7e8aadeb96
Multi-tenancy for Resource Server
...
Fixes: gh-5351
2019-03-29 15:00:48 -06:00
e9e7f7d9bc
Polish URL Cleanup
...
Fixes: gh-6628
2019-03-20 00:26:43 -05:00
3b89754926
URL Cleanup
...
This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).
# HTTP URLs that Could Not Be Fixed
These URLs were unable to be fixed. Please review them to see if they can be manually resolved.
* http://blog.opensecurityresearch.com/2012/02/json-csrf-with-parameter-padding.html (200) with 1 occurrences could not be migrated:
([https](https://blog.opensecurityresearch.com/2012/02/json-csrf-with-parameter-padding.html ) result ClosedChannelException).
* http://bouncy-castle.1462172.n4.nabble.com/Java-Bouncy-Castle-scrypt-implementation-td4656832.html (200) with 1 occurrences could not be migrated:
([https](https://bouncy-castle.1462172.n4.nabble.com/Java-Bouncy-Castle-scrypt-implementation-td4656832.html ) result SSLHandshakeException).
* http://cujojs.com/ (200) with 1 occurrences could not be migrated:
([https](https://cujojs.com/ ) result SSLHandshakeException).
* http://erik.eae.net/archives/2007/07/27/18.54.15/ (200) with 1 occurrences could not be migrated:
([https](https://erik.eae.net/archives/2007/07/27/18.54.15/ ) result SSLHandshakeException).
* http://javascript.nwbox.com/IEContentLoaded/ (200) with 1 occurrences could not be migrated:
([https](https://javascript.nwbox.com/IEContentLoaded/ ) result SSLHandshakeException).
* http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2011-February/007533.html (200) with 1 occurrences could not be migrated:
([https](https://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2011-February/007533.html ) result SSLHandshakeException).
* http://monkeymachine.co.uk/ (200) with 2 occurrences could not be migrated:
([https](https://monkeymachine.co.uk/ ) result SSLHandshakeException).
* http://perfectionkills.com/detecting-event-support-without-browser-sniffing/ (200) with 1 occurrences could not be migrated:
([https](https://perfectionkills.com/detecting-event-support-without-browser-sniffing/ ) result SSLHandshakeException).
* http://somesite.com/login (200) with 3 occurrences could not be migrated:
([https](https://somesite.com/login ) result AnnotatedConnectException).
* http://someurl.com/ (200) with 2 occurrences could not be migrated:
([https](https://someurl.com/ ) result SSLHandshakeException).
* http://sscce.org/ (200) with 1 occurrences could not be migrated:
([https](https://sscce.org/ ) result SSLHandshakeException).
* http://webblaze.cs.berkeley.edu/papers/barth-caballero-song.pdf (200) with 2 occurrences could not be migrated:
([https](https://webblaze.cs.berkeley.edu/papers/barth-caballero-song.pdf ) result 404).
* http://www.example.com:80/ (200) with 1 occurrences could not be migrated:
([https](https://www.example.com:80/ ) result NotSslRecordException).
* http://www.faqs.org/qa/rfcc-1940.html (200) with 3 occurrences could not be migrated:
([https](https://www.faqs.org/qa/rfcc-1940.html ) result AnnotatedConnectException).
* http://www.faqs.org/rfcs/rfc1945.html (200) with 2 occurrences could not be migrated:
([https](https://www.faqs.org/rfcs/rfc1945.html ) result AnnotatedConnectException).
* http://www.faqs.org/rfcs/rfc3548.html (200) with 3 occurrences could not be migrated:
([https](https://www.faqs.org/rfcs/rfc3548.html ) result AnnotatedConnectException).
* http://www.zytrax.com/books/ldap/ (200) with 2 occurrences could not be migrated:
([https](https://www.zytrax.com/books/ldap/ ) result AnnotatedConnectException).
* http://blindsignals.com/index.php/2009/07/jquery-delay/ (301) with 1 occurrences could not be migrated:
([https](https://blindsignals.com/index.php/2009/07/jquery-delay/ ) result SSLHandshakeException).
* http://www.faqs.org/ (301) with 1 occurrences could not be migrated:
([https](https://www.faqs.org/ ) result AnnotatedConnectException).
* http://sam.zoy.org/wtfpl/ (301) with 2 occurrences could not be migrated:
([https](https://sam.zoy.org/wtfpl/ ) result SSLHandshakeException).
* http://hey.openid.com/ (302) with 1 occurrences could not be migrated:
([https](https://hey.openid.com/ ) result SSLHandshakeException).
* http://iharder.net/base64 (303) with 2 occurrences could not be migrated:
([https](https://iharder.net/base64 ) result AnnotatedConnectException).
* http://jaspan.com/improved_persistent_login_cookie_best_practice (500) with 3 occurrences could not be migrated:
([https](https://jaspan.com/improved_persistent_login_cookie_best_practice ) result AnnotatedConnectException).
# Fixed URLs
## Fixed But Review Recommended
These URLs were fixed, but the https status was not OK. However, the https status was the same as the http request or http redirected to an https URL, so they were migrated. Your review is recommended.
* http://www.relaxng.org/ (301) with 1 occurrences migrated to:
https://relaxng.org/ ([https](https://www.relaxng.org/ ) result SSLHandshakeException).
* http://www.relaxng.org (301) with 1 occurrences migrated to:
https://relaxng.org/ ([https](https://www.relaxng.org ) result SSLHandshakeException).
* http://tools.ietf.org/html/draft-ietf-websec-x-frame-options (301) with 2 occurrences migrated to:
https://tools.ietf.org/html/draft-ietf-websec-x-frame-options ([https](https://tools.ietf.org/html/draft-ietf-websec-x-frame-options ) result ReadTimeoutException).
* http://foo.test.com (302) with 2 occurrences migrated to:
https://www.test.com ([https](https://foo.test.com ) result SSLHandshakeException).
* http://abc.test.com (302) with 2 occurrences migrated to:
https://www.test.com ([https](https://abc.test.com ) result SSLHandshakeException).
* http://192.168.1:8080 (ConnectTimeoutException) with 2 occurrences migrated to:
https://192.168.1:8080 ([https](https://192.168.1:8080 ) result ConnectTimeoutException).
* http://www.example.com:8080/mycontext/secure/page.html (ConnectTimeoutException) with 1 occurrences migrated to:
https://www.example.com:8080/mycontext/secure/page.html ([https](https://www.example.com:8080/mycontext/secure/page.html ) result ConnectTimeoutException).
* http://www.example.com:8888/bigWebApp/hello (ConnectTimeoutException) with 1 occurrences migrated to:
https://www.example.com:8888/bigWebApp/hello ([https](https://www.example.com:8888/bigWebApp/hello ) result ConnectTimeoutException).
* http://www.example.com:8888/bigWebApp/hello/pathInfo.html?open=true (ConnectTimeoutException) with 1 occurrences migrated to:
https://www.example.com:8888/bigWebApp/hello/pathInfo.html?open=true ([https](https://www.example.com:8888/bigWebApp/hello/pathInfo.html?open=true ) result ConnectTimeoutException).
* http://www.opensymphony.com/sitemesh/decorator (ConnectTimeoutException) with 1 occurrences migrated to:
https://www.opensymphony.com/sitemesh/decorator ([https](https://www.opensymphony.com/sitemesh/decorator ) result ConnectTimeoutException).
* http://www.opensymphony.com/sitemesh/page (ConnectTimeoutException) with 1 occurrences migrated to:
https://www.opensymphony.com/sitemesh/page ([https](https://www.opensymphony.com/sitemesh/page ) result ConnectTimeoutException).
* http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd (ReadTimeoutException) with 1 occurrences migrated to:
https://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd ([https](https://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd ) result ReadTimeoutException).
* http://axschema.org/ (UnknownHostException) with 2 occurrences migrated to:
https://axschema.org/ ([https](https://axschema.org/ ) result UnknownHostException).
* http://axschema.org/contact/email (UnknownHostException) with 23 occurrences migrated to:
https://axschema.org/contact/email ([https](https://axschema.org/contact/email ) result UnknownHostException).
* http://axschema.org/namePerson (UnknownHostException) with 5 occurrences migrated to:
https://axschema.org/namePerson ([https](https://axschema.org/namePerson ) result UnknownHostException).
* http://axschema.org/namePerson/first (UnknownHostException) with 4 occurrences migrated to:
https://axschema.org/namePerson/first ([https](https://axschema.org/namePerson/first ) result UnknownHostException).
* http://axschema.org/namePerson/last (UnknownHostException) with 4 occurrences migrated to:
https://axschema.org/namePerson/last ([https](https://axschema.org/namePerson/last ) result UnknownHostException).
* http://context.blah.com/context/remainder (UnknownHostException) with 1 occurrences migrated to:
https://context.blah.com/context/remainder ([https](https://context.blah.com/context/remainder ) result UnknownHostException).
* http://default (UnknownHostException) with 12 occurrences migrated to:
https://default ([https](https://default ) result UnknownHostException).
* http://endpoint (UnknownHostException) with 4 occurrences migrated to:
https://endpoint ([https](https://endpoint ) result UnknownHostException).
* http://endpoint?id_token_hint=id-token (UnknownHostException) with 2 occurrences migrated to:
https://endpoint?id_token_hint=id-token ([https](https://endpoint?id_token_hint=id-token ) result UnknownHostException).
* http://example.com¶m1=value1¶m2=value2 (UnknownHostException) with 1 occurrences migrated to:
https://example.com¶m1=value1¶m2=value2 ([https](https://example.com¶m1=value1¶m2=value2 ) result UnknownHostException).
* http://host/myapp/index.html;jsessionid=blah (UnknownHostException) with 1 occurrences migrated to:
https://host/myapp/index.html;jsessionid=blah ([https](https://host/myapp/index.html;jsessionid=blah ) result UnknownHostException).
* http://http://context.blah.com/context/remainder (UnknownHostException) with 1 occurrences migrated to:
https://http://context.blah.com/context/remainder ([https](https://https://context.blah.com/context/remainder ) result UnknownHostException).
* http://id.openid.zz (UnknownHostException) with 2 occurrences migrated to:
https://id.openid.zz ([https](https://id.openid.zz ) result UnknownHostException).
* http://invalid-provider.com/oauth2/token (UnknownHostException) with 4 occurrences migrated to:
https://invalid-provider.com/oauth2/token ([https](https://invalid-provider.com/oauth2/token ) result UnknownHostException).
* http://invalid-provider.com/user (UnknownHostException) with 4 occurrences migrated to:
https://invalid-provider.com/user ([https](https://invalid-provider.com/user ) result UnknownHostException).
* http://issuer/.well-known/jwks.json (UnknownHostException) with 2 occurrences migrated to:
https://issuer/.well-known/jwks.json ([https](https://issuer/.well-known/jwks.json ) result UnknownHostException).
* http://issuer/certs (UnknownHostException) with 1 occurrences migrated to:
https://issuer/certs ([https](https://issuer/certs ) result UnknownHostException).
* http://jimi.hendrix.myopenid.com/ (UnknownHostException) with 1 occurrences migrated to:
https://jimi.hendrix.myopenid.com/ ([https](https://jimi.hendrix.myopenid.com/ ) result UnknownHostException).
* http://joe.myopenid.com/ (UnknownHostException) with 3 occurrences migrated to:
https://joe.myopenid.com/ ([https](https://joe.myopenid.com/ ) result UnknownHostException).
* http://logout (UnknownHostException) with 2 occurrences migrated to:
https://logout ([https](https://logout ) result UnknownHostException).
* http://logout?id_token_hint=id-token (UnknownHostException) with 2 occurrences migrated to:
https://logout?id_token_hint=id-token ([https](https://logout?id_token_hint=id-token ) result UnknownHostException).
* http://openid.aol.com/ (UnknownHostException) with 2 occurrences migrated to:
https://openid.aol.com/ ([https](https://openid.aol.com/ ) result UnknownHostException).
* http://pip.verisignlabs.com/server (UnknownHostException) with 2 occurrences migrated to:
https://pip.verisignlabs.com/server ([https](https://pip.verisignlabs.com/server ) result UnknownHostException).
* http://postlogout?encodedparam%3Dvalue (UnknownHostException) with 2 occurrences migrated to:
https://postlogout?encodedparam%3Dvalue ([https](https://postlogout?encodedparam%3Dvalue ) result UnknownHostException).
* http://postlogout?encodedparam=value (UnknownHostException) with 2 occurrences migrated to:
https://postlogout?encodedparam=value ([https](https://postlogout?encodedparam=value ) result UnknownHostException).
* http://schema.openid.net/contact/email (UnknownHostException) with 5 occurrences migrated to:
https://schema.openid.net/contact/email ([https](https://schema.openid.net/contact/email ) result UnknownHostException).
