Merge branch 'eugenp:master' into master

core-java-modules/core-java-numbers-4/src/main/java/com/baeldung/humanreadablebytes/FileSizeFormatUtil.java

@@ -7,15 +7,35 @@ import java.util.List;
 
 public class FileSizeFormatUtil {
     private static final long BYTE = 1L;
-    private static final long KB = BYTE << 10;
+    private static final long KiB = BYTE << 10;
-    private static final long MB = KB << 10;
+    private static final long MiB = KiB << 10;
-    private static final long GB = MB << 10;
+    private static final long GiB = MiB << 10;
-    private static final long TB = GB << 10;
+    private static final long TiB = GiB << 10;
-    private static final long PB = TB << 10;
+    private static final long PiB = TiB << 10;
-    private static final long EB = PB << 10;
+    private static final long EiB = PiB << 10;
+    
+    private static final long KB = BYTE * 1000;
+    private static final long MB = KB * 1000;
+    private static final long GB = MB * 1000;
+    private static final long TB = GB * 1000;
+    private static final long PB = TB * 1000;
+    private static final long EB = PB * 1000;
+    
     private static final DecimalFormat DEC_FORMAT = new DecimalFormat("#.##");
 
-    public static String toHumanReadable(long size) {
+    public static String toHumanReadableBinaryPrefixes(long size) {
+        if (size < 0)
+            throw new IllegalArgumentException("Invalid file size: " + size);
+        if (size >= EiB) return formatSize(size, EiB, "EiB");
+        if (size >= PiB) return formatSize(size, PiB, "PiB");
+        if (size >= TiB) return formatSize(size, TiB, "TiB");
+        if (size >= GiB) return formatSize(size, GiB, "GiB");
+        if (size >= MiB) return formatSize(size, MiB, "MiB");
+        if (size >= KiB) return formatSize(size, KiB, "KiB");
+        return formatSize(size, BYTE, "Bytes");
+    }
+
+    public static String toHumanReadableSIPrefixes(long size) {
         if (size < 0)
             throw new IllegalArgumentException("Invalid file size: " + size);
         if (size >= EB) return formatSize(size, EB, "EB");
@@ -31,18 +51,32 @@ public class FileSizeFormatUtil {
         return DEC_FORMAT.format((double) size / divider) + " " + unitName;
     }
 
-    public static String toHumanReadableWithEnum(long size) {
+    public static String toHumanReadableBinaryPrefixesWithEnum(long size) {
-        final List<SizeUnit> units = SizeUnit.unitsInDescending();
+        final List<SizeUnitBinaryPrefixes> units = SizeUnitBinaryPrefixes.unitsInDescending();
         if (size < 0)
             throw new IllegalArgumentException("Invalid file size: " + size);
         String result = null;
-        for (SizeUnit unit : units) {
+        for (SizeUnitBinaryPrefixes unit : units) {
             if (size >= unit.getUnitBase()) {
                 result = formatSize(size, unit.getUnitBase(), unit.name());
                 break;
             }
         }
-        return result == null ? formatSize(size, SizeUnit.Bytes.getUnitBase(), SizeUnit.Bytes.name()) : result;
+        return result == null ? formatSize(size, SizeUnitBinaryPrefixes.Bytes.getUnitBase(), SizeUnitBinaryPrefixes.Bytes.name()) : result;
+    }
+    
+    public static String toHumanReadableSIPrefixesWithEnum(long size) {
+        final List<SizeUnitSIPrefixes> units = SizeUnitSIPrefixes.unitsInDescending();
+        if (size < 0)
+            throw new IllegalArgumentException("Invalid file size: " + size);
+        String result = null;
+        for (SizeUnitSIPrefixes unit : units) {
+            if (size >= unit.getUnitBase()) {
+                result = formatSize(size, unit.getUnitBase(), unit.name());
+                break;
+            }
+        }
+        return result == null ? formatSize(size, SizeUnitSIPrefixes.Bytes.getUnitBase(), SizeUnitSIPrefixes.Bytes.name()) : result;
     }
 
     public static String toHumanReadableByNumOfLeadingZeros(long size) {
@@ -50,22 +84,22 @@ public class FileSizeFormatUtil {
             throw new IllegalArgumentException("Invalid file size: " + size);
         if (size < 1024) return size + " Bytes";
         int unitIdx = (63 - Long.numberOfLeadingZeros(size)) / 10;
-        return formatSize(size, 1L << (unitIdx * 10), " KMGTPE".charAt(unitIdx) + "B");
+        return formatSize(size, 1L << (unitIdx * 10), " KMGTPE".charAt(unitIdx) + "iB");
     }
     
