spring-security

Commit Graph

Author	SHA1	Message	Date
Rob Winch	f73f213f50	Remove DependencySetPlugin Closes gh-10070	2021-07-12 15:31:38 -05:00
Rob Winch	f800d2c993	Add hamcrest dependency	2021-07-09 15:57:21 -05:00
Rob Winch	b6ff4d3674	Fix mockito UnnecessaryStubbingException	2021-07-09 14:35:10 -05:00
Rob Winch	3e93b024d6	openrewrite Junit Migration	2021-07-09 14:32:52 -05:00
Rob Winch	14240b2559	Remove Powermock Powermock does not support JUnit5 yet, so we need to remove it to support JUnit 5. Additionally, maintaining additional libraries adds extra work for the team. Mockito now supports final classes and static method mocking. This commit replaces Powermock with mockito-inline. Closes gh-6025	2021-07-08 12:35:32 -05:00
Evgeniy Cheban	d121ab9565	Support A Well-Known URL for Changing Passwords Closes gh-8657	2021-07-01 16:57:53 -06:00
Alexey Markevich	3219fd554d	DigestAuthenticationFilter decodes nonce only once Closes gh-8455	2021-06-18 15:25:00 -04:00
Steve Riesenberg	3bb8e1d200	Remove redundant translations in spring-security-web	2021-06-15 09:18:13 -05:00
Ruben Suarez Alvarez	7cd344acab	Add spanish translation of insufficient authentication and cookie stolen	2021-06-15 09:11:53 -05:00
Josh Cummings	ca76c54471	Polish CsrfWebFilterTests Issue gh-9113	2021-06-04 16:41:08 -06:00
Tomoki Tsubaki	0c8b6df82a	Cache Mono that generate the CSRF token Closes gh-9113	2021-06-04 16:41:08 -06:00
AlexeyAnufriev	baac9e0cf2	Properly clean cookies with context path after logout Closes gh-8846	2021-06-04 15:42:33 +02:00
Marcus Hert da Coregio	29f4193529	Adjust createNewSessionIfAllowed to prevent NPE Ensure that isTransientAuthentication reuses the same authentication object from saveContext Closes gh-8947	2021-05-26 13:46:08 -03:00
Marcus Hert da Coregio	2a7998d0fc	Adjust createNewSessionIfAllowed to prevent NPE Ensure that isTransientAuthentication reuses the same authentication object from saveContext Closes gh-8947	2021-05-26 10:36:44 -06:00
César Revert	cf74ad3a52	Anonymous in ExceptionTranslationWebFilter The ExceptionTranslationWebFilter does not support correctly when anonymous authentication is enabled. With this enabled provoked always the execution of the access denied handler, and with this fix it behaves like the ExceptionTranslationFilter (servlet), executing the access denied handler only if the principal is not empty and neither anonymous. Closes gh-9130	2021-05-26 09:17:41 -05:00
Craig Andrews	a7fbae8355	Add test for RequestedUrlRedirectInvalidSessionStrategy	2021-05-26 09:11:38 -05:00
Craig Andrews	0e6d47b082	Add guard around debug logging involving string concatenation	2021-05-26 09:11:38 -05:00
Craig Andrews	0af74ce134	Use ServletUriComponentsBuilder instead of UrlPathHelper	2021-05-26 09:11:38 -05:00
Craig Andrews	2bcd4627fa	Eliminate use of Optional	2021-05-26 09:11:38 -05:00
Craig Andrews	10a264c144	Add RequestedUrlRedirectInvalidSessionStrategy implemention of InvalidSessionStrategy Performs a redirect to the original request URL when an invalid requested session is detected. In effect, when a user's session times out, the user is redirected to URL they originally requested instead of some fixed URL.	2021-05-26 09:11:38 -05:00
Josh Cummings	df6ebc7051	Rename DelegatingAuthorizationManager Closes gh-9692	2021-04-28 09:53:25 -06:00
Thomas Vitale	e2993d93e1	Make Csrf cookie secure flag configurable (WebFlux) Make the XSRF-TOKEN cookie secure flag configurable in CookieServerCsrfTokenRepository. Closes gh-9678	2021-04-27 09:34:12 +02:00
Josh Cummings	cb6e4f4a11	Add NPE Guards - Like values, names are only validated if they are not null Closes gh-9598	2021-04-22 11:22:19 -06:00
Craig Andrews	7dc4de05b1	Add guard around logger.debug statement The log message involves string concatenation, the cost of which should only be incurred if debug logging is enabled	2021-04-16 10:32:58 -06:00
Josh Cummings	4f7d529c5d	Polish Csrf Tests Issue gh-9561	2021-04-09 22:47:31 -06:00
佚名	87ed527023	Add null check in CsrfFilter and CsrfWebFilter Solve the problem that CsrfFilter and CsrfWebFilter throws NPE exception when comparing two byte array is equal in low JDK version. When JDK version is lower than 1.8.0_45, method java.security.MessageDigest#isEqual does not verify whether the two arrays are null. And the above two class call this method without null judgment. ZiQiang Zhao<1694392889@qq.com>	2021-04-09 21:43:19 -06:00
Rob Winch	f3f1106624	Update io.spring.javaformat to 0.0.27 Closes gh-9553	2021-04-05 22:23:59 -05:00
Rob Winch	60d3db5798	add management platform(project(":spring-security-dependencies")) Closes gh-9540	2021-04-05 10:36:36 -05:00
Rob Winch	1a76ee7442	Update Gradle configuration names Closes gh-9540	2021-04-05 10:36:36 -05:00
Eleftheria Stein	4a492846f1	Revert "Lock dependencies for 2.5.0-M3" This reverts commit `f05cc6269c`.	2021-03-15 23:18:45 +01:00
Eleftheria Stein	f05cc6269c	Lock dependencies for 2.5.0-M3	2021-03-15 11:00:19 +01:00
Rob Winch	95da12110b	Additional Test for HttpSessionSecurityContextRepository Issue gh-9387	2021-02-11 15:58:29 -07:00
Rob Winch	3116369f02	Optimize HttpSessionSecurityContextRepository Closes gh-9387	2021-02-11 15:58:28 -07:00
Josh Cummings	c4be1c6a56	Revert "Lock Dependencies" This reverts commit `a85caa4098`.	2021-02-11 15:49:59 -07:00
Josh Cummings	a85caa4098	Lock Dependencies	2021-02-11 15:00:38 -07:00
Josh Cummings	107f38fff9	Polish Tests Issue gh-9331	2021-02-03 09:05:31 -07:00
happier233	873b9bdbca	Configure CurrentSecurityContextArgumentResolver BeanResolver Closes gh-9331	2021-02-03 09:05:31 -07:00
Evgeniy Cheban	77484018bb	Reconsider AntPathRequestMatcher matching logic Closes gh-9285	2021-01-19 12:02:06 -07:00
Rob Winch	0201c31deb	Fix Checkstyle for CsrfWebFilter Issue gh-9337	2021-01-12 11:37:12 -06:00
Rob Winch	a1083d9a5c	Fix CsrfWebFilter error message when expected CSRF not found Closes gh-9337	2021-01-12 11:18:29 -06:00
Josh Cummings	160a4a3676	Reformat MvcRequestMatcher - Moved related private methods together Issue gh-9284	2021-01-11 08:28:59 -07:00
Evgeniy Cheban	8449df9fd2	Consider Aligning MvcRequestMatcher's matching methods Closes gh-9284	2021-01-09 21:42:16 +03:00
Zeeshan Adnan	848bd44837	Remove unused code Issue gh-9203	2020-12-18 11:49:52 -07:00
Rob Winch	40e027c56d	Constant Time Comparison for CSRF tokens Closes gh-9291	2020-12-17 15:01:43 -06:00
Josh Cummings	c066e23a86	Add @since attributes Issue gh-8900	2020-12-16 15:58:53 -07:00
Evgeniy Cheban	34b4b1054f	Add AuthorizationManager Closes gh-8900	2020-12-16 15:58:36 -07:00
Nick McKinney	5306d4c4d5	Minor cleanup on Ant / Regex Request Matchers - Removed duplicative code for transforming String into HttpMethod - Removed an unnecessary array initialization	2020-12-14 14:19:23 +01:00
Nick McKinney	6be25df1db	Introduced DispatcherType request matcher Created a DispatcherTypeRequestMatcher and corresponding methods for configuring an HttpSecurity object. This enables filtering of security rules based on the dispatcher type of the incoming servlet request. Closes gh-9205	2020-12-14 14:19:23 +01:00
Christophe Gilles	54d3839f63	Add permissionsPolicy http header	2020-12-11 12:32:18 +01:00
Serdar Kuzucu	48ef27b80a	Make assertion messages in CookieCsrfTokenRepository clearer Changes assertion message format from 'X is not null' to 'X cannot be null' since this is more meaningful when the error occurs and the message is printed in the logs. Closes gh-9195	2020-12-09 10:45:22 -06:00
Serdar Kuzucu	76e117a67a	Allow maximum age of csrf cookie to be configured Allows maxAge of the generated cookie by CookieCsrfTokenRepository to be configurable. Prior to this commit, maximum age was set with a value of -1. After this commit, it will be configured by the user with an either positive or negative value. If the user does not provide a value, it will be set -1. An IllegalArgumentException will be thrown when this value is set to zero. Closes gh-9195	2020-12-09 10:45:22 -06:00
Josh Cummings	f614a8230c	Polish getRemoteUser - Corrected instanceof check Issue gh-3357	2020-12-03 13:08:40 -07:00
Stephen Joyner	9c373ef4f8	getRemoteUser() returns principal name Closes gh-3357	2020-12-03 13:08:40 -07:00
Eleftheria Stein	7f482eda7d	Fix CookieRequestCache for URL encoded query parameters Avoid populating the saved request parameters with encoded values. Since the query strings of the request and saved URL are compared and must be equal, we can just use the parameters from the incoming request. Closes gh-9203	2020-11-26 18:16:42 +01:00
Aditya Sekhar	4cc3c25a0e	removed whitespace formatting	2020-11-13 15:01:17 -06:00
Aditya Sekhar	a26975f780	cleanup compatibility method based on spring-projects#8868	2020-11-13 15:01:17 -06:00
zhuang	ff58ac836e	Decode cookie once in AbstractRememberMeServices Issue gh-9192	2020-11-09 08:14:20 -05:00
Eleftheria Stein	34a21cd80c	Fix formatting	2020-11-09 13:46:09 +01:00
Eleftheria Stein	5661e06e9c	Fix typo UserDetailService -> UserDetailsService	2020-11-09 13:13:32 +01:00
Arnaud Mergey	2b9efccc50	Implement MessageSourceAware where missing Closes gh-8951	2020-11-05 10:57:33 -07:00
Joe Grandja	b95e1aa209	Revert "Lock dependencies for 5.5.0-M1" This reverts commit `25a7482c8c`.	2020-11-03 19:53:28 -05:00
Rob Winch	25a7482c8c	Lock dependencies for 5.5.0-M1	2020-10-30 17:52:03 -05:00
Alexander Polozov	a362ab53bc	Change guard expressions order Check of allowed user sessions count moved to head for avoid unnecessary fetching all user sessions.	2020-10-27 09:49:29 -04:00
Phillip Webb	c502312719	Replace expected @Test attributes with AssertJ Replace JUnit expected @Test attributes with AssertJ calls.	2020-09-22 16:13:51 -06:00
Phillip Webb	20baa7d409	Replace ExpectedException @Rules with AssertJ Replace JUnit ExpectedException @Rules with AssertJ calls.	2020-09-22 16:13:51 -06:00
Phillip Webb	910b81928f	Replace try/catch with AssertJ Replace manual try/catch/fail blocks with AssertJ calls.	2020-09-22 16:13:51 -06:00
Tomoki Tsubaki	65f788532e	Fix broken Mono chain This commit restore broken Mono chain in WebSessionServerCsrfTokenRepository.generateToken(ServerWebExchange). Closes gh-9017	2020-09-16 09:53:23 -06:00
Tomoki Tsubaki	2c297fbd63	Create the CSRF token on the bounded elactic scheduler The CSRF token is generated by UUID.randomUUID() which is I/O blocking operation. This commit changes the subscriber thread to the bounded elactic scheduler. Closes gh-9018	2020-09-16 08:48:00 -06:00
Joe Grandja	7b1f574769	Revert "Lock Dependency Versions for 5.4.0" This reverts commit `3d0e459182`.	2020-09-09 18:14:12 -04:00
Joe Grandja	3d0e459182	Lock Dependency Versions for 5.4.0	2020-09-09 13:45:03 -04:00
Eleftheria Stein-Kousathana	02d1516c56	Restructure BasicAuthenticationFilter Logs Issue gh-6311	2020-09-02 07:42:03 -06:00
Josh Cummings	fa7baf551d	Restructure Logs Followed common use cases based off of HelloWorld sample: - Public endpoint - Unauthorized endpoint - Undefined endpoint - Successful form login - Failed form login - Post-login redirect Issue gh-6311	2020-09-02 07:37:59 -06:00
Phillip Webb	319d3364aa	Migrate to assertThatExceptionOfType Consistently use `assertThatExceptionOfType(...).isThrownBy(...)` rather than `assertThatCode` or `assertThatThrownBy`. This aligns with Spring Boot and Spring Cloud. It also allows the convenience `assertThatIllegalArgument` and `assertThatIllegalState` methods to be used. Issue gh-8945	2020-08-24 17:33:09 -05:00
Phillip Webb	ef8f113619	Use assertThat instead of Java assert Fix `DefaultSavedRequestMixinTests` so that `assertThat` is used rather than Java's `assert` keyword. Issue gh-8945	2020-08-24 17:33:09 -05:00
Phillip Webb	a5aa6b3d7f	Remove blank lines from all tests Remove all blank lines from test code so that test methods are visually grouped together. This generally helps to make the test classes easer to scan, however, the "given" / "when" / "then" blocks used by some tests are now not as easy to discern. Issue gh-8945	2020-08-24 17:33:09 -05:00
Phillip Webb	5bdd757108	Polish spring-security-web main code Manually polish `spring-security-web` following the formatting and checkstyle fixes. Issue gh-8945	2020-08-24 17:33:09 -05:00
Phillip Webb	ee661f7b71	Fix whitespace issues in format-off code Fix a few whitespace issues in format-off code that would otherwise fail checkstyle. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	834dcf5bcf	Use consistent ternary expression style Update all ternary expressions so that the condition is always in parentheses and "not equals" is used in the test. This helps to bring consistency across the codebase which makes ternary expression easier to scan. For example: `a = (a != null) ? a : b` Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	8d3f039f76	Reduce method visibility when possible Reduce method visibility for package private classes when possible. In the case of abstract classes that will eventually be made public, the class has been made public and a package-private constructor has been added. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	ec6a4cb3f0	Use consistent equals/hashCode/toString order Ensure that `equals` `hashCode` and `toString` methods always appear in the same order. This aligns with the style used in Spring Framework. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	612fb22a7f	Remove unnecessary lambda blocks Remove lambda blocks that aren't needed and replace instead with a simple expression. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	52f20b5281	Use parenthesis with single-arg lambdas Use regular expression search/replace to ensure all single-arg lambdas have parenthesis. This aligns with the style used in Spring Boot and ensure that single-arg and multi-arg lambdas are consistent. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	01d90c9881	Hide utility class constructors Update all utility classes so that they have a private constructor. This prevents users from accidentally creating an instance, when they should just use the static methods directly. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	ff94944313	Add whitespace after copyright header Add an additional lines after the copyright header and before the `package` declaration. This aligns with the style used by Spring Framework. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	31ec450d05	Remove superfluous comments Remove a few comments that previously add noise but don't offer a great deal of value. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	8d80166aaf	Update exception variable names Consistently use `ex` for caught exception and `cause` for Exception constructor arguments. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	e9130489a6	Remove restricted static imports Replace static imports with class referenced methods. With the exception of a few well known static imports, checkstyle restricts the static imports that a class can use. For example, `asList(...)` would be replaced with `Arrays.asList(...)`. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	9a3fa6e812	Simplify boolean returns Simplify boolean returns of the form: if (b) { return true; } else { return false; } to: return b; Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	db55ef4b3b	Migrate to BDD Mockito Migrate Mockito imports to use the BDD variant. This aligns better with the "given" / "when" / "then" style used in most tests since the "given" block now uses Mockito `given(...)` calls. The commit also updates a few tests that were accidentally using Power Mockito when regular Mockito could be used. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	c12ced6aaa	Migrate SwitchUserWebFilterTests AssertJ Replace the JUnit Assertions used in `SwitchUserWebFilterTests` with AssertJ. This test appears to have been missed during the original AssertJ migration. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	f1cee9500f	Ensure classes are defined in their own files Ensure that all classes are defined in their own files. Mostly classes have been changed to inner-types. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	4d487e8dc3	Ensure all files end with a new line Update all files to ensure that they always end with a new-line character. Issue gh-8945	2020-08-24 17:33:07 -05:00
Phillip Webb	81fe9fc640	Make all exception classes immutable Update all exception classes so that they are fully immutable and cannot be changed once they have been thrown. Issue gh-8945	2020-08-24 17:33:07 -05:00
Phillip Webb	a0b9442265	Use consistent modifier order Update code to use a consistent modifier order that aligns with that used in the "Java Language specification". Issue gh-8945	2020-08-24 17:33:07 -05:00
Phillip Webb	3e700e7571	Remove (non-Javadoc) comments Search and replace using '(?s)/\\s\* $non-Javadoc$.?\/' to remove all "(non-Javadoc)" comments. These comments used to be added automatically by Eclipse, but are not really necessary. Issue gh-8945	2020-08-24 17:33:07 -05:00
Phillip Webb	a2f2e9ac8d	Move inner-types so that they are always last Move all inner-types so that they are consistently the last item defined. This aligns with the style used by Spring Framework and the consistency generally makes it easier to scan the source. Issue gh-8945	2020-08-24 17:33:07 -05:00
Phillip Webb	9e08b51ed3	Apply code cleanup rules to projects Apply automated cleanup rules to add `@Override` and `@Deprecated` annotations and to fix class references used with static methods. Issue gh-8945	2020-08-24 17:33:07 -05:00
Phillip Webb	8866fa6fb0	Always use 'this.' when accessing fields Apply an Eclipse cleanup rules to ensure that fields are always accessed using `this.`. This aligns with the style used by Spring Framework and helps users quickly see the difference between a local and member variable. Issue gh-8945	2020-08-24 17:33:07 -05:00
Phillip Webb	6894ff5d12	Make classes final where possible Update classes that have private constructors so that they are also declared final. In a few cases, inner-classes used private constructors but were subclassed. These have now been changed to have package-private constructors. Issue gh-8945	2020-08-24 17:33:07 -05:00
Phillip Webb	b5d499e2eb	Remove empty block Refactor a few classes so that empty blocks are not longer used. For example, rather than: if(x) { } else { i++; } use: if(!x) { i++; } Issue gh-8945	2020-08-24 17:33:07 -05:00
Phillip Webb	37fa94fafc	Organize imports Use "organize imports" from Eclipse to cleanup import statements so that they appear in a consistent and well defined order. Issue gh-8945	2020-08-24 17:33:07 -05:00
Phillip Webb	5f64f53c3f	Use consistent "@" tag order in Javadoc Ensure that Javadoc "@" tags appear in a consistent and well defined order. Issue gh-8945	2020-08-24 17:33:07 -05:00
Phillip Webb	71bc145ae4	Remove superfluous comments Use '^\s+//\ \~\ .*$' and '^\s+//\ ============+$' regular expression searches to remove superfluous comments. Prior to this commit, many classes would have comments to indicate blocks of code (such as constructors/methods/instance fields). These added a lot of noise and weren't all that helpful, especially given the outline views available in most modern IDEs. Issue gh-8945	2020-08-24 17:33:07 -05:00
Phillip Webb	b7fc18262d	Reformat code using spring-javaformat Run `./gradlew format` to reformat all java files. Issue gh-8945	2020-08-24 17:32:56 -05:00
Phillip Webb	27ac046d8a	Rename Test.java -> Tests.java Rename a few test classes that accidentally ended in `Test` instead of `Tests`. Issue gh-8945	2020-08-10 16:24:44 -05:00
Joe Grandja	1d74d556c2	Revert "Lock Dependency Versions for 5.4.0-RC1" This reverts commit `f3a1e5d40c`.	2020-08-05 14:59:11 -04:00
Joe Grandja	f3a1e5d40c	Lock Dependency Versions for 5.4.0-RC1	2020-08-05 13:46:11 -04:00
Artur Otrzonsek	b22c50c4a8	Reactive SwitchUserWebFilter for user impersonation Closes gh-8599	2020-07-22 16:05:31 +02:00
Josh Cummings	b61bf49d07	Polish gh-8824	2020-07-21 10:47:37 -06:00
Dávid Kováč	37aa5f9b7c	Introduce AuthenticationConverterServerWebExchangeMatcher AuthenticationConverterServerWebExchangeMatcher is ServerWebExchangeMatcher implementation based on AuthenticationConverter which matches if ServerWebExchange can be converted to Authentication. It can be used as a matcher where SecurityFilterChain should be matched based on used authentication method. BearerTokenServerWebExchangeMatcher was replaced by this matcher. Closes gh-8824	2020-07-21 10:11:57 -06:00
Eleftheria Stein	e902be7ab9	Use String to specify custom HTTP method in test Closes gh-8592	2020-07-21 15:47:11 +02:00
Eleftheria Stein	fb936e2780	Polish CookieRequestCacheTests Issue gh-8817 Issue gh-8820	2020-07-21 15:02:21 +02:00
majian	41f26b768a	Improve request matching logic when using cookie - Repair request cache deleted by mistake - Fix RequestCache throw exception and error redirect. Closes gh-8820 Closes gh-8817	2020-07-21 15:02:21 +02:00