* http://schema.openid.net/namePerson (UnknownHostException) with 2 occurrences migrated to:
https://schema.openid.net/namePerson ([https](https://schema.openid.net/namePerson ) result UnknownHostException).
* http://some.site.org/index.html (UnknownHostException) with 1 occurrences migrated to:
https://some.site.org/index.html ([https](https://some.site.org/index.html ) result UnknownHostException).
* http://something/ (UnknownHostException) with 1 occurrences migrated to:
https://something/ ([https](https://something/ ) result UnknownHostException).
* http://specs.openid.net/auth/2.0 (UnknownHostException) with 2 occurrences migrated to:
https://specs.openid.net/auth/2.0 ([https](https://specs.openid.net/auth/2.0 ) result UnknownHostException).
* http://specs.openid.net/auth/2.0/identifier_select (UnknownHostException) with 4 occurrences migrated to:
https://specs.openid.net/auth/2.0/identifier_select ([https](https://specs.openid.net/auth/2.0/identifier_select ) result UnknownHostException).
* http://wiki.fasterxml.com/JacksonFeatureModules (UnknownHostException) with 1 occurrences migrated to:
https://wiki.fasterxml.com/JacksonFeatureModules ([https](https://wiki.fasterxml.com/JacksonFeatureModules ) result UnknownHostException).
* http://www.faqs (UnknownHostException) with 1 occurrences migrated to:
https://www.faqs ([https](https://www.faqs ) result UnknownHostException).
* http://www.test123.com (UnknownHostException) with 1 occurrences migrated to:
https://www.test123.com ([https](https://www.test123.com ) result UnknownHostException).
* http://en.wikipedia.org/wiki/Defense_in_depth_%28computing%29 (301) with 1 occurrences migrated to:
https://en.wikipedia.org/wiki/Defense_in_depth_%2528computing%2529 ([https](https://en.wikipedia.org/wiki/Defense_in_depth_%28computing%29 ) result 400).
* http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ForwardedRequestCustomizer.html (404) with 1 occurrences migrated to:
https://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ForwardedRequestCustomizer.html ([https](https://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ForwardedRequestCustomizer.html ) result 404).
* http://example.com/auth (404) with 2 occurrences migrated to:
https://example.com/auth ([https](https://example.com/auth ) result 404).
* http://example.com/info (404) with 2 occurrences migrated to:
https://example.com/info ([https](https://example.com/info ) result 404).
* http://example.com/jwkset (404) with 2 occurrences migrated to:
https://example.com/jwkset ([https](https://example.com/jwkset ) result 404).
* http://example.com/login/oauth2/code/registration-id (404) with 1 occurrences migrated to:
https://example.com/login/oauth2/code/registration-id ([https](https://example.com/login/oauth2/code/registration-id ) result 404).
* http://example.com/login/oauth2/code/registration-id-2 (404) with 1 occurrences migrated to:
https://example.com/login/oauth2/code/registration-id-2 ([https](https://example.com/login/oauth2/code/registration-id-2 ) result 404).
* http://example.com/path?a=b&c=d (404) with 1 occurrences migrated to:
https://example.com/path?a=b&c=d ([https](https://example.com/path?a=b&c=d ) result 404).
* http://example.com/pkp-report (404) with 5 occurrences migrated to:
https://example.com/pkp-report ([https](https://example.com/pkp-report ) result 404).
* http://example.com/token (404) with 2 occurrences migrated to:
https://example.com/token ([https](https://example.com/token ) result 404).
* http://example.net/pkp-report (404) with 7 occurrences migrated to:
https://example.net/pkp-report ([https](https://example.net/pkp-report ) result 404).
* http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/ (301) with 1 occurrences migrated to:
https://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/ ([https](https://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/ ) result 404).
* http://html5shim.googlecode.com/svn/trunk/html5.js (404) with 6 occurrences migrated to:
https://html5shim.googlecode.com/svn/trunk/html5.js ([https](https://html5shim.googlecode.com/svn/trunk/html5.js ) result 404).
* http://json.org/json2.js (404) with 1 occurrences migrated to:
https://json.org/json2.js ([https](https://json.org/json2.js ) result 404).
* http://openid-selector.googlecode.com/svn/trunk/ (404) with 2 occurrences migrated to:
https://openid-selector.googlecode.com/svn/trunk/ ([https](https://openid-selector.googlecode.com/svn/trunk/ ) result 404).
* http://provider.com/user (302) with 2 occurrences migrated to:
https://provider.com/user ([https](https://provider.com/user ) result 404).
* http://relaxng.org/ns/compatibility/annotations/1.0 (301) with 8 occurrences migrated to:
https://relaxng.org/ns/compatibility/annotations/1.0 ([https](https://relaxng.org/ns/compatibility/annotations/1.0 ) result 404).
* http://www.example.com/bigWebApp/hello (404) with 2 occurrences migrated to:
https://www.example.com/bigWebApp/hello ([https](https://www.example.com/bigWebApp/hello ) result 404).
* http://www.example.com/bigWebApp/hello/pathInfo.html?open=true (404) with 1 occurrences migrated to:
https://www.example.com/bigWebApp/hello/pathInfo.html?open=true ([https](https://www.example.com/bigWebApp/hello/pathInfo.html?open=true ) result 404).
* http://www.example.com/identity (404) with 1 occurrences migrated to:
https://www.example.com/identity ([https](https://www.example.com/identity ) result 404).
* http://www.example.com/login/openid (404) with 2 occurrences migrated to:
https://www.example.com/login/openid ([https](https://www.example.com/login/openid ) result 404).
* http://www.example.com/mycontext/HelloWorld (404) with 1 occurrences migrated to:
https://www.example.com/mycontext/HelloWorld ([https](https://www.example.com/mycontext/HelloWorld ) result 404).
* http://www.example.com/mycontext/HelloWorld/some/more/segments.html (404) with 1 occurrences migrated to:
https://www.example.com/mycontext/HelloWorld/some/more/segments.html ([https](https://www.example.com/mycontext/HelloWorld/some/more/segments.html ) result 404).
* http://www.example.com/mycontext/HelloWorld?foo=bar (404) with 1 occurrences migrated to:
https://www.example.com/mycontext/HelloWorld?foo=bar ([https](https://www.example.com/mycontext/HelloWorld?foo=bar ) result 404).
* http://www.example.com/mycontext/secure/page.html (404) with 3 occurrences migrated to:
https://www.example.com/mycontext/secure/page.html ([https](https://www.example.com/mycontext/secure/page.html ) result 404).
* http://www.example.com/realm (404) with 1 occurrences migrated to:
https://www.example.com/realm ([https](https://www.example.com/realm ) result 404).
* http://www.example.com/redirect (404) with 1 occurrences migrated to:
https://www.example.com/redirect ([https](https://www.example.com/redirect ) result 404).
* http://www.example.org/do/something (404) with 4 occurrences migrated to:
https://www.example.org/do/something ([https](https://www.example.org/do/something ) result 404).
* http://www.ibm.com/developerworks/tivoli/library/t-ldap-controls/ (301) with 1 occurrences migrated to:
https://www.ibm.com/developerworks/tivoli/library/t-ldap-controls/ ([https](https://www.ibm.com/developerworks/tivoli/library/t-ldap-controls/ ) result 404).
* http://www.json.org/json2.js (404) with 1 occurrences migrated to:
https://www.json.org/json2.js ([https](https://www.json.org/json2.js ) result 404).
* http://www.thymeleaf.org/thymeleaf-extras-springsecurity5 (301) with 5 occurrences migrated to:
https://www.thymeleaf.org/thymeleaf-extras-springsecurity5 ([https](https://www.thymeleaf.org/thymeleaf-extras-springsecurity5 ) result 404).
## Fixed Success
These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.
* http://blog.ircmaxell.com/2014/03/why-i-dont-recommend-scrypt.html with 1 occurrences migrated to:
https://blog.ircmaxell.com/2014/03/why-i-dont-recommend-scrypt.html ([https](https://blog.ircmaxell.com/2014/03/why-i-dont-recommend-scrypt.html ) result 200).
* http://bugs.jquery.com/ticket/12282 with 1 occurrences migrated to:
https://bugs.jquery.com/ticket/12282 ([https](https://bugs.jquery.com/ticket/12282 ) result 200).
* http://bugs.jquery.com/ticket/12359 with 1 occurrences migrated to:
https://bugs.jquery.com/ticket/12359 ([https](https://bugs.jquery.com/ticket/12359 ) result 200).
* http://claimid.com/ with 2 occurrences migrated to:
https://claimid.com/ ([https](https://claimid.com/ ) result 200).
* http://dist.springsource.org/snapshot/GRECLIPSE/e4.7/ with 1 occurrences migrated to:
https://dist.springsource.org/snapshot/GRECLIPSE/e4.7/ ([https](https://dist.springsource.org/snapshot/GRECLIPSE/e4.7/ ) result 200).
* http://docs.oracle.com/javaee/6/api/javax/servlet/AsyncContext.html with 1 occurrences migrated to:
https://docs.oracle.com/javaee/6/api/javax/servlet/AsyncContext.html ([https](https://docs.oracle.com/javaee/6/api/javax/servlet/AsyncContext.html ) result 200).
* http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html with 26 occurrences migrated to:
https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html ([https](https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html ) result 200).
* http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html with 1 occurrences migrated to:
https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html ([https](https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html ) result 200).
* http://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html with 1 occurrences migrated to:
https://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html ([https](https://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html ) result 200).
* http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html with 1 occurrences migrated to:
https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html ([https](https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html ) result 200).
* http://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html with 1 occurrences migrated to:
https://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html ([https](https://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html ) result 200).
* http://docs.spring.io/spring-framework/docs/4.0.x/spring-framework-reference/htmlsingle/ with 2 occurrences migrated to:
https://docs.spring.io/spring-framework/docs/4.0.x/spring-framework-reference/htmlsingle/ ([https](https://docs.spring.io/spring-framework/docs/4.0.x/spring-framework-reference/htmlsingle/ ) result 200).
* http://static.springsource.org/spring-security/site/docs/3.0.x/reference/remember-me.html (301) with 1 occurrences migrated to:
https://docs.spring.io/spring-security/site/docs/3.0.x/reference/remember-me.html ([https](https://static.springsource.org/spring-security/site/docs/3.0.x/reference/remember-me.html ) result 200).
* http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html (301) with 1 occurrences migrated to:
https://docs.spring.io/spring-security/site/docs/3.1.x/reference/springsecurity-single.html ([https](https://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html ) result 200).
* http://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/ with 1 occurrences migrated to:
https://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/ ([https](https://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/ ) result 200).
* http://docs.spring.io/spring-security/site/docs/current/api/ with 1 occurrences migrated to:
https://docs.spring.io/spring-security/site/docs/current/api/ ([https](https://docs.spring.io/spring-security/site/docs/current/api/ ) result 200).
* http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/ with 3 occurrences migrated to:
https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/ ([https](https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/ ) result 200).
* http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html (301) with 1 occurrences migrated to:
https://docs.spring.io/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html ([https](https://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html ) result 200).
* http://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/beans.html with 1 occurrences migrated to:
https://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/beans.html ([https](https://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/beans.html ) result 200).
* http://docs.spring.io/spring/docs/3.2.x/javadoc-api/org/springframework/web/multipart/support/MultipartFilter.html with 1 occurrences migrated to:
https://docs.spring.io/spring/docs/3.2.x/javadoc-api/org/springframework/web/multipart/support/MultipartFilter.html ([https](https://docs.spring.io/spring/docs/3.2.x/javadoc-api/org/springframework/web/multipart/support/MultipartFilter.html ) result 200).
* http://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/mvc.html with 3 occurrences migrated to:
https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/mvc.html ([https](https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/mvc.html ) result 200).
* http://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/view.html with 1 occurrences migrated to:
https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/view.html ([https](https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/view.html ) result 200).
* http://en.wikipedia.org/wiki/Clickjacking with 9 occurrences migrated to:
https://en.wikipedia.org/wiki/Clickjacking ([https](https://en.wikipedia.org/wiki/Clickjacking ) result 200).
* http://en.wikipedia.org/wiki/Content_sniffing with 2 occurrences migrated to:
https://en.wikipedia.org/wiki/Content_sniffing ([https](https://en.wikipedia.org/wiki/Content_sniffing ) result 200).
* http://en.wikipedia.org/wiki/Cross-site_request_forgery with 11 occurrences migrated to:
https://en.wikipedia.org/wiki/Cross-site_request_forgery ([https](https://en.wikipedia.org/wiki/Cross-site_request_forgery ) result 200).
* http://en.wikipedia.org/wiki/Cross-site_scripting with 7 occurrences migrated to:
https://en.wikipedia.org/wiki/Cross-site_scripting ([https](https://en.wikipedia.org/wiki/Cross-site_scripting ) result 200).