-    enum SizeUnit {
+    enum SizeUnitBinaryPrefixes {
         Bytes(1L),
-        KB(Bytes.unitBase << 10),
+        KiB(Bytes.unitBase << 10),
-        MB(KB.unitBase << 10),
+        MiB(KiB.unitBase << 10),
-        GB(MB.unitBase << 10),
+        GiB(MiB.unitBase << 10),
-        TB(GB.unitBase << 10),
+        TiB(GiB.unitBase << 10),
-        PB(TB.unitBase << 10),
+        PiB(TiB.unitBase << 10),
-        EB(PB.unitBase << 10);
+        EiB(PiB.unitBase << 10);
 
         private final Long unitBase;
 
-        public static List<SizeUnit> unitsInDescending() {
+        public static List<SizeUnitBinaryPrefixes> unitsInDescending() {
-            List<SizeUnit> list = Arrays.asList(values());
+            List<SizeUnitBinaryPrefixes> list = Arrays.asList(values());
             Collections.reverse(list);
             return list;
         }
@@ -74,7 +108,33 @@ public class FileSizeFormatUtil {
             return unitBase;
         }
 
-        SizeUnit(long unitBase) {
+        SizeUnitBinaryPrefixes(long unitBase) {
+            this.unitBase = unitBase;
+        }
+    }
+    
+    enum SizeUnitSIPrefixes {
+        Bytes(1L),
+        KB(Bytes.unitBase * 1000),
+        MB(KB.unitBase * 1000),
+        GB(MB.unitBase * 1000),
+        TB(GB.unitBase * 1000),
+        PB(TB.unitBase * 1000),
+        EB(PB.unitBase * 1000);
+
+        private final Long unitBase;
+
+        public static List<SizeUnitSIPrefixes> unitsInDescending() {
+            List<SizeUnitSIPrefixes> list = Arrays.asList(values());
+            Collections.reverse(list);
+            return list;
+        }
+
+        public Long getUnitBase() {
+            return unitBase;
+        }
+
+        SizeUnitSIPrefixes(long unitBase) {
             this.unitBase = unitBase;
         }
     }

core-java-modules/core-java-numbers-4/src/test/java/com/baeldung/humanreadablebytes/FileSizeFormatUtilUnitTest.java

@@ -8,33 +8,53 @@ import java.util.HashMap;
 import java.util.Map;
 
 public class FileSizeFormatUtilUnitTest {
-    private final static Map<Long, String> DATA_MAP = new HashMap<Long, String>() {{
+    private final static Map<Long, String> DATA_MAP_BINARY_PREFIXES = new HashMap<Long, String>() {{
         put(0L, "0 Bytes");
         put(1023L, "1023 Bytes");
-        put(1024L, "1 KB");
+        put(1024L, "1 KiB");
-        put(12_345L, "12.06 KB");
+        put(12_345L, "12.06 KiB");
-        put(10_123_456L, "9.65 MB");
+        put(10_123_456L, "9.65 MiB");
-        put(10_123_456_798L, "9.43 GB");
+        put(10_123_456_798L, "9.43 GiB");
-        put(1_777_777_777_777_777_777L, "1.54 EB");
+        put(1_777_777_777_777_777_777L, "1.54 EiB");
+    }};
+
+    private final static Map<Long, String> DATA_MAP_SI_PREFIXES = new HashMap<Long, String>() {{
+        put(0L, "0 Bytes");
+        put(999L, "999 Bytes");
+        put(1000L, "1 KB");
+        put(12_345L, "12.35 KB");
+        put(10_123_456L, "10.12 MB");
+        put(10_123_456_798L, "10.12 GB");
+        put(1_777_777_777_777_777_777L, "1.78 EB");
     }};
     