Roman Sydorov	896b324722	Updated SimpleSavedRequest#getMethod Before: 1. SimpleSavedRequest#getMethod returned null 2. SimpleSavedRequest(SavedRequest request) constructor did not set the method field from request After: 1. SimpleSavedRequest#getMethod returns method property value 2. SimpleSavedRequest(SavedRequest request) constructor sets the method field from request Closes gh-8675	2020-07-08 14:47:51 -06:00
Rob Winch	09fe6071e1	LoginPageGeneratingWebFilter honors context path Closes gh-8807	2020-07-07 13:34:55 -05:00
Eleftheria Stein	4fb5ff35db	Polish CookieRequestCache Issue gh-8034	2020-07-02 13:41:37 +02:00
Zeeshan Adnan	9708a2d63f	Adds cookie based RequestCache fixes spring-projectsgh-8034	2020-07-02 07:11:16 -04:00
Josh Cummings	146d0b6358	Revert "Lock Dependency Versions for 5.4.0-M2" This reverts commit `68538897c8`.	2020-07-01 13:11:50 -06:00
Josh Cummings	68538897c8	Lock Dependency Versions for 5.4.0-M2	2020-07-01 12:40:29 -06:00
michal	e113bd3c01	issue 5414 - configurable secure flag in CookieCsrfTokenRepository While using the request's "isSecure" flag is a reasonable default, when webapps sit behind firewalls, sometimes the firewall does the SSL, and the traffic between the firewall and the app is plain HTTP (not HTTPS). In this case the "isSecure" flag on the request is always false, but we still want th XSRF-TOKEN cookie to be secure (the firewall forwards all cookies to the app, and the browser sends the secure cookie to the firewall). It would be nice if we could configure the desired value for the secure flag of the cookie, just like we can configure the value for the httpOnly flag of the cookie.	2020-06-25 14:42:38 -05:00
Craig Andrews	c71352c548	Validate headers and parameters in StrictHttpFirewall Adds methods to configure validation of header names and values and parameter names and values: * setAllowedHeaderNames(Predicate) * setAllowedHeaderValues(Predicate) * setAllowedParameterNames(Predicate) * setAllowedParameterValues(Predicate) By default, header names, header values, and parameter names that contain ISO control characters or unassigned unicode characters are rejected. No parameter value validation is performed by default. Issue gh-8644	2020-06-24 14:15:46 -06:00
Eleftheria Stein	12d20f99a1	Fix incorrect Javadoc Closes gh-8744	2020-06-22 13:14:34 +02:00
Eleftheria Stein	c854f6b190	Add missing Javadoc Closes gh-8743	2020-06-22 13:13:32 +02:00
Craig Andrews	efb6953017	Reject the NULL character in paths in StrictHttpFirewall Adds `setAllowNull` By default, denies null in paths	2020-06-18 10:19:37 -06:00
Rob Winch	ccbad61ae8	Change blacklist to blocklist Closes gh-8676	2020-06-10 11:49:49 -05:00
Rob Winch	ca1252be94	Replace whitelist with allowlist Issue gh-8676	2020-06-10 11:49:21 -05:00
Rob Winch	a907026eae	Deprecate X-FRAME-OPTIONS ALLOW-FROM Directive Closes gh-8677	2020-06-10 11:48:56 -05:00
Joe Grandja	da4b626bf1	OAuth2LoginAuthenticationWebFilter should handle OAuth2AuthorizationException Issue gh-8609	2020-06-09 17:28:21 -04:00
Eleftheria Stein	0a42aa26c8	Mock request with non-standard HTTP method in test Fixes gh-8594	2020-05-26 10:16:56 -04:00
Astushi Yoshikawa	f08ca4e688	Throw exception if URL does not include context path when context relative Issue: gh-8399	2020-05-20 14:02:17 -04:00
Rob Winch	dc514b369e	FilterInvocation Support Default Methods on HttpServletRequest Closes gh-8566	2020-05-20 10:13:59 -05:00
cbornet	bfb401eeed	Create the CSRF token on the bounded elactic scheduler The CSRF token is created with a call to UUID.randomUUID which is blocking. This change ensures this blocking call is done on the bounded elastic scheduler which supports blocking calls. Fixes gh-8128	2020-05-18 11:04:54 -05:00
Mathieu Ouellet	cd08102b93	Add debug logging Goal is to provide insight to devs on: - Authentication & Authorization success/failures - WebSession & SecurityContext - Request matchers, cache & authn/authz flow Fixes gh-5758	2020-05-12 09:03:24 -05:00
Rob Winch	4473dca022	Polish matchesRequireCsrfProtectionWhenNonStandardHTTPMethodIsUsed Issue gh-8149	2020-05-11 17:20:16 -05:00
Parikshit Dutta	0f92415395	Fix non-standard HTTP method for CsrfWebFilter Closes gh-8149	2020-05-11 17:19:57 -05:00
Artyom Tarynin	6db514a4e2	Update AntPathRequestMatcher.java Fixed typo in JavaDoc. Actually, In these two cases, we are calling the constructor with a `boolean caseSensitive` which is equal to true. This means case sensitive	2020-05-11 17:11:22 -04:00
Joe Grandja	86ca6b013c	Unlock dependencies This reverts commit `206960cf44`.	2020-05-06 17:27:35 -04:00
Joe Grandja	206960cf44	Lock dependencies for 5.4.0-M1	2020-05-06 17:13:04 -04:00
Rob Winch	0483b3e042	Polish RequestRejectedHandler Issue gh-5007	2020-05-01 10:51:11 -05:00
Leonard Brünings	b826c798f7	Add RequestRejectedHandler Closes gh-5007	2020-05-01 10:51:01 -05:00
Oh Myung Woon	b7d3acc02c	Add constructors to AbstractAuthenticationProcessingFilter Closes gh-8309	2020-04-09 13:53:06 -05:00
Mustafa Ulu	6bdd5f710f	Fix example in javadoc of FilterChainProxy	2020-04-07 21:05:12 +03:00
Rob Winch	91728ef53b	Fix HttpServlet3RequestFactory Logout Handlers Previously there was a problem with Servlet API logout integration when Servlet API was configured before log out. This ensures that logout handlers is a reference to the logout handlers vs copying the logout handlers. This ensures that the ordering does not matter. Closes gh-4760	2020-03-30 17:50:28 -05:00
Josh Cummings	eed71243cb	SwitchUserFilter Defaults to POST Fixes gh-4183	2020-03-27 13:41:49 -06:00
Zeeshan Adnan	935c547dde	Fix exception for empty basic auth header token fixes spring-projectsgh-7976	2020-03-16 12:57:13 -04:00
Eleftheria Stein	47011eb9e2	Polish transfer session's max inactive interval Issue: gh-2693	2020-03-12 12:11:14 -04:00
Venkata Jaswanth U	02b7d04027	Transfer session's max inactive interval Fixes: gh-2693	2020-03-12 10:11:59 -04:00
Eleftheria Stein	b2ea0ba775	Polish SessionIdChangedEvent Add AbstractSessionEvent; clean up license headers and Javadocs Fixes: gh-5438	2020-03-06 12:04:49 -05:00
Venkata Jaswanth	5fc6414377	SessionRegistryImpl is now aware of SessionIdChangedEvent	2020-03-06 12:04:01 -05:00
Eleftheria Stein	ae532c080c	Add server request cache that uses cookie Fixes: gh-8033	2020-03-05 15:36:47 -05:00
Eleftheria Stein	38979b1b09	Add test for ServerRequestCacheWebFilter	2020-03-05 14:57:07 -05:00
Josh Cummings	6eadf7b140	Unlock dependencies for 5.3.0.RELEASE This reverts commit `147d7dadd7`.	2020-03-04 12:02:48 -07:00
Josh Cummings	147d7dadd7	Lock dependencies for 5.3.0.RELEASE	2020-03-04 10:28:39 -07:00
AmitB	2ce9eef95e	Fix typo in AntPathRequestMatcher contructor comment	2020-03-02 07:14:27 -06:00
Joe Grandja	82cd203791	Remove unnecessary mocking Fixes gh-8012	2020-02-23 19:35:16 -05:00
Josh Cummings	5bdf57d1e5	Remove Groovy and Spock Dependencies Fixes gh-4939	2020-02-10 10:38:40 -07:00
Josh Cummings	bae50ecc05	AbstractSecurityWebApplicationInitializerTests groovy->java Issue gh-4939	2020-02-10 10:38:39 -07:00
Eleftheria Stein	84b8a5abd7	Unlock dependencies for next development version This reverts commit `064616f1ef`.	2020-02-05 15:53:04 +01:00
Eleftheria Stein	064616f1ef	Lock dependencies for 5.3.0.RC1	2020-02-05 10:20:05 +01:00
Josh Cummings	cb9fd09150	Change AuthenticationWebFilter's constructor Fixes gh-7872	2020-01-31 09:31:28 -07:00
Peter Keller	e62fb755e8	Set charset of BasicAuthenticationFilter converter Allow BasicAuthenticationFilter to pick up the given credentials charset. Fixes: gh-7835	2020-01-23 15:34:35 +01:00
Onur Kağan Özcan	1f6381d970	Set secure on cookie when logging out Mark cookie secure flag to ensure cookie identity is the same	2020-01-13 11:01:33 +01:00
Rob Winch	ffccec953f	Fix HttpHeaderWriterWebFilterTests Ensure setComplete() is subscribed to	2020-01-09 14:24:35 -06:00
Eleftheria Stein	fcc6457bef	Unlock dependencies for next development version This reverts commit `93acf8f0f1`.	2020-01-08 22:15:17 +01:00
Eleftheria Stein	93acf8f0f1	Lock dependencies for 5.3.0.M1	2020-01-08 19:41:10 +01:00
Onur Kağan Özcan	2015f392ef	Set secure when cancelling remember-me cookie AbstractRememberMeServices is setting remember-me cookie with checking request is secure or secure usage is independently set to a fixed flag. But when cancelling a cookie, cookie is not being marked secure or not. It produces an inconsistency when using secure flag as a part to identity of cookie.	2019-12-20 16:04:31 +01:00
Rob Winch	a8331ba7ed	CompositeServerHttpHeadersWriter Executes Sequentially Fixes gh-7731	2019-12-12 11:23:56 -06:00
David Herberth	64e063d948	switches web authentication principal resolver to use reactive context gh #6598 Signed-off-by: David Herberth <github@dav1d.de>	2019-12-12 15:33:23 +01:00
Rob Winch	8e53c3f269	DelegatingServerAuthenticationSuccessHandler Executes Sequentially Fixes gh-7728	2019-12-12 08:32:44 -06:00
Rob Winch	73babc3314	DelegatingServerLogoutHandler Executes Sequentially Fixes gh-7723	2019-12-11 15:39:27 -06:00
Joe Grandja	4d9cee116c	Display general error message when WebFlux oauth2Login() fails Issue gh-5562 gh-6484	2019-12-05 16:54:31 -05:00
Filip Hrisafov	796859333f	Log full failed authentication exception in BasicAuthenticationFilter	2019-11-27 14:56:24 +01:00
Josh Cummings	5f17032ffd	Restore Removed Throws Clauses In a recent clean-up, certain exceptions were removed from various throws clauses. This PR re-introduces throws clauses that are important for one of the following reasons: 1. It's a method on a public interface 2. It's a method clearly designed for inheritance, for example, a method stub, an abstract method, or indicated as such in the docs. Fixes gh-7541	2019-10-30 12:13:54 -06:00
Rob Winch	635f7e1edd	CsrfWebFilter supports multipart/form-data Fixes gh-7576	2019-10-28 14:06:10 -05:00
Filip Hrisafov	b9f122230b	Align javadoc of continueFilterChainOnUnsuccessfulAuthentication with actual behaviour	2019-10-23 14:50:57 -04:00
Michel Palourdio	d26f40f062	DefaultRedirectStrategy should redirect to root if the context-relative URL does not contain the context-path.	2019-10-23 09:41:00 -04:00
Tadaya Tsuyukubo	62c7de03c3	Add RequestMatcher to AbstractPreAuthenticatedProcessingFilter Moved the existing auth check logic to the matcher. Issue: gh-5928	2019-10-22 16:55:54 -04:00
Eleftheria Stein	264daec697	Test context relative URL with multiple schemes	2019-10-16 15:32:02 -04:00
Josh Cummings	b764af6b9b	CookieServerCsrfTokenRepositoryTests Leading Dot ResponseCookie removed support for having a leading dot in the cookie domain. Fixes gh-7500	2019-09-30 08:39:45 -06:00
Josh Cummings	7949dd492a	Move DelegatingServerAuthenticationSuccessHandlerTests Moved from src/test/groovy to src/test/java Issue gh-5332	2019-09-27 16:57:43 -06:00
Josh Cummings	5f905232cb	Polish CurrentSecurityContextArgumentResolvers Fixes gh-7487	2019-09-27 13:19:08 -06:00
Rob Winch	00f8991fac	Merge Remove Redudant Throws Fixes gh-7301	2019-09-19 11:04:53 -05:00
Onur Kagan Ozcan	034b5e9e93	Introduce LogoutSuccessEvent LogoutSuccessEvent is a simple AbstractAuthenticationEvent implementation which indicates successful logout. By default, LogoutConfigurer will add a new LogoutHandler called LogoutSuccessEventPublishingLogoutHandler to publish this event. This PR will also fix ConcurrentSessionFilter's composite logoutHandler, now will get LogoutHandler instances from LogoutConfigurer for consistency. Fixes gh-2900	2019-09-18 10:57:16 -05:00
Josh Cummings	7576dc44d7	AuthenticationFilter Session Fixation Protection Fixes gh-7446	2019-09-17 08:17:09 -06:00
Josh Cummings	496a2cdc60	Make AuthenticationFilter methods private Fixes gh-7447	2019-09-17 08:06:21 -06:00
Josh Cummings	aa12748c9b	Add Request-level CSRF Skip Fixes gh-7367	2019-09-13 19:04:05 +01:00
Eleftheria Stein	9f0986a093	Fix javadoc typo for invalid session strategy	2019-09-09 16:51:14 -04:00
Filip Hanik	08d50868c9	Merge pull request #7260 from fhanik/feature/saml2-sp-mvp Add SAML Service Provider Support	2019-09-05 17:04:14 -07:00
Filip Hanik	e9a44bc0ce	HttpSecurity.saml2login() - MVP Core Code Implements minimal SAML 2.0 login/authentication functionality with the following feature set: - Supports IDP initiated login at the default url of /login/saml2/sso/{registrationId} - Supports SP initiated login at the default url of /saml2/authenticate/{registrationId} - Supports basic java-configuration via DSL - Provides an integration sample using Spring Boot Not implemented with this MVP - Single Logout - Dynamic Service Provider Metadata Fixes gh-6019	2019-09-05 14:40:08 -07:00
Rob Winch	2a1f3f6aa7	Remove Package Tangle in HeaderWriterFilter Fixes gh-7380	2019-09-05 16:08:45 -05:00
Josh Cummings	39e84013f7	ClearSiteDataHeaderWriter Directives Fixes gh-7347	2019-09-03 15:57:10 -06:00
Eleftheria Stein	ad0d3e9702	Polish remember me username check	2019-09-03 11:48:46 -04:00
Scott Murphy	26ae590c68	Check that userdetails for username exists. #7251	2019-09-03 11:48:46 -04:00
kostya05983	f6c650db47	Replace Streams with Loops First version of replacing streams fix wwwAuthenticate and codestyle fix errors in implementation to pass tests Fix review notes Remove uneccessary final to align with cb Short circuit way to authorize Simplify error message, make code readably Return error while duplicate key found Delete check for duplicate, checkstyle issues Return duplicate error Fixes gh-7154	2019-09-02 15:30:48 -06:00
Lars Grefer	95511331fa	fix checkstyle	2019-08-26 22:42:26 +02:00
watsta	2c2e8e5f24	Remove internal Optional usage in favor of null checks Issue gh-7155	2019-08-26 09:27:40 -04:00
Lars Grefer	34dd5fea30	Remove redundant throws clauses Removes exceptions that are declared in a method's signature but never thrown by the method itself or its implementations/derivatives.	2019-08-23 01:03:54 +02:00
Daniel Wegener	1a233a58c7	Add OnCommittedResponseWrapper.setContentLengthLong Add setContentLengthLong tracking to OnCommittedResponseWrapper in order to detect commits on servlets that use setContentLengthLong to announce the entity size they are about to write (as used in the Apache Tomcat's DefaultServlet). Fixes gh-7261	2019-08-19 21:14:41 -04:00
Eleftheria Stein	4bc231872f	Expire as many sessions as exceed maximum allowed Fixes: gh-7166	2019-08-15 09:48:42 -05:00
Josh Cummings	9735a718cc	Remove MultiTenantAuthenticationManagerResolver Fixes gh-7259	2019-08-14 11:14:47 -06:00
Rob Winch	c1db1aad91	Cleanup Code Style Issues Cleanup Code Style Issues	2019-08-12 13:06:49 -05:00
Lars Grefer	ec6ca97226	Fix tests	2019-08-11 21:09:10 +02:00
Lars Grefer	ff1070df36	remove redundant modifiers found by checkstyle	2019-08-10 00:18:56 +02:00
Lars Grefer	38de737663	Java 8: Statement lambda can be replaced with expression lambda	2019-08-09 16:59:07 -05:00
Lars Grefer	7b2a7847e5	Java 8: Single Map method can be used	2019-08-09 16:59:07 -05:00
Lars Grefer	25c06be1eb	Java 7: Identical 'catch' branches in 'try' statement	2019-08-09 16:59:07 -05:00
Lars Grefer	578d628774	'Collection.toArray()' call style	2019-08-09 16:57:31 -05:00
Lars Grefer	b388976ac8	fix checkstyle	2019-08-09 02:46:20 +02:00
Lars Grefer	35bdf1f009	Unnecessary semicolon	2019-08-09 00:43:13 +02:00
Lars Grefer	d9c1f03b84	Unnecessary interface modifier	2019-08-09 00:42:35 +02:00
Lars Grefer	40bee457f9	Unnecessary enum modifier	2019-08-09 00:42:07 +02:00
Lars Grefer	8d0ca14e55	Unnecessary conversion to String	2019-08-09 00:41:46 +02:00
Lars Grefer	fb39d9c255	Anonymous type can be replaced with lambda	2019-08-08 17:09:09 -04:00
Lars Grefer	05f42a4995	Remove unused imports	2019-08-08 14:22:31 -04:00
Lars Grefer	2056834432	Cleanup unnecessary unboxing Unboxing is unnecessary under Java 5 and newer, and can be safely removed.	2019-08-06 10:17:38 -04:00
Lars Grefer	2306d987e9	Cleanup unnecessary boxing	2019-08-06 10:17:38 -04:00
Filip Hanik	2055466ad7	Add Javadoc	2019-08-05 19:43:00 -04:00
Filip Hanik	ddf68821cb	Add RequestMatcher.matcher(HttpServletRequest) Step 3 - Usage of RequestVariablesExtractor or types that are assigned to AntPathRequestMatcher should be replaced with the new method. [closes #7148]	2019-08-05 19:43:00 -04:00
Eddú Meléndez	496579dde2	Add match result for servlet requests Fixes gh-7148	2019-08-05 19:43:00 -04:00
Josh Cummings	774a2e669c	Polish setAllowedHostnames Added JavaDoc to method, including @since attribute Issue gh-4310	2019-08-03 19:19:44 -06:00
Eddú Meléndez	f712c5598c	Add support for allowedHostnames in StrictHttpFirewall Introduce a new method `setAllowedHostnames` which perform the validation against untrusted hostnames. Fixes gh-4310	2019-08-03 21:16:45 -04:00
Khy	a5cfd9fdb9	Downgrade AuthenticationFilter modifier Fixes gh-7177	2019-08-03 21:14:33 -04:00
Lars Grefer	776a4c3760	Use org.mockito.ArgumentMatchers in favor of org.mockito.Matchers	2019-08-03 12:28:37 -04:00
Rob Winch	ad2f999c25	Polish BasicAuthenticationConverter This reverts to the old behavior from BasicAuthenticationFilter. Specifically, if a token has an empty password, it still parses a username and an empty String password. Issue gh-7025	2019-08-02 09:04:55 -05:00
Josh Cummings	d157125c8e	Polish AuthenticationFilter Updated member variable references to be prefixed with "this.". Fixed typo in authentication manager resolver error message. Issue: gh-6506	2019-08-01 16:26:54 -06:00
Eddú Meléndez	50adb6abcb	Fix javadoc	2019-07-31 15:36:30 -04:00
Eleftheria Stein	0b4502b2c5	Remove exceptions from lambda security configuration Fixes: gh-7128	2019-07-30 08:31:37 -05:00
Eleftheria Stein	b55322b2cb	Make basic authentication scheme case-insensitive Fixes: gh-7163	2019-07-29 16:30:03 -04:00
sbespalov	f1187bdfc2	issue/6506: AuthenticationConverter implementation	2019-07-23 17:31:21 -05:00
Clement Ng	ab6440db10	Throws exception when passed IP address with too long mask Fixes gh-2790	2019-07-19 06:25:58 -04:00
Rob Winch	ea54d9014d	DSL nested builder for HTTP security DSL nested builder for HTTP security Fixes gh-5557	2019-07-12 16:09:19 -05:00
Lars Grefer	3ea9d376b2	Cleanup explicit type arguments	2019-07-10 09:32:41 -05:00
Lars Grefer	c5b5cc507c	Cleanup redundant type casts	2019-07-10 09:31:09 -05:00
Eleftheria Stein	758397f102	Allow configuration of headers through nested builder Issue: gh-5557	2019-07-09 15:35:37 -04:00
Lars Grefer	43737a56bd	Use foreach where possible	2019-07-09 06:11:45 -06:00
Bruno Studer	8016a193b9	Optimize IpAddressMatcher Get rid of byte array allocation in matcher and small optimizations	2019-07-03 23:27:12 -06:00
Lars Grefer	4b0fb19fff	Use MessageDigest.isEqual() where possible fixes #7058	2019-07-03 05:40:20 -06:00
Lars Grefer	400e0c83b0	Add missing nullability annotation	2019-06-27 14:54:14 -05:00
Josh Cummings	f5da63118e	Add MultiTenantAuthenticationManagerResolver A class with a number of handy request-based implementations of AuthenticationManagerResolver targeted at common multi-tenancy scenarios. Fixes: gh-6976	2019-06-25 17:21:38 -06:00
Bagyoni Attila	878d262a26	Reimplement some hashCodes according to the currently recommended pattern. These hashCode implementations seemed suspicious (field hashCodes XORed together with 31). Included caseSensitive in AntPathRequestMatcher.hashCode() to be consistent with equals().	2019-06-18 12:44:57 -06:00
Rafiullah Hamedy	f6ed1db702	Introduced ReactiveAuthenticationManagerResolver Suitable for multi-tenant reactive applications needing to branch authentication strategies based on request details.	2019-06-13 08:52:19 -06:00
Clement Ng	e66369f6c6	Added null checks and tests to constructors RequestKey, JaasGrantedAuthority, and SwitchUserGrantedAuthority assume certain final members are non-null. Issue: gh-6892	2019-05-29 16:10:36 -06:00
httpain	98a8467e4c	Fix javadoc typo	2019-04-30 10:42:25 -06:00
Alexey Nesterov	9a67441507	Add x509 support for Reactive Security [gh #5038]	2019-04-26 12:15:18 -05:00
MD Sayem Ahmed	2c136f7b6c	Add Reactive Clear-Site-Data Support 1. A new implementation of ServerHttpHeadersWriter has been created to add Clear-Site-Data header support. 2. A new implementation of ServerLogoutHandler has been created which can be configured to write response headers during logout. 3. Added unit tests for both implementations. Fixes gh-6743	2019-04-19 17:46:37 -06:00
Josh Cummings	20a7bc4785	Improved DigestAuthenticationFilter Test Coverage Issue: gh-5462	2019-04-13 20:27:08 -06:00
Thomas Vitale	d88c2c19f0	Throw exception that was created but not thrown Fixes gh-5462	2019-04-13 20:27:07 -06:00
Dan Zheng	22c8f63390	review phase2	2019-04-13 19:22:44 -06:00
Dan Zheng	570eb01733	review phase1	2019-04-13 19:22:44 -06:00
Dan Zheng	678e0b19e0	Introduce @CurrentSecurityContext for method arguments	2019-04-13 19:22:44 -06:00