* http://en.wikipedia.org/wiki/Firesheep with 1 occurrences migrated to:
https://en.wikipedia.org/wiki/Firesheep ([https](https://en.wikipedia.org/wiki/Firesheep ) result 200).
* http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security with 4 occurrences migrated to:
https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security ([https](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security ) result 200).
* http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol with 1 occurrences migrated to:
https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol ([https](https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol ) result 200).
* http://en.wikipedia.org/wiki/Man-in-the-middle_attack with 2 occurrences migrated to:
https://en.wikipedia.org/wiki/Man-in-the-middle_attack ([https](https://en.wikipedia.org/wiki/Man-in-the-middle_attack ) result 200).
* http://en.wikipedia.org/wiki/Null_Object_pattern with 1 occurrences migrated to:
https://en.wikipedia.org/wiki/Null_Object_pattern ([https](https://en.wikipedia.org/wiki/Null_Object_pattern ) result 200).
* http://en.wikipedia.org/wiki/SRV_record with 2 occurrences migrated to:
https://en.wikipedia.org/wiki/SRV_record ([https](https://en.wikipedia.org/wiki/SRV_record ) result 200).
* http://en.wikipedia.org/wiki/Same-origin_policy with 1 occurrences migrated to:
https://en.wikipedia.org/wiki/Same-origin_policy ([https](https://en.wikipedia.org/wiki/Same-origin_policy ) result 200).
* http://en.wikipedia.org/wiki/Session_fixation with 6 occurrences migrated to:
https://en.wikipedia.org/wiki/Session_fixation ([https](https://en.wikipedia.org/wiki/Session_fixation ) result 200).
* http://example.com with 8 occurrences migrated to:
https://example.com ([https](https://example.com ) result 200).
* http://example.com/ with 1 occurrences migrated to:
https://example.com/ ([https](https://example.com/ ) result 200).
* http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice with 2 occurrences migrated to:
https://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice ([https](https://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice ) result 200).
* http://flywaydb.org/ with 1 occurrences migrated to:
https://flywaydb.org/ ([https](https://flywaydb.org/ ) result 200).
* http://getbootstrap.com/docs/4.0/examples/signin/signin.css with 1 occurrences migrated to:
https://getbootstrap.com/docs/4.0/examples/signin/signin.css ([https](https://getbootstrap.com/docs/4.0/examples/signin/signin.css ) result 200).
* http://gradle.org with 1 occurrences migrated to:
https://gradle.org ([https](https://gradle.org ) result 200).
* http://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/ with 2 occurrences migrated to:
https://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/ ([https](https://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/ ) result 200).
* http://joshlong.com/jl/blogPost/tech_tip_geting_started_with_spring_boot.html with 2 occurrences migrated to:
https://joshlong.com/jl/blogPost/tech_tip_geting_started_with_spring_boot.html ([https](https://joshlong.com/jl/blogPost/tech_tip_geting_started_with_spring_boot.html ) result 200).
* http://jquery.com/ with 1 occurrences migrated to:
https://jquery.com/ ([https](https://jquery.com/ ) result 200).
* http://knockoutjs.com/ with 1 occurrences migrated to:
https://knockoutjs.com/ ([https](https://knockoutjs.com/ ) result 200).
* http://marketplace.eclipse.org/content/anyedit-tools with 1 occurrences migrated to:
https://marketplace.eclipse.org/content/anyedit-tools ([https](https://marketplace.eclipse.org/content/anyedit-tools ) result 200).
* http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html with 1 occurrences migrated to:
https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html ([https](https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html ) result 200).
* http://openid.net with 1 occurrences migrated to:
https://openid.net ([https](https://openid.net ) result 200).
* http://openid.net/ with 1 occurrences migrated to:
https://openid.net/ ([https](https://openid.net/ ) result 200).
* http://openid.net/certification/ with 4 occurrences migrated to:
https://openid.net/certification/ ([https](https://openid.net/certification/ ) result 200).
* http://openid.net/connect/ with 4 occurrences migrated to:
https://openid.net/connect/ ([https](https://openid.net/connect/ ) result 200).
* http://openid.net/specs/openid-attribute-exchange-1_0.html with 3 occurrences migrated to:
https://openid.net/specs/openid-attribute-exchange-1_0.html ([https](https://openid.net/specs/openid-attribute-exchange-1_0.html ) result 200).
* http://openid.net/specs/openid-connect-core-1_0.html with 50 occurrences migrated to:
https://openid.net/specs/openid-connect-core-1_0.html ([https](https://openid.net/specs/openid-connect-core-1_0.html ) result 200).
* http://openid.net/specs/openid-connect-session-1_0.html with 2 occurrences migrated to:
https://openid.net/specs/openid-connect-session-1_0.html ([https](https://openid.net/specs/openid-connect-session-1_0.html ) result 200).
* http://sizzlejs.com/ with 2 occurrences migrated to:
https://sizzlejs.com/ ([https](https://sizzlejs.com/ ) result 200).
* http://spring.io/blog/2009/01/03/spring-security-customization-part-2-adjusting-secured-session-in-real-time with 1 occurrences migrated to:
https://spring.io/blog/2009/01/03/spring-security-customization-part-2-adjusting-secured-session-in-real-time ([https](https://spring.io/blog/2009/01/03/spring-security-customization-part-2-adjusting-secured-session-in-real-time ) result 200).
* http://blog.springsource.com/2010/03/06/behind-the-spring-security-namespace/ (301) with 1 occurrences migrated to:
https://spring.io/blog/2010/03/06/behind-the-spring-security-namespace/ ([https](https://blog.springsource.com/2010/03/06/behind-the-spring-security-namespace/ ) result 200).
* http://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/ (301) with 1 occurrences migrated to:
https://spring.io/blog/2010/08/02/spring-security-in-google-app-engine/ ([https](https://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/ ) result 200).
* http://spring.io/projects with 1 occurrences migrated to:
https://spring.io/projects ([https](https://spring.io/projects ) result 200).
* http://spring.io/services with 1 occurrences migrated to:
https://spring.io/services ([https](https://spring.io/services ) result 200).
* http://stackoverflow.com/questions/tagged/spring-security with 1 occurrences migrated to:
https://stackoverflow.com/questions/tagged/spring-security ([https](https://stackoverflow.com/questions/tagged/spring-security ) result 200).
* http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html with 2 occurrences migrated to:
https://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html ([https](https://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html ) result 200).
* http://tools.ietf.org/html/rfc6797 with 15 occurrences migrated to:
https://tools.ietf.org/html/rfc6797 ([https](https://tools.ietf.org/html/rfc6797 ) result 200).
* http://tools.ietf.org/html/rfc7469 with 18 occurrences migrated to:
https://tools.ietf.org/html/rfc7469 ([https](https://tools.ietf.org/html/rfc7469 ) result 200).
* http://vimeo.com/34436402 with 1 occurrences migrated to:
https://vimeo.com/34436402 ([https](https://vimeo.com/34436402 ) result 200).
* http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails/ with 1 occurrences migrated to:
https://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails/ ([https](https://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails/ ) result 200).
* http://www.ja-sig.org/cas (301) with 1 occurrences migrated to:
https://www.apereo.org ([https](https://www.ja-sig.org/cas ) result 200).
* http://ehcache.sourceforge.net (301) with 2 occurrences migrated to:
https://www.ehcache.org/ ([https](https://ehcache.sourceforge.net ) result 200).
* http://www.html5rocks.com/en/tutorials/security/content-security-policy/ with 2 occurrences migrated to:
https://www.html5rocks.com/en/tutorials/security/content-security-policy/ ([https](https://www.html5rocks.com/en/tutorials/security/content-security-policy/ ) result 200).
* http://www.ietf.org/rfc/rfc2396.txt with 3 occurrences migrated to:
https://www.ietf.org/rfc/rfc2396.txt ([https](https://www.ietf.org/rfc/rfc2396.txt ) result 200).
* http://www.ietf.org/rfc/rfc2617.txt with 1 occurrences migrated to:
https://www.ietf.org/rfc/rfc2617.txt ([https](https://www.ietf.org/rfc/rfc2617.txt ) result 200).
* http://www.liquibase.org/ with 1 occurrences migrated to:
https://www.liquibase.org/ ([https](https://www.liquibase.org/ ) result 200).
* http://www.openbsd.org/papers/bcrypt-paper.ps with 1 occurrences migrated to:
https://www.openbsd.org/papers/bcrypt-paper.ps ([https](https://www.openbsd.org/papers/bcrypt-paper.ps ) result 200).
* http://www.springframework.org/schema/aop/spring-aop-2.5.xsd with 1 occurrences migrated to:
https://www.springframework.org/schema/aop/spring-aop-2.5.xsd ([https](https://www.springframework.org/schema/aop/spring-aop-2.5.xsd ) result 200).
* http://www.springframework.org/schema/beans/spring-beans-2.5.xsd with 1 occurrences migrated to:
https://www.springframework.org/schema/beans/spring-beans-2.5.xsd ([https](https://www.springframework.org/schema/beans/spring-beans-2.5.xsd ) result 200).
* http://www.springframework.org/schema/beans/spring-beans-3.0.xsd with 2 occurrences migrated to:
https://www.springframework.org/schema/beans/spring-beans-3.0.xsd ([https](https://www.springframework.org/schema/beans/spring-beans-3.0.xsd ) result 200).
* http://www.springframework.org/schema/beans/spring-beans.xsd with 1 occurrences migrated to:
https://www.springframework.org/schema/beans/spring-beans.xsd ([https](https://www.springframework.org/schema/beans/spring-beans.xsd ) result 200).
* http://www.springframework.org/schema/context/spring-context-2.5.xsd with 1 occurrences migrated to:
https://www.springframework.org/schema/context/spring-context-2.5.xsd ([https](https://www.springframework.org/schema/context/spring-context-2.5.xsd ) result 200).
* http://www.springframework.org/schema/mvc/spring-mvc.xsd with 1 occurrences migrated to:
https://www.springframework.org/schema/mvc/spring-mvc.xsd ([https](https://www.springframework.org/schema/mvc/spring-mvc.xsd ) result 200).
* http://www.springframework.org/schema/security/spring-security.xsd with 3 occurrences migrated to:
https://www.springframework.org/schema/security/spring-security.xsd ([https](https://www.springframework.org/schema/security/spring-security.xsd ) result 200).
* http://www.springframework.org/schema/websocket/spring-websocket.xsd with 1 occurrences migrated to:
https://www.springframework.org/schema/websocket/spring-websocket.xsd ([https](https://www.springframework.org/schema/websocket/spring-websocket.xsd ) result 200).
* http://www.test.com with 9 occurrences migrated to:
https://www.test.com ([https](https://www.test.com ) result 200).
* http://www.thymeleaf.org with 25 occurrences migrated to:
https://www.thymeleaf.org ([https](https://www.thymeleaf.org ) result 200).
* http://www.thymeleaf.org/ with 3 occurrences migrated to:
https://www.thymeleaf.org/ ([https](https://www.thymeleaf.org/ ) result 200).
* http://www.thymeleaf.org/dtd/xhtml1-strict-thymeleaf-spring4-3.dtd with 1 occurrences migrated to:
https://www.thymeleaf.org/dtd/xhtml1-strict-thymeleaf-spring4-3.dtd ([https](https://www.thymeleaf.org/dtd/xhtml1-strict-thymeleaf-spring4-3.dtd ) result 200).
* http://www.thymeleaf.org/whatsnew21.html with 1 occurrences migrated to:
https://www.thymeleaf.org/whatsnew21.html ([https](https://www.thymeleaf.org/whatsnew21.html ) result 200).
* http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html with 2 occurrences migrated to:
https://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html ([https](https://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html ) result 200).
* http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html with 1 occurrences migrated to:
https://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html ([https](https://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html ) result 200).
* http://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html with 1 occurrences migrated to:
https://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html ([https](https://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html ) result 200).
* http://www.w3.org/TR/2011/REC-css3-selectors-20110929/ with 2 occurrences migrated to:
https://www.w3.org/TR/2011/REC-css3-selectors-20110929/ ([https](https://www.w3.org/TR/2011/REC-css3-selectors-20110929/ ) result 200).
* http://www.w3.org/TR/CSS21/syndata.html with 1 occurrences migrated to:
https://www.w3.org/TR/CSS21/syndata.html ([https](https://www.w3.org/TR/CSS21/syndata.html ) result 200).
* http://www.w3.org/TR/selectors/ with 3 occurrences migrated to:
https://www.w3.org/TR/selectors/ ([https](https://www.w3.org/TR/selectors/ ) result 200).