     @Test
-    public void givenBytes_whenCalltoHumanReadableMethod_thenGetExpectedResults() {
+    public void givenBytes_whenCalltoHumanReadableBinaryPrefixesMethod_thenGetExpectedResults() {
-        DATA_MAP.forEach((in, expected) -> Assert.assertEquals(expected, FileSizeFormatUtil.toHumanReadable(in)));
+        DATA_MAP_BINARY_PREFIXES.forEach((in, expected) -> Assert.assertEquals(expected, FileSizeFormatUtil.toHumanReadableBinaryPrefixes(in)));
     }
     
     @Test
-    public void givenBytes_whenCalltoHumanReadableWithEnumMethod_thenGetExpectedResults() {
+    public void givenBytes_whenCalltoHumanReadableSIPrefixesMethod_thenGetExpectedResults() {
-        DATA_MAP.forEach((in, expected) -> Assert.assertEquals(expected, FileSizeFormatUtil.toHumanReadableWithEnum(in)));
+    	DATA_MAP_SI_PREFIXES.forEach((in, expected) -> Assert.assertEquals(expected, FileSizeFormatUtil.toHumanReadableSIPrefixes(in)));
+    }
+
+    @Test
+    public void givenBytes_whenCalltoHumanReadableBinaryPrefixesWithEnumMethod_thenGetExpectedResults() {
+        DATA_MAP_BINARY_PREFIXES.forEach((in, expected) -> Assert.assertEquals(expected, FileSizeFormatUtil.toHumanReadableBinaryPrefixesWithEnum(in)));
+    }
+
+    @Test
+    public void givenBytes_whenCalltoHumanReadableSIPrefixesWithEnumMethod_thenGetExpectedResults() {
+    	DATA_MAP_SI_PREFIXES.forEach((in, expected) -> Assert.assertEquals(expected, FileSizeFormatUtil.toHumanReadableSIPrefixesWithEnum(in)));
     }
     
     @Test
     public void givenBytes_whenCalltoHumanReadableByLeadingZeros_thenGetExpectedResults() {
-        DATA_MAP.forEach((in, expected) -> Assert.assertEquals(expected, FileSizeFormatUtil.toHumanReadableByNumOfLeadingZeros(in)));
+        DATA_MAP_BINARY_PREFIXES.forEach((in, expected) -> Assert.assertEquals(expected, FileSizeFormatUtil.toHumanReadableByNumOfLeadingZeros(in)));
     }
     
     @Test
     public void givenBytes_whenCalltoHumanReadableByFileUtils_thenOutputExpectedResults() {
-        DATA_MAP.forEach((in, expected) -> System.out.println(in + " bytes -> " + FileUtils.byteCountToDisplaySize(in)));
+        DATA_MAP_BINARY_PREFIXES.forEach((in, expected) -> System.out.println(in + " bytes -> " + FileUtils.byteCountToDisplaySize(in)));
     }
 }

docker-modules/docker-compose/Dockerfile

@@ -0,0 +1,4 @@
+FROM openjdk:11
+MAINTAINER baeldung.com
+COPY target/docker-compose-0.0.1-SNAPSHOT.jar app.jar
+ENTRYPOINT ["java","-jar","/app.jar"]

docker-modules/docker-compose/depends-on_vs_links/docker-compose-depends-on.yml

@@ -0,0 +1,14 @@
+services:
+  db:
+    image: postgres:latest
+    environment:
+      - POSTGRES_USER=postgres
+      - POSTGRES_PASSWORD=postgres
+    ports:
+      - 5432:5432
+  web-app:
+    image: web-app:latest
+    ports:
+      - 8080:8080
+    depends_on:
+      - db

docker-modules/docker-compose/depends-on_vs_links/docker-compose-links.yml

@@ -0,0 +1,14 @@
+services:
+  db:
+    image: postgres:latest
+    environment:
+      - POSTGRES_USER=postgres
+      - POSTGRES_PASSWORD=postgres
+    ports:
+      - 5432:5432
+  web-app:
+    image: web-app:latest
+    ports:
+      - 8080:8080
+    links:
+      - db