Luke Butters	19de13bdc7	Issue 6731 improve performance of checking headers Improves the performance of checking headers for new lines. Fixes: gh-6731	2019-04-08 10:10:53 -06:00
Joe Grandja	4e9c37b1ae	Manual URL Cleanup	2019-03-29 13:24:11 -04:00
Dan Zheng	a9a86cd826	Simplify MediaTypeRequestMatcher construction Fixes: gh-6612	2019-03-28 22:02:12 -06:00
Josh Cummings	2daed8c003	Readability Polish Heavily nested parentheses and lots of indentation can get hard to read, so we should simplify this where we can. Issue: gh-6639	2019-03-28 15:12:59 -06:00
Scheidter,Ryan	281ccff907	Fixed NPE in HttpsRedirectWebFilter A more descriptive IllegalStateException is now thrown instead in the case that no such port mapping exists. Fixes: gh-6639	2019-03-28 15:12:47 -06:00
Rob Winch	e9e7f7d9bc	Polish URL Cleanup Fixes: gh-6628	2019-03-20 00:26:43 -05:00
Spring Operator	3b89754926	URL Cleanup This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener). # HTTP URLs that Could Not Be Fixed These URLs were unable to be fixed. Please review them to see if they can be manually resolved. * http://blog.opensecurityresearch.com/2012/02/json-csrf-with-parameter-padding.html (200) with 1 occurrences could not be migrated: ([https](https://blog.opensecurityresearch.com/2012/02/json-csrf-with-parameter-padding.html) result ClosedChannelException). * http://bouncy-castle.1462172.n4.nabble.com/Java-Bouncy-Castle-scrypt-implementation-td4656832.html (200) with 1 occurrences could not be migrated: ([https](https://bouncy-castle.1462172.n4.nabble.com/Java-Bouncy-Castle-scrypt-implementation-td4656832.html) result SSLHandshakeException). * http://cujojs.com/ (200) with 1 occurrences could not be migrated: ([https](https://cujojs.com/) result SSLHandshakeException). * http://erik.eae.net/archives/2007/07/27/18.54.15/ (200) with 1 occurrences could not be migrated: ([https](https://erik.eae.net/archives/2007/07/27/18.54.15/) result SSLHandshakeException). * http://javascript.nwbox.com/IEContentLoaded/ (200) with 1 occurrences could not be migrated: ([https](https://javascript.nwbox.com/IEContentLoaded/) result SSLHandshakeException). * http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2011-February/007533.html (200) with 1 occurrences could not be migrated: ([https](https://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2011-February/007533.html) result SSLHandshakeException). * http://monkeymachine.co.uk/ (200) with 2 occurrences could not be migrated: ([https](https://monkeymachine.co.uk/) result SSLHandshakeException). * http://perfectionkills.com/detecting-event-support-without-browser-sniffing/ (200) with 1 occurrences could not be migrated: ([https](https://perfectionkills.com/detecting-event-support-without-browser-sniffing/) result SSLHandshakeException). * http://somesite.com/login (200) with 3 occurrences could not be migrated: ([https](https://somesite.com/login) result AnnotatedConnectException). * http://someurl.com/ (200) with 2 occurrences could not be migrated: ([https](https://someurl.com/) result SSLHandshakeException). * http://sscce.org/ (200) with 1 occurrences could not be migrated: ([https](https://sscce.org/) result SSLHandshakeException). * http://webblaze.cs.berkeley.edu/papers/barth-caballero-song.pdf (200) with 2 occurrences could not be migrated: ([https](https://webblaze.cs.berkeley.edu/papers/barth-caballero-song.pdf) result 404). * http://www.example.com:80/ (200) with 1 occurrences could not be migrated: ([https](https://www.example.com:80/) result NotSslRecordException). * http://www.faqs.org/qa/rfcc-1940.html (200) with 3 occurrences could not be migrated: ([https](https://www.faqs.org/qa/rfcc-1940.html) result AnnotatedConnectException). * http://www.faqs.org/rfcs/rfc1945.html (200) with 2 occurrences could not be migrated: ([https](https://www.faqs.org/rfcs/rfc1945.html) result AnnotatedConnectException). * http://www.faqs.org/rfcs/rfc3548.html (200) with 3 occurrences could not be migrated: ([https](https://www.faqs.org/rfcs/rfc3548.html) result AnnotatedConnectException). * http://www.zytrax.com/books/ldap/ (200) with 2 occurrences could not be migrated: ([https](https://www.zytrax.com/books/ldap/) result AnnotatedConnectException). * http://blindsignals.com/index.php/2009/07/jquery-delay/ (301) with 1 occurrences could not be migrated: ([https](https://blindsignals.com/index.php/2009/07/jquery-delay/) result SSLHandshakeException). * http://www.faqs.org/ (301) with 1 occurrences could not be migrated: ([https](https://www.faqs.org/) result AnnotatedConnectException). * http://sam.zoy.org/wtfpl/ (301) with 2 occurrences could not be migrated: ([https](https://sam.zoy.org/wtfpl/) result SSLHandshakeException). * http://hey.openid.com/ (302) with 1 occurrences could not be migrated: ([https](https://hey.openid.com/) result SSLHandshakeException). * http://iharder.net/base64 (303) with 2 occurrences could not be migrated: ([https](https://iharder.net/base64) result AnnotatedConnectException). * http://jaspan.com/improved_persistent_login_cookie_best_practice (500) with 3 occurrences could not be migrated: ([https](https://jaspan.com/improved_persistent_login_cookie_best_practice) result AnnotatedConnectException). # Fixed URLs ## Fixed But Review Recommended These URLs were fixed, but the https status was not OK. However, the https status was the same as the http request or http redirected to an https URL, so they were migrated. Your review is recommended. * http://www.relaxng.org/ (301) with 1 occurrences migrated to: https://relaxng.org/ ([https](https://www.relaxng.org/) result SSLHandshakeException). * http://www.relaxng.org (301) with 1 occurrences migrated to: https://relaxng.org/ ([https](https://www.relaxng.org) result SSLHandshakeException). * http://tools.ietf.org/html/draft-ietf-websec-x-frame-options (301) with 2 occurrences migrated to: https://tools.ietf.org/html/draft-ietf-websec-x-frame-options ([https](https://tools.ietf.org/html/draft-ietf-websec-x-frame-options) result ReadTimeoutException). * http://foo.test.com (302) with 2 occurrences migrated to: https://www.test.com ([https](https://foo.test.com) result SSLHandshakeException). * http://abc.test.com (302) with 2 occurrences migrated to: https://www.test.com ([https](https://abc.test.com) result SSLHandshakeException). * http://192.168.1:8080 (ConnectTimeoutException) with 2 occurrences migrated to: https://192.168.1:8080 ([https](https://192.168.1:8080) result ConnectTimeoutException). * http://www.example.com:8080/mycontext/secure/page.html (ConnectTimeoutException) with 1 occurrences migrated to: https://www.example.com:8080/mycontext/secure/page.html ([https](https://www.example.com:8080/mycontext/secure/page.html) result ConnectTimeoutException). * http://www.example.com:8888/bigWebApp/hello (ConnectTimeoutException) with 1 occurrences migrated to: https://www.example.com:8888/bigWebApp/hello ([https](https://www.example.com:8888/bigWebApp/hello) result ConnectTimeoutException). * http://www.example.com:8888/bigWebApp/hello/pathInfo.html?open=true (ConnectTimeoutException) with 1 occurrences migrated to: https://www.example.com:8888/bigWebApp/hello/pathInfo.html?open=true ([https](https://www.example.com:8888/bigWebApp/hello/pathInfo.html?open=true) result ConnectTimeoutException). * http://www.opensymphony.com/sitemesh/decorator (ConnectTimeoutException) with 1 occurrences migrated to: https://www.opensymphony.com/sitemesh/decorator ([https](https://www.opensymphony.com/sitemesh/decorator) result ConnectTimeoutException). * http://www.opensymphony.com/sitemesh/page (ConnectTimeoutException) with 1 occurrences migrated to: https://www.opensymphony.com/sitemesh/page ([https](https://www.opensymphony.com/sitemesh/page) result ConnectTimeoutException). * http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd (ReadTimeoutException) with 1 occurrences migrated to: https://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd ([https](https://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd) result ReadTimeoutException). * http://axschema.org/ (UnknownHostException) with 2 occurrences migrated to: https://axschema.org/ ([https](https://axschema.org/) result UnknownHostException). * http://axschema.org/contact/email (UnknownHostException) with 23 occurrences migrated to: https://axschema.org/contact/email ([https](https://axschema.org/contact/email) result UnknownHostException). * http://axschema.org/namePerson (UnknownHostException) with 5 occurrences migrated to: https://axschema.org/namePerson ([https](https://axschema.org/namePerson) result UnknownHostException). * http://axschema.org/namePerson/first (UnknownHostException) with 4 occurrences migrated to: https://axschema.org/namePerson/first ([https](https://axschema.org/namePerson/first) result UnknownHostException). * http://axschema.org/namePerson/last (UnknownHostException) with 4 occurrences migrated to: https://axschema.org/namePerson/last ([https](https://axschema.org/namePerson/last) result UnknownHostException). * http://context.blah.com/context/remainder (UnknownHostException) with 1 occurrences migrated to: https://context.blah.com/context/remainder ([https](https://context.blah.com/context/remainder) result UnknownHostException). * http://default (UnknownHostException) with 12 occurrences migrated to: https://default ([https](https://default) result UnknownHostException). * http://endpoint (UnknownHostException) with 4 occurrences migrated to: https://endpoint ([https](https://endpoint) result UnknownHostException). * http://endpoint?id_token_hint=id-token (UnknownHostException) with 2 occurrences migrated to: https://endpoint?id_token_hint=id-token ([https](https://endpoint?id_token_hint=id-token) result UnknownHostException). * http://example.com&param1=value1&param2=value2 (UnknownHostException) with 1 occurrences migrated to: https://example.com&param1=value1&param2=value2 ([https](https://example.com&param1=value1&param2=value2) result UnknownHostException). * http://host/myapp/index.html;jsessionid=blah (UnknownHostException) with 1 occurrences migrated to: https://host/myapp/index.html;jsessionid=blah ([https](https://host/myapp/index.html;jsessionid=blah) result UnknownHostException). * http://http://context.blah.com/context/remainder (UnknownHostException) with 1 occurrences migrated to: https://http://context.blah.com/context/remainder ([https](https://https://context.blah.com/context/remainder) result UnknownHostException). * http://id.openid.zz (UnknownHostException) with 2 occurrences migrated to: https://id.openid.zz ([https](https://id.openid.zz) result UnknownHostException). * http://invalid-provider.com/oauth2/token (UnknownHostException) with 4 occurrences migrated to: https://invalid-provider.com/oauth2/token ([https](https://invalid-provider.com/oauth2/token) result UnknownHostException). * http://invalid-provider.com/user (UnknownHostException) with 4 occurrences migrated to: https://invalid-provider.com/user ([https](https://invalid-provider.com/user) result UnknownHostException). * http://issuer/.well-known/jwks.json (UnknownHostException) with 2 occurrences migrated to: https://issuer/.well-known/jwks.json ([https](https://issuer/.well-known/jwks.json) result UnknownHostException). * http://issuer/certs (UnknownHostException) with 1 occurrences migrated to: https://issuer/certs ([https](https://issuer/certs) result UnknownHostException). * http://jimi.hendrix.myopenid.com/ (UnknownHostException) with 1 occurrences migrated to: https://jimi.hendrix.myopenid.com/ ([https](https://jimi.hendrix.myopenid.com/) result UnknownHostException). * http://joe.myopenid.com/ (UnknownHostException) with 3 occurrences migrated to: https://joe.myopenid.com/ ([https](https://joe.myopenid.com/) result UnknownHostException). * http://logout (UnknownHostException) with 2 occurrences migrated to: https://logout ([https](https://logout) result UnknownHostException). * http://logout?id_token_hint=id-token (UnknownHostException) with 2 occurrences migrated to: https://logout?id_token_hint=id-token ([https](https://logout?id_token_hint=id-token) result UnknownHostException). * http://openid.aol.com/ (UnknownHostException) with 2 occurrences migrated to: https://openid.aol.com/ ([https](https://openid.aol.com/) result UnknownHostException). * http://pip.verisignlabs.com/server (UnknownHostException) with 2 occurrences migrated to: https://pip.verisignlabs.com/server ([https](https://pip.verisignlabs.com/server) result UnknownHostException). * http://postlogout?encodedparam%3Dvalue (UnknownHostException) with 2 occurrences migrated to: https://postlogout?encodedparam%3Dvalue ([https](https://postlogout?encodedparam%3Dvalue) result UnknownHostException). * http://postlogout?encodedparam=value (UnknownHostException) with 2 occurrences migrated to: https://postlogout?encodedparam=value ([https](https://postlogout?encodedparam=value) result UnknownHostException). * http://schema.openid.net/contact/email (UnknownHostException) with 5 occurrences migrated to: https://schema.openid.net/contact/email ([https](https://schema.openid.net/contact/email) result UnknownHostException). * http://schema.openid.net/namePerson (UnknownHostException) with 2 occurrences migrated to: https://schema.openid.net/namePerson ([https](https://schema.openid.net/namePerson) result UnknownHostException). * http://some.site.org/index.html (UnknownHostException) with 1 occurrences migrated to: https://some.site.org/index.html ([https](https://some.site.org/index.html) result UnknownHostException). * http://something/ (UnknownHostException) with 1 occurrences migrated to: https://something/ ([https](https://something/) result UnknownHostException). * http://specs.openid.net/auth/2.0 (UnknownHostException) with 2 occurrences migrated to: https://specs.openid.net/auth/2.0 ([https](https://specs.openid.net/auth/2.0) result UnknownHostException). * http://specs.openid.net/auth/2.0/identifier_select (UnknownHostException) with 4 occurrences migrated to: https://specs.openid.net/auth/2.0/identifier_select ([https](https://specs.openid.net/auth/2.0/identifier_select) result UnknownHostException). * http://wiki.fasterxml.com/JacksonFeatureModules (UnknownHostException) with 1 occurrences migrated to: https://wiki.fasterxml.com/JacksonFeatureModules ([https](https://wiki.fasterxml.com/JacksonFeatureModules) result UnknownHostException). * http://www.faqs (UnknownHostException) with 1 occurrences migrated to: https://www.faqs ([https](https://www.faqs) result UnknownHostException). * http://www.test123.com (UnknownHostException) with 1 occurrences migrated to: https://www.test123.com ([https](https://www.test123.com) result UnknownHostException). * http://en.wikipedia.org/wiki/Defense_in_depth_%28computing%29 (301) with 1 occurrences migrated to: https://en.wikipedia.org/wiki/Defense_in_depth_%2528computing%2529 ([https](https://en.wikipedia.org/wiki/Defense_in_depth_%28computing%29) result 400). * http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ForwardedRequestCustomizer.html (404) with 1 occurrences migrated to: https://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ForwardedRequestCustomizer.html ([https](https://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ForwardedRequestCustomizer.html) result 404). * http://example.com/auth (404) with 2 occurrences migrated to: https://example.com/auth ([https](https://example.com/auth) result 404). * http://example.com/info (404) with 2 occurrences migrated to: https://example.com/info ([https](https://example.com/info) result 404). * http://example.com/jwkset (404) with 2 occurrences migrated to: https://example.com/jwkset ([https](https://example.com/jwkset) result 404). * http://example.com/login/oauth2/code/registration-id (404) with 1 occurrences migrated to: https://example.com/login/oauth2/code/registration-id ([https](https://example.com/login/oauth2/code/registration-id) result 404). * http://example.com/login/oauth2/code/registration-id-2 (404) with 1 occurrences migrated to: https://example.com/login/oauth2/code/registration-id-2 ([https](https://example.com/login/oauth2/code/registration-id-2) result 404). * http://example.com/path?a=b&c=d (404) with 1 occurrences migrated to: https://example.com/path?a=b&c=d ([https](https://example.com/path?a=b&c=d) result 404). * http://example.com/pkp-report (404) with 5 occurrences migrated to: https://example.com/pkp-report ([https](https://example.com/pkp-report) result 404). * http://example.com/token (404) with 2 occurrences migrated to: https://example.com/token ([https](https://example.com/token) result 404). * http://example.net/pkp-report (404) with 7 occurrences migrated to: https://example.net/pkp-report ([https](https://example.net/pkp-report) result 404). * http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/ (301) with 1 occurrences migrated to: https://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/ ([https](https://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/) result 404). * http://html5shim.googlecode.com/svn/trunk/html5.js (404) with 6 occurrences migrated to: https://html5shim.googlecode.com/svn/trunk/html5.js ([https](https://html5shim.googlecode.com/svn/trunk/html5.js) result 404). * http://json.org/json2.js (404) with 1 occurrences migrated to: https://json.org/json2.js ([https](https://json.org/json2.js) result 404). * http://openid-selector.googlecode.com/svn/trunk/ (404) with 2 occurrences migrated to: https://openid-selector.googlecode.com/svn/trunk/ ([https](https://openid-selector.googlecode.com/svn/trunk/) result 404). * http://provider.com/user (302) with 2 occurrences migrated to: https://provider.com/user ([https](https://provider.com/user) result 404). * http://relaxng.org/ns/compatibility/annotations/1.0 (301) with 8 occurrences migrated to: https://relaxng.org/ns/compatibility/annotations/1.0 ([https](https://relaxng.org/ns/compatibility/annotations/1.0) result 404). * http://www.example.com/bigWebApp/hello (404) with 2 occurrences migrated to: https://www.example.com/bigWebApp/hello ([https](https://www.example.com/bigWebApp/hello) result 404). * http://www.example.com/bigWebApp/hello/pathInfo.html?open=true (404) with 1 occurrences migrated to: https://www.example.com/bigWebApp/hello/pathInfo.html?open=true ([https](https://www.example.com/bigWebApp/hello/pathInfo.html?open=true) result 404). * http://www.example.com/identity (404) with 1 occurrences migrated to: https://www.example.com/identity ([https](https://www.example.com/identity) result 404). * http://www.example.com/login/openid (404) with 2 occurrences migrated to: https://www.example.com/login/openid ([https](https://www.example.com/login/openid) result 404). * http://www.example.com/mycontext/HelloWorld (404) with 1 occurrences migrated to: https://www.example.com/mycontext/HelloWorld ([https](https://www.example.com/mycontext/HelloWorld) result 404). * http://www.example.com/mycontext/HelloWorld/some/more/segments.html (404) with 1 occurrences migrated to: https://www.example.com/mycontext/HelloWorld/some/more/segments.html ([https](https://www.example.com/mycontext/HelloWorld/some/more/segments.html) result 404). * http://www.example.com/mycontext/HelloWorld?foo=bar (404) with 1 occurrences migrated to: https://www.example.com/mycontext/HelloWorld?foo=bar ([https](https://www.example.com/mycontext/HelloWorld?foo=bar) result 404). * http://www.example.com/mycontext/secure/page.html (404) with 3 occurrences migrated to: https://www.example.com/mycontext/secure/page.html ([https](https://www.example.com/mycontext/secure/page.html) result 404). * http://www.example.com/realm (404) with 1 occurrences migrated to: https://www.example.com/realm ([https](https://www.example.com/realm) result 404). * http://www.example.com/redirect (404) with 1 occurrences migrated to: https://www.example.com/redirect ([https](https://www.example.com/redirect) result 404). * http://www.example.org/do/something (404) with 4 occurrences migrated to: https://www.example.org/do/something ([https](https://www.example.org/do/something) result 404). * http://www.ibm.com/developerworks/tivoli/library/t-ldap-controls/ (301) with 1 occurrences migrated to: https://www.ibm.com/developerworks/tivoli/library/t-ldap-controls/ ([https](https://www.ibm.com/developerworks/tivoli/library/t-ldap-controls/) result 404). * http://www.json.org/json2.js (404) with 1 occurrences migrated to: https://www.json.org/json2.js ([https](https://www.json.org/json2.js) result 404). * http://www.thymeleaf.org/thymeleaf-extras-springsecurity5 (301) with 5 occurrences migrated to: https://www.thymeleaf.org/thymeleaf-extras-springsecurity5 ([https](https://www.thymeleaf.org/thymeleaf-extras-springsecurity5) result 