occurrences
* http://localhost:8080/secure with 1 occurrences
* http://localhost:8080/spring-security-samples-tutorial/listAccounts.html with 4 occurrences
* http://localhost:8080/spring-security-samples-tutorial/post.html?id=1 with 4 occurrences
* http://localhost:9080/protected with 2 occurrences
* http://localhost:9080/secured with 1 occurrences
* http://localhost:9080/unsecured with 1 occurrences
* http://localhost:9080/user with 1 occurrences
* http://test.com with 1 occurrences
* http://test.foobar.com with 1 occurrences
* http://testopenid.com?openid.return_to= with 1 occurrences
* http://www.springframework.org/schema/aop with 2 occurrences
* http://www.springframework.org/schema/beans with 8 occurrences
* http://www.springframework.org/schema/context with 2 occurrences
* http://www.springframework.org/schema/mvc with 2 occurrences
* http://www.springframework.org/schema/security with 45 occurrences
* http://www.springframework.org/schema/security/spring-security- with 1 occurrences
* http://www.springframework.org/schema/websocket with 2 occurrences
* http://www.springframework.org/security/tags with 17 occurrences
* http://www.springframework.org/tags with 12 occurrences
* http://www.springframework.org/tags/form with 14 occurrences
* http://www.w3.org/1999/XSL/Transform with 1 occurrences
* http://www.w3.org/1999/xhtml with 26 occurrences
* http://www.w3.org/2001/XMLSchema with 15 occurrences
* http://www.w3.org/2001/XMLSchema-datatypes with 8 occurrences
* http://www.w3.org/2001/XMLSchema-instance with 9 occurrences
 2019-03-19 23:53:23 -05:00
Josh Cummings a45df2c802 Move OIDC Reactive Packaging 2019-03-19 09:00:46 -06:00
Josh Cummings 8f5493acce Move OIDC Servlet Packaging 2019-03-19 09:00:46 -06:00
Josh Cummings fba31dfb6a Reactive Oidc RP-Initiated Logout 
Issue: gh-5350
 2019-03-19 09:00:46 -06:00
Josh Cummings 248a8c030b Support for OIDC RP-Initiated Logout 
Fixes: gh-5350
 2019-03-19 09:00:46 -06:00
Josh Cummings 9478abebd2 Internalize Nimbus JwtDecoder Builder 
Issue: gh-6010
 2019-03-18 12:32:44 -06:00
Spring Operator b93528138e URL Cleanup 
This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).

# Fixed URLs

## Fixed Success
These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.

* http://www.apache.org/licenses/ with 1 occurrences migrated to:
  https://www.apache.org/licenses/ ([https](https://www.apache.org/licenses/) result 200).
* http://www.apache.org/licenses/LICENSE-2.0 with 2691 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0 ([https](https://www.apache.org/licenses/LICENSE-2.0) result 200).
* http://www.apache.org/licenses/LICENSE-2.0.html with 2 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0.html ([https](https://www.apache.org/licenses/LICENSE-2.0.html) result 200).
 2019-03-14 15:46:20 -05:00
Stephen Doxsee 7739a0e91a Add PKCE OAuth2 client support 
- Support has been added for "RFC7636: Proof Key for Code Exchange by OAuth Public Clients" (PKCE, pronounced "pixy") to mitigate against attacks targeting the interception of the authorization code
 - PkceParameterNames was added for the 3 additional parameters used by PKCE (i.e. code_verifier, code_challenge, and code_challenge_method)
 - Default code_verifier length has been set to 128 characters--the maximum allowed by RFC7636
 - ClientAuthenticationMethod.NONE was added to allow clients to request tokens without providing a client secret

Fixes gh-6446
 2019-02-28 11:38:48 -05:00
Rob Winch 752733e8de Polish WebSessionOAuth2ServerAuthorizationRequestRepository Format 
Issue: gh-6215
 2019-02-15 15:01:11 -06:00
Zhanwei Wang a60fd43534 Fix OAuth2 Client with Ditributed Session 
Fixes: gh-6215
 2019-02-15 15:01:11 -06:00
Joe Grandja 0c27f64338 ServletOAuth2AuthorizedClientExchangeFilterFunction supports chaining 
Fixes gh-6483
 2019-02-13 11:19:44 -05:00
Fabien Arrault 17e774d8c7 Preserve existing refresh token if new refresh token not returned 
During an oauth2 refresh if the authorization server doesn't return a new refresh token, preserve the existing one.

Fixes: gh-6503
 2019-02-07 15:11:23 -05:00
Joe Grandja 594a169798 Introduce OAuth2AuthorizationRequest.attributes 
Fixes gh-5940
 2019-02-07 11:49:17 -05:00
Gerardo Roza 95e0e7243d Save original request on oauth2Client filter 
When we used the oauth2Client directive and requested an endpoint that
required client authorization on the authorization server, the
SPRING_SECURITY_SAVED_REQUEST was not persisted, and therefore after
creating the authorized client we were redirected to the root page ("/").