* http://www.youtube.com/watch?v=3mk0RySeNsU with 2 occurrences migrated to:
https://www.youtube.com/watch?v=3mk0RySeNsU ([https](https://www.youtube.com/watch?v=3mk0RySeNsU ) result 200).
* http://api.jquery.com/jQuery.browser with 1 occurrences migrated to:
https://api.jquery.com/jQuery.browser ([https](https://api.jquery.com/jQuery.browser ) result 301).
* http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx with 1 occurrences migrated to:
https://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx ([https](https://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx ) result 301).
* http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx with 2 occurrences migrated to:
https://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx ([https](https://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx ) result 301).
* http://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx with 2 occurrences migrated to:
https://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx ([https](https://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx ) result 301).
* http://code.google.com/p/openid-selector/ with 3 occurrences migrated to:
https://code.google.com/p/openid-selector/ ([https](https://code.google.com/p/openid-selector/ ) result 301).
* http://contributor-covenant.org with 1 occurrences migrated to:
https://contributor-covenant.org ([https](https://contributor-covenant.org ) result 301).
* http://contributor-covenant.org/version/1/3/0/ with 1 occurrences migrated to:
https://contributor-covenant.org/version/1/3/0/ ([https](https://contributor-covenant.org/version/1/3/0/ ) result 301).
* http://dev.w3.org/csswg/cssom/ with 1 occurrences migrated to:
https://dev.w3.org/csswg/cssom/ ([https](https://dev.w3.org/csswg/cssom/ ) result 301).
* http://docs.spring.io with 1 occurrences migrated to:
https://docs.spring.io ([https](https://docs.spring.io ) result 301).
* http://docs.spring.io/spring/docs/current/spring-framework-reference/html/testing.html with 1 occurrences migrated to:
https://docs.spring.io/spring/docs/current/spring-framework-reference/html/testing.html ([https](https://docs.spring.io/spring/docs/current/spring-framework-reference/html/testing.html ) result 301).
* http://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html with 7 occurrences migrated to:
https://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html ([https](https://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html ) result 301).
* http://forum.springsource.org/showthread.php?102783-How-to-use-hasIpAddress&p=343971 (301) with 1 occurrences migrated to:
https://forum.spring.io/showthread.php?102783-How-to-use-hasIpAddress&p=343971 ([https](https://forum.springsource.org/showthread.php?102783-How-to-use-hasIpAddress&p=343971 ) result 301).
* http://help.github.com/set-up-git-redirect with 1 occurrences migrated to:
https://help.github.com/set-up-git-redirect ([https](https://help.github.com/set-up-git-redirect ) result 301).
* http://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_ with 1 occurrences migrated to:
https://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_ ([https](https://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_ ) result 301).
* http://jquery.org/license with 1 occurrences migrated to:
https://jquery.org/license ([https](https://jquery.org/license ) result 301).
* http://msdn.microsoft.com/en-us/library/dd565647 with 4 occurrences migrated to:
https://msdn.microsoft.com/en-us/library/dd565647 ([https](https://msdn.microsoft.com/en-us/library/dd565647 ) result 301).
* http://msdn.microsoft.com/en-us/library/ie/gg622941 with 5 occurrences migrated to:
https://msdn.microsoft.com/en-us/library/ie/gg622941 ([https](https://msdn.microsoft.com/en-us/library/ie/gg622941 ) result 301).
* http://openid.net/get/ with 2 occurrences migrated to:
https://openid.net/get/ ([https](https://openid.net/get/ ) result 301).
* http://openid.net/what/ with 2 occurrences migrated to:
https://openid.net/what/ ([https](https://openid.net/what/ ) result 301).
* http://technorati.com/people/technorati/ with 2 occurrences migrated to:
https://technorati.com/people/technorati/ ([https](https://technorati.com/people/technorati/ ) result 301).
* http://twitter.github.com/bootstrap/javascript.html with 13 occurrences migrated to:
https://twitter.github.com/bootstrap/javascript.html ([https](https://twitter.github.com/bootstrap/javascript.html ) result 301).
* http://www.jasig.org/cas with 1 occurrences migrated to:
https://www.jasig.org/cas ([https](https://www.jasig.org/cas ) result 301).
* http://www.modernizr.com/ with 1 occurrences migrated to:
https://www.modernizr.com/ ([https](https://www.modernizr.com/ ) result 301).
* http://www.opensource.org/licenses/mit-license.php with 1 occurrences migrated to:
https://www.opensource.org/licenses/mit-license.php ([https](https://www.opensource.org/licenses/mit-license.php ) result 301).
* http://www.oracle.com/technetwork/java/javase/downloads with 1 occurrences migrated to:
https://www.oracle.com/technetwork/java/javase/downloads ([https](https://www.oracle.com/technetwork/java/javase/downloads ) result 301).
* http://www.springframework.org/security with 1 occurrences migrated to:
https://www.springframework.org/security ([https](https://www.springframework.org/security ) result 301).
* http://www.springsource.com/ with 2 occurrences migrated to:
https://www.springsource.com/ ([https](https://www.springsource.com/ ) result 301).
* http://www.springsource.org with 1 occurrences migrated to:
https://www.springsource.org ([https](https://www.springsource.org ) result 301).
* http://www.springsource.org/sts with 1 occurrences migrated to:
https://www.springsource.org/sts ([https](https://www.springsource.org/sts ) result 301).
* http://www.thoughtcrime.org/software/sslstrip/ with 1 occurrences migrated to:
https://www.thoughtcrime.org/software/sslstrip/ ([https](https://www.thoughtcrime.org/software/sslstrip/ ) result 301).
* http://www.w3.org/TR/css3-selectors/ with 2 occurrences migrated to:
https://www.w3.org/TR/css3-selectors/ ([https](https://www.w3.org/TR/css3-selectors/ ) result 301).
* http://www.w3.org/TR/css3-syntax/ with 1 occurrences migrated to:
https://www.w3.org/TR/css3-syntax/ ([https](https://www.w3.org/TR/css3-syntax/ ) result 301).
* http://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/ with 2 occurrences migrated to:
https://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/ ([https](https://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/ ) result 302).
* http://download.oracle.com/javase/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/login/ConfigFile.html with 1 occurrences migrated to:
https://download.oracle.com/javase/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/login/ConfigFile.html ([https](https://download.oracle.com/javase/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/login/ConfigFile.html ) result 302).
* http://example2.com with 3 occurrences migrated to:
https://example2.com ([https](https://example2.com ) result 302).
* http://flickr.com/ with 2 occurrences migrated to:
https://flickr.com/ ([https](https://flickr.com/ ) result 302).
* http://git-scm.com/book/cs/ch7-3.html with 1 occurrences migrated to:
https://git-scm.com/book/cs/ch7-3.html ([https](https://git-scm.com/book/cs/ch7-3.html ) result 302).
* http://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd with 1 occurrences migrated to:
https://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd ([https](https://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd ) result 302).
* http://java.sun.com/j2se/1.4.2/docs/api/javax/naming/directory/DirContext.html with 1 occurrences migrated to:
https://java.sun.com/j2se/1.4.2/docs/api/javax/naming/directory/DirContext.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/naming/directory/DirContext.html ) result 302).
* http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html with 4 occurrences migrated to:
https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html ) result 302).
* http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html with 1 occurrences migrated to:
https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html ) result 302).
* http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/NameCallback.html with 1 occurrences migrated to:
https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/NameCallback.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/NameCallback.html ) result 302).
* http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/PasswordCallback.html with 1 occurrences migrated to:
https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/PasswordCallback.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/PasswordCallback.html ) result 302).
* http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html with 1 occurrences migrated to:
https://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html ([https](https://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html ) result 302).
* http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/callback/CallbackHandler.html with 2 occurrences migrated to:
https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/callback/CallbackHandler.html ([https](https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/callback/CallbackHandler.html ) result 302).
* http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html with 1 occurrences migrated to:
https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html ([https](https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html ) result 302).
* http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html with 2 occurrences migrated to:
https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html ([https](https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html ) result 302).
* http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html with 3 occurrences migrated to:
https://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html ([https](https://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html ) result 302).
* http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd with 1 occurrences migrated to:
https://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd ([https](https://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd ) result 302).
* http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd with 1 occurrences migrated to:
https://java.sun.com/xml/ns/javaee/web-app_2_5.xsd ([https](https://java.sun.com/xml/ns/javaee/web-app_2_5.xsd ) result 302).
* http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd with 2 occurrences migrated to:
https://java.sun.com/xml/ns/javaee/web-app_3_0.xsd ([https](https://java.sun.com/xml/ns/javaee/web-app_3_0.xsd ) result 302).
* http://msdn.microsoft.com/en-us/library/ms680857%28VS.85%29.aspx with 1 occurrences migrated to:
https://msdn.microsoft.com/en-us/library/ms680857%28VS.85%29.aspx ([https](https://msdn.microsoft.com/en-us/library/ms680857%28VS.85%29.aspx ) result 302).
* http://spring.io/spring-security with 1 occurrences migrated to:
https://spring.io/spring-security ([https](https://spring.io/spring-security ) result 302).
* http://spring.io/spring-security/ with 2 occurrences migrated to:
https://spring.io/spring-security/ ([https](https://spring.io/spring-security/ ) result 302).
* http://spring.io/tools/sts with 1 occurrences migrated to:
https://spring.io/tools/sts ([https](https://spring.io/tools/sts ) result 302).
* http://tools.ietf.org/draft/draft-behera-ldap-password-policy/draft-behera-ldap-password-policy-09.txt with 2 occurrences migrated to:
https://tools.ietf.org/draft/draft-behera-ldap-password-policy/draft-behera-ldap-password-policy-09.txt ([https](https://tools.ietf.org/draft/draft-behera-ldap-password-policy/draft-behera-ldap-password-policy-09.txt ) result 302).
* http://webauth.stanford.edu/manual/mod/mod_webauth.html with 1 occurrences migrated to:
https://webauth.stanford.edu/manual/mod/mod_webauth.html ([https](https://webauth.stanford.edu/manual/mod/mod_webauth.html ) result 302).
* http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context with 1 occurrences migrated to:
https://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context ([https](https://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context ) result 302).
* http://www.ietf.org/internet-drafts/draft-ietf-ldapbis-authmeth-19.txt with 1 occurrences migrated to:
https://www.ietf.org/internet-drafts/draft-ietf-ldapbis-authmeth-19.txt ([https](https://www.ietf.org/internet-drafts/draft-ietf-ldapbis-authmeth-19.txt ) result 302).
# Ignored
These URLs were intentionally ignored.