404). ## Fixed Success These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended. * http://blog.ircmaxell.com/2014/03/why-i-dont-recommend-scrypt.html with 1 occurrences migrated to: https://blog.ircmaxell.com/2014/03/why-i-dont-recommend-scrypt.html ([https](https://blog.ircmaxell.com/2014/03/why-i-dont-recommend-scrypt.html) result 200). * http://bugs.jquery.com/ticket/12282 with 1 occurrences migrated to: https://bugs.jquery.com/ticket/12282 ([https](https://bugs.jquery.com/ticket/12282) result 200). * http://bugs.jquery.com/ticket/12359 with 1 occurrences migrated to: https://bugs.jquery.com/ticket/12359 ([https](https://bugs.jquery.com/ticket/12359) result 200). * http://claimid.com/ with 2 occurrences migrated to: https://claimid.com/ ([https](https://claimid.com/) result 200). * http://dist.springsource.org/snapshot/GRECLIPSE/e4.7/ with 1 occurrences migrated to: https://dist.springsource.org/snapshot/GRECLIPSE/e4.7/ ([https](https://dist.springsource.org/snapshot/GRECLIPSE/e4.7/) result 200). * http://docs.oracle.com/javaee/6/api/javax/servlet/AsyncContext.html with 1 occurrences migrated to: https://docs.oracle.com/javaee/6/api/javax/servlet/AsyncContext.html ([https](https://docs.oracle.com/javaee/6/api/javax/servlet/AsyncContext.html) result 200). * http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html with 26 occurrences migrated to: https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html ([https](https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html) result 200). * http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html with 1 occurrences migrated to: https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html ([https](https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html) result 200). * http://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html with 1 occurrences migrated to: https://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html ([https](https://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html) result 200). * http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html with 1 occurrences migrated to: https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html ([https](https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html) result 200). * http://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html with 1 occurrences migrated to: https://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html ([https](https://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html) result 200). * http://docs.spring.io/spring-framework/docs/4.0.x/spring-framework-reference/htmlsingle/ with 2 occurrences migrated to: https://docs.spring.io/spring-framework/docs/4.0.x/spring-framework-reference/htmlsingle/ ([https](https://docs.spring.io/spring-framework/docs/4.0.x/spring-framework-reference/htmlsingle/) result 200). * http://static.springsource.org/spring-security/site/docs/3.0.x/reference/remember-me.html (301) with 1 occurrences migrated to: https://docs.spring.io/spring-security/site/docs/3.0.x/reference/remember-me.html ([https](https://static.springsource.org/spring-security/site/docs/3.0.x/reference/remember-me.html) result 200). * http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html (301) with 1 occurrences migrated to: https://docs.spring.io/spring-security/site/docs/3.1.x/reference/springsecurity-single.html ([https](https://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html) result 200). * http://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/ with 1 occurrences migrated to: https://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/ ([https](https://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/) result 200). * http://docs.spring.io/spring-security/site/docs/current/api/ with 1 occurrences migrated to: https://docs.spring.io/spring-security/site/docs/current/api/ ([https](https://docs.spring.io/spring-security/site/docs/current/api/) result 200). * http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/ with 3 occurrences migrated to: https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/ ([https](https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/) result 200). * http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html (301) with 1 occurrences migrated to: https://docs.spring.io/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html ([https](https://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html) result 200). * http://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/beans.html with 1 occurrences migrated to: https://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/beans.html ([https](https://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/beans.html) result 200). * http://docs.spring.io/spring/docs/3.2.x/javadoc-api/org/springframework/web/multipart/support/MultipartFilter.html with 1 occurrences migrated to: https://docs.spring.io/spring/docs/3.2.x/javadoc-api/org/springframework/web/multipart/support/MultipartFilter.html ([https](https://docs.spring.io/spring/docs/3.2.x/javadoc-api/org/springframework/web/multipart/support/MultipartFilter.html) result 200). * http://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/mvc.html with 3 occurrences migrated to: https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/mvc.html ([https](https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/mvc.html) result 200). * http://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/view.html with 1 occurrences migrated to: https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/view.html ([https](https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/view.html) result 200). * http://en.wikipedia.org/wiki/Clickjacking with 9 occurrences migrated to: https://en.wikipedia.org/wiki/Clickjacking ([https](https://en.wikipedia.org/wiki/Clickjacking) result 200). * http://en.wikipedia.org/wiki/Content_sniffing with 2 occurrences migrated to: https://en.wikipedia.org/wiki/Content_sniffing ([https](https://en.wikipedia.org/wiki/Content_sniffing) result 200). * http://en.wikipedia.org/wiki/Cross-site_request_forgery with 11 occurrences migrated to: https://en.wikipedia.org/wiki/Cross-site_request_forgery ([https](https://en.wikipedia.org/wiki/Cross-site_request_forgery) result 200). * http://en.wikipedia.org/wiki/Cross-site_scripting with 7 occurrences migrated to: https://en.wikipedia.org/wiki/Cross-site_scripting ([https](https://en.wikipedia.org/wiki/Cross-site_scripting) result 200). * http://en.wikipedia.org/wiki/Firesheep with 1 occurrences migrated to: https://en.wikipedia.org/wiki/Firesheep ([https](https://en.wikipedia.org/wiki/Firesheep) result 200). * http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security with 4 occurrences migrated to: https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security ([https](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) result 200). * http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol with 1 occurrences migrated to: https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol ([https](https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol) result 200). * http://en.wikipedia.org/wiki/Man-in-the-middle_attack with 2 occurrences migrated to: https://en.wikipedia.org/wiki/Man-in-the-middle_attack ([https](https://en.wikipedia.org/wiki/Man-in-the-middle_attack) result 200). * http://en.wikipedia.org/wiki/Null_Object_pattern with 1 occurrences migrated to: https://en.wikipedia.org/wiki/Null_Object_pattern ([https](https://en.wikipedia.org/wiki/Null_Object_pattern) result 200). * http://en.wikipedia.org/wiki/SRV_record with 2 occurrences migrated to: https://en.wikipedia.org/wiki/SRV_record ([https](https://en.wikipedia.org/wiki/SRV_record) result 200). * http://en.wikipedia.org/wiki/Same-origin_policy with 1 occurrences migrated to: https://en.wikipedia.org/wiki/Same-origin_policy ([https](https://en.wikipedia.org/wiki/Same-origin_policy) result 200). * http://en.wikipedia.org/wiki/Session_fixation with 6 occurrences migrated to: https://en.wikipedia.org/wiki/Session_fixation ([https](https://en.wikipedia.org/wiki/Session_fixation) result 200). * http://example.com with 8 occurrences migrated to: https://example.com ([https](https://example.com) result 200). * http://example.com/ with 1 occurrences migrated to: https://example.com/ ([https](https://example.com/) result 200). * http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice with 2 occurrences migrated to: https://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice ([https](https://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice) result 200). * http://flywaydb.org/ with 1 occurrences migrated to: https://flywaydb.org/ ([https](https://flywaydb.org/) result 200). * http://getbootstrap.com/docs/4.0/examples/signin/signin.css with 1 occurrences migrated to: https://getbootstrap.com/docs/4.0/examples/signin/signin.css ([https](https://getbootstrap.com/docs/4.0/examples/signin/signin.css) result 200). * http://gradle.org with 1 occurrences migrated to: https://gradle.org ([https](https://gradle.org) result 200). * http://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/ with 2 occurrences migrated to: https://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/ ([https](https://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/) result 200). * http://joshlong.com/jl/blogPost/tech_tip_geting_started_with_spring_boot.html with 2 occurrences migrated to: https://joshlong.com/jl/blogPost/tech_tip_geting_started_with_spring_boot.html ([https](https://joshlong.com/jl/blogPost/tech_tip_geting_started_with_spring_boot.html) result 200). * http://jquery.com/ with 1 occurrences migrated to: https://jquery.com/ ([https](https://jquery.com/) result 200). * http://knockoutjs.com/ with 1 occurrences migrated to: https://knockoutjs.com/ ([https](https://knockoutjs.com/) result 200). * http://marketplace.eclipse.org/content/anyedit-tools with 1 occurrences migrated to: https://marketplace.eclipse.org/content/anyedit-tools ([https](https://marketplace.eclipse.org/content/anyedit-tools) result 200). * http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html with 1 occurrences migrated to: https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html ([https](https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html) result 200). * http://openid.net with 1 occurrences migrated to: https://openid.net ([https](https://openid.net) result 200). * http://openid.net/ with 1 occurrences migrated to: https://openid.net/ ([https](https://openid.net/) result 200). * http://openid.net/certification/ with 4 occurrences migrated to: https://openid.net/certification/ ([https](https://openid.net/certification/) result 200). * http://openid.net/connect/ with 4 occurrences migrated to: https://openid.net/connect/ ([https](https://openid.net/connect/) result 200). * http://openid.net/specs/openid-attribute-exchange-1_0.html with 3 occurrences migrated to: https://openid.net/specs/openid-attribute-exchange-1_0.html ([https](https://openid.net/specs/openid-attribute-exchange-1_0.html) result 200). * http://openid.net/specs/openid-connect-core-1_0.html with 50 occurrences migrated to: https://openid.net/specs/openid-connect-core-1_0.html ([https](https://openid.net/specs/openid-connect-core-1_0.html) result 200). * http://openid.net/specs/openid-connect-session-1_0.html with 2 occurrences migrated to: https://openid.net/specs/openid-connect-session-1_0.html ([https](https://openid.net/specs/openid-connect-session-1_0.html) result 200). * http://sizzlejs.com/ with 2 occurrences migrated to: https://sizzlejs.com/ ([https](https://sizzlejs.com/) result 200). * http://spring.io/blog/2009/01/03/spring-security-customization-part-2-adjusting-secured-session-in-real-time with 1 occurrences migrated to: https://spring.io/blog/2009/01/03/spring-security-customization-part-2-adjusting-secured-session-in-real-time ([https](https://spring.io/blog/2009/01/03/spring-security-customization-part-2-adjusting-secured-session-in-real-time) result 200). * http://blog.springsource.com/2010/03/06/behind-the-spring-security-namespace/ (301) with 1 occurrences migrated to: https://spring.io/blog/2010/03/06/behind-the-spring-security-namespace/ ([https](https://blog.springsource.com/2010/03/06/behind-the-spring-security-namespace/) result 200). * http://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/ (301) with 1 occurrences migrated to: https://spring.io/blog/2010/08/02/spring-security-in-google-app-engine/ ([https](https://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/) result 200). * http://spring.io/projects with 1 occurrences migrated to: https://spring.io/projects ([https](https://spring.io/projects) result 200). * http://spring.io/services with 1 occurrences migrated to: https://spring.io/services ([https](https://spring.io/services) result 200). * http://stackoverflow.com/questions/tagged/spring-security with 1 occurrences migrated to: https://stackoverflow.com/questions/tagged/spring-security ([https](https://stackoverflow.com/questions/tagged/spring-security) result 200). * http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html with 2 occurrences migrated to: https://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html ([https](https://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html) result 200). * http://tools.ietf.org/html/rfc6797 with 15 occurrences migrated to: https://tools.ietf.org/html/rfc6797 ([https](https://tools.ietf.org/html/rfc6797) result 200). * http://tools.ietf.org/html/rfc7469 with 18 occurrences migrated to: https://tools.ietf.org/html/rfc7469 ([https](https://tools.ietf.org/html/rfc7469) result 200). * http://vimeo.com/34436402 with 1 occurrences migrated to: https://vimeo.com/34436402 ([https](https://vimeo.com/34436402) result 200). * http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails/ with 1 occurrences migrated to: https://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails/ ([https](https://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails/) result 200). * http://www.ja-sig.org/cas (301) with 1 occurrences migrated to: https://www.apereo.org ([https](https://www.ja-sig.org/cas) result 200). * http://ehcache.sourceforge.net (301) with 2 occurrences migrated to: https://www.ehcache.org/ ([https](https://ehcache.sourceforge.net) result 200). * http://www.html5rocks.com/en/tutorials/security/content-security-policy/ with 2 occurrences migrated to: https://www.html5rocks.com/en/tutorials/security/content-security-policy/ ([https](https://www.html5rocks.com/en/tutorials/security/content-security-policy/) result 200). * http://www.ietf.org/rfc/rfc2396.txt with 3 occurrences migrated to: https://www.ietf.org/rfc/rfc2396.txt ([https](https://www.ietf.org/rfc/rfc2396.txt) result 200). * http://www.ietf.org/rfc/rfc2617.txt with 1 occurrences migrated to: https://www.ietf.org/rfc/rfc2617.txt ([https](https://www.ietf.org/rfc/rfc2617.txt) result 200). * http://www.liquibase.org/ with 1 occurrences migrated to: https://www.liquibase.org/ ([https](https://www.liquibase.org/) result 200). * http://www.openbsd.org/papers/bcrypt-paper.ps with 1 occurrences migrated to: https://www.openbsd.org/papers/bcrypt-paper.ps ([https](https://www.openbsd.org/papers/bcrypt-paper.ps) result 200). * http://www.springframework.org/schema/aop/spring-aop-2.5.xsd with 1 occurrences migrated to: https://www.springframework.org/schema/aop/spring-aop-2.5.xsd ([https](https://www.springframework.org/schema/aop/spring-aop-2.5.xsd) result 200). * http://www.springframework.org/schema/beans/spring-beans-2.5.xsd with 1 occurrences migrated to: https://www.springframework.org/schema/beans/spring-beans-2.5.xsd ([https](https://www.springframework.org/schema/beans/spring-beans-2.5.xsd) result 200). * http://www.springframework.org/schema/beans/spring-beans-3.0.xsd with 2 occurrences migrated to: https://www.springframework.org/schema/beans/spring-beans-3.0.xsd ([https](https://www.springframework.org/schema/beans/spring-beans-3.0.xsd) result 200). * http://www.springframework.org/schema/beans/spring-beans.xsd with 1 occurrences migrated to: https://www.springframework.org/schema/beans/spring-beans.xsd ([https](https://www.springframework.org/schema/beans/spring-beans.xsd) result 200). * http://www.springframework.org/schema/context/spring-context-2.5.xsd with 1 occurrences migrated to: https://www.springframework.org/schema/context/spring-context-2.5.xsd ([https](https://www.springframework.org/schema/context/spring-context-2.5.xsd) result 200). * http://www.springframework.org/schema/mvc/spring-mvc.xsd with 1 occurrences migrated to: https://www.springframework.org/schema/mvc/spring-mvc.xsd ([https](https://www.springframework.org/schema/mvc/spring-mvc.xsd) result 200). * http://www.springframework.org/schema/security/spring-security.xsd with 3 occurrences migrated to: https://www.springframework.org/schema/security/spring-security.xsd ([https](https://www.springframework.org/schema/security/spring-security.xsd) result 200). * http://www.springframework.org/schema/websocket/spring-websocket.xsd with 1 occurrences migrated to: https://www.springframework.org/schema/websocket/spring-websocket.xsd ([https](https://www.springframework.org/schema/websocket/spring-websocket.xsd) result 200). * http://www.test.com with 9 occurrences migrated to: https://www.test.com ([https](https://www.test.com) result 200). * http://www.thymeleaf.org with 25 occurrences migrated to: https://www.thymeleaf.org ([https](https://www.thymeleaf.org) result 200). * http://www.thymeleaf.org/ with 3 occurrences migrated to: https://www.thymeleaf.org/ ([https](https://www.thymeleaf.org/) result 200). * http://www.thymeleaf.org/dtd/xhtml1-strict-thymeleaf-spring4-3.dtd with 1 occurrences migrated to: https://www.thymeleaf.org/dtd/xhtml1-strict-thymeleaf-spring4-3.dtd ([https](https://www.thymeleaf.org/dtd/xhtml1-strict-thymeleaf-spring4-3.dtd) result 200). * http://www.thymeleaf.org/whatsnew21.html with 1 occurrences migrated to: https://www.thymeleaf.org/whatsnew21.html ([https](https://www.thymeleaf.org/whatsnew21.html) result 200). * http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html with 2 occurrences migrated to: https://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html ([https](https://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html) result 200). * http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html with 1 occurrences migrated to: https://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html ([https](https://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html) result 200). * http://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html with 1 occurrences migrated to: https://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html ([https](https://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html) result 200). * http://www.w3.org/TR/2011/REC-css3-selectors-20110929/ with 2 occurrences migrated to: https://www.w3.org/TR/2011/REC-css3-selectors-20110929/ ([https](https://www.w3.org/TR/2011/REC-css3-selectors-20110929/) result 200). * http://www.w3.org/TR/CSS21/syndata.html with 1 occurrences migrated to: https://www.w3.org/TR/CSS21/syndata.html ([https](https://www.w3.org/TR/CSS21/syndata.html) result 200). * http://www.w3.org/TR/selectors/ with 3 occurrences migrated to: https://www.w3.org/TR/selectors/ ([https](https://www.w3.org/TR/selectors/) result 200). * http://www.youtube.com/watch?v=3mk0RySeNsU with 2 occurrences migrated to: https://www.youtube.com/watch?v=3mk0RySeNsU ([https](https://www.youtube.com/watch?v=3mk0RySeNsU) result 200). * http://api.jquery.com/jQuery.browser with 1 occurrences migrated to: https://api.jquery.com/jQuery.browser ([https](https://api.jquery.com/jQuery.browser) result 301). * http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx with 1 occurrences migrated to: https://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx ([https](https://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx) result 301). * http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx with 2 occurrences migrated to: https://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx ([https](https://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx) result 301). * http://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx with 2 occurrences migrated to: https://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx ([https](https://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx) result 301). * http://code.google.com/p/openid-selector/ with 3 occurrences migrated to: https://code.google.com/p/openid-selector/ ([https](https://code.google.com/p/openid-selector/) result 301). * http://contributor-covenant.org with 1 occurrences migrated to: https://contributor-covenant.org ([https](https://contributor-covenant.org) result 301). * http://contributor-covenant.org/version/1/3/0/ with 1 occurrences migrated to: https://contributor-covenant.org/version/1/3/0/ ([https](https://contributor-covenant.org/version/1/3/0/) result 301). * http://dev.w3.org/csswg/cssom/ with 1 occurrences migrated to: https://dev.w3.org/csswg/cssom/ ([https](https://dev.w3.org/csswg/cssom/) result 301). * http://docs.spring.io with 1 occurrences migrated to: https://docs.spring.io ([https](https://docs.spring.io) result 301). * http://docs.spring.io/spring/docs/current/spring-framework-reference/html/testing.html with 1 occurrences migrated to: https://docs.spring.io/spring/docs/current/spring-framework-reference/html/testing.html ([https](https://docs.spring.io/spring/docs/current/spring-framework-reference/html/testing.html) result 301). * http://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html with 7 occurrences migrated to: https://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html ([https](https://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html) result 301). * http://forum.springsource.org/showthread.php?102783-How-to-use-hasIpAddress&p=343971 (301) with 1 occurrences migrated to: https://forum.spring.io/showthread.php?102783-How-to-use-hasIpAddress&p=343971 ([https](https://forum.springsource.org/showthread.php?102783-How-to-use-hasIpAddress&p=343971) result 301). * http://help.github.com/set-up-git-redirect with 1 occurrences migrated to: https://help.github.com/set-up-git-redirect ([https](https://help.github.com/set-up-git-redirect) result 301). * http://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_ with 1 occurrences migrated to: https://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_ ([https](https://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_) result 301). * http://jquery.org/license with 1 occurrences migrated to: https://jquery.org/license ([https](https://jquery.org/license) result 301). * http://msdn.microsoft.com/en-us/library/dd565647 with 4 occurrences migrated to: https://msdn.microsoft.com/en-us/library/dd565647 ([https](https://msdn.microsoft.com/en-us/library/dd565647) result 301). * http://msdn.microsoft.com/en-us/library/ie/gg622941 with 5 occurrences migrated to: https://msdn.microsoft.com/en-us/library/ie/gg622941 ([https](https://msdn.microsoft.com/en-us/library/ie/gg622941) result 301). * http://openid.net/get/ with 2 occurrences migrated to: https://openid.net/get/ ([https](https://openid.net/get/) result 301). * http://openid.net/what/ with 2 occurrences migrated to: https://openid.net/what/ ([https](https://openid.net/what/) result 301). * http://technorati.com/people/technorati/ with 2 occurrences migrated to: https://technorati.com/people/technorati/ ([https](https://technorati.com/people/technorati/) result 301). * http://twitter.github.com/bootstrap/javascript.html with 13 occurrences migrated to: https://twitter.github.com/bootstrap/javascript.html ([https](https://twitter.github.com/bootstrap/javascript.html) result 301). * http://www.jasig.org/cas with 1 occurrences migrated to: https://www.jasig.org/cas ([https](https://www.jasig.org/cas) result 301). * http://www.modernizr.com/ with 1 occurrences migrated to: https://www.modernizr.com/ ([https](https://www.modernizr.com/) result 301). * http://www.opensource.org/licenses/mit-license.php with 1 occurrences migrated to: https://www.opensource.org/licenses/mit-license.php ([https](https://www.opensource.org/licenses/mit-license.php) result 301). * http://www.oracle.com/technetwork/java/javase/downloads with 1 occurrences migrated to: https://www.oracle.com/technetwork/java/javase/downloads ([https](https://www.oracle.com/technetwork/java/javase/downloads) result 301). * http://www.springframework.org/security with 1 occurrences migrated to: https://www.springframework.org/security ([https](https://www.springframework.org/security) result 301). * http://www.springsource.com/ with 2 occurrences migrated to: https://www.springsource.com/ ([https](https://www.springsource.com/) result 301). * http://www.springsource.org with 1 occurrences migrated to: https://www.springsource.org ([https](https://www.springsource.org) result 301). * http://www.springsource.org/sts with 1 occurrences migrated to: https://www.springsource.org/sts ([https](https://www.springsource.org/sts) result 301). * http://www.thoughtcrime.org/software/sslstrip/ with 1 occurrences migrated to: https://www.thoughtcrime.org/software/sslstrip/ ([https](https://www.thoughtcrime.org/software/sslstrip/) result 301). * http://www.w3.org/TR/css3-selectors/ with 2 occurrences migrated to: https://www.w3.org/TR/css3-selectors/ ([https](https://www.w3.org/TR/css3-selectors/) result 301). * http://www.w3.org/TR/css3-syntax/ with 1 occurrences migrated to: https://www.w3.org/TR/css3-syntax/ ([https](https://www.w3.org/TR/css3-syntax/) result 301). * http://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/ with 2 occurrences migrated to: https://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/ ([https](https://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/) result 302). * http://download.oracle.com/javase/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/login/ConfigFile.html with 1 occurrences migrated to: https://download.oracle.com/javase/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/login/ConfigFile.html ([https](https://download.oracle.com/javase/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/login/ConfigFile.html) result 302). * http://example2.com with 3 occurrences migrated to: https://example2.com ([https](https://example2.com) result 302). * http://flickr.com/ with 2 occurrences migrated to: https://flickr.com/ ([https](https://flickr.com/) result 302). * http://git-scm.com/book/cs/ch7-3.html with 1 occurrences migrated to: https://git-scm.com/book/cs/ch7-3.html ([https](https://git-scm.com/book/cs/ch7-3.html) result 302). * http://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd with 1 occurrences migrated to: https://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd ([https](https://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd) result 302). * http://java.sun.com/j2se/1.4.2/docs/api/javax/naming/directory/DirContext.html with 1 occurrences migrated to: https://java.sun.com/j2se/1.4.2/docs/api/javax/naming/directory/DirContext.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/naming/directory/DirContext.html) result 302). * http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html with 4 occurrences migrated to: https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html) result 302). * http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html with 1 occurrences migrated to: https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html) result 302). * http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/NameCallback.html with 1 occurrences migrated to: https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/NameCallback.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/NameCallback.html) result 302). * http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/PasswordCallback.html with 1 occurrences migrated to: https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/PasswordCallback.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/PasswordCallback.html) result 302). * http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html with 1 occurrences migrated to: https://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html ([https](https://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html) result 302). * http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/callback/CallbackHandler.html with 2 occurrences migrated to: https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/callback/CallbackHandler.html ([https](https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/callback/CallbackHandler.html) result 302). * http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html with 1 occurrences migrated to: https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html ([https](https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html) result 302). * http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html with 2 occurrences migrated to: https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html ([https](https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html) result 302). * http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html with 3 occurrences migrated to: https://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html ([https](https://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html) result 302). * http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd with 1 occurrences migrated to: https://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd ([https](https://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd) result 302). * http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd with 1 occurrences migrated to: https://java.sun.com/xml/ns/javaee/web-app_2_5.xsd ([https](https://java.sun.com/xml/ns/javaee/web-app_2_5.xsd) result 302). * http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd with 2 occurrences migrated to: https://java.sun.com/xml/ns/javaee/web-app_3_0.xsd ([https](https://java.sun.com/xml/ns/javaee/web-app_3_0.xsd) result 302). * http://msdn.microsoft.com/en-us/library/ms680857%28VS.85%29.aspx with 1 occurrences migrated to: https://msdn.microsoft.com/en-us/library/ms680857%28VS.85%29.aspx ([https](https://msdn.microsoft.com/en-us/library/ms680857%28VS.85%29.aspx) result 302). * http://spring.io/spring-security with 1 occurrences migrated to: https://spring.io/spring-security ([https](https://spring.io/spring-security) result 302). * http://spring.io/spring-security/ with 2 occurrences migrated to: https://spring.io/spring-security/ ([https](https://spring.io/spring-security/) result 302). * http://spring.io/tools/sts with 1 occurrences migrated to: https://spring.io/tools/sts ([https](https://spring.io/tools/sts) result 302). * http://tools.ietf.org/draft/draft-behera-ldap-password-policy/draft-behera-ldap-password-policy-09.txt with 2 occurrences migrated to: https://tools.ietf.org/draft/draft-behera-ldap-password-policy/draft-behera-ldap-password-policy-09.txt ([https](https://tools.ietf.org/draft/draft-behera-ldap-password-policy/draft-behera-ldap-password-policy-09.txt) result 302). * http://webauth.stanford.edu/manual/mod/mod_webauth.html with 1 occurrences migrated to: https://webauth.stanford.edu/manual/mod/mod_webauth.html ([https](https://webauth.stanford.edu/manual/mod/mod_webauth.html) result 302). * http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context with 1 occurrences migrated to: https://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context ([https](https://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context) result 302). * http://www.ietf.org/internet-drafts/draft-ietf-ldapbis-authmeth-19.txt with 1 occurrences migrated to: https://www.ietf.org/internet-drafts/draft-ietf-ldapbis-authmeth-19.txt ([https](https://www.ietf.org/internet-drafts/draft-ietf-ldapbis-authmeth-19.txt) result 302). # Ignored These URLs were intentionally ignored. * http://java.sun.com/JSP/Page with 14 occurrences * http://java.sun.com/jsp/jstl/core with 31 occurrences * http://java.sun.com/jsp/jstl/fmt with 6 occurrences * http://java.sun.com/jsp/jstl/functions with 1 occurrences * http://java.sun.com/jstl/core with 1 occurrences * http://java.sun.com/xml/ns/j2ee with 2 occurrences * http://java.sun.com/xml/ns/javaee with 6 occurrences * http://localhost with 20 occurrences * http://localhost/ with 6 occurrences * http://localhost/Test</value></property&gt with 1 occurrences * http://localhost/appcontext/page with 1 occurrences * http://localhost/authenticated with 1 occurrences * http://localhost/authentication/login with 2 occurrences * http://localhost/authorize/oauth2/code/registration-id with 3 occurrences * http://localhost/authorize/oauth2/implicit/registration-3 with 1 occurrences * http://localhost/callback/client-1 with 1 occurrences * http://localhost/callback/client-1?error=invalid_grant with 1 occurrences * http://localhost/client-1 with 9 occurrences * http://localhost/cookie with 1 occurrences * http://localhost/cookie/delete with 1 occurrences * http://localhost/custom-login with 1 occurrences * http://localhost/custom-logout with 1 occurrences * http://localhost/form-page with 1 occurrences * http://localhost/iss with 1 occurrences * http://localhost/issuer with 2 occurrences * http://localhost/login with 38 occurrences * http://localhost/login/oauth2/code/ with 4 occurrences * http://localhost/login/oauth2/code/pkce-client-registration-id& with 1 occurrences * http://localhost/login/oauth2/code/registration-id with 3 occurrences * http://localhost/login/oauth2/code/registration-id& with 2 occurrences * http://localhost/login/oauth2/code/registration-id-2 with 2 occurrences * http://localhost/login/openid with 1 occurrences * http://localhost/login2 with 1 occurrences * http://localhost/loginPage with 2 occurrences * http://localhost/logout with 1 occurrences * http://localhost/messages with 4 occurrences * http://localhost/oauth2/authorization/google with 1 occurrences * http://localhost/openid-page with 1 occurrences * http://localhost/saved-request with 1 occurrences * http://localhost/secured with 2 occurrences * http://localhost/signin with 1 occurrences * http://localhost/some-url with 1 occurrences * http://localhost/tosave with 1 occurrences * http://localhost/user with 1 occurrences * http://localhost:123456 with 3 occurrences * http://localhost:1280/certs with 1 occurrences * http://localhost:314 with 1 occurrences * http://localhost:4080 with 1 occurrences * http://localhost:543 with 1 occurrences * http://localhost:8080 with 16 occurrences * http://localhost:8080/ with 4 occurrences * http://localhost:8080/SomeService with 1 occurrences * http://localhost:8080/contacts with 1 occurrences * http://localhost:8080/login/oauth2/code with 1 occurrences * http://localhost:8080/login/oauth2/code/client-id with 2 occurrences * http://localhost:8080/login/oauth2/code/facebook with 2 occurrences * http://localhost:8080/login/oauth2/code/github with 2 occurrences * http://localhost:8080/login/oauth2/code/google with 4 occurrences * http://localhost:8080/login/oauth2/code/okta with 2 occurrences * http://localhost:8080/path/page.html?query=string with 1 occurrences * http://localhost:8080/sample/ with 15 occurrences * http://localhost:8080/secure with 1 occurrences * http://localhost:8080/spring-security-samples-tutorial/listAccounts.html with 4 occurrences * http://localhost:8080/spring-security-samples-tutorial/post.html?id=1 with 4 occurrences * http://localhost:9080/protected with 2 occurrences * http://localhost:9080/secured with 1 occurrences * http://localhost:9080/unsecured with 1 occurrences * http://localhost:9080/user with 1 occurrences * http://test.com with 1 occurrences * http://test.foobar.com with 1 occurrences * http://testopenid.com?openid.return_to= with 1 occurrences * http://www.springframework.org/schema/aop with 2 occurrences * http://www.springframework.org/schema/beans with 8 occurrences * http://www.springframework.org/schema/context with 2 occurrences * http://www.springframework.org/schema/mvc with 2 occurrences * http://www.springframework.org/schema/security with 45 occurrences * http://www.springframework.org/schema/security/spring-security- with 1 occurrences * http://www.springframework.org/schema/websocket with 2 occurrences * http://www.springframework.org/security/tags with 17 occurrences * http://www.springframework.org/tags with 12 occurrences * http://www.springframework.org/tags/form with 14 occurrences * http://www.w3.org/1999/XSL/Transform with 1 occurrences * http://www.w3.org/1999/xhtml with 26 occurrences * http://www.w3.org/2001/XMLSchema with 15 occurrences * http://www.w3.org/2001/XMLSchema-datatypes with 8 occurrences * http://www.w3.org/2001/XMLSchema-instance with 9 occurrences	2019-03-19 23:53:23 -05:00
Spring Operator	2bf126f4cf	URL Cleanup This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener). # HTTP URLs that Could Not Be Fixed These URLs were unable to be fixed. Please review them to see if they can be manually resolved. * http://luke.taylor.openid.cn/ (200) with 1 occurrences could not be migrated: ([https](https://luke.taylor.openid.cn/) result SSLHandshakeException). # Fixed URLs ## Fixed But Review Recommended These URLs were fixed, but the https status was not OK. However, the https status was the same as the http request or http redirected to an https URL, so they were migrated. Your review is recommended. * http://axschema.org/contact/email (UnknownHostException) with 2 occurrences migrated to: https://axschema.org/contact/email ([https](https://axschema.org/contact/email) result UnknownHostException). * http://axschema.org/namePerson (UnknownHostException) with 1 occurrences migrated to: https://axschema.org/namePerson ([https](https://axschema.org/namePerson) result UnknownHostException). * http://axschema.org/namePerson/first (UnknownHostException) with 1 occurrences migrated to: https://axschema.org/namePerson/first ([https](https://axschema.org/namePerson/first) result UnknownHostException). * http://axschema.org/namePerson/last (UnknownHostException) with 1 occurrences migrated to: https://axschema.org/namePerson/last ([https](https://axschema.org/namePerson/last) result UnknownHostException). * http://luke.taylor.myopenid.com/ (UnknownHostException) with 1 occurrences migrated to: https://luke.taylor.myopenid.com/ ([https](https://luke.taylor.myopenid.com/) result UnknownHostException). * http://schema.openid.net/contact/email (UnknownHostException) with 2 occurrences migrated to: https://schema.openid.net/contact/email ([https](https://schema.openid.net/contact/email) result UnknownHostException). * http://schema.openid.net/namePerson (UnknownHostException) with 1 occurrences migrated to: https://schema.openid.net/namePerson ([https](https://schema.openid.net/namePerson) result UnknownHostException). * http://schema.openid.net/namePerson/friendly (UnknownHostException) with 1 occurrences migrated to: https://schema.openid.net/namePerson/friendly ([https](https://schema.openid.net/namePerson/friendly) result UnknownHostException). * http://somehost/someUrl (UnknownHostException) with 1 occurrences migrated to: https://somehost/someUrl ([https](https://somehost/someUrl) result UnknownHostException). * http://spring.security.test.myopenid.com/ (UnknownHostException) with 1 occurrences migrated to: https://spring.security.test.myopenid.com/ ([https](https://spring.security.test.myopenid.com/) result UnknownHostException). * http://example.net/pkp-report (404) with 1 occurrences migrated to: https://example.net/pkp-report ([https](https://example.net/pkp-report) result 404). * http://www.oasis-open.org/docbook/xml/5.0/rng/docbook.rng (404) with 1 occurrences migrated to: https://www.oasis-open.org/docbook/xml/5.0/rng/docbook.rng ([https](https://www.oasis-open.org/docbook/xml/5.0/rng/docbook.rng) result 404). * http://www.puppycrawl.com/dtds/configuration_1_3.dtd (404) with 1 occurrences migrated to: https://www.puppycrawl.com/dtds/configuration_1_3.dtd ([https](https://www.puppycrawl.com/dtds/configuration_1_3.dtd) result 404). * http://www.puppycrawl.com/dtds/suppressions_1_1.dtd (404) with 1 occurrences migrated to: https://www.puppycrawl.com/dtds/suppressions_1_1.dtd ([https](https://www.puppycrawl.com/dtds/suppressions_1_1.dtd) result 404). * http://www.se-radio.net/transcript-82-organization-large-code-bases-juergen-hoeller (404) with 1 occurrences migrated to: https://www.se-radio.net/transcript-82-organization-large-code-bases-juergen-hoeller ([https](https://www.se-radio.net/transcript-82-organization-large-code-bases-juergen-hoeller) result 404). ## Fixed Success These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended. * http://raykrueger.blogspot.com/ with 1 occurrences migrated to: https://raykrueger.blogspot.com/ ([https](https://raykrueger.blogspot.com/) result 200). * http://www.infoq.com/presentations/code-organization-large-projects with 1 occurrences migrated to: https://www.infoq.com/presentations/code-organization-large-projects ([https](https://www.infoq.com/presentations/code-organization-large-projects) result 200). * http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd with 1 occurrences migrated to: https://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd ([https](https://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd) result 200). * http://www.springframework.org/dtd/spring-beans.dtd with 4 occurrences migrated to: https://www.springframework.org/dtd/spring-beans.dtd ([https](https://www.springframework.org/dtd/spring-beans.dtd) result 200). * http://www.springframework.org/schema/aop/spring-aop-3.0.xsd with 5 occurrences migrated to: https://www.springframework.org/schema/aop/spring-aop-3.0.xsd ([https](https://www.springframework.org/schema/aop/spring-aop-3.0.xsd) result 200). * http://www.springframework.org/schema/aop/spring-aop-3.2.xsd with 1 occurrences migrated to: https://www.springframework.org/schema/aop/spring-aop-3.2.xsd ([https](https://www.springframework.org/schema/aop/spring-aop-3.2.xsd) result 200). * http://www.springframework.org/schema/aop/spring-aop.xsd with 1 occurrences migrated to: https://www.springframework.org/schema/aop/spring-aop.xsd ([https](https://www.springframework.org/schema/aop/spring-aop.xsd) result 200). * http://www.springframework.org/schema/beans/spring-beans-3.0.xsd with 20 occurrences migrated to: https://www.springframework.org/schema/beans/spring-beans-3.0.xsd ([https](https://www.springframework.org/schema/beans/spring-beans-3.0.xsd) result 200). * http://www.springframework.org/schema/beans/spring-beans-3.1.xsd with 1 occurrences migrated to: https://www.springframework.org/schema/beans/spring-beans-3.1.xsd ([https](https://www.springframework.org/schema/beans/spring-beans-3.1.xsd) result 200). * http://www.springframework.org/schema/beans/spring-beans.xsd with 267 occurrences migrated to: https://www.springframework.org/schema/beans/spring-beans.xsd ([https](https://www.springframework.org/schema/beans/spring-beans.xsd) result 200). * http://www.springframework.org/schema/context/spring-context-3.0.xsd with 1 occurrences migrated to: https://www.springframework.org/schema/context/spring-context-3.0.xsd ([https](https://www.springframework.org/schema/context/spring-context-3.0.xsd) result 200). * http://www.springframework.org/schema/context/spring-context-3.1.xsd with 1 occurrences migrated to: https://www.springframework.org/schema/context/spring-context-3.1.xsd ([https](https://www.springframework.org/schema/context/spring-context-3.1.xsd) result 200). * http://www.springframework.org/schema/context/spring-context-3.2.xsd with 1 occurrences migrated to: https://www.springframework.org/schema/context/spring-context-3.2.xsd ([https](https://www.springframework.org/schema/context/spring-context-3.2.xsd) result 200). * http://www.springframework.org/schema/context/spring-context.xsd with 6 occurrences migrated to: https://www.springframework.org/schema/context/spring-context.xsd ([https](https://www.springframework.org/schema/context/spring-context.xsd) result 200). * http://www.springframework.org/schema/data/jpa/spring-jpa.xsd with 1 occurrences migrated to: https://www.springframework.org/schema/data/jpa/spring-jpa.xsd ([https](https://www.springframework.org/schema/data/jpa/spring-jpa.xsd) result 200). * http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd with 1 occurrences migrated to: https://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd ([https](https://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd) result 200). * http://www.springframework.org/schema/mvc/spring-mvc.xsd with 10 occurrences migrated to: https://www.springframework.org/schema/mvc/spring-mvc.xsd ([https](https://www.springframework.org/schema/mvc/spring-mvc.xsd) result 200). * http://www.springframework.org/schema/security/spring-security-2.0.xsd with 1 occurrences migrated to: https://www.springframework.org/schema/security/spring-security-2.0.xsd ([https](https://www.springframework.org/schema/security/spring-security-2.0.xsd) result 200). * http://www.springframework.org/schema/security/spring-security.xsd with 266 occurrences migrated to: https://www.springframework.org/schema/security/spring-security.xsd ([https](https://www.springframework.org/schema/security/spring-security.xsd) result 200). * http://www.springframework.org/schema/tx/spring-tx-3.0.xsd with 1 occurrences migrated to: https://www.springframework.org/schema/tx/spring-tx-3.0.xsd ([https](https://www.springframework.org/schema/tx/spring-tx-3.0.xsd) result 200). * http://www.springframework.org/schema/tx/spring-tx.xsd with 3 occurrences migrated to: https://www.springframework.org/schema/tx/spring-tx.xsd ([https](https://www.springframework.org/schema/tx/spring-tx.xsd) result 200). * http://www.springframework.org/schema/util/spring-util-3.0.xsd with 3 occurrences migrated to: https://www.springframework.org/schema/util/spring-util-3.0.xsd ([https](https://www.springframework.org/schema/util/spring-util-3.0.xsd) result 200). * http://www.springframework.org/schema/util/spring-util-3.1.xsd with 1 occurrences migrated to: https://www.springframework.org/schema/util/spring-util-3.1.xsd ([https](https://www.springframework.org/schema/util/spring-util-3.1.xsd) result 200). * http://www.springframework.org/schema/util/spring-util.xsd with 4 occurrences migrated to: https://www.springframework.org/schema/util/spring-util.xsd ([https](https://www.springframework.org/schema/util/spring-util.xsd) result 200). * http://www.springframework.org/schema/websocket/spring-websocket.xsd with 6 occurrences migrated to: https://www.springframework.org/schema/websocket/spring-websocket.xsd ([https](https://www.springframework.org/schema/websocket/spring-websocket.xsd) result 200). * http://www.headwaysoftware.com with 1 occurrences migrated to: https://www.headwaysoftware.com ([https](https://www.headwaysoftware.com) result 301). * http://java.sun.com/dtd/web-app_2_3.dtd with 2 occurrences migrated to: https://java.sun.com/dtd/web-app_2_3.dtd ([https](https://java.sun.com/dtd/web-app_2_3.dtd) result 302). * http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd with 10 occurrences migrated to: https://java.sun.com/xml/ns/javaee/web-app_2_5.xsd ([https](https://java.sun.com/xml/ns/javaee/web-app_2_5.xsd) result 302). * http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd with 2 occurrences migrated to: https://java.sun.com/xml/ns/javaee/web-app_3_0.xsd ([https](https://java.sun.com/xml/ns/javaee/web-app_3_0.xsd) result 302). # Ignored These URLs were intentionally ignored. * http://appengine.google.com/ns/1.0 with 1 occurrences * http://docbook.org/ns/docbook with 1 occurrences * http://jakarta.apache.org/log4j/ with 1 occurrences * http://java.sun.com/xml/ns/javaee with 22 occurrences * http://www.springframework.org/schema/aop with 14 occurrences * http://www.springframework.org/schema/beans with 576 occurrences * http://www.springframework.org/schema/c with 6 occurrences * http://www.springframework.org/schema/context with 18 occurrences * http://www.springframework.org/schema/data/jpa with 2 occurrences * http://www.springframework.org/schema/jdbc with 2 occurrences * http://www.springframework.org/schema/mvc with 20 occurrences * http://www.springframework.org/schema/p with 10 occurrences * http://www.springframework.org/schema/security with 534 occurrences * http://www.springframework.org/schema/tx with 10 occurrences * http://www.springframework.org/schema/util with 16 occurrences * http://www.springframework.org/schema/websocket with 12 occurrences * http://www.w3.org/1999/xlink with 1 occurrences * http://www.w3.org/2001/XMLSchema-instance with 299 occurrences	2019-03-19 17:33:29 -05:00
Josh Cummings	248a8c030b	Support for OIDC RP-Initiated Logout Fixes: gh-5350	2019-03-19 09:00:46 -06:00
Spring Operator	b93528138e	URL Cleanup This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener). # Fixed URLs ## Fixed Success These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended. * http://www.apache.org/licenses/ with 1 occurrences migrated to: https://www.apache.org/licenses/ ([https](https://www.apache.org/licenses/) result 200). * http://www.apache.org/licenses/LICENSE-2.0 with 2691 occurrences migrated to: https://www.apache.org/licenses/LICENSE-2.0 ([https](https://www.apache.org/licenses/LICENSE-2.0) result 200). * http://www.apache.org/licenses/LICENSE-2.0.html with 2 occurrences migrated to: https://www.apache.org/licenses/LICENSE-2.0.html ([https](https://www.apache.org/licenses/LICENSE-2.0.html) result 200).	2019-03-14 15:46:20 -05:00
Josh Cummings	d86550f64b	Polish Tests and Error Messages MockMvc matchers are best matched with the MockMvc execution API - it's a little odd to try and use them inside of an AssertJ assertion since they do their own asserting. It's more readable to place "this." in front of member variables. It's best to test just one class at a time in a unit test. Issue: gh-4187	2019-02-28 11:01:08 -07:00
Rafiullah Hamedy	82d527ed42	Add Support for Clear Site Data on Logout Added an implementation of HeaderWriter for Clear-Site-Data HTTP response header as welll as an implementation of LogoutHanlder that accepts an implementation of HeaderWriter to write headers. - Added ClearSiteDataHeaderWriter and HeaderWriterLogoutHandler that implements HeaderWriter and LogoutHandler respectively - Added unit tests for both implementations's behaviours - Integration tests for HeaderWriterLogoutHandler that uses ClearSiteDataHeaderWriter - Updated the documentation to include link to HeaderWriterLogoutHandler Fixes gh-4187	2019-02-28 11:01:08 -07:00
Ankur Pathak	ac13b55ecd	HeaderWriterFilter writes headers at beginning Add support for HeaderWriterFilter to write headers at the beginning of the request Fixes: gh-6501	2019-02-18 07:43:08 -07:00
Josh Cummings	67fb936c7e	Polish Formatting in Tests Issue: gh-6454	2019-02-06 20:16:53 -07:00
Ankur Pathak	93d6a38ffd	Consider having HeaderWriters check before writing All HeadersWriter only write Header if its not already written. Fixes: gh-6454 gh-5193	2019-02-06 20:16:52 -07:00
Ankur Pathak	ffe602fdbe	HTML markup fixed in DefaultLoginPageGeneratingFilter Ending div moved out of condition. Fixes: gh-6417	2019-01-22 13:20:35 -06:00
Josh Cummings	c82440ee82	Polish CompositeHeaderWriterTests Changed test to favor mocks in order to provide a stronger guarantee that the composite delegates to its components. Issue: gh-6453	2019-01-21 14:50:09 -07:00
Josh Cummings	bb1b9d9b86	Polish Javadoc and Whitespacing Issue: gh-6453	2019-01-21 14:50:09 -07:00
Ankur Pathak	718641a1e5	Added CompositeHeaderWriter 1. Added new CompositeHeaderWriter 2. Improvement in HeaderWriterFilter using CompositeHeaderWriter. Fixes: gh-6453	2019-01-21 14:50:09 -07:00
Ankur Pathak	b7ed919cee	Add preload support to Strict-Transport-Security 1. Preload support in Servlet Security(XML & Java) 2. Preload support in Reactive Security 3. Test for preload support in Servlet Security 4. Test for preload support in Reactive Security Fixes: gh-6312	2019-01-16 11:10:06 -06:00
Denis Washington	3be11a22cd	Save query parameters in WebSessionServerRequestCache Previously, URL query parameters were lost when saving a request in WebSessionServerRequestCache. Now it is properly saved and restored.	2019-01-15 13:44:29 -06:00
guo fei	c0e66a9ba1	1. add customization support for double forwardslash in StrickHttpFirewall 2. add getEncodedUrlBlacklist() and getDecodedUrlBlacklist() method in StrickHttpFirewall Fixes gh-6292	2019-01-15 13:42:33 -06:00
Johnny Lim	c94f13a971	Polish tests	2019-01-08 11:16:22 -06:00
Slava Semushin	d8d9abed2a	LazyCsrfTokenRepository: fix a typo in javadoc.	2019-01-07 13:35:00 -06:00
Josh Cummings	7a55af246e	Polish tests and javadoc When using AssertJ, it's easy to commit the following error assertThat(some boolean condition) The above actually does nothing. It at least needs to be assertThat(some boolean condition).isTrue() This commit refines some assertions that were missing a verify condition. Also, one Javadoc was just a little bit confusing, so this clarifies it. Issue: gh-6259	2018-12-21 08:47:37 -07:00
Rafael Dominguez	086b105273	Remove Servlet 2.5 Support for Session Fixation This commit removes existence validation of a method only available in Servlet 3.1. Spring Framework baseline is Servlet 3.1 so is not longer required. Fixes: gh-6259	2018-12-21 08:47:37 -07:00
finke-ba	b838f7c7b7	Add WebFlux support for spring security web jackson module. Fixes: gh-6303	2018-12-19 10:11:17 -06:00
Shawn Biesan	a919b4e916	Remove servlet getHeader check and test Fixes: gh-6265	2018-12-18 13:25:10 -07:00
finke-ba	9c7cab835f	Add conditionally servlet based support for spring security web jackson module.	2018-12-18 14:21:31 -06:00
Dongmin Shin	3230cd653c	Remove Servlet Spec 2.5 Support for HttpSessionSecurityContextRepository Fixes: gh-6261	2018-12-17 12:56:33 -07:00
Dongmin Shin	733a380bc7	Remove Servlet Spec 2.5 Support for SecurityContextHolderAwareRequestFilter Fixes: gh-6260	2018-12-17 12:52:59 -07:00
Rob Winch	a90c217446	Fix LoginPageGeneratingWebFilter Markup Fixes: gh-6295	2018-12-17 11:15:59 -06:00
Ian He	9818da79fe	Fix DefaultLoginPageGeneratingFilter Markup the `</h3>` should be `</h2>`.	2018-12-17 10:50:03 -06:00
Dongmin Shin	fc802e1a7c	Remove Servlet 2.5 and 3.0 Support for Remember Me and CSRF Fixes: gh-6263, Fixes: gh-6262	2018-12-14 06:47:21 -07:00
Dongmin Shin	0d2af416aa	Add cookieDomain to CookieCsrfTokenRepository Fixes: gh-4315	2018-12-13 15:01:24 -07:00
Ankur Pathak	2b369cfe98	Added support for Anonymous Authentication 1. Created new WebFilter AnonymousAuthenticationWebFilter to for anonymous authentication 2. Created class AnonymousSpec, method anonymous to configure anonymous authentication in ServerHttpSecurity 3. Added ANONYMOUS_AUTHENTICATION order after AUTHENTICATION for anonymous authentication in SecurityWebFiltersOrder 4. Added tests for anonymous authentication in AnonymousAuthenticationWebFilterTests and ServerHttpSecurityTests 5. Added support for Controller in WebTestClientBuilder Fixes: gh-5934	2018-12-12 16:05:30 -06:00
lmagyar	3c35f4cfab	SecurityContextCallableProcessingInterceptor thread visibility fix Within class SecurityContextCallableProcessingInterceptor field securityContext should volatile. Fixes gh-6143	2018-12-03 15:45:56 -06:00
Bhavik Kumar	90b9cfaf55	Use SpringUtils to check scheme Fixes 6183	2018-11-29 20:42:39 -06:00
John Coyne	7618d236c4	CookieClearingLogoutHandler updates based on comments Changed the implementation to use an anonymous function Issue: gh-6078	2018-11-26 14:33:08 -06:00
John Coyne	14c2d96c86	Clean up code to conform to basic checkstyle Issue: gh-6078	2018-11-26 14:33:08 -06:00
John Coyne	d05ad19276	CookieClearingLogoutHandler enhancement Enabled the ability to pass in an array of Cookies to support clearing cookies on a different path other than the default context path Issue: gh-6078	2018-11-26 14:33:08 -06:00
Josh Cummings	8a475e39be	Write Security Headers Before Servlet Include HeaderWriterFilter wraps request dispatcher so it can write security headers before the include occurs. Fixes: gh-5499	2018-10-31 09:27:25 -05:00
sunflower-seed	2e6ff72c31	Update SubjectDnX509PrincipalExtractor.java Added missing asterisk	2018-10-17 14:56:45 -05:00
Eric Deandrea	b060ec050a	Automatically add CsrfServerLogoutHandler if csrf enabled The configuration DSL should automatically add CsrfServerLogoutHandler if csrf is enabled Fixes gh-5337	2018-09-21 00:59:36 -05:00
Rob Winch	e4597b5213	WebSessionServerRequestCache ignores favicon and html Fixes: gh-5874	2018-09-19 14:28:05 -05:00
Rob Winch	8e4d540bfb	Default Log Out Pages Use HTTPS for CSS Fixes: gh-5873	2018-09-19 13:52:35 -05:00
Rob Winch	9c749bf556	Fix SwitchUserFilter matchers Fixes: gh-4249	2018-09-14 09:45:41 -05:00
Rob Winch	8b19f7a71a	AntPathRequestMatcher supports UrlPathHelper Fixes: gh-5846	2018-09-14 09:45:41 -05:00
Rob Winch	96d85ad2b5	Polish HttpsRedirectWebFilter Issue: gh-5749	2018-09-07 14:29:46 -05:00
Josh Cummings	2c982a4168	Reactive Redirect to Https This introduces the capability to configure Reactive Spring Security to upgrade requests to HTTPS Fixes: gh-5749	2018-09-07 14:25:58 -05:00
Josh Cummings	21e62683ab	Polish Commit on Reactive Http Basic Test	2018-09-07 10:01:11 -06:00
Tim Koopman	6df4dfe47b	Reactive HttpBasic Support For Coloned Passwords This makes so that reactive httpBasic supports passwords containing one or more colons.	2018-09-07 10:01:11 -06:00
Josh Cummings	1c74706232	Delegating ServerAccessDeniedHandler by exchange Fixes: gh-5747	2018-08-31 10:33:11 -05:00
Vedran Pavic	cb0ba58b58	Fix WhitespaceAfterCheck Checkstyle check	2018-08-27 10:45:35 -05:00
Rob Winch	1640a1f462	Polish ServerAuthenticationConverter Fix package tangles Issue: gh-5338	2018-08-24 09:44:27 -05:00
Josh Cummings	416a276436	Expose Default Reactive CsrfProtectionMatcher Make so that users can augment the default protection logic with their own. Fixes: gh-5725	2018-08-22 13:02:02 -06:00
Rob Winch	f5701b5fe0	Fix OptimizeAntPathRequestMatcher Previously the logic for determining if the pathInfo should be appended was inverted. This correctly concatenates url + pathInfo if url is a non empty String. Fixes: gh-5473	2018-08-21 11:52:55 -05:00
Christoph Dreis	4ccd2f7ebd	Optimize AntPathRequestMatcher.getRequestPath()	2018-08-21 11:46:37 -05:00
Vedran Pavic	f382b69507	Add reactive support for Referrer-Policy security header	2018-08-20 10:10:59 -05:00
Vedran Pavic	10621a0f2c	Add reactive support for Content-Security-Policy security header	2018-08-20 10:03:42 -05:00
Vedran Pavic	29cfc3dd1d	Add reactive support for Feature-Policy security header Closes gh-5672	2018-08-20 09:02:12 -05:00
Rob Winch	f843da1942	Add OAuth2LoginAuthenticationWebFilter This is necessary so that the saving of the authorized client occurs outside of the ReactiveAuthenticationManager. It will allow for saving with the ServerWebExchange when ReactiveOAuth2AuthorizedClientRepository is added. Issue: gh-5621	2018-08-19 21:11:43 -05:00
Rob Winch	e3eaa99ad0	Polish ServerAuthenticationConverter Update changes for ServerAuthenticationConverter to be passive. Issue: gh-5338	2018-08-18 19:55:39 -05:00
Eric Deandrea	b6afe66d32	Add ServerAuthenticationConverter interface - Adding an ServerAuthenticationConverter interface - Retro-fitting ServerOAuth2LoginAuthenticationTokenConverter, ServerBearerTokenAuthentivationConverter, ServerFormLoginAuthenticationConverter, and ServerHttpBasicAuthenticationConverter to implement ServerAuthenticationConverter - Deprecate existing AuthenticationWebFilter.setAuthenticationConverter and add overloaded one which takes ServerAuthenticationConverter Fixes gh-5338	2018-08-18 19:55:39 -05:00
Vedran Pavic	c6ea447cc0	Add support for Feature-Policy security header	2018-08-16 09:31:02 -05:00
Johnny Lim	68878a1675	Replace isEqualTo(null) with isNull()	2018-08-09 18:04:48 -06:00
Johnny Lim	973af94b42	Fix typo	2018-08-07 22:52:59 -05:00
Rob Winch	0c26d1b98a	ServerHttpBasicAuthenticationConverter Validates Scheme Name Fixes: gh-5414	2018-07-31 09:10:23 -05:00
Rob Winch	e3d4d66917	BasicAuthenticationFilter case insenstive Fixes: gh-5586	2018-07-31 09:10:10 -05:00
Rob Winch	afa2d9cbc7	Remove ExchangeFilterFunctions Issue: gh-5612	2018-07-30 15:34:44 -05:00
Rob Winch	262c1a77c6	Remove SecurityHeaders We no longer need this since Spring Framework now provides HttpHeaders.setBearerAuth Issue: gh-5612	2018-07-30 15:34:40 -05:00
Rob Winch	483e25f821	HttpSessionRequestCache Allow Any SavedRequest Fixes: gh-5585	2018-07-26 15:14:11 -05:00
Rob Winch	fa0565109b	Add SimpleSavedRequest Fixes: gh-5581	2018-07-26 15:14:11 -05:00
Rob Winch	f48404a6a0	Default Log In Pages Use HTTPS for CSS Fixes: gh-5539	2018-07-18 20:06:17 -05:00
Rob Winch	d468d7e6da	Cache Control disabled for 304 Fixes: gh-5534	2018-07-17 22:13:33 -05:00
Rob Winch	d595098823	Rename @TransientAuthentication to @Transient It is quite likely we will need to prevent certain Exceptions from being saved or from triggering a saved request. When we add support for this, we can now leverage @Transient vs creating a new annotation. Issue: gh-5481	2018-07-16 11:31:10 -05:00
Josh Cummings	28afb4e3d7	Access Denied Handling Defaults This introduces the capability for users to wire denial handling by request matcher, similar to how users can already do with authentication entry points. This is handy for when denial behavior differs based on the contents of the request, for example, when the Authorization header indicates an OAuth2 Bearer Token request vs Basic authentication. Fixes: gh-5478	2018-07-16 10:40:46 -05:00