docker-modules/docker-compose/depends-on_vs_links/docker-compose-network.yml

@@ -0,0 +1,36 @@
+services:
+  db:
+    image: postgres:latest
+    restart: always
+    environment:
+      - POSTGRES_USER=postgres
+      - POSTGRES_PASSWORD=postgres
+    ports:
+      - 5432:5432
+    volumes:
+      - db:/var/lib/postgresql/data
+    networks:
+      - mynet
+
+  web-app:
+    image: web-app:latest
+    depends_on:
+      - db
+    networks:
+      - mynet
+    ports:
+      - 8080:8080
+    environment:
+      DB_HOST: db
+      DB_PORT: 5432
+      DB_USER: postgres
+      DB_PASSWORD: postgres
+      DB_NAME: postgres
+
+networks:
+  mynet:
+    driver: bridge
+
+volumes:
+  db:
+    driver: local

docker-modules/docker-compose/pom.xml

@@ -34,6 +34,16 @@
             <plugin>
                 <groupId>org.springframework.boot</groupId>
                 <artifactId>spring-boot-maven-plugin</artifactId>
+                <configuration>
+                    <mainClass>com.baeldung.docker.app.DockAppApplication</mainClass>
+                </configuration>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>repackage</goal>
+                        </goals>
+                    </execution>
+                </executions>
             </plugin>
         </plugins>
     </build>

javaxval/pom.xml

@@ -34,6 +34,17 @@
             <artifactId>spring-test</artifactId>
             <version>${org.springframework.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-validation</artifactId>
+            <version>${spring.boot.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <version>${spring.boot.version}</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 		
     <!-- uncomment in order to enable Hibernate Validator Anotation Processor -->
@@ -46,13 +57,14 @@
         </plugin> </plugins> </build> -->
 
     <properties>
-        <hibernate-validator.version>6.0.13.Final</hibernate-validator.version>
+        <hibernate-validator.version>6.2.3.Final</hibernate-validator.version>
         <hibernate-validator.ap.version>6.2.0.Final</hibernate-validator.ap.version>
         <maven.compiler.version>3.6.1</maven.compiler.version>
         <maven.compiler.source>1.8</maven.compiler.source>
         <maven.compiler.target>1.8</maven.compiler.target>
         <javax.el.version>3.0.0</javax.el.version>
-        <org.springframework.version>5.0.2.RELEASE</org.springframework.version>
+        <org.springframework.version>5.3.21</org.springframework.version>
+        <spring.boot.version>2.7.1</spring.boot.version>
     </properties>
 
 </project>

javaxval/src/main/java/com/baeldung/javaxval/notnull/NotNullMethodParameter.java

@@ -0,0 +1,22 @@
+package com.baeldung.javaxval.notnull;
+
+import javax.validation.Validation;
+import javax.validation.Validator;
+import javax.validation.ValidatorFactory;
+import javax.validation.constraints.NotNull;
+
+public class NotNullMethodParameter {
+
+    ValidatorFactory factory = Validation.buildDefaultValidatorFactory();
+    Validator validator = factory.getValidator();
+
+    public int doesNotValidateNotNull(@NotNull String myString) {
+        return myString.length();
+    }
+
+    public int validateNotNull(@NotNull String myString) {
+        validator.validate(myString);
+        return myString.length();
+    }
+
+}

javaxval/src/main/java/com/baeldung/javaxval/notnull/ValidatingComponent.java

@@ -0,0 +1,21 @@
+package com.baeldung.javaxval.notnull;
+
+import org.springframework.stereotype.Component;
+import org.springframework.validation.annotation.Validated;
+
+import javax.validation.constraints.NotNull;
+
+@Component
+@Validated
+public class ValidatingComponent {
+
+    public int validateNotNull(@NotNull String data)
+    {
+        return data.length();
+    }
+
+    public int callAnnotatedMethod(String data) {
+        return validateNotNull(data);
+    }
+
+}

javaxval/src/test/java/com/baeldung/javaxval/notnull/NotNullMethodParameterUnitTest.java

@@ -0,0 +1,21 @@
+package com.baeldung.javaxval.notnull;
+
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+class NotNullMethodParameterUnitTest {
+
+    private NotNullMethodParameter demo = new NotNullMethodParameter();
+
+    @Test
+    public void givenNull_whenInvokedwithNoValidator_thenNullPointerException() {
+        assertThrows(NullPointerException.class, () -> demo.doesNotValidateNotNull(null));
+    }
+
+    @Test
+    public void givenNull_whenInvokedWithValidator_thenIllegalArgumentException() {
+        assertThrows(IllegalArgumentException.class, () -> demo.validateNotNull(null));
+    }
+
+}

javaxval/src/test/java/com/baeldung/javaxval/notnull/ValidatingComponentIntegrationTest.java