* http://java.sun.com/JSP/Page with 14 occurrences
* http://java.sun.com/jsp/jstl/core with 31 occurrences
* http://java.sun.com/jsp/jstl/fmt with 6 occurrences
* http://java.sun.com/jsp/jstl/functions with 1 occurrences
* http://java.sun.com/jstl/core with 1 occurrences
* http://java.sun.com/xml/ns/j2ee with 2 occurrences
* http://java.sun.com/xml/ns/javaee with 6 occurrences
* http://localhost with 20 occurrences
* http://localhost/ with 6 occurrences
* http://localhost/Test</value></property> with 1 occurrences
* http://localhost/appcontext/page with 1 occurrences
* http://localhost/authenticated with 1 occurrences
* http://localhost/authentication/login with 2 occurrences
* http://localhost/authorize/oauth2/code/registration-id with 3 occurrences
* http://localhost/authorize/oauth2/implicit/registration-3 with 1 occurrences
* http://localhost/callback/client-1 with 1 occurrences
* http://localhost/callback/client-1?error=invalid_grant with 1 occurrences
* http://localhost/client-1 with 9 occurrences
* http://localhost/cookie with 1 occurrences
* http://localhost/cookie/delete with 1 occurrences
* http://localhost/custom-login with 1 occurrences
* http://localhost/custom-logout with 1 occurrences
* http://localhost/form-page with 1 occurrences
* http://localhost/iss with 1 occurrences
* http://localhost/issuer with 2 occurrences
* http://localhost/login with 38 occurrences
* http://localhost/login/oauth2/code/ with 4 occurrences
* http://localhost/login/oauth2/code/pkce-client-registration-id& with 1 occurrences
* http://localhost/login/oauth2/code/registration-id with 3 occurrences
* http://localhost/login/oauth2/code/registration-id& with 2 occurrences
* http://localhost/login/oauth2/code/registration-id-2 with 2 occurrences
* http://localhost/login/openid with 1 occurrences
* http://localhost/login2 with 1 occurrences
* http://localhost/loginPage with 2 occurrences
* http://localhost/logout with 1 occurrences
* http://localhost/messages with 4 occurrences
* http://localhost/oauth2/authorization/google with 1 occurrences
* http://localhost/openid-page with 1 occurrences
* http://localhost/saved-request with 1 occurrences
* http://localhost/secured with 2 occurrences
* http://localhost/signin with 1 occurrences
* http://localhost/some-url with 1 occurrences
* http://localhost/tosave with 1 occurrences
* http://localhost/user with 1 occurrences
* http://localhost:123456 with 3 occurrences
* http://localhost:1280/certs with 1 occurrences
* http://localhost:314 with 1 occurrences
* http://localhost:4080 with 1 occurrences
* http://localhost:543 with 1 occurrences
* http://localhost:8080 with 16 occurrences
* http://localhost:8080/ with 4 occurrences
* http://localhost:8080/SomeService with 1 occurrences
* http://localhost:8080/contacts with 1 occurrences
* http://localhost:8080/login/oauth2/code with 1 occurrences
* http://localhost:8080/login/oauth2/code/client-id with 2 occurrences
* http://localhost:8080/login/oauth2/code/facebook with 2 occurrences
* http://localhost:8080/login/oauth2/code/github with 2 occurrences
* http://localhost:8080/login/oauth2/code/google with 4 occurrences
* http://localhost:8080/login/oauth2/code/okta with 2 occurrences
* http://localhost:8080/path/page.html?query=string with 1 occurrences
* http://localhost:8080/sample/ with 15 occurrences
* http://localhost:8080/secure with 1 occurrences
* http://localhost:8080/spring-security-samples-tutorial/listAccounts.html with 4 occurrences
* http://localhost:8080/spring-security-samples-tutorial/post.html?id=1 with 4 occurrences
* http://localhost:9080/protected with 2 occurrences
* http://localhost:9080/secured with 1 occurrences
* http://localhost:9080/unsecured with 1 occurrences
* http://localhost:9080/user with 1 occurrences
* http://test.com with 1 occurrences
* http://test.foobar.com with 1 occurrences
* http://testopenid.com?openid.return_to= with 1 occurrences
* http://www.springframework.org/schema/aop with 2 occurrences
* http://www.springframework.org/schema/beans with 8 occurrences
* http://www.springframework.org/schema/context with 2 occurrences
* http://www.springframework.org/schema/mvc with 2 occurrences
* http://www.springframework.org/schema/security with 45 occurrences
* http://www.springframework.org/schema/security/spring-security- with 1 occurrences
* http://www.springframework.org/schema/websocket with 2 occurrences
* http://www.springframework.org/security/tags with 17 occurrences
* http://www.springframework.org/tags with 12 occurrences
* http://www.springframework.org/tags/form with 14 occurrences
* http://www.w3.org/1999/XSL/Transform with 1 occurrences
* http://www.w3.org/1999/xhtml with 26 occurrences
* http://www.w3.org/2001/XMLSchema with 15 occurrences
* http://www.w3.org/2001/XMLSchema-datatypes with 8 occurrences
* http://www.w3.org/2001/XMLSchema-instance with 9 occurrences
2019-03-19 23:53:23 -05:00
a45df2c802
Move OIDC Reactive Packaging
2019-03-19 09:00:46 -06:00
8f5493acce
Move OIDC Servlet Packaging
2019-03-19 09:00:46 -06:00
fba31dfb6a
Reactive Oidc RP-Initiated Logout
...
Issue: gh-5350
2019-03-19 09:00:46 -06:00
248a8c030b
Support for OIDC RP-Initiated Logout
...
Fixes: gh-5350
2019-03-19 09:00:46 -06:00
55e8df1efe
NimbusReactiveJwtDecoder Takes Reactive Processor
...
Fixes: gh-5937
2019-03-18 12:32:44 -06:00
9478abebd2
Internalize Nimbus JwtDecoder Builder
...
Issue: gh-6010
2019-03-18 12:32:44 -06:00
b93528138e
URL Cleanup
...
This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).
# Fixed URLs
## Fixed Success
These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.
* http://www.apache.org/licenses/ with 1 occurrences migrated to:
https://www.apache.org/licenses/ ([https](https://www.apache.org/licenses/ ) result 200).
* http://www.apache.org/licenses/LICENSE-2.0 with 2691 occurrences migrated to:
https://www.apache.org/licenses/LICENSE-2.0 ([https](https://www.apache.org/licenses/LICENSE-2.0 ) result 200).
* http://www.apache.org/licenses/LICENSE-2.0.html with 2 occurrences migrated to:
https://www.apache.org/licenses/LICENSE-2.0.html ([https](https://www.apache.org/licenses/LICENSE-2.0.html ) result 200).
2019-03-14 15:46:20 -05:00
7739a0e91a
Add PKCE OAuth2 client support
...
- Support has been added for "RFC7636: Proof Key for Code Exchange by OAuth Public Clients" (PKCE, pronounced "pixy") to mitigate against attacks targeting the interception of the authorization code
- PkceParameterNames was added for the 3 additional parameters used by PKCE (i.e. code_verifier, code_challenge, and code_challenge_method)
- Default code_verifier length has been set to 128 characters--the maximum allowed by RFC7636
- ClientAuthenticationMethod.NONE was added to allow clients to request tokens without providing a client secret
Fixes gh-6446
2019-02-28 11:38:48 -05:00
fba25614bf
Reactive Opaque Token Support
...
Fixes: gh-6513
2019-02-15 15:59:25 -06:00
752733e8de
Polish WebSessionOAuth2ServerAuthorizationRequestRepository Format
...
Issue: gh-6215
2019-02-15 15:01:11 -06:00
a60fd43534
Fix OAuth2 Client with Ditributed Session
...
Fixes: gh-6215
2019-02-15 15:01:11 -06:00
0c27f64338
ServletOAuth2AuthorizedClientExchangeFilterFunction supports chaining
...
Fixes gh-6483
2019-02-13 11:19:44 -05:00
17e774d8c7
Preserve existing refresh token if new refresh token not returned
...
During an oauth2 refresh if the authorization server doesn't return a new refresh token, preserve the existing one.
Fixes: gh-6503
2019-02-07 15:11:23 -05:00
ef9c3e4771
Opaque Token Support
...
Fixes: gh-5200
2019-02-07 12:40:12 -07:00
594a169798
Introduce OAuth2AuthorizationRequest.attributes
...
Fixes gh-5940
2019-02-07 11:49:17 -05:00
95e0e7243d
Save original request on oauth2Client filter
...
When we used the oauth2Client directive and requested an endpoint that
required client authorization on the authorization server, the
SPRING_SECURITY_SAVED_REQUEST was not persisted, and therefore after
creating the authorized client we were redirected to the root page ("/").
Now we are storing the session attribute and getting redirected back to
the original URI as expected.
Note that the attribute is stored only when a
ClientAuthorizationRequiredException is thrown in the chain, we dont
want to store it as a response to the
/oauth2/authorization/{registrationId} endpoint, since we would end
up in an infinite loop
Fixes gh-6341
2019-01-25 09:15:44 -06:00
2a867997e2
Polish gh-6415
2019-01-14 13:33:58 -05:00
fe5f10e9a2
Extract the ID Token JwtDecoderFactory to enable user customization
...
This commit ensures that the JwtDecoderFactory is not a private field inside
the Oidc authentication provider by extracting this class and giving the
possibility to customize the way different providers are validated.
Fixes: gh-6379
2019-01-14 13:33:58 -05:00
dd45a49f02
Update JwtTimestampValidator.java
...
Changed MaxClockSkew variable to clockSkew to simplify the name.
Fixes gh-6380
2019-01-14 10:33:38 -07:00
f234a5fbdb
ID Token validation supports clock skew
...
Fixes gh-5839
2019-01-09 16:03:13 -05:00
d878dbf30e
Polish gh-6349
2019-01-09 10:15:02 -05:00
057ed616c4
Improve error messages in OidcIdTokenValidator
...
This commit ensures that error messages contain more specific
information regarding the reported error.
Fixes: gh-6323
2019-01-09 10:15:02 -05:00
c94f13a971
Polish tests
2019-01-08 11:16:22 -06:00
673a2adf26
Polish oauth2 client ExchangeFilterFunction's
...
Fixes gh-6355
2019-01-07 14:39:25 -05:00
993e11dcd3
Polish gh-6127
2019-01-07 13:50:17 -05:00
1c9ab9197e
When expired retrieve new Client Credentials token.
...
Once client credentials access token has expired retrieve a new token from the OAuth2 authorization server.
These tokens can't be refreshed because they do not have a refresh token associated with. This is standard behaviour for Oauth 2 client credentails
Fixes gh-5893
2019-01-07 13:50:17 -05:00
d77b12d229
authorization_uri Uses UriComponentsBuilder
...
Because of this, authorization_uri can now be a fully-qualified url.
Fixes: gh-5760
2018-12-21 13:23:47 -07:00
9c0d78da71
Extract OidcTokenValidator to an OAuth2TokenValidator
...
Fixes gh-5930
2018-12-21 11:06:40 -05:00
12f320851d
Set openid scope in OAuth2LoginTests
2018-12-21 09:24:55 -06:00
8f4f52edb9
Support configurable JwtDecoder for IdToken verification
...
Fixes gh-5717
2018-12-21 09:24:55 -06:00
0f7dff3774
Introduce ReactiveJwtAuthenticationConverter
...
Some changes based on PR comments
Fixes gh-6273
2018-12-17 14:12:53 -07:00
1bfa38b1bd
Validate Scopes in ClientRegistrationBuilder
...
Fixes: gh-6256
2018-12-14 10:41:29 -07:00
e25bea2cf7
Author: Shraiysh Vaishay cs17btech11050@iith.ac.in
...
Add WebClientReactiveAuthorizationCodeTokenResponseClient.setWebClient
Fixes gh-6182
2018-12-06 11:18:39 -06:00
566bc6a6e1
Test OpenID Discovery with Trailing Slash
...
Fixes gh-6234
2018-12-05 10:54:30 -07:00
ba8a337f9a
Accept a case-insensitive "Bearer" keyword
...
The Authorization header was matched for OAuth2
against the "Bearer" keyword in a case sensitive
fashion.
According to RFC 2617, it should be case insensitive
and some oauth clients (including some earlier
versions of spring-security) expect it so.
This is the reactive counterpart to commit
63f2b6094f
2018-12-02 09:32:27 -05:00
63f2b6094f
The "Bearer" keyword should be case-insensitive
...
The Authorization header was matched for OAuth2
against the "Bearer" keyword in a case sensitive
fashion.
According to RFC 2617, it should be case insensitive
and some oauth clients (including some earlier
versions of spring-security) expect it so.
2018-11-28 19:34:47 -07:00
fdc81822ec
Add WebClientReactiveClientCredentialsTokenResponseClient setWebClient
...
Added the ability to specify a custom WebClient in
WebClientReactiveClientCredentialsTokenResponseClient.
Also added testing to ensure the custom WebClient is not null and is
used.
Fixes: gh-6051
2018-11-28 15:44:36 -06:00
2a8233d035
Remove PowerMock from oauth2-core and oauth2-jose
...
Issue: gh-6025
2018-11-20 14:02:10 -07:00
80e13bad41
Remove PowerMock from oauth2-client
...
Issue: gh-6025
2018-11-19 18:09:00 -07:00
39933b10ff
Add scopes method to TestOAuth2AccessTokens
...
Issue: gh-6025
2018-11-19 18:06:40 -07:00
f6414e9a52
Make InMemory*ClientRegistrationRepository Consistent
...
The previous builders with the list argument were inconsistent with their
respective builders of var args.
2018-11-19 15:09:30 -06:00
e1d68e4f6b
WebClientReactiveClientCredentialsTokenResponseClient.getTokenResponse expects 2xx http status code
...
This ensures that token response is only extracted when ClientResponse has a successful status
Fixes: gh-6089
2018-11-19 10:50:33 -06:00
1ea73e7d8e
Jwt Decoder Local Key Configuration
...
Adds support for configuring Resource Server DSL with a local public
key.
Fixes: gh-5131
2018-11-16 13:07:19 -06:00
75a2c2b729
OAuth2AccessTokenResponseBodyExtractor supports Object values
...
This commit ensures the token response is parsed correctly if the values are not a String.
Fixes: gh-6087
2018-11-15 13:23:36 -06:00
d28e32b000
NimbusJwtDecoder Builder
...
A Builder to simply common construction patterns for NimbusJwtDecoder
Issue: gh-6010
2018-11-14 15:53:47 -06:00
fbcf48cea0
Low-level Nimbus Jwt Decoder
...
Introduces a JwtDecoder which takes a raw Nimbus JWTProcessor
configuration.
Fixes: gh-5648
2018-11-14 15:53:47 -06:00
ae74f22e30
Reactive Jwt Claim Set Converter Support
...
Exposes setClaimSetConverter on NimbusReactiveJwtDecoder, lining it up
with the same support on NimbusJwtDecoder.