Josh Cummings	3c46727be1	Transient Authentication Tokens This commit introduces support for transient authentication tokens which indicate to the filter chain, specifically the HttpSessionSecurityContextRepository, whether or not the token ought to be persisted across requests. To leverage this, simply annotate any Authentication implementation with @TransientAuthentication, extend from an Authentication that uses this annotation, or annotate a custom annotation. Implementations of SecurityContextRepository may choose to not persist tokens that are marked with @TransientAuthentication in the same way that HttpSessionSecurityContextRepository does. Fixes: gh-5481	2018-07-16 10:40:45 -05:00
Rob Winch	a3210c96d9	Default Log Out Page Fixes: gh-5516	2018-07-15 19:45:20 -05:00
Rob Winch	05ed028f9d	Modernize Default Log In Page Fixes: gh-5515	2018-07-15 19:43:42 -05:00
Rob Winch	c3177a84a3	Override toString() in all RequestMatcher It makes it easier to debug having custom toString(). Fixes: gh-5446	2018-06-15 11:27:28 -05:00
Joe Grandja	48ef7c966d	DefaultLoginPageGeneratingFilter escapes OAuth2 ClientRegistrations Fixes gh-5394	2018-05-29 10:14:50 -04:00
Rob Winch	b3ca598679	Add WebClient Bearer token support Fixes: gh-5389	2018-05-25 15:17:08 -05:00
Rob Winch	6a12415d23	Add DelegatingServerLogoutHandler(List<ServerLogoutHandler> delegates) Issue: gh-4839	2018-05-24 09:44:29 -05:00
Eric Deandrea	8c3fdb3bcf	DelegatingServerLogoutHandler Create a ServerLogoutHandler which delegates to a group of ServerLogoutHandler implementations. Fixes gh-4839	2018-05-24 09:39:12 -05:00
Rob Winch	73345e7434	Add Cross Site Tracing (XST) & HTTP Method Tampering Protection Fixes: gh-5377	2018-05-24 09:35:40 -05:00
Rob Winch	f29e4cf91f	LoginPageGeneratingWebFilter conditionally renders formLogin Issue: gh-4807	2018-05-14 16:38:13 -05:00
Rob Winch	7013c6fd76	Add OAuth2LoginSpec Issue: gh-4807	2018-05-11 04:19:50 -05:00
Rob Winch	ca9cd20832	Add DelegatingServerAuthenticationSuccessHandler Fixes: gh-5332	2018-05-11 04:19:50 -05:00
Rob Winch	d874c4954e	AuthenticationWebFilter handle empty Authentication Fixes: gh-5333	2018-05-11 04:19:50 -05:00
Rob Winch	e78457d3a1	Fix checkstyle for CsrfServerLogoutHandlerTests Issue: gh-4840	2018-05-11 04:16:48 -05:00
Eric Deandrea	26f53a20b3	Add CsrfServerLogoutHandler Create a CsrfServerLogoutHandler which invalidates the current CsrfToken Fixes gh-4840	2018-05-11 04:16:48 -05:00
Eric Deandrea	21750242cf	Add HttpStatusReturningServerLogoutSuccessHandler An HttpStatusReturningServerLogoutSuccessHandler is missing on the reactive side - essentially the reactive equivalent of HttpStatusReturningLogoutSuccessHandler. Fixes gh-5081	2018-05-11 04:03:21 -05:00
Eric Deandrea	bc9f8ec430	Add HttpStatusServerEntryPoint An HttpStatusServerEntryPoint is missing on the reactive side - essentially the reactive equivalent of HttpStatusEntryPoint. Fixes gh-5082	2018-05-11 04:00:49 -05:00
Artyom Emelyanenko	902fc0f657	Fixed confused word in the class javadoc	2018-05-07 16:54:40 -05:00
Eric Deandrea	b3c5bfe4db	CookieServerCsrfTokenRepository fails when cookie is null/empty The CookieServerCsrfTokenRepository fails with an IllegalArgumentException when a cookie is present but the value is null or empty. Fixes gh-5315	2018-05-07 16:16:51 -05:00
Rob Winch	3ba15a16bf	Polish CookieServerCsrfTokenRepository - Only do work if subscribed to - use test naming conventions - Refactor tests to avoid extracting - Uses String for member names which are not type safe - Uses long argument list which makes assertions difficult to read Issue: gh-5083	2018-05-04 16:54:48 -05:00
Rob Winch	37b1136c0c	Remove CookieServerCsrfTokenRepository builder methods This is inconsistent with the rest of the code base. Issue: gh-5083	2018-05-04 16:54:48 -05:00
Eric Deandrea	1eaecc12ec	Add CookieServerCsrfTokenRepository A cookie implementation of ServerCsrfTokenRepository (like CookieCsrfTokenRepository) is missing. In this implementation it would be nice to allow the setting of the domain as well. Fixes: gh-5083	2018-05-04 16:54:48 -05:00
Alexander Münch	0570cebbce	Avoid unnecessary grow of ArrayList Adapted ArrayList size in CacheControlHeadersWriter::createHeaders()	2018-05-04 14:23:31 -05:00
XYUU	3740d33e64	The HttpHeader's ContentLength is a byte unit	2018-05-04 14:18:03 -05:00
XYUU	23dd136efb	The HttpHeader's ContentLength is a byte unit	2018-05-04 14:18:03 -05:00
Rob Winch	9bb841ac67	ExceptionTranslationFilter does not handle committed responses Fixes: gh-5273	2018-04-30 16:49:51 -05:00
Rob Winch	afdefe7b13	Fixes: gh-5190	2018-04-16 17:52:27 -05:00
Rob Winch	8fbec3f0f1	Polish NegatedServerWebExchangeMatcher Issue: gh-5170	2018-03-29 21:17:40 -05:00
Tao Qian	d83b67e4cb	Add NegatedServerWebExchangeMatcher Fixes: gh-5170	2018-03-29 21:16:11 -05:00
Rob Winch	fb7394c1de	Polish Javadoc Fixes: gh-5186	2018-03-29 15:33:57 -05:00
Mark Hobson	3c07d99b0a	Close quoted expected path in log when matching	2018-03-27 11:14:14 -05:00
Johnny Lim	d20ed9f5c9	Fix @since for StrictHttpFirewall	2018-03-27 11:01:26 -05:00
Christoph Dreis	d07cfe655d	Use Supplier variants of Assert methods	2018-03-27 10:58:55 -05:00
Rob Winch	b1d013e8f0	Fix JDK 9 Issue: gh-5160	2018-03-27 09:30:56 -05:00
Rob Winch	7e6ed52603	CookieClearingLogoutHandler adds uses contextPath + "/" Fixes: gh-2325	2018-03-19 16:51:22 -05:00
Rob Winch	d21338d212	Support errorOnInvalidType for Reactive AuthenticationPrincipal Fixes: gh-5096	2018-03-09 12:05:55 -06:00
Rob Winch	a2073b2b91	Support BeanResolver for Reactive AuthenticationPrincipal Fixes: gh-4326	2018-03-09 12:05:55 -06:00
Rob Winch	949c7d68b8	Fix StrictHttpFirewall rules Fixes: gh-5044	2018-03-08 21:30:23 -06:00
Rob Winch	055a2ca917	Polish Javadoc HttpStatusServerAccessDeniedHandler	2018-03-07 12:35:25 -06:00
Rob Winch	9f23212e43	HttpStatusServerAccessDeniedHandler use injected HttpStatus Fixes: gh-5078	2018-03-07 12:35:25 -06:00
Rob Winch	8d75554b6b	Lazily Create Throwables Fixes: gh-5040	2018-02-26 16:24:40 -06:00
Rob Winch	0fc67f765a	Polish StrictHttpFirewall Javadoc Also cleanup DefaultHttpFirewall Javadoc Issue: gh-5008	2018-02-15 17:18:28 -06:00
Rob Winch	fcf967687b	Add FilterSecurityInterceptor once per request test Issue: gh-4997	2018-02-08 17:11:37 -06:00
json20080301	40a1281c66	FilterSecurityInterceptor once per request set attr Only set the attribute if once per request is true	2018-02-08 17:10:45 -06:00
Rob Winch	ce5fb51b20	Remove Mono.defer in ReactorContextWebFilter Fixes: gh-5010	2018-02-08 16:19:10 -06:00
Rob Winch	66298dcf5d	Clean ReactorContextWebFilterTests imports Issue: gh-4962	2018-02-08 16:15:29 -06:00
Rob Winch	141e3f581f	ReactorContextWebFilter preserves main Context Previously ReactorContextWebFilter overrode the main Context. Fixes: gh-4962	2018-02-08 14:58:08 -06:00
Rob Winch	c399987450	Polish StrictHttpFirewall Javadoc Fixes: gh-5008	2018-02-08 14:08:54 -06:00
Rob Winch	ea3dd336aa	Cache headers only if no cache headers set Fixes: gh-5004	2018-02-07 14:56:34 -06:00
Rob Winch	8b7f772761	Update to Jackson 2.9.4 Fixes: gh-4985	2018-02-01 13:45:06 -06:00
Rob Winch	0eef5b4b42	Add StrictHttpFirewall	2018-01-24 11:06:08 -06:00
Rob Winch	6a0833165a	AuthorizationWebFilter handles null Authentication If the AuthorizationManager used the Authentication and the Authentication was null the AuthorizationWebFilter would produce a NullPointerException This commit fixes the test to ensure that Authentication is subscribed to and ensures that the Authentication is not null Fixes: gh-4966	2018-01-22 15:16:58 -06:00
Johnny Lim	921157cdcd	Remove explicit super() calls	2017-12-21 15:11:51 -06:00
Johnny Lim	57353d18e5	Use diamond type	2017-12-21 15:09:00 -06:00
Eddú Meléndez	c16456623f	Remove unused imports	2017-12-20 16:05:38 -06:00
Rob Winch	70be0f3619	Mono<CsrfToken> saveToken->Mono<Void> Issue: gh-4856	2017-11-20 16:30:29 -06:00
Rob Winch	d55db837e1	CsrfWebFilter places Mono<CsrfToken> Fixes: gh-4855	2017-11-20 16:30:29 -06:00
Johnny Lim	701933c7f7	Fix copyright start years See gh-4655 See gh-4725	2017-11-17 10:14:32 -06:00
Johnny Lim	5f518d00e5	Apply Checkstyle EmptyStatementCheck module This commit adds Checkstyle `EmptyStatementCheck` module and aligns code with it.	2017-11-16 20:18:21 -06:00
Rob Winch	be397b8b33	WebSessionServerSecurityContextRepository Polish - map(WebSession::getAttributes) - use Mono.justOrEmpty Issue: gh-4843	2017-11-16 15:54:33 -06:00
Rob Winch	8d30d6110b	WebSessionSecurityContextRepository custom session attribute name Fixes: gh-4843	2017-11-16 15:54:21 -06:00
Rob Winch	b7529be3d0	WebSessionSecurityContextRepository changes session id Fixes: gh-4842	2017-11-16 15:46:26 -06:00
Rob Winch	b19e14330f	WebSessionServerCsrfTokenRepository session fixation protection Issue: gh-4842	2017-11-16 15:45:57 -06:00
Rob Winch	75a7c5268a	ServerRequestCache.removeMatchingRequest Issue: gh-4789	2017-11-16 15:44:32 -06:00
Benedikt Ritter	fffd781b03	Add localization to error messages from ExceptionTranslationFilter Fixes gh-4504	2017-11-16 11:25:56 -06:00
Johnny Lim	b6895e6359	Apply Checkstyle WhitespaceAfterCheck module	2017-11-16 11:18:31 -06:00
Rob Winch	64ad08e96d	ServerRedirectCache.getRequest->getRedirectUri Issue: gh-4789	2017-11-15 15:10:47 -06:00
Rob Winch	1d9b0760d5	ServerRequestCache uses URI Issue: gh-4789	2017-11-15 12:54:05 -06:00
Rob Winch	942b51dba7	Reactive Basic does not create session by default Fixes: gh-4825	2017-11-15 12:50:29 -06:00
Rob Winch	5f79fdd3eb	requiresLogoutMatcher naming polish Issue: gh-4822	2017-11-14 16:42:41 -06:00
Rob Winch	c1f94156f9	serverWebExchange->exchange Issue: gh-4822	2017-11-14 16:42:38 -06:00
Rob Winch	11f6e0477c	serverLogoutSuccessHandler->logoutSuccessHandler Issue: gh-4822	2017-11-14 16:42:36 -06:00
Rob Winch	bf570854b8	serverLogoutHandler->logoutHandler Issue: gh-4822	2017-11-14 16:42:33 -06:00
Rob Winch	1c977ca15f	serverRedirectStrategy->redirectStrategy Issue: gh-4822	2017-11-14 16:42:30 -06:00
Rob Winch	2cbdb4ba02	serverCsrfTokenRepository->csrfTokenRepository Issue: gh-4822	2017-11-14 16:42:27 -06:00
Rob Winch	3bfda6cff7	serverAccessDeniedHandler->accessDeniedHandler Issue: gh-4822	2017-11-14 16:42:24 -06:00
Rob Winch	9e82fc0b83	serverAuthenticationEntryPoint->authenticationEntryPoint Issue: gh-4822	2017-11-14 16:42:20 -06:00
Rob Winch	9cf0dc6b38	serverWebExchange->webExchange Issue: gh-4822	2017-11-14 16:42:17 -06:00
Rob Winch	520e0a5a68	serverAuthenticationSuccessHandler->authenticationSuccessHandler Issue: gh-4822	2017-11-14 16:42:14 -06:00
Rob Winch	5c83f92ddc	serverAuthenticationFailureHandler->authenticationFailureHandler Issue: gh-4822	2017-11-14 16:42:10 -06:00
Rob Winch	692233e431	ServerSecurityContextRepository members to securityContextRepository Issue: gh-4822	2017-11-14 16:42:06 -06:00
Johnny Lim	d900f2a623	Remove unused imports This commit also adds UnusedImportsCheck Checkstyle module.	2017-11-14 14:41:08 -06:00
Rob Winch	1b70efce2b	Add ServerRequestCache Fixes: gh-4789	2017-11-13 15:49:34 -06:00
Rob Winch	8f6491b281	Add RedirectServerAuthenticationFailureHandler Fixes gh-4816	2017-11-13 15:49:20 -06:00
Rob Winch	060d8689fe	Make RedirectServer*Tests less specific Issue: gh-4816	2017-11-13 15:49:06 -06:00
Johnny Lim	99df632f24	Add missing @Override annotations This commit also adds MissingOverrideCheck module to Checkstyle configuration.	2017-11-08 13:27:24 -06:00
Rob Winch	676020321e	Add reactive CsrfRequestDataValueProcessor Fixes gh-4762	2017-11-07 22:25:36 -06:00
Rob Winch	7622826b69	WebSessionServerCsrfTokenRepository saves on getToken Fixes gh-4801	2017-11-07 22:25:23 -06:00
Rob Winch	776364d403	ServerCsrfTokenRepository.saveToken return Mono<CsrfToken> Fixes gh-4800	2017-11-07 22:24:53 -06:00
Rob Winch	3f18881493	Remove additional attribute name from CsrfWebFilter Fixes gh-4799	2017-11-07 22:24:42 -06:00
Frank Pavageau	35706ad60a	Deserialize the principal in a neutral way When the principal of the Authentication is an object, it is not necessarily an User: it could be another implementation of UserDetails, or even a completely unrelated type. Since the type of the object is serialized as a property and used by the deserialization anyway, there's no point in enforcing a stricter type.	2017-10-30 00:53:31 -05:00
Frank Pavageau	6fd9ff254b	Map values directly from the JSON nodes Not only is it more efficient without converting to an intermediate String, using JsonNode.toString() may not even produce valid JSON according to its Javadoc (ObjectMapper.writeValueAsString() should be used).	2017-10-30 00:53:31 -05:00
SignleMR	a1fdb7dcb3	Update AbstractRememberMeServices.java this file`s file encode is unkown,maybe is "Eddu Melendez"	2017-10-30 00:50:23 -05:00
Jeremy Waters	832f5c39c1	SEC-3190: Add support for colons in remember-me token values We have an issue where token strings that contain a colon break the existing decoding strategy, which tokenizes on colons. so this change urlencodes the individual tokens when creating the cookie string; and urldecodes them decoding the cookie and extracting the tokens. This also eliminates the need for existing code to deal with openid tokens which contain urls, and thus colons.	2017-10-30 00:33:14 -05:00
Rob Winch	93ac706d86	Polish XFrameOptionsHeaderWriter Issue: gh-4559	2017-10-29 23:32:53 -05:00
Nathan Wong	02a78b17b9	Add check to see if return value is DENY Originally, if the return from getAllowFromValue(request) is "DENY", then the X-Frame-Options header's value will proceed to be written as "ALLOW FROM DENY" - an invalid value. This commit adds a condition in the if clause that checks whether allowFromValue is "DENY". This way, the X-Frame-Options header will be written as "ALLOW FROM origin" or "DENY".	2017-10-29 23:32:53 -05:00
Antoine	bed4ec7d18	Fix leading space characters reported by checkstyle	2017-10-29 22:22:34 -05:00
Antoine	0771778b81	Polish more AssertJ assertions	2017-10-29 22:22:34 -05:00
Antoine	e0aca04a28	Polish AssertJ assertions Polish AssertJ assertions	2017-10-29 22:22:34 -05:00
Rob Winch	5a5ec58ca4	Add LogoutPageGeneratingWebFilter Fixes gh-4735	2017-10-29 00:12:23 -05:00
Rob Winch	0734d70d02	Logout requires POST Issue: gh-4734	2017-10-29 00:11:59 -05:00
Rob Winch	8da2c7f657	Add WebFlux CSRF Protection Fixes gh-4734	2017-10-28 22:59:24 -05:00
Rob Winch	192776858d	HttpStatusServerAccessDeniedHandler write error message	2017-10-28 22:59:24 -05:00
Rob Winch	e63c53e267	Add AuthorizationWebFilterTests	2017-10-28 22:58:55 -05:00
Rob Winch	2060125ebd	ServerWebExchangeAttributeServerSecurityContextRepository->NoOpNoOpServerSecurityContextRepository Issue: gh-4719	2017-10-27 18:17:52 -05:00
Rob Winch	4777a869bc	Logout at the end of logout method Issue: gh-4719	2017-10-27 18:17:40 -05:00
Rob Winch	5bcf3c559b	Remove wrappedExchange from AuthenticationWebFilter Issue: gh-4719	2017-10-27 18:17:29 -05:00
Rob Winch	437ba56415	ReactorContextWebFilter & SecurityContextServerWebExchangeWebFilter Issue: gh-4719	2017-10-27 18:17:10 -05:00
Rob Winch	c63b258b16	AuthorizeWebFilter uses ReactiveSecurityContextHolder Issue gh-4719	2017-10-27 18:16:59 -05:00
Rob Winch	747473257f	Use ReactorSecurityContextHolder Issue gh-4713	2017-10-26 20:11:42 -05:00
Rob Winch	44b41e78cd	Flux member variables in favor of Collections Fix gh-4694	2017-10-25 07:41:37 -05:00
Rob Winch	fcc1152f78	WebFilterChainProxy not matched continues WebFilterChain Fixes gh-4668	2017-10-24 16:22:07 -05:00
Rob Winch	b81c1ce2c0	Move spring-security-webflux into spring-security-web Fixes gh-4662	2017-10-18 16:20:09 -05:00
Rob Winch	a74f7c6faa	Fix CSRF / DefaultLoginPageGeneratingFilter package tangle Issue: gh-4636	2017-10-16 16:36:49 -05:00
Andreas Gebhardt	0c830f9ba8	fix JavaDoc typo on `BasicAuthenticationEntryPoint`	2017-10-12 07:42:58 -05:00
Rob Winch	23f56f568c	Update MockitJunitRunner import Issue: gh-4608	2017-10-09 16:13:33 -05:00
Rob Winch	445834784a	Update to Mockito 2.10.0 Issue: gh-4608	2017-10-09 16:13:11 -05:00
Rob Winch	f3828924ff	Fix equals and hashCode alignment Fixes gh-4588	2017-09-28 17:25:00 -05:00
Rob Winch	646b3e48b3	Avoid Exception Message in HTTP Response Fixes gh-4587	2017-09-28 17:24:49 -05:00
Stephan Schroevers	9e719bc313	Drop the `aopalliance:aopalliance` dependency As of Spring 4.3 RC1 the `org.aopalliance` interfaces are once again bundled with `spring-aop` [1]. Moreover, all modules with a dependency on `aopalliance:aopalliance` directly or indirectly also depend on `spring-aop`. This change drops the `aopalliance:aopalliance` dependency in all places it's declared. Where applicable an explicit dependency on `spring-aop` was added in its place. (This dependency was already present in most places; in one case the module didn't require `aopalliance:aopalliance` in the first place.) The documentation is updated accordingly. [1] https://jira.spring.io/browse/SPR-13984	2017-09-22 11:11:04 -05:00
Vedran Pavic	95de158909	Add `ForwardLogoutSuccessHandler`	2017-09-06 15:15:02 -05:00
Joe Grandja	4951550d7d	Add context path to authorization request URI Fixes gh-4510	2017-08-26 18:55:23 -04:00
Rob Winch	e16b8e7976	Fix logback-test.xml	2017-08-17 16:42:01 -05:00
Kyle Anderson	d8a678df6f	Removed Unicode Character from Parameter Name	2017-06-29 16:03:29 -05:00
Takuma Setoguchi	f2c04dd9b1	fix typo	2017-06-20 08:17:15 -05:00
Rob Winch	d81b436e5d	Remove pom.xml from build Gradle is easy enough to import into IDEs, so pom.xml should no longer be necessary. This commit removes the pom.xml files from the build. Fixes gh-4283	2017-05-11 14:32:36 -05:00
Vedran Pavic	85719fcd64	Use Base64 implementation provided by Java 8	2017-05-10 00:27:36 -05:00
Joe Grandja	829c386756	Add support for OAuth 2.0 Login Fixes gh-3907	2017-04-28 10:58:59 -04:00
Rob Winch	dd6fc48dd8	Standardize Build The build now uses spring build conventions to simplify the build Fixes gh-4284	2017-04-21 10:55:05 -05:00
Rob Winch	5a65da400d	Use ReflectionTestUtils rather than Whitebox This is better because it no longer uses Mockito's internal API Fixes gh-4305	2017-04-21 10:54:58 -05:00
Rob Winch	9d9aadb80f	Fix DefaultSavedRequestMixinTests with Spring 5 Previously DefaultSavedRequestMixinTests serializeDefaultRequestBuildWithConstructorTest broke in Spring 5 because Spring 5's MockHttpServletRequest.setCookie now automatically adds the Cookie header. This commit ensures that the Cookie header is not added by overriding the class we are writing. Fixes gh-4272	2017-04-12 15:51:26 -05:00
Joe Grandja	2ce174dbf0	Update poms to 5.0.0.BUILD-SNAPSHOT	2017-04-07 16:49:50 -04:00
Joe Grandja	2b81983f7c	Update to Java 8 compatibility * Spring IO Athens-BUILD-SNAPSHOT -> Cairo-BUILD-SNAPSHOT * CGLib 3.1 -> 3.2.5 latest release Issue related to ASM https://github.com/cglib/cglib/issues/20 * AssertJ 2.2.0 -> 3.6.2 latest release * PowerMock 1.6.2 -> 1.6.5 latest release is 1.6.6 but has regression Issue https://github.com/powermock/powermock/issues/717 * Update maven-compiler-plugin source/target to 1.8	2017-04-07 16:49:38 -04:00
borlafu	8a458eb9e1	Avoid multiple X-Frame-Options headers XFrameOptionsHeaderWriter should not add, but set the X-Frame-Options header. According to https://tools.ietf.org/html/rfc7034#section-2.1, having multiple values for the header is disallowed: "There are three different values for the header field. These values are mutually exclusive; that is, the header field MUST be set to exactly one of the three values." With this change, only the latest XFrameOptionsHeaderWriter will remain.	2017-03-08 15:49:18 -06:00
Rob Winch	d2524eadfc	Update poms to new to SNAPSHOT version	2017-03-02 09:20:34 -06:00
Spring Buildmaster	081f0c4d94	Release version 4.2.2.RELEASE	2017-03-02 07:29:42 +00:00
Rob Winch	247f54dc41	Fix SwitchUserFilter.setSwitchFailureUrl assertion Fixes gh-4198	2017-03-02 00:47:09 -06:00
Rob Winch	017e9834bd	Fix NPE in UrlUtils with null url Fixes gh-4233	2017-03-02 00:46:01 -06:00
Rob Winch	168f4b8f70	Prevent Duplicate Cache Headers Fixes gh-4199	2017-03-01 16:14:12 -06:00
Rob Winch	9c03571bbb	Use message in all Assert This ensures compatibility with Spring 5. Fixes gh-4193	2017-01-30 19:58:24 -06:00
Kazuki Shimizu	38492a5794	Add since version in javadoc Issue: gh-4130	2016-12-21 16:12:39 -06:00
Spring Buildmaster	7a7ce11ebb	Release version 4.2.1.RELEASE	2016-12-21 17:23:28 +00:00
Eddú Meléndez	028854b936	Add HttpSessionRequestCache sessionAttrName property This commit allows to customize the session attribute name. Default is SPRING_SECURITY_SAVED_REQUEST. Fixes gh-4130	2016-12-21 10:22:09 -06:00
Rob Winch	d39f3385b6	Polish DefaultHttpFirewallTests Issue gh-4169	2016-12-21 09:29:23 -06:00
Rob Winch	666e356ebc	Block URL Encoded "/" in DefaultHttpFirewall Fixes gh-4169	2016-12-21 09:04:00 -06:00
Spring Buildmaster	24fcb6c45a	Release version 4.2.0.RELEASE	2016-11-09 23:42:11 +00:00
Rob Winch	697daeab7c	Add Jackson2 Support for PreAuthenticatedAuthenticationToken Fixes gh-4120	2016-11-09 16:55:10 -06:00
Rob Winch	f97f38fd57	jacksonDatavindVersion->jacksonDatabindVersion Issue gh-4122	2016-11-09 16:46:38 -06:00