@@ -0,0 +1,43 @@
+package com.baeldung.javaxval.notnull;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.test.context.SpringBootTest;
+
+import javax.validation.ConstraintViolation;
+import javax.validation.ConstraintViolationException;
+import javax.validation.constraints.NotNull;
+import java.util.Set;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.is;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+@SpringBootTest
+class ValidatingComponentIntegrationTest {
+
+    @Autowired ValidatingComponent component;
+
+    @Test
+    void givenValue_whenValidate_thenSuccess() {
+        assertThat(component.validateNotNull("Not null!"), is(9));
+    }
+
+    @Test
+    void givenNull_whenValidate_thenConstraintViolationException() {
+        ConstraintViolationException constraintViolationException = assertThrows(ConstraintViolationException.class, () -> component.validateNotNull(null));
+        Set<ConstraintViolation<?>> constraintViolations = constraintViolationException.getConstraintViolations();
+        assertThat(constraintViolations.iterator().next().getConstraintDescriptor().getAnnotation().annotationType(), is(NotNull.class));
+    }
+
+    @Test
+    void givenNull_whenOnlyCalledMethodHasAnnotation_thenNoValidation() {
+        assertThrows(NullPointerException.class, () -> component.callAnnotatedMethod(null));
+    }
+
+    @SpringBootApplication
+    static class TestApplication {
+    }
+
+}

spring-5-reactive-modules/spring-reactive/src/test/java/com/baeldung/reactive/webclient/WebClientIntegrationTest.java

@@ -82,6 +82,16 @@ class WebClientIntegrationTest {
           .verify();
     }
 
+    @Test
+    void givenWebClientCreationWithoutUri_whenUsed_thenObtainExpectedResponse() {
+        WebClient client = WebClient.create();
+
+        StepVerifier.create(retrieveResponse(client))
+          .expectErrorMatches(ex -> WebClientRequestException.class.isAssignableFrom(ex.getClass()) && ex.getMessage()
+            .contains("Connection refused"))
+          .verify();
+    }
+
     @Test
     void givenDifferentMethodSpecifications_whenUsed_thenObtainExpectedResponse() {
         // request specification
@@ -111,12 +121,6 @@ class WebClientIntegrationTest {
             .build());
         RequestBodySpec bodySpecusingURI = createDefaultPostRequest().uri(
           URI.create("http://localhost:" + port + "/resource"));
-        RequestBodySpec bodySpecOverridenBaseUri = createDefaultPostRequest().uri(URI.create("/resource"));
-        RequestBodySpec bodySpecOverridenBaseUri2 = WebClient.builder()
-          .baseUrl("http://localhost:" + port)
-          .build()
-          .post()
-          .uri(URI.create("/resource"));
 
         // response assertions
         StepVerifier.create(retrieveResponse(bodySpecUsingString))
@@ -128,12 +132,22 @@ class WebClientIntegrationTest {
         StepVerifier.create(retrieveResponse(bodySpecusingURI))
           .expectNext("processed-bodyValue")
           .verifyComplete();
-        // assert sending request overriding base URI
+    }
-        StepVerifier.create(retrieveResponse(bodySpecOverridenBaseUri))
+
+    @Test
+    void givenOverriddenUriSpecifications_whenUsed_thenObtainExpectedResponse() {
+        RequestBodySpec bodySpecOverriddenBaseUri = createDefaultPostRequest().uri(URI.create("/resource"));
+        StepVerifier.create(retrieveResponse(bodySpecOverriddenBaseUri))
           .expectErrorMatches(ex -> WebClientRequestException.class.isAssignableFrom(ex.getClass()) && ex.getMessage()
             .contains("Connection refused"))
           .verify();
-        StepVerifier.create(retrieveResponse(bodySpecOverridenBaseUri2))
+
+        RequestBodySpec bodySpecOverriddenBaseUri2 = WebClient.builder()
+          .baseUrl("http://localhost:" + port)
+          .build()
+          .post()
+          .uri(URI.create("/resource"));
+        StepVerifier.create(retrieveResponse(bodySpecOverriddenBaseUri2))
           .expectErrorMatches(ex -> WebClientRequestException.class.isAssignableFrom(ex.getClass()) && ex.getMessage()
             .contains("Connection refused"))
           .verify();
@@ -301,30 +315,35 @@ class WebClientIntegrationTest {
           .uri("/resource")
           .bodyValue(BODY_VALUE)
           .retrieve()
-          .bodyToMono(String.class);
+          .bodyToMono(String.class)
+          .log();
     }
 