Now we are storing the session attribute and getting redirected back to
the original URI as expected.

Note that the attribute is stored only when a
ClientAuthorizationRequiredException is thrown in the chain, we dont
want to store it as a response to the
/oauth2/authorization/{registrationId} endpoint, since we would end
up in an infinite loop

Fixes gh-6341
 2019-01-25 09:15:44 -06:00
Joe Grandja 2a867997e2 Polish gh-6415 2019-01-14 13:33:58 -05:00
Rafael Dominguez fe5f10e9a2 Extract the ID Token JwtDecoderFactory to enable user customization 
This commit ensures that the JwtDecoderFactory is not a private field inside
the Oidc authentication provider by extracting this class and giving the
possibility to customize the way different providers are validated.

Fixes: gh-6379
 2019-01-14 13:33:58 -05:00
Joe Grandja f234a5fbdb ID Token validation supports clock skew 
Fixes gh-5839
 2019-01-09 16:03:13 -05:00
Joe Grandja d878dbf30e Polish gh-6349 2019-01-09 10:15:02 -05:00
Rafael Dominguez 057ed616c4 Improve error messages in OidcIdTokenValidator 
This commit ensures that error messages contain more specific
information regarding the reported error.

Fixes: gh-6323
 2019-01-09 10:15:02 -05:00
Johnny Lim c94f13a971 Polish tests 2019-01-08 11:16:22 -06:00
Joe Grandja 673a2adf26 Polish oauth2 client ExchangeFilterFunction's 
Fixes gh-6355
 2019-01-07 14:39:25 -05:00
Joe Grandja 993e11dcd3 Polish gh-6127 2019-01-07 13:50:17 -05:00
Warren Bailey 1c9ab9197e When expired retrieve new Client Credentials token. 
Once client credentials access token has expired retrieve a new token from the OAuth2 authorization server.
These tokens can't be refreshed because they do not have a refresh token associated with. This is standard behaviour for Oauth 2 client credentails

Fixes gh-5893
 2019-01-07 13:50:17 -05:00
Josh Cummings d77b12d229 authorization_uri Uses UriComponentsBuilder 
Because of this, authorization_uri can now be a fully-qualified url.

Fixes: gh-5760
 2018-12-21 13:23:47 -07:00
Joe Grandja 9c0d78da71 Extract OidcTokenValidator to an OAuth2TokenValidator 
Fixes gh-5930
 2018-12-21 11:06:40 -05:00
Joe Grandja 8f4f52edb9 Support configurable JwtDecoder for IdToken verification 
Fixes gh-5717
 2018-12-21 09:24:55 -06:00
Josh Cummings 1bfa38b1bd
Validate Scopes in ClientRegistrationBuilder 
Fixes: gh-6256
 2018-12-14 10:41:29 -07:00
shraiysh e25bea2cf7 Author: Shraiysh Vaishay cs17btech11050@iith.ac.in 
Add WebClientReactiveAuthorizationCodeTokenResponseClient.setWebClient

Fixes gh-6182
 2018-12-06 11:18:39 -06:00
Josh Cummings 566bc6a6e1
Test OpenID Discovery with Trailing Slash 
Fixes gh-6234
 2018-12-05 10:54:30 -07:00
jer051 fdc81822ec Add WebClientReactiveClientCredentialsTokenResponseClient setWebClient 
Added the ability to specify a custom WebClient in
WebClientReactiveClientCredentialsTokenResponseClient.
Also added testing to ensure the custom WebClient is not null and is
used.

Fixes: gh-6051
 2018-11-28 15:44:36 -06:00
Josh Cummings 2a8233d035
Remove PowerMock from oauth2-core and oauth2-jose 
Issue: gh-6025
 2018-11-20 14:02:10 -07:00
Josh Cummings 80e13bad41
Remove PowerMock from oauth2-client 
Issue: gh-6025
 2018-11-19 18:09:00 -07:00
dperezcabrera f6414e9a52 Make InMemory*ClientRegistrationRepository Consistent 
The previous builders with the list argument were inconsistent with their
respective builders of var args.
 2018-11-19 15:09:30 -06:00
Rafael Dominguez e1d68e4f6b WebClientReactiveClientCredentialsTokenResponseClient.getTokenResponse expects 2xx http status code 
This ensures that token response is only extracted when ClientResponse has a successful status

Fixes: gh-6089
 2018-11-19 10:50:33 -06:00
Josh Cummings d28e32b000 NimbusJwtDecoder Builder 
A Builder to simply common construction patterns for NimbusJwtDecoder