Fixes: gh-6015
2018-11-13 15:31:08 -06:00
19649db9ce
Leave Issuer As String
...
Since StringOrURI is a valid issuer, MappedJwtClaimSetConverter and
JwtIssuerValidator no longer assume it.
Issue: gh-6073
2018-11-13 11:39:15 -07:00
c70b65c5df
Favor URL.toExternalForm
...
Converts URLs to Strings before comparing them. Uses toString(),
which delegates to toExternalForm().
Fixes: gh-6073
2018-11-13 08:20:18 -07:00
a32d19ec7d
Polish NimbusReactiveJwtDecoderTests
...
Issue: gh-5650
2018-11-12 15:04:00 -07:00
a96893a42a
Remove charset from Accept header in UserInfo request
...
Fixes gh-6017
2018-10-25 12:56:45 -04:00
e1b095df32
Allow in-memory client registration repos to be constructed with a map
...
Fixes gh-5918
2018-10-18 14:07:12 -04:00
22bd8f1c1f
Reactive Jwt Authentication Converter Support
...
Fixes: gh-5092
2018-10-15 11:55:12 -05:00
07d2e43d7a
Deprecate NimbusAuthorizationCodeTokenResponseClient
...
Fixes gh-5954
2018-10-15 09:01:19 -04:00
725b3b5482
Fix OAuth2AuthorizationCodeGrantWebFilter works w/ /{action/
...
Issue: gh-5856
2018-09-20 21:39:09 -05:00
9565e90b6e
Remove oauth2-oidc-sdk dependency from oauth2-jose module
...
Fixes gh-5891
2018-09-20 15:20:11 -04:00
d46f83caf4
Ensure consistent matching of redirect_uri
...
Fixes gh-5890
2018-09-20 14:30:41 -04:00
77fa495860
DelegatingOAuth2TokenValidator Varargs Constructor
...
Fixes: gh-5889
2018-09-20 10:45:51 -06:00
410f6bae1a
Fix ServerOAuth2AuthorizedClientExchangeFilterFunctionTests Merge
...
Issue: gh-5872
2018-09-19 11:53:21 -05:00
dcbf762a0b
WebClient OAuth2 Support for defaultClientRegistrationId
...
Fixes: gh-5872
2018-09-19 11:47:04 -05:00
e8d8eb59bf
Make OAuth2AuthorizedClient Serializable
...
Fixes gh-5757
2018-09-19 10:47:30 -04:00
2c078c5dd9
Remove expiresAt constructor-arg in OAuth2RefreshToken
...
Fixes gh-5854
2018-09-19 10:47:30 -04:00
cc8935e904
Fix Reactive OIDC to add refresh token
...
Fixes: gh-5858
2018-09-17 21:21:36 -05:00
72301e548a
Reactive OAuth2 DSL Customizations
...
Fixes: gh-5855
2018-09-17 21:21:36 -05:00
385bdfc055
OAuth2AuthorizationCodeGrantWebFilter works with /{action}/
...
This ensures that the same URL can work for both log in and
authorization code which prevents having to create additional registrations
on the client and potentially on the server (GitHub only allows a single
valid redirect URL).
Fixes: gh-5856
2018-09-17 21:21:36 -05:00
ed9cd478ba
Polish
...
Issue gh-5776
2018-09-12 11:57:53 -04:00
8746e71b9a
Use OAuth2AuthorizationException in authorization flows
2018-09-11 14:53:42 -05:00
ef02ab2f8a
DefaultOAuth2UserService handles OAuth2AuthorizationException
2018-09-11 14:53:42 -05:00
7474d6524e
DefaultAuthorizationCodeTokenResponseClient throws OAuth2AuthorizationException
2018-09-11 14:53:42 -05:00
56b4576396
DefaultClientCredentialsTokenResponseClient throws OAuth2AuthorizationException
...
Fixes gh-5726
2018-09-11 14:53:42 -05:00
e56c048db3
Remove OAuth2ClientException
2018-09-11 14:53:42 -05:00
b3282957a8
Add OAuth2AuthorizationException
2018-09-11 14:53:42 -05:00
26e577b0fa
UnauthenticatedServerOAuth2AuthorizedClientRepository->UnAuthenticatedServerOAuth2AuthorizedClientRepository
...
Issue: gh-5817
2018-09-07 15:29:35 -05:00
11ea92ef1c
Add UnauthenticatedServerOAuth2AuthorizedClientRepository
...
Fixes: gh-5817
2018-09-07 15:28:40 -05:00
9e0f171d47
Jwt Claim Mapping
...
This introduces a hook for users to customize standard Jwt Claim
values in cases where the JWT issuer isn't spec compliant or where the
user needs to add or remove claims.
Fixes: gh-5223
2018-09-07 09:48:26 -05:00
438d2911fb
OAuth2AuthorizedClientResolver
...
Extract out a private API for shared code between the argument resolver
and WebClient support. This makes it easier to make changes in both
locations. Later we will extract this out so it is not a copy/paste
effort.
Issue: gh-4921
2018-09-07 08:58:00 -05:00
23726abb1e
ServerOAuth2AuthorizedClientExchangeFilterFunction default ServerWebExchange
...
Leverage ServerWebExchange established by ServerWebExchangeReactorContextWebFilter
Issue: gh-4921
2018-09-07 08:57:25 -05:00
ac78258847
ServerOAuth2AuthorizedClientExchangeFilterFunction defaultOAuth2AuthorizedClient
...
Defaults to use the OAuth2AuthenticationToken to resolve the authorized client
Issue: gh-4921
2018-09-07 08:57:00 -05:00
158b8aa6d5
ServerOAuth2AuthorizedClientExchangeFilterFunction clientRegistrationId
...
Issue: gh-4921
2018-09-07 08:56:49 -05:00
28537fa3b6
WebClientReactiveClientCredentialsTokenResponseClient
...
Fixes: gh-5607
2018-09-07 08:53:35 -05:00
89f2874bff
ServerOAuth2AuthorizedClientExchangeFilterFunction clientRegistrationId
...
You can now provide the clientRegistrationId and
ServerOAuth2AuthorizedClientExchangeFilterFunction will look up the authorized client automatically.
Issue: gh-4921
2018-09-07 08:52:35 -05:00
5bcbb1c40f
ServerOAuth2AuthorizedClientExchangeFilterFunction uses ServerOAuth2AuthorizedClientRepository
...
Issue: gh-4921
2018-09-07 08:52:18 -05:00
65c81ce952
Make JwtReactiveAuthenticationManager final
2018-09-06 13:46:18 -06:00
057587ef29
ClientRegistration contains Provider Configuration Metadata
...
Fixes gh-5540
2018-09-05 17:01:23 -04:00
dfd572a4d2
Polish
2018-09-05 07:59:00 -05:00
3b480a3a05
Provide RestOperations in CustomUserTypesOAuth2UserService
...
Fixes gh-5602
2018-09-05 07:59:00 -05:00
4a8c95a3e8
Provide RestOperations in DefaultOAuth2UserService
...
Fixes gh-5600
2018-09-05 07:59:00 -05:00
8510e9a285
Reactive Resource Server insufficient_scope
...
This introduces an implementation of ServerAccessDeniedHandler that is
compliant with the OAuth 2.0 spec for insufficent_scope errors.
Fixes: gh-5705
2018-08-31 10:33:11 -05:00
8e615d0fee
Re-factor DefaultClientCredentialsTokenResponseClient
...
Fixes gh-5735
2018-08-27 15:10:17 -05:00
713e1e3356
BearerTokenServerAuthenticationEntryPoint waits for subscriber
...
Fixes: gh-5742
2018-08-27 14:26:45 -05:00
229b69dd35
Add DefaultAuthorizationCodeTokenResponseClient
...
Fixes gh-5547
2018-08-27 12:44:19 -04:00
f5ad4ba0fa
ServletOAuth2AuthorizedClientExchangeFilterFunction support client_credentials
...
Fixes: gh-5639
2018-08-24 11:33:02 -05:00
2d497c7b0f
Remove OAuth2ExchangeFilterFunctions
...
Fixes: gh-5734
2018-08-24 11:27:59 -05:00
59cdfc7d6e
ReactiveJwtDecoder via OIDC Provider Configuration
...
A reactive static builder for constructing and configuring a
ReactiveJwtDecoder via an issuer that supports the OIDC Provider
Configuration spec.
Fixes: gh-5649
2018-08-21 15:09:18 -05:00
01443e35b4
Reactive Jwt Validation
...
This allows a user to customize the Jwt validation steps that
NimbusReactiveJwtDecoder will take for each Jwt.
Fixes: gh-5650
2018-08-21 15:06:05 -05:00
b11e9ed317
Fix Javadoc Typo
...
NimbusReactiveJwtDecoder incorrectly referred in its class-level doc
as being an implementation of JwtDecoder. This has been corrected to
say ReactiveJwtDecoder.
Fixes: gh-5711
2018-08-21 12:21:23 -06:00
3cd0ebedc9
Polish ClientRegistrations
...
Class is now final
Issue: gh-5647
2018-08-20 10:54:53 -06:00
85d5d4083f
Add ServerOAuth2AuthorizationRequestResolver
...
Fixes: gh-5610
2018-08-19 21:13:54 -05:00
b9ab4929b7
Add OAuth2AuthorizationCodeGrantWebFilter
...
Issue: gh-5620
2018-08-19 21:12:41 -05:00
d0ebe47cd5
OAuth2LoginReactiveAuthenticationManager uses OAuth2AuthorizationCodeReactiveAuthenticationManager
...
Issue: gh-5620
2018-08-19 21:12:32 -05:00
8b67154e77
Add OAuth2AuthorizationCodeReactiveAuthenticationManager
...
Issue: gh-5620
2018-08-19 21:12:06 -05:00
f843da1942
Add OAuth2LoginAuthenticationWebFilter
...
This is necessary so that the saving of the authorized client occurs
outside of the ReactiveAuthenticationManager. It will allow for
saving with the ServerWebExchange when ReactiveOAuth2AuthorizedClientRepository
is added.
Issue: gh-5621
2018-08-19 21:11:43 -05:00
dd7925cb63
OAuth2AuthorizedClientArgumentResolver Uses ServerOAuth2AuthorizedClientRepository
...
Issue: gh-5621
2018-08-19 21:11:24 -05:00
1d57a084aa
Add ServerOAuth2AuthorizedClientRepository
...
Fixes: gh-5621
2018-08-19 21:10:15 -05:00
3a7083c7e9
Add Test<DomainObject>s For OAuth2
...
Fixes: gh-5699
2018-08-19 21:08:28 -05:00
b02ce59188
TestClientRegistrations
...
Fixes: gh-5651
2018-08-19 21:08:02 -05:00
5ddb25fff8
Consistent .server package for ServerWebExchange OAuth2
...
Fixes: gh-5663
2018-08-19 21:05:55 -05:00
e3eaa99ad0
Polish ServerAuthenticationConverter
...
Update changes for ServerAuthenticationConverter to be passive.
Issue: gh-5338
2018-08-18 19:55:39 -05:00
b6afe66d32
Add ServerAuthenticationConverter interface
...
- Adding an ServerAuthenticationConverter interface
- Retro-fitting ServerOAuth2LoginAuthenticationTokenConverter,
ServerBearerTokenAuthentivationConverter, ServerFormLoginAuthenticationConverter,
and ServerHttpBasicAuthenticationConverter to implement ServerAuthenticationConverter
- Deprecate existing AuthenticationWebFilter.setAuthenticationConverter
and add overloaded one which takes ServerAuthenticationConverter
Fixes gh-5338
2018-08-18 19:55:39 -05:00
2e620a26de
Auto-configure JwtDecoder via OpenId Configuration
...
Adding JwtDecoders#fromOidcIssuerLocation which takes an issuer
and derives from it the jwk set uri via a call to
.well-known/openid-configuration
Fixes: gh-5523
2018-08-17 11:20:26 -05:00
d610f31425
Jwt -> Authentication Conversion
...
Exposes ability to specify a strategy for converting Jwt into an
Authentication, specifically in JwtAuthenticationProvider.
Fixes: gh-5629
2018-08-17 11:04:27 -05:00
938dbbf424
Add OAuth2AuthorizationRequestResolver.resolve(HttpServletRequest,String)
...
Previously there was a tangle between
DefaultOAuth2AuthorizationRequestResolver and
OAuth2AuthorizationRequestRedirectFilter with
AUTHORIZATION_REQUIRED_EXCEPTION_ATTR_NAME
This commit adds a new method that can be used for resolving the
OAuth2AuthorizationRequest when the client registration id is known.
Issue: gh-4911
2018-08-16 20:41:13 -05:00
06df562d61
Polish JwtValidators
...