     private Mono<String> retrieveResponse(RequestBodyUriSpec spec) {
         return spec.uri("/resource")
           .bodyValue(BODY_VALUE)
           .retrieve()
-          .bodyToMono(String.class);
+          .bodyToMono(String.class)
+          .log();
     }
 
     private Mono<Map<String, String>> retrieveGetResponse(RequestHeadersUriSpec<?> spec) {
         return spec.uri("/resource")
           .retrieve()
-          .bodyToMono(MAP_RESPONSE_REF);
+          .bodyToMono(MAP_RESPONSE_REF)
+          .log();
     }
 
     private Mono<String> retrieveResponse(RequestBodySpec spec) {
         return spec.bodyValue(BODY_VALUE)
           .retrieve()
-          .bodyToMono(String.class);
+          .bodyToMono(String.class)
+          .log();
     }
 
     private Mono<String> retrieveResponse(RequestHeadersSpec<?> spec) {
         return spec.retrieve()
-          .bodyToMono(String.class);
+          .bodyToMono(String.class)
+          .log();
     }
 }

spring-boot-modules/spring-boot-testing-2/src/test/java/com/baeldung/redistestcontainers/service/ProductServiceManualTest.java

@@ -10,8 +10,12 @@ import org.testcontainers.utility.DockerImageName;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNull;
 
+/**
+ * Requires Docker running on the machine to run without errors
+ * Therefore, skipped from pipeline
+ */
 @SpringBootTest
-public class ProductServiceIntegrationTest {
+public class ProductServiceManualTest {
 
     static {
         GenericContainer<?> redis = new GenericContainer<>(DockerImageName.parse("redis:5.0.3-alpine"))

spring-security-modules/pom.xml

@@ -15,7 +15,6 @@
     </parent>
 
     <modules>        
-        <module>spring-5-security</module>        
         <module>spring-security-acl</module>
         <module>spring-security-auth0</module>
         <module>spring-security-cognito</module>
@@ -35,6 +34,7 @@
         <module>spring-security-web-boot-3</module>
         <module>spring-security-web-digest-auth</module>
         <module>spring-security-web-login</module>
+        <module>spring-security-web-login-2</module>
         <module>spring-security-web-mvc-custom</module>
         <module>spring-security-web-mvc</module>
         <module>spring-security-web-persistent-login</module>

spring-security-modules/spring-5-security/README.md

@@ -1,13 +0,0 @@
-## Spring 5 Security
-
-This module contains articles about Spring Security 5
-
-## Relevant articles:
-
-- [A Custom Spring SecurityConfigurer](https://www.baeldung.com/spring-security-custom-configurer)
-- [New Password Storage In Spring Security 5](https://www.baeldung.com/spring-security-5-password-storage)
-- [Default Password Encoder in Spring Security 5](https://www.baeldung.com/spring-security-5-default-password-encoder)
-- [Guide to the AuthenticationManagerResolver in Spring Security](https://www.baeldung.com/spring-security-authenticationmanagerresolver)
-- [Manual Logout With Spring Security](https://www.baeldung.com/spring-security-manual-logout)
-- [How to Disable Spring Security Logout Redirects](https://www.baeldung.com/spring-security-disable-logout-redirects)
-- [Prevent Cross-Site Scripting (XSS) in a Spring Application](https://www.baeldung.com/spring-prevent-xss)