Issue: gh-6010
 2018-11-14 15:53:47 -06:00
Joe Grandja a96893a42a Remove charset from Accept header in UserInfo request 
Fixes gh-6017
 2018-10-25 12:56:45 -04:00
Vedran Pavic e1b095df32 Allow in-memory client registration repos to be constructed with a map 
Fixes gh-5918
 2018-10-18 14:07:12 -04:00
Joe Grandja 07d2e43d7a Deprecate NimbusAuthorizationCodeTokenResponseClient 
Fixes gh-5954
 2018-10-15 09:01:19 -04:00
Rob Winch 725b3b5482 Fix OAuth2AuthorizationCodeGrantWebFilter works w/ /{action/ 
Issue: gh-5856
 2018-09-20 21:39:09 -05:00
Joe Grandja d46f83caf4 Ensure consistent matching of redirect_uri 
Fixes gh-5890
 2018-09-20 14:30:41 -04:00
Rob Winch 410f6bae1a Fix ServerOAuth2AuthorizedClientExchangeFilterFunctionTests Merge 
Issue: gh-5872
 2018-09-19 11:53:21 -05:00
Rob Winch dcbf762a0b WebClient OAuth2 Support for defaultClientRegistrationId 
Fixes: gh-5872
 2018-09-19 11:47:04 -05:00
Joe Grandja e8d8eb59bf Make OAuth2AuthorizedClient Serializable 
Fixes gh-5757
 2018-09-19 10:47:30 -04:00
Joe Grandja 2c078c5dd9 Remove expiresAt constructor-arg in OAuth2RefreshToken 
Fixes gh-5854
 2018-09-19 10:47:30 -04:00
Rob Winch cc8935e904 Fix Reactive OIDC to add refresh token 
Fixes: gh-5858
 2018-09-17 21:21:36 -05:00
Rob Winch 385bdfc055 OAuth2AuthorizationCodeGrantWebFilter works with /{action}/ 
This ensures that the same URL can work for both log in and
authorization code which prevents having to create additional registrations
on the client and potentially on the server (GitHub only allows a single
valid redirect URL).

Fixes: gh-5856
 2018-09-17 21:21:36 -05:00
Joe Grandja ed9cd478ba Polish 
Issue gh-5776
 2018-09-12 11:57:53 -04:00
Joe Grandja 8746e71b9a Use OAuth2AuthorizationException in authorization flows 2018-09-11 14:53:42 -05:00
Joe Grandja ef02ab2f8a DefaultOAuth2UserService handles OAuth2AuthorizationException 2018-09-11 14:53:42 -05:00
Joe Grandja 7474d6524e DefaultAuthorizationCodeTokenResponseClient throws OAuth2AuthorizationException 2018-09-11 14:53:42 -05:00
Joe Grandja 56b4576396 DefaultClientCredentialsTokenResponseClient throws OAuth2AuthorizationException 
Fixes gh-5726
 2018-09-11 14:53:42 -05:00
Joe Grandja e56c048db3 Remove OAuth2ClientException 2018-09-11 14:53:42 -05:00
Rob Winch 26e577b0fa UnauthenticatedServerOAuth2AuthorizedClientRepository->UnAuthenticatedServerOAuth2AuthorizedClientRepository 
Issue: gh-5817
 2018-09-07 15:29:35 -05:00
Rob Winch 11ea92ef1c Add UnauthenticatedServerOAuth2AuthorizedClientRepository 
Fixes: gh-5817
 2018-09-07 15:28:40 -05:00
Rob Winch 438d2911fb OAuth2AuthorizedClientResolver 
Extract out a private API for shared code between the argument resolver
and WebClient support. This makes it easier to make changes in both
locations. Later we will extract this out so it is not a copy/paste
effort.

Issue: gh-4921
 2018-09-07 08:58:00 -05:00
Rob Winch 23726abb1e ServerOAuth2AuthorizedClientExchangeFilterFunction default ServerWebExchange 
Leverage ServerWebExchange established by ServerWebExchangeReactorContextWebFilter

Issue: gh-4921
 2018-09-07 08:57:25 -05:00
Rob Winch ac78258847 ServerOAuth2AuthorizedClientExchangeFilterFunction defaultOAuth2AuthorizedClient 
Defaults to use the OAuth2AuthenticationToken to resolve the authorized client

Issue: gh-4921
 2018-09-07 08:57:00 -05:00
Rob Winch 158b8aa6d5 ServerOAuth2AuthorizedClientExchangeFilterFunction clientRegistrationId 
Issue: gh-4921
 2018-09-07 08:56:49 -05:00
Rob Winch 28537fa3b6 WebClientReactiveClientCredentialsTokenResponseClient 
Fixes: gh-5607
 2018-09-07 08:53:35 -05:00
Rob Winch 89f2874bff ServerOAuth2AuthorizedClientExchangeFilterFunction clientRegistrationId 
You can now provide the clientRegistrationId and
ServerOAuth2AuthorizedClientExchangeFilterFunction will look up the authorized client automatically.

Issue: gh-4921
 2018-09-07 08:52:35 -05:00
Rob Winch 5bcbb1c40f ServerOAuth2AuthorizedClientExchangeFilterFunction uses ServerOAuth2AuthorizedClientRepository 
Issue: gh-4921
 2018-09-07 08:52:18 -05:00