The current name of createDelegatingJwtValidator is not intuitive. The
name implies it is just creating a DelegatingOAuth2TokenValidator with
no mention that JwtTimestampValidator is being added.
To resolve this, the arguments have been removed and only
JwtTimestampValidator is added. User's needing additional validators can
add the result of this method to DelegatingOAuth2TokenValidator along with
the additional validators they wish to use. The method name has been
renamed to createDefault which now accurately reflects what is created.
There is no need to have JwtValidator at the end of the method since
the method is located in JwtValidators.
The commit also adds createDefaultWithIssuer for creating with a specific issuer.
Issue: gh-5133
2018-08-16 13:21:07 -05:00
7c524aa0c8
Jwt Claim Validation
...
This introduces OAuth2TokenValidator which allows the customization of
validation steps that need to be performing when decoding a string
token to a Jwt.
At this point, two validators, JwtTimestampValidator and
JwtIssuerValidator, are available for use.
Fixes: gh-5133
2018-08-16 13:19:26 -05:00
a4bd0d3923
OIDC Provider Configuration - ClientRegistrations
...
OIDC Provider Configuration is now being used to create more than just
ClientRegistration instances. Also, the endpoint is being addressed in
more contexts than just the client.
To that end, this refactors OidcConfigurationProvider in the config
project to ClientRegistrations in the oauth2-client project.
Fixes: gh-5647
2018-08-14 13:26:46 -06:00
cbdc7ee4b3
Relax validation on ClientRegistration
...
Fixes gh-5667
2018-08-14 14:05:45 -04:00
010d99a7d0
Make ClientRegistration.clientSecret optional
...
Fixes gh-5652
2018-08-14 13:32:51 -04:00
8a0c6868cd
Add additional parameters to OAuth2UserRequest
...
Fixes gh-5368
2018-08-14 05:14:45 -04:00
68878a1675
Replace isEqualTo(null) with isNull()
2018-08-09 18:04:48 -06:00
16fe1c5b52
Expose RestOperations in NimbusJwtDecoderJwkSupport
...
Fixes gh-5603
2018-08-08 14:49:46 -04:00
11984039c2
Add OidcUserService.setOauth2UserService()
...
Fixes gh-5604
2018-08-08 09:32:47 -04:00
952743269d
Add support for client_credentials grant
...
Fixes gh-4982
2018-08-08 08:06:47 -05:00
3d1185df3b
Add @Deprecation on removeAuthorizationRequest() ( #5634 )
2018-08-03 09:37:48 -04:00
1a65abd781
Add defaultOAuth2AuthorizedClient flag
...
Fixes: gh-5619
2018-07-31 14:44:40 -05:00
2cd2bab818
Use HttpHeaders.setBasicAuth
...
Issue: gh-5612
2018-07-30 15:34:48 -05:00
afa2d9cbc7
Remove ExchangeFilterFunctions
...
Issue: gh-5612
2018-07-30 15:34:44 -05:00
262c1a77c6
Remove SecurityHeaders
...
We no longer need this since Spring Framework now provides
HttpHeaders.setBearerAuth
Issue: gh-5612
2018-07-30 15:34:40 -05:00
b5abb99908
ClaimAccessor.getClaimAsString() checks null claim value
...
Fixes gh-5608
2018-07-30 15:31:41 -04:00
e243f93eed
Default to server_error when OAuth2Error.errorCode is null
...
Fixes gh-5594
2018-07-30 13:20:58 -04:00
aea861e2f9
Fix Imports
...
Issue: gh-5599
2018-07-30 12:15:53 -05:00
a01dc3a5f6
WebFlux Handles Undefined State Parameter
...
Currently if a state exists, but an undefined state parameter is provided
a NullPointerException occurs.
This commit handles the null value.
Fixes: gh-5599
2018-07-30 12:02:42 -05:00
2056b3440f
Add ServerBearerTokenAuthenticationConverter
...
Issue: gh-5605
2018-07-30 11:39:40 -05:00
4f417f01a7
BearerTokenServerAuthenticationEntryPoint
...
Issue: gh-5605
2018-07-30 11:39:34 -05:00
da73242d60
Add JwtReactiveAuthenticationManager
...
Issue: gh-5605
2018-07-30 11:39:28 -05:00
b8308c9ae0
Extract JwtConverter
...
Issue: gh-5605
2018-07-30 11:37:56 -05:00
f3c9cce56d
Rename to WebClientAuthorizationCodeTokenResponseClient
...
Rename NimbusReactiveAUthorizationCodeTokenResponseClient to
WebClientReactiveAuthorizationCodeTokenResponseClient
Fixes: gh-5529
2018-07-26 15:14:11 -05:00
1c8a931e33
Rename to OidcAuthorizationCodeReactiveAuthenticationManager
...
Renamed OidcReactiveAuthenticationManager to
OidcAuthorizationCodeReactiveAuthenticationManager since it only handles
authorization code flow.
Fixes: gh-5530
2018-07-26 15:14:11 -05:00
2c1c2c78c3
Add HttpServletResponse param to removeAuthorizationRequest
...
Fixes gh-5313
2018-07-26 14:15:56 -04:00
887db71333
Fix typo ( #5580 )
2018-07-26 10:04:21 -04:00
ba29b363fc
Fix OAuth2AuthorizationRequestRedirectWebFilter baseurl exclude querystring
...
To create redirect_uri in OAuth2AuthorizationRequestRedirectWebFilter,
queryParam is included in the current request-based baseUrl.
So when binding to the redirectUriTemplate,
the wrong type of redirect_uri may be created.
Fixed: gh-5520
2018-07-23 15:42:15 -04:00
36cbdfe013
Fix NPE when null Authentication in authorization_code grant
...
Fixes gh-5560
2018-07-23 12:28:48 -04:00
88975dad41
ServletOAuth2AuthorizedClientExchangeFilterFunction handles null authorized client
...
Issue: gh-5545
2018-07-22 12:01:42 -07:00
67dd3f16e9
Add static methods for ServletOAuth2AuthorizedClientExchangeFilterFunction
...
This will allow us to break up
ServletOAuth2AuthorizedClientExchangeFilterFunction into multiple
components if we decide to later.
Issue: gh-5545
2018-07-20 11:48:20 -05:00
9ababf4168
Rename to ServerOAuth2AuthorizedClientExchangeFilterFunction
...
Rename OAuth2AuthorizedClientExchangeFilterFunction to
ServerOAuth2AuthorizedClientExchangeFilterFunction->
Issue: gh-5386
2018-07-20 11:48:19 -05:00
1b79bbed7f
Add ServletOAuth2AuthorizedClientExchangeFilterFunction
...
Fixes: gh-5545
2018-07-20 11:48:19 -05:00
3c461b704c
Add AuthenticationMethod type
...
This section defines three methods of sending bearer access tokens
in resource requests to resource servers.
Clients MUST NOT use more than
one method to transmit the token in each request.
RFC6750 Section 2 Authenticated Requests
https://tools.ietf.org/html/rfc6750#section-2
Add AuthenticationMethod in ClientRegistration UserInfoEndpoint.
Add AuthenticationMethod for OAuth2UserService to get User.
To support the use of the POST method.
https://tools.ietf.org/html/rfc6750#section-2.2
gh-5500
2018-07-20 11:32:51 -04:00
9a144d742e
Use OAuth2AuthorizedClientRepository in filters and resolver
...
Fixes gh-5544
2018-07-19 22:57:10 -04:00
3f8e69211f
Fix OAuth2 ClientRegistration scope can be null
...
Allows scope of OAuth2 ClientRegistration to be null.
- The scope setting in the RFC document is defined as Optional.
https://tools.ietf.org/html/rfc6749#section-4.1.1
> scope: OPTIONAL.
> The scope of the access request as described by Section 3.3.
- When the client omits the scope parameter,
validation is determined by the authorization server.
https://tools.ietf.org/html/rfc6749#section-3.3
> If the client omits the scope parameter when requesting
authorization, the authorization server MUST either process the
request using a pre-defined default value or fail the request
indicating an invalid scope. The authorization server SHOULD
document its scope requirements and default value (if defined).
Fixes gh-5494
2018-07-18 16:17:14 -04:00
191a4760f9
Fix DefaultOAuth2AuthorizationRequestResolver baseUrl excludes queryParams
...
To create redirect_uri in DefaultOAuth2AuthorizationRequestResolver,
queryParam is included in the current request-based baseUrl.
So when binding to the redirectUriTemplate,
the wrong type of redirect_uri may be created.
Fixes gh-5520
2018-07-17 12:00:01 -04:00
981d35a92c
Add ClientRegistration.Builder.registrationId
...
Fixes: gh-5527
2018-07-17 01:27:39 -05:00
becff23df1
Reliable Error State Tests - Nimbus
...
A test against the Nimbus library was relying on specific messaging
from Nimbus as well as the JDK, making it brittle.
Now, it simply relies on the messaging that we control.
Issue: gh-4887
2018-07-16 14:46:42 -06:00
d595098823
Rename @TransientAuthentication to @Transient
...
It is quite likely we will need to prevent certain Exceptions from being
saved or from triggering a saved request. When we add support for this,
we can now leverage @Transient vs creating a new annotation.
Issue: gh-5481
2018-07-16 11:31:10 -05:00
40ccdb93f7
Resource Server Jwt Support
...
Introducing initial support for Jwt-Encoded Bearer Token authorization
with remote JWK set signature verification.
High-level features include:
- Accepting bearer tokens as headers and form or query parameters
- Verifying signatures from a remote Jwk set
And:
- A DSL for easy configuration
- A sample to demonstrate usage
Fixes: gh-5128
Fixes: gh-5125
Fixes: gh-5121
Fixes: gh-5130
Fixes: gh-5226
Fixes: gh-5237
2018-07-16 10:40:46 -05:00
6e67c0dcea
Remap Nimbus JSON Parsing Errors
...
When Nimbus fails to parse either a JWK response or a JWT response,
the error message contains information that either should or cannot be
included in a Bearer Token response.
For example, if the response from a JWK endpoint is invalid JSON, then
Nimbus will send the entire response from the authentication server in
the resulting exception message.
This commit captures these exceptions and removes the parsing detail,
replacing it with more generic information about the nature of the
error.
Fixes: gh-5517
2018-07-16 10:40:46 -05:00
371221d729
Support anonymous Principal for OAuth2AuthorizedClient
...
Fixes gh-5064
2018-07-16 10:15:41 -05:00
779597af2a
Add support for custom authorization request parameters
...
Fixes gh-4911
2018-07-16 09:39:06 -05:00
1d920680bf
Enhance OAuth2AccessToken to be serializable
...
Change the TokenType to Serializable
so that the OAuth2AccessToken can be serialized.
(org.springframework.security.oauth2.core.OAuth2AccessToken.TokenType)
Fixes gh-5492
2018-07-13 11:36:11 -04:00
a5ae714ed5
NimbusReactiveJwtDecoder propagates errors looking up keys
...
Fixes: gh-5490
2018-07-06 16:39:59 -05:00
998d1a064b
Close Nimbus Information Leak
...
This commit captures and remaps the exception that Nimbus throws
when a PlainJWT is presented to it.
While the surrounding classes are likely only used today by the
oauth2Login flow, since they are public, we'll patch them at this
point for anyone who may be using them directly.
Fixes: gh-5457
2018-07-03 10:28:31 -05:00
f7dc76de5f
Fix OAuth2BodyExtractorsTests for JDK9
...
Issue: gh-5475
2018-07-02 16:29:07 -05:00
ba489af354
Fix OAuth2AuthorizedClientExchangeFilterFunctionTests on JDK9
...
Issue: gh-4371
2018-07-02 16:16:16 -05:00
127a32bd81
Fix checkstyle OAuth2AuthorizedClientExchangeFilterFunctionTests
...
Issue: gh-4371
2018-07-02 15:47:24 -05:00
73689ecfd7
Fix Imports of OAuth2AccessTokenResponse
...
Issue: gh-5474
2018-07-02 15:46:33 -05:00
0116c65c0e
OAuth2AuthorizedClientExchangeFilterFunction Refresh Support
2018-07-02 14:14:17 -05:00
1f1fb1a801
Add MockExchangeFunction getResponse
...
This allows setting up the mock
Issue: gh-5386
2018-07-02 12:43:00 -05:00
0910e04bdf
MockExchangeFunction Support Multiple Requests
...
Issue: gh-5386
2018-07-02 12:42:54 -05:00
e27e1cd637
Add OAuth2AccessTokenResponseBodyExtractor
...
This externalizes converting a OAuth2AccessTokenResponse from a
ReactiveHttpInputMessage.
Fixes: gh-5475
2018-07-02 12:41:44 -05:00
ab61732e17
Add OAuth2AccessTokenResponse.withResponse
...