Rob Winch	f0a9421aa4	SecurityJacksonModules->SecurityJackson2Modules Fixes gh-4121	2016-11-09 16:42:41 -06:00
Kazuki Shimizu	d2c28c58e2	Polishing the ReferrerPolicyHeaderWriter gh-4110	2016-11-09 13:16:41 -06:00
Eddú Meléndez	23294c4c57	Add Referrer-Policy header support Fixes gh-4110	2016-11-08 13:21:35 -06:00
Spring Buildmaster	97b4cb0b73	Release version 4.2.0.RC1	2016-10-26 02:49:23 +00:00
Rob Winch	57d7ad05f9	Revert "Cache Control only written if not set" This reverts commit `242b831f20`. Spring MVC fixed the issue we were working around and the changes in Spring Security were unreliable. Fixes gh-3975	2016-10-24 15:57:26 -05:00
Johnny Lim	50b72dddbc	Fix typo in Javadoc This commit simply fixes typo in Javadoc.	2016-10-20 21:07:15 -05:00
Rob Winch	aaa9708b95	Add BeanResolver to AuthenticationPrincipalArgumentResolver Previously @AuthenticationPrincipal's expression attribute didn't support bean references because the BeanResolver was not set on the SpEL context. This commit adds a BeanResolver and ensures that the configuration sets a BeanResolver. Fixes gh-3949	2016-10-18 19:45:54 -05:00
Rob Winch	2c99cd3bbf	Remove MatcherAssertionErrors Spring 5 removes MatcherAssertionErrors. We should not have been using this class anyways. This commit updates to using assertj in favor of MatcherAssertionErrors. Issue gh-4080	2016-10-17 17:00:17 -05:00
Rob Winch	08c1f500a7	Version bumps for Spring 5 Issue gh-4080	2016-10-17 17:00:17 -05:00
Spring Buildmaster	c1b8150439	Release version 4.2.0.M1	2016-09-23 19:39:33 +00:00
Rob Winch	8b89e804e3	Polish RequestAttributeAuthenticationFilter Issue gh-3978	2016-09-23 13:08:08 -05:00
Rob Winch	6fb564a629	Polish HTTP Response Splitting Issue gh-3910	2016-09-23 12:49:01 -05:00
Rob Winch	9ae163e92d	Rename to RequestAttributeAuthenticationFilter Rename EnvironmentVariableAuthenticationFilter to RequestAttributeAuthenticationFilterTests Polish gh-3978	2016-09-22 16:44:10 -05:00
Milan Ševčík	a8120e74a7	Added authentication filter reading environment variables. This style is used in many SSO implementations, such as Stanford WebAuth and Shibboleth.	2016-09-22 16:30:54 -05:00
Rob Winch	b443baef04	Polish GrantedAuthorityDefaults * Move GrantedAuthorityDefaults to config module * Move setting of default role into config module vs ApplicationContextAware Issue gh-3701	2016-09-22 15:13:05 -05:00
Eddú Meléndez	eabeaf35d6	Make single definition of `defaultRolePrefix` and `rolePrefix` Previous to this commit, role prefix had to be set in every class causing repetition. Now, bean `GrantedAuthorityDefaults` can be used to define the role prefix in a single point. Fixes gh-3701	2016-09-21 14:55:41 -05:00
Rob Winch	2e6656e9d3	Polish HTTP Response Splitting * Use new test method name convention of methodNameWhen<Condition>Then<Expectation> * Check null Cookie * Check Cookie.getName() for crlf since we do not want to rely on the implementation. For example Cookie could be overriden by extending it. * Use Crlf as convention instead of CLRF as style guide * Create new FirewalledResponse before each test to ensure isolation * Use Mock for HttpServletResponse delegate to keep test in isolation (i.e. we do not want our tests to fail if MockHttpServletRequest changes an Exception error message) Issue gh-3910	2016-09-21 10:42:24 -05:00
Gabriel Lavoie	4a1f00b90f	Add additional HTTP Response splitting prevention - Adding multiple test. - HTTP response splitting should be validated too on cookie attributes and header name. Issue gh-3910	2016-09-21 10:42:18 -05:00
Julio Valcarcel	6834467389	Add cookiePath to CookieCsrfTokenRepository Allow the csrf cookie path to be set instead of inferred from the request context. Fixes gh-4062	2016-09-19 13:52:54 -05:00
Rob Winch	6650429283	Polish SessionInformationExpiredStrategy * Fix passivity and add tests * Introduce SessionInformationExpiredEvent as a value object * Rename ExpiredSessionStrategy to SessionInformationExpiredStrategy to account for the need of SessionInformation * Switch to Constructor Injection * Move the changes to the xsd to 4.2 xsd instead of 4.1 Issue gh-3808	2016-09-15 14:30:52 -05:00
Marten Deinum	b88418b94a	Configuration of session management strategies This commit adds an ExpiredSessionStrategy for the ConcurrentSessionFilter analogous to the InvalidSessionStrategy for the SessionManagementFilter. It also adds a configuration option for both the InvalidSessionStrategy and ExpiredSessionStrategy to the XML namespace and Java configuration. Fixes gh-3794 Fixes gh-3795	2016-09-15 11:10:17 -05:00
Joe Grandja	a82cab7afd	Revert "Add support for colons in remember-me token values" This reverts commit `aceba1f1cf`.	2016-09-13 10:27:51 -04:00
Dennis Kieselhorst	2b6821622e	Make DefaultRedirectStrategy more extensible Fixes gh-2173	2016-09-08 17:23:13 -04:00
Stefan Penndorf	d6397c2362	Remove dead code in SessionFixationProtectionStrategy The retainedAttributes property is no longer used as a result of removing deprecations in `6e204fff72` Fixes gh-4057 Related gh-2757 gh-2918	2016-09-08 11:36:22 -04:00
Jeremy Waters	aceba1f1cf	Add support for colons in remember-me token values We have an issue where token strings that contain a colon break the existing decoding strategy, which tokenizes on colons. This change urlencodes the individual tokens when creating the cookie string; and urldecodes them decoding the cookie and extracting the tokens. This also eliminates the need for existing code to deal with openid tokens which contain urls, and thus colons. Fixes gh-3355	2016-09-07 16:35:15 -04:00
Rob Winch	8ad0003456	Polish Whitespace Issue gh-3736	2016-09-02 11:37:21 -05:00
Rob Winch	3531cc93c2	JSON tests ObjectMapper Cleanup * Move to @Setup * Consistently extend from AbstractMixinTests and reuse ObjectMapper Issue gh-3736	2016-09-02 11:37:20 -05:00
Rob Winch	bd925313af	Improve Readablility of JSON test strings This improves the readability of the JSON strings used for testing JSON serialize / deserialize of Spring Security Issue gh-3736	2016-09-02 11:37:20 -05:00
Rob Winch	d4c48dd3e1	Remove MockitoJUnitRunner from JSON tests Previously the JSON tests unnecessarily had MockitoJUnitRunner. This commit removes MockitoJUnitRunner from the JSON tests. Issue gh-3736	2016-09-02 11:37:20 -05:00
Rob Winch	3fb77f3b59	Polish SecurityJacksonModules Issue gh-3736 * ClassLoader argument - this is required because we do not want to assume the ClassLoader that should be used * Clean up logging - logging is now at debug level because we don't expect all of the modules are loaded (they are quite possibly off the ClassPath) * Remove ObjectUtils as it was being used on methods that expect a Collection or Array with non collection based objects * Polish Javadoc warnings	2016-09-02 11:37:13 -05:00
Rob Winch	6f2b24a62b	Polish JSON warnings / javadoc Issue gh-3736	2016-09-02 11:36:23 -05:00
Rob Winch	6d2003722e	Polish JSON class scope Use package scope when possible Issue gh-3736	2016-09-02 11:36:06 -05:00
Jitendra Singh Bisht	d77ca17e95	Add JSON Serialization Fixes gh-3812	2016-09-02 11:29:53 -05:00
Rob Winch	4d02a5c0a0	Update pom.xml dependencies	2016-08-30 11:27:29 -05:00
Joe Grandja	4d460b2ec9	Remove unused MvcReqestMatcher.getMvcPattern (#4033 )	2016-08-19 14:21:42 -05:00
Rob Winch	c6366baee2	Remove MvcRequestMatcher.afterPropertiesSet() The validation does not work due to restrictions within the servlet container. Specifically we cannot access the servlets that are registered. This commit reverts the validation logic for MvcRequestMatcher to determine if servletPath is required. Fixes gh-4027	2016-08-19 14:18:07 -04:00
Joe Grandja	e080905a79	MvcRequestMatcher servletPath Polish / XML Config Fixes gh-4014	2016-08-09 16:29:30 -05:00
Rob Winch	3befb1c8a6	MvcRequestMatcher servletPath / JavaConfig Issue: gh-3987	2016-08-09 16:29:30 -05:00
Rob Winch	ca170f8479	DummyRequest supports methods for MvcRequestMatcher To support MvcRequestMatcher DummyRequest needs to support getCharacterEncoding() and getAttribute(String)	2016-07-14 14:18:31 -05:00
Marten Deinum	80ff267749	Check RememberMe in ExceptionTranslationFilter This commit adds a check for rememberme to the ExceptionTranslationFilter. Using this when someone isn't fully authenticated he will be prompted with a login screen and after that will be redirected to the original requested URI. Fixes gh-2427	2016-07-13 16:58:00 -04:00
Rob Winch	70787fc548	Polish CompositeLogoutHandler Issue gh-3895	2016-07-08 14:39:35 -05:00
Eddú Meléndez	1effc1882a	Add CompositeLogoutHandler Fixes gh-3895	2016-07-08 13:30:38 -05:00
Eddú Meléndez	26fa4a4bf0	Prevent HTTP response splitting Evaluate if http header value contains CR/LF. Reference: https://www.owasp.org/index.php/HTTP_Response_Splitting Fixes gh-3910	2016-07-07 13:42:52 -05:00
Eddú Meléndez	13b0ddb7e6	Fix test assertions	2016-07-07 13:29:00 -05:00
Spring Buildmaster	919f000c80	Release version 4.1.1.RELEASE	2016-07-07 00:57:35 +00:00
Rob Winch	9d50944cb2	AntPathRequestMatcher implements RequestVariableExtractor Issue gh-3964	2016-07-06 15:47:34 -05:00
Rob Winch	e4c13e3c0e	Add MvcRequestMatcher Fixes gh-3964	2016-07-06 15:47:23 -05:00
Rob Winch	2a73f3cdf7	Remove abigious import	2016-06-20 15:03:09 -05:00
Eddú Meléndez	a2ead4cf7a	Polish Fixes gh-3892	2016-06-20 12:35:43 -05:00
Ruben Dijkstra	364db6762e	Add failing test for #3905 Fix Assert usage	2016-06-20 09:24:04 -05:00
Ruben Dijkstra	e8f4ee8a39	Fix Assert usage	2016-06-20 09:23:51 -05:00
Ruben Dijkstra	ca76e8d784	Remove null-check inside afterPropertiesSet() since it's never null	2016-06-17 16:40:39 -05:00
Rob Winch	2d6051625f	Update pom.xml	2016-06-17 14:30:11 -05:00
Adrien SAUVEZ	c261975be0	Set cookie domain for cancel remember-me Fixes gh-3871	2016-05-13 13:34:43 -05:00
Rob Winch	d4218c70f1	Update CookieCsrfTokenRepository docs to cookiHttpOnly=false Currently CookieCsrfTokenRepository does not specify that the httpOnly flag needs set to false. We should update the reference to include this setting (and a comment about it) since it states that the settings will work with AngularJS. This commit updates the documentation and provides a convenience factory method to create a CookieCsrfTokenRepository with cookiHttpOnly=false Fixes gh-3865	2016-05-06 16:28:04 -04:00
Spring Buildmaster	001b05569a	Release version 4.1.0.RELEASE	2016-05-05 04:25:46 +00:00
Rob Winch	9745de9510	Add @AuthenticationPrincipal expression It is now possible to provide a SpEL expression for @AuthenticationPrincipal. This allows invoking custom logic including methods on the principal object. Fixes gh-3859	2016-05-03 18:08:52 -04:00
bartolom	3ca8273a95	Improve GC for OnCommittedResponseWrapper Only track content length if disableOnCommitted is false. This improves object creation and thus GC. Fixes gh-3842	2016-05-02 16:19:21 -05:00
Joe Grandja	2bdb0231c2	CookieCsrfTokenRepository supports HttpOnly CookieCsrfTokenRepository supports HttpOnly Fixes gh-3835 * Add Servlet 3 tests and javadocs Issue gh-3835 * Add copyright header Issue gh-3835	2016-05-02 15:49:37 -05:00
Li Weinan	70bd7d1bbc	Include AuthenticationException in logs Fixes gh-3705	2016-04-21 11:17:47 -04:00
Spring Buildmaster	24d0069668	Release version 4.1.0.RC2	2016-04-21 01:47:25 +00:00
Rob Winch	7fe0a135ec	Default AntPathRequestMatcher to be case sensitive Issue gh-3831	2016-04-20 13:29:18 -05:00
Rob Winch	6fa1588de9	Disable AntPathRequestMatcher trim tokens Issue gh-3831	2016-04-20 13:29:17 -05:00
Rob Winch	4093690322	Polish Logout Content Negotiation * Rename to DelegatingLogoutSuccessHandler for consistency * Remove JavascriptOriginRequestMatcher in favor of RequestHeaderRequestMatcher Issue gh-3282	2016-04-20 10:49:37 -05:00
Shazin Sadakath	f0d1700ad6	Content Negotiating LogoutSuccessHandler Issue gh-3282	2016-04-20 10:42:13 -05:00
Rob Winch	1dbd3f5906	Fix NPE in OnCommittedResponseWrapper trackContentLength (#3824 ) OnCommittedResponseWrapper trackContentLength will throw a NullPointerException when the content length passed in is null. This commit properly tracks the null value as a length of 4. Fixes gh-3823	2016-04-19 14:58:56 -04:00
Johnny Lim	933a7e8363	Remove duplicate words Fixes gh-3826	2016-04-18 23:21:20 -05:00
Rob Winch	fb5776cb5c	Support Camel case URI variables (#3814 ) Perviously there were issues with case insenstive patterns and URI variables that contained upper case characters. For example, the pattern "/user/{userId}" could not resolve the variable #userId Instead it was forced to lowercase and #userid was used. Now if the pattern is case insensitive then so is the variable. This means that #userId will work as will #userid. Fixes gh-3786	2016-04-18 17:54:48 -04:00
Simon Olofsson	337a7ed35e	Fix HeaderWriterFilter Javadoc Fixes the formatting and spelling in HeaderWriterFilter Javadoc Issue gh-3813	2016-04-15 08:56:58 -05:00
Andrew NS Yeow	eb26095ca9	Fix HpkpHeaderWriter Javadoc format	2016-04-15 08:41:43 -05:00
Joe Grandja	2ef3da1b47	Documents the new @AuthenticationPrincipal in more detail. Fixes gh-3771	2016-04-13 12:27:23 -04:00
Rob Winch	d3a9cc6eae	Add CsrfTokenRepository (#3805 ) * Create LazyCsrfTokenRepository Fixes gh-3790 * Add CookieCsrfTokenRepository Fixes gh-3009	2016-04-12 17:26:53 -04:00
Johnny Lim	fe94d654ed	Fix typos (#228 )	2016-04-12 11:11:51 -05:00
Joe Grandja	b90242f2fa	Updates all POM versions to 4.1.0 snapshot build. Fixes gh-3804	2016-04-12 10:35:43 -04:00
izeye	2c85fb05d0	Remove duplicate test. Remove duplicate test with `trailingWildcardWithVariableMatchesCorrectly()`. Fixes gh-183	2016-04-08 13:36:45 -05:00
Rob Winch	f49cd5faba	Polish Codestyle	2016-04-01 09:53:32 -05:00
Rob Winch	d900c78f11	Perform null check on super.getAsyncContext() Fixes gh-3780	2016-04-01 09:53:32 -05:00
Shazin Sadakath	1bc7060c93	Add AuthenticationSuccessHandler support to AbstractPreAuthenticatedProcessingFilter Fixes gh-3389	2016-03-25 09:46:16 -05:00
Spring Buildmaster	044acf7e27	Release version 4.1.0.RC1	2016-03-23 07:15:15 -07:00
Joe Grandja	2f7f2ff589	Adds support for Content Security Policy Fixes gh-2342	2016-03-22 21:59:13 -05:00
Rob Winch	7bf014f678	Path Variables fail with different case Fixes gh-3329	2016-03-21 10:09:50 -05:00
Eddú Meléndez	41c6a797c3	Add RememberMeConfigurer set domain Fixes gh-3408	2016-03-17 08:30:18 -05:00
Rob Winch	242b831f20	Cache Control only written if not set Previously Spring Security always wrote cache control headers and relied on the application to override the values. This can cause problems with cache control. For example, applications may only set cache control if the header is not already set. Additionally, setting of Cache-Control should disable writing of Pragma. This commit delays writing headers until just before the response is committed and only writes the Cache Control headers if they do not exist. Fixes gh-2953	2016-03-15 12:30:37 -05:00
Rob Winch	1fcc2fcd88	Make OnCommittedResponseWrapper public This is preparing for changes in gh-2953 Issues gh-2953	2016-03-15 11:22:06 -05:00
Rob Winch	ec4e6c7453	Update pom.xml to 4.1.0.BUILD-SNAPSHOT	2016-03-14 00:51:35 -05:00
Rob Winch	f221920a19	Clean up code to conform to basic checkstyle Issue gh-3746	2016-03-14 00:15:12 -05:00
Rob Winch	40f687aa78	Improve CSRF missing error message Fixes gh-3738	2016-03-09 14:52:21 -06:00
Billy Korando	71d4ce96ad	Convert to assertj Fixes gh-3175	2016-03-09 14:30:17 -06:00
Rob Winch	bb600a473e	Start AssertJ Migration Issue gh-3175	2016-03-09 14:26:30 -06:00
Alex Baxanean	a1c4c2039b	Rename HeaderWriter loop variable	2016-03-09 10:36:03 -06:00
Rob Winch	6cbb1dc881	Polish ForwardAuthenticationSuccessHandler * Whitespace cleanup * Add @since Issue gh-3726	2016-03-09 10:23:53 -06:00
Rob Winch	e61bc7e93b	Polish ForwardAuthenticationFailureHandler * Whitespace cleanup * Add @since Issue gh-3727	2016-03-09 10:23:39 -06:00
Shazin Sadakath	7341da9320	Add ForwardAuthenticationSuccessHandler Fixes gh-3726	2016-03-09 10:22:55 -06:00
Shazin Sadakath	b288d24100	Add ForwardAuthenticationFailureHandler Fixes gh-3727	2016-03-09 10:22:41 -06:00
Rob Winch	db81977a1a	Polish HPKP * Javadoc polish * Whitespace cleanup Issue gh-3706	2016-03-03 15:11:40 -06:00
Tim Ysewyn	331c7e91b7	HTTP Public Key Pinning HTTP Public Key Pinning (HPKP) is a security mechanism which allows HTTPS websites to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates. (For example, sometimes attackers can compromise certificate authorities, and then can mis-issue certificates for a web origin.) The HTTPS web server serves a list of public key hashes, and on subsequent connections clients expect that server to use 1 or more of those public keys in its certificate chain. This commit will add this new functionality. Fixes gh-3706	2016-03-03 14:21:46 -06:00
Rob Winch	d0dc47cb66	Remove logging for "Skip invoking on" response committed Fixes gh-3683	2016-02-25 11:01:51 -06:00
Andrei Ivanov	9008a7af1d	Allow override of SwitchUserFilter.ROLE_PREVIOUS_ADMINISTRATOR Fixes gh-3697	2016-02-15 09:03:27 -06:00
Rob Winch	56fad169db	request.setMethod("POST")	2015-12-21 14:53:13 -06:00
Rob Winch	7d5af63510	Merge pull request #243 from panchenko/SEC-3158 SEC-3158 findRequiredWebApplicationContext() compatibility with spring framework 4.1	2015-12-03 22:14:58 -06:00
Rob Winch	81db6abbe0	SEC-3164: JDK6 compatability	2015-12-02 14:16:57 -06:00
Alex Panchenko	cfa23b152e	SEC-3164 Optimization in DefaultRequiresCsrfMatcher	2015-12-01 13:19:13 +06:00
Alex Panchenko	3af4140742	SEC-3158 findRequiredWebApplicationContext() compatibility with spring framework 4.1.x	2015-12-01 12:54:08 +06:00
Rob Winch	4144de9376	SEC-3082: make SavedRequest parameters case sensitive	2015-10-29 16:46:11 -05:00
Rob Winch	8f13beccb7	SEC-2190: Fix Javadoc	2015-10-29 11:41:39 -05:00
Rob Winch	8b641e5f79	SEC-2190: Support WebApplicationContext in ServletContext attribute	2015-10-28 15:12:35 -05:00
Rob Winch	5c73816a1a	SEC-3108: DigestAuthenticationFilter should use SecurityContextHolder.createEmptyContext()	2015-10-27 13:56:51 -05:00
Rob Winch	a88ac0fcc1	SEC-3109: Fix web tests	2015-10-26 21:31:07 -05:00
Rob Winch	cda6532c43	SEC-3070: Logout invalidate-session=false and Spring Session doesn't work	2015-10-20 14:58:57 -05:00
izeye	3925ed90c4	SEC-3124: Fix broken Javadoc related to `<` and `>`	2015-10-13 13:33:28 -05:00
zhanhb	29f2cc0ab1	snasphot -> snapshot	2015-09-25 15:28:39 -05:00
Rob Winch	97969ea9d2	SEC-2059: Ignore Query String for Resolving Path Variables	2015-09-01 09:53:29 -05:00
Rob Winch	6b05b298ff	SEC-2059: Support Path Variables in Web Expressions	2015-08-20 17:11:01 -05:00
Rob Winch	969f3a7d1b	Update pom.xml to latest snapshots	2015-08-03 09:46:01 -05:00
Thomas Darimont	ad1d858e2b	SEC-3056 - Fix JavaDoc errors. Fixed JavaDoc errors accross multiple modules in order to make javadoc happy with Java 8.	2015-08-03 08:02:24 -05:00
Rob Winch	117f892c91	SEC-3031: DelegatingSecurityContext(Runnable\|Callable) only modify SecurityContext on new Thread Modifying the SecurityContext on the same Thread can cause issues. For example, with a RejectedExecutionHandler the SecurityContext may be cleared out on the original Thread. This change modifies both the DelegatingSecurityContextRunnable and DelegatingSecurityContextCallable to, by default, only modify the SecurityContext if they are invoked on a new Thread. The behavior can be changed by setting the property enableOnOrigionalThread to true.	2015-07-22 16:07:21 -05:00
Rob Winch	e8c9f75f9c	Update pom.xml to latest versions	2015-07-22 12:51:04 -05:00
Rob Winch	432123daa2	SEC-2964: Fix CsrfTokenArgumentResolver Javadoc	2015-07-22 11:32:36 -05:00
Rob Winch	92ae45a04d	SEC-3051: Add AbstractPreAuthenticatedProcessingFilter#principalChanged	2015-07-22 08:41:33 -05:00
Rob Winch	7c725a60e2	SEC-3047: SecurityContextHolderAwareRequestFactory update RequestFactory	2015-07-20 14:06:44 -05:00
Rob Winch	76a2fb9488	SEC-3020: SecurityContextHolderAwareRequestWrapper conditional rolePrefix Previously SecurityContextHolderAwareRequestWrapper always prefixed with rolePrefix. This meant the defaults would never return true for a role that started with the prefix (i.e. ROLE_). We no longer apply the rolePrefix if the value passed in already starts with rolePrefix.	2015-07-16 14:49:32 -05:00
Rob Winch	08b1b56e2c	SEC-2973: Add OnCommittedResponseWrapper This ensures that Spring Session & Security's logic for performing a save on the response being committed can easily be kept in synch. Further this ensures that the SecurityContext is now persisted when the response body meets the content length.	2015-07-14 14:48:41 -05:00
Rob Winch	316886affc	SEC-2931: Fix CsrfFilter Javadoc	2015-07-14 13:40:59 -05:00
Rob Winch	aed288da05	Fix Spring IO Tests	2015-07-08 11:48:43 -05:00
Rob Winch	1f74ac811e	Fix Spring IO Tests	2015-07-08 11:09:29 -05:00

... 10 11 12 13 14 ...

1684 Commits