Add ability to build a new OAuth2AccessTokenResponse from another
OAuth2AccessTokenResponse.
Fixes: gh-5474
2018-07-02 12:37:45 -05:00
d7ebe5be86
Rename createJwkSet method typo
...
Actually, it is creating a claims set, just a typo.
Issue: gh-5330
2018-06-28 11:31:21 -06:00
8ef4a5ba92
Add NimbusReactiveJwtDecoder RSAPublicKey Support
...
Fixes: gh-5460
2018-06-25 21:30:49 -05:00
d32aa3c6d6
Validate sub claim in UserInfo Response
...
Fixes gh-5447
2018-06-25 16:44:04 -04:00
81350ca3c3
Add NimbusJwkReactiveJwtDecoderTests
...
Issue: gh-5330
2018-06-25 12:13:08 -05:00
7b406e89e4
Fixes in decoder
2018-06-25 10:08:13 -05:00
a5f7713d9f
adding a test
2018-06-25 10:03:53 -05:00
d521d5e066
Add OidcReactiveAuthenticationManager
...
Fixes: gh-5330
2018-06-18 16:08:07 -05:00
f7a2a41241
Add OidcReactiveOAuth2UserService
...
Issue: gh-5330
2018-06-18 16:08:07 -05:00
5ed319b11a
Add NimbusReactiveJwtDecoder
...
Issue: gh-5330
2018-06-18 16:08:07 -05:00
0d23aad911
Add ReactiveRemoteJWKSource
...
Issue: gh-5330
2018-06-18 16:08:07 -05:00
7898ce2ded
Add JWKContextJWKSource
...
Issue: gh-5330
2018-06-18 16:08:07 -05:00
aa0ea4a8eb
Add JWKContext
...
Issue: gh-5330
2018-06-18 16:06:32 -05:00
923e23d05b
Add JWKSelectorFactory
...
Issue: gh-5330
2018-06-18 16:06:26 -05:00
3ddde473f2
Extract OidcTokenValidator
...
Issue: gh-5330
2018-06-18 16:06:19 -05:00
adb8c60173
Extract OidcUserRequestUtils
...
This logic is shared by both reactive and non-reactive clients.
Issue: gh-5330
2018-06-18 16:06:01 -05:00
a3db6fc993
Polish OidcUserService
...
Fixes: gh-5449
2018-06-18 16:03:41 -05:00
02d29887fb
Associate Refresh Token to OAuth2AuthorizedClient
...
Fixes gh-5416
2018-06-12 11:31:43 -04:00
4fc6d96073
Rename @OAuth2Client to @RegisteredOAuth2AuthorizedClient
...
Fixes gh-5360
2018-06-08 17:33:21 -04:00
dd1b1b9cc3
Use Spring Framework 5.1.0 SNAPSHOT
...
Fixes: gh-5408
2018-06-05 12:28:51 -05:00
fe979aa996
OidcUserService leverages DefaultOAuth2UserService
...
Fixes gh-5390
2018-05-31 16:17:47 -04:00
82e4abdd32
OAuth2ClientArgumentResolver uses AnnotatedElementUtils
...
Fixes gh-5335
2018-05-29 21:29:33 -04:00
32c33d1def
Add OAuth2AuthenticationException constructor that takes only OAuth2Error
...
Fixes gh-5374
2018-05-29 21:10:34 -04:00
b3ca598679
Add WebClient Bearer token support
...
Fixes: gh-5389
2018-05-25 15:17:08 -05:00
c68cf991ae
Add OAuth2AuthorizedClientExchangeFilterFunction
...
Fixes: gh-5386
2018-05-25 11:01:55 -05:00
2658577396
OAuth2AuthorizationRequestRedirectWebFilter handles ClientAuthorizationRequiredException
...
Fixes: gh-5383
2018-05-24 16:40:41 -05:00
0eedfc717a
Revert "Revert "Add ClientRegistration from OpenID Connect Discovery""
...
This reverts commit 9fe0f50e3c
2018-05-18 09:40:43 -05:00
9fe0f50e3c
Revert "Add ClientRegistration from OpenID Connect Discovery"
...
This reverts commit 0598d47732
2018-05-18 09:20:51 -05:00
0598d47732
Add ClientRegistration from OpenID Connect Discovery
...
Fixes: gh-4413
2018-05-16 12:30:04 -05:00
7013c6fd76
Add OAuth2LoginSpec
...
Issue: gh-4807
2018-05-11 04:19:50 -05:00
23f4b9d3d1
Add OAuth2AuthorizationRequestRedirectWebFilter
...
Issue: gh-4807
2018-05-11 04:19:50 -05:00
de959dbff6
Add OAuth2ClientArgumentResolver
...
Issue: gh-4807
2018-05-11 04:19:50 -05:00
c1e9785a48
Add OAuth2LoginReactiveAuthenticationManager
...
Issue: gh-4807
2018-05-11 04:19:50 -05:00
7401cb2b51
Add ServerOAuth2LoginAuthenticationTokenConverter
...
Issue: gh-4807
2018-05-11 04:19:50 -05:00
3cd2ddf793
Add NimbusReactiveAuthorizationCodeTokenResponseClient
...
Issue: gh-4807
2018-05-11 04:19:50 -05:00
3220e9560a
Add DefaultReactiveOAuth2UserService
...
Issue: gh-4807
2018-05-11 04:19:50 -05:00
b613b2d253
Add WebSessionOAuth2ReactiveAuthorizationRequestRepository
...
Issue: gh-4807
2018-05-11 04:19:50 -05:00
5e9c714ff0
Add InMemoryReactiveOAuth2AuthorizedClientService
...
Issue: gh-4807
2018-05-11 04:19:50 -05:00
a02b0c17f8
Add InMemoryReactiveClientRegistrationRepository
...
Issue: gh-4807
2018-05-11 04:19:50 -05:00
c696640276
OAuth2AuthorizationResponseUtils uses MultiMap
...
Fixes: gh-5331
2018-05-11 04:19:50 -05:00
fff64db0e2
Improve ClaimAccessor getClaimAsInstant
...
Fixes gh-5250
2018-05-03 21:03:45 -04:00
2356749cc3
Add test NimbusUserInfoResponseClient sets Accept header to JSON
...
Issue gh-5294
2018-05-03 20:18:41 -04:00
b8f225c49e
NimbusUserInfoResponseClient sets Accept header to JSON
...
Fixes gh-5294
2018-05-03 16:34:38 -04:00
4cc5705ae5
HttpSessionOAuth2AuthorizationRequestRepository removes empty Map from session
...
Fixes gh-5263
2018-05-02 11:07:26 -04:00
49b63e260d
OAuth2LoginAuthenticationFilter should handle null ClientRegistration
...
Fixes gh-5251
2018-05-02 09:16:42 -04:00
6095340e93
OAuth2AuthorizationRequestRedirectFilter -> Reuse code for baseUrl
...
Fixes gh-5153
2018-04-09 21:11:00 -04:00
d8f91e4261
Fix NPE with exp claim in NimbusJwtDecoderJwkSupport
...
Fixes gh-5168
2018-04-04 07:58:32 -04:00
2bd31c96ed
ClaimAccessor.getClaimAsInstant() converts Long or Date
...
Fixes gh-5191, Fixes gh-5192
2018-04-03 21:14:25 -04:00
526e0fdd4f
Add OAuth2 Client HandlerMethodArgumentResolver
...
Fixes gh-4651
2018-04-02 12:13:52 -04:00
982fc360b2
Add support for authorization_code grant
...
Fixes gh-4928
2018-04-02 12:13:06 -04:00
ce2f669245
Remove state assertion when loading OAuth2AuthorizationRequest
...
Fixes gh-5163
2018-03-27 20:06:30 -04:00
d07cfe655d
Use Supplier variants of Assert methods
2018-03-27 10:58:55 -05:00
bb15213091
Ensure consistency by using Collection<GrantedAuthority> type
...
Fixes gh-5143
2018-03-21 10:35:18 -04:00
90f9d728cd
Allow extension for OAuth2Error
...
Fixes gh-5148
2018-03-21 10:04:57 -04:00
bf41d48718
HttpSessionOAuth2AuthorizationRequestRepository support distributed HttpSession
...
Previously HttpSessionOAuth2AuthorizationRequestRepository
getAuthorizationRequest attempted to update the state of HttpSession as
well as getting the Map of OAuth2AuthorizationRequest. This had a few
problems
- First it was confusing that a get method updated state
- It worked when the session was in memory, but would not work when the
HttpSesson was persisted to an external store (i.e. Spring Session) since
after updating the Map, there was no invocation to update
This commit cleans up the logic and ensures that the values are explicitly
set in the HttpSession so it works with a session persisted in an external
store.
Fixes: gh-5146
2018-03-20 22:14:48 -05:00
04e2e86e6e
Polish HttpSessionOAuth2AuthorizationRequestRepositoryTests
...
Fixes: gh-5147
2018-03-20 22:14:48 -05:00
59cef7d339
HttpSessionOAuth2AuthorizationRequestRepository handle multiple OAuth2AuthorizationRequest per session
...
Fixes gh-5110
2018-03-20 22:14:48 -05:00
a5bd76b6ed
Revert authorization_code grant support
...
This reverts commit eae7afd9aa
2018-03-06 16:16:45 -05:00
eae7afd9aa
Add support for authorization_code grant
...
Fixes gh-4928
2018-03-02 14:30:49 -05:00
7eb58ee7d9
DefaultOAuth2UserService -> assert UserInfo Uri is set
...
Fixes gh-4992
2018-02-02 13:01:18 -05:00
6b24aaf6f5
Add javadoc for spring-security-oauth2-jose
...
Fixes gh-4885
2018-01-23 21:27:47 -05:00
fe2ac00deb
Add javadoc for spring-security-oauth2-client
...
Fixes gh-4884
2018-01-23 17:07:21 -05:00
e6cac604f3
Add javadoc for spring-security-oauth2-core
...
Fixes gh-4883
2018-01-18 16:00:26 -05:00
1d32fffc1d
Make OAuth2Error Serializable
...
Fixes gh-4944
2018-01-10 10:40:54 -05:00
57353d18e5
Use diamond type
2017-12-21 15:09:00 -06:00
c16456623f
Remove unused imports
2017-12-20 16:05:38 -06:00
268a1dc06e
DefaultOAuth2User is Serializable
...
Fixes gh-4917
2017-12-19 09:07:17 -05:00
ae664c33b1
Polish
...
Fix compile warnings in ClientRegistrationTests
2017-11-27 12:12:59 -06:00
edccafca84
Create OAuth2AuthorizationResponse lazily
...
This commit creates `OAuth2AuthorizationResponse` as lazily as possible to prevent the creation when `authorizationRequest` is `null`.
Fixes gh-4848
2017-11-20 11:01:34 -05:00
c04b3b4114
Exclude well-known ports in expanded redirect-uri
...
Fixes gh-4836
2017-11-18 10:41:27 -05:00
b6895e6359
Apply Checkstyle WhitespaceAfterCheck module
2017-11-16 11:18:31 -06:00
dd33f0a7de
ClientRegistration.redirectUri -> redirectUriTemplate
...
Fixes gh-4827
2017-11-15 14:51:35 -05:00
e098c3707e
Update default redirect-uri to use 'baseUrl' template variable
...
Fixes gh-4826
2017-11-15 14:51:35 -05:00
d900f2a623
Remove unused imports
...
This commit also adds UnusedImportsCheck Checkstyle module.
2017-11-14 14:41:08 -06:00
872a8f3189
Change constructor param order in oauth2 client filters
...
Fixes gh-4818
2017-11-13 17:32:22 -05:00
426c034c01
OidcUserService uses custom userNameAttributeName
...
Fixes gh-4812
2017-11-12 14:44:57 -05:00
6775d9fdd8
OAuth2AccessTokenResponse should account for expires_in <= 0
...
Fixes gh-4810
2017-11-12 11:30:11 -05:00
63e2db72ea
Add tests to oauth2-jose
...
Fixes gh-4806
2017-11-10 17:09:48 -05:00
473ac0e37c
Add tests to oauth2-client
...
Fixes gh-4299
2017-11-10 16:03:34 -05:00
db35dc6c03
Add tests to oauth2-core
...
Fixes gh-4298
2017-11-06 11:39:17 -05:00
Josh Cummings
Rob Winch
Spring Operator
Stephen Doxsee
Zhanwei Wang
Joe Grandja
Fabien Arrault
Gerardo Roza
Rafael Dominguez
Adrian Javorski
Johnny Lim
Warren Bailey
Eric Deandrea
shraiysh
Nicolas Le Bas
jer051
dperezcabrera
Vedran Pavic
mhyeon.lee
Christoph Dreis
Eddú Meléndez