spring-security-modules/spring-5-security/src/main/resources/ESAPI.properties

@@ -1,545 +0,0 @@
-#
-# OWASP Enterprise Security API (ESAPI) Properties file -- PRODUCTION Version
-#
-# This file is part of the Open Web Application Security Project (OWASP)
-# Enterprise Security API (ESAPI) project. For details, please see
-# https://owasp.org/www-project-enterprise-security-api/
-#
-# Copyright (c) 2008,2009 - The OWASP Foundation
-#
-# DISCUSS: This may cause a major backwards compatibility issue, etc. but
-#		   from a name space perspective, we probably should have prefaced
-#		   all the property names with ESAPI or at least OWASP. Otherwise
-#		   there could be problems is someone loads this properties file into
-#		   the System properties.  We could also put this file into the
-#		   esapi.jar file (perhaps as a ResourceBundle) and then allow an external
-#		   ESAPI properties be defined that would overwrite these defaults.
-#		   That keeps the application's properties relatively simple as usually
-#		   they will only want to override a few properties. If looks like we
-#		   already support multiple override levels of this in the
-#		   DefaultSecurityConfiguration class, but I'm suggesting placing the
-#		   defaults in the esapi.jar itself. That way, if the jar is signed,
-#		   we could detect if those properties had been tampered with. (The
-#		   code to check the jar signatures is pretty simple... maybe 70-90 LOC,
-#		   but off course there is an execution penalty (similar to the way
-#		   that the separate sunjce.jar used to be when a class from it was
-#		   first loaded). Thoughts?
-###############################################################################
-#
-# WARNING: Operating system protection should be used to lock down the .esapi
-# resources directory and all the files inside and all the directories all the
-# way up to the root directory of the file system.  Note that if you are using
-# file-based implementations, that some files may need to be read-write as they
-# get updated dynamically.
-#
-#===========================================================================
-# ESAPI Configuration
-#
-# If true, then print all the ESAPI properties set here when they are loaded.
-# If false, they are not printed. Useful to reduce output when running JUnit tests.
-# If you need to troubleshoot a properties related problem, turning this on may help.
-# This is 'false' in the src/test/resources/.esapi version. It is 'true' by
-# default for reasons of backward compatibility with earlier ESAPI versions.
-ESAPI.printProperties=true
-
-# ESAPI is designed to be easily extensible. You can use the reference implementation
-# or implement your own providers to take advantage of your enterprise's security
-# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
-#
-#    String ciphertext =
-#		ESAPI.encryptor().encrypt("Secret message");   // Deprecated in 2.0
-#    CipherText cipherText =
-#		ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
-#
-# Below you can specify the classname for the provider that you wish to use in your
-# application. The only requirement is that it implement the appropriate ESAPI interface.
-# This allows you to switch security implementations in the future without rewriting the
-# entire application.
-#
-# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
-ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
-# FileBasedAuthenticator requires users.txt file in .esapi directory
-ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
-ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
-ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
-
-ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
-ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
-ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
-# Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
-# Note that this is now considered deprecated!
-ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory
-#ESAPI.Logger=org.owasp.esapi.logging.log4j.Log4JLogFactory
-#ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory
-# To use the new SLF4J logger in ESAPI (see GitHub issue #129), set
-#    ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory
-# and do whatever other normal SLF4J configuration that you normally would do for your application.
-ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
-ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
-
-#===========================================================================
-# ESAPI Authenticator
-#
-Authenticator.AllowedLoginAttempts=3
-Authenticator.MaxOldPasswordHashes=13
-Authenticator.UsernameParameterName=username
-Authenticator.PasswordParameterName=password
-# RememberTokenDuration (in days)
-Authenticator.RememberTokenDuration=14
-# Session Timeouts (in minutes)
-Authenticator.IdleTimeoutDuration=20
-Authenticator.AbsoluteTimeoutDuration=120
-
-#===========================================================================
-# ESAPI Encoder
-#
-# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
-# Failure to canonicalize input is a very common mistake when implementing validation schemes.
-# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
-# following code to canonicalize data.
-#
-#      ESAPI.Encoder().canonicalize( "%22hello world"" );
-#
-# Multiple encoding is when a single encoding format is applied multiple times. Allowing
-# multiple encoding is strongly discouraged.
-Encoder.AllowMultipleEncoding=false
-
-# Mixed encoding is when multiple different encoding formats are applied, or when
-# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
-Encoder.AllowMixedEncoding=false
-
-# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
-# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
-# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
-Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
-
-
-#===========================================================================
-# ESAPI Encryption
-#
-# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
-# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
-# There is not currently any support for key rotation, so be careful when changing your key and salt as it
-# will invalidate all signed, encrypted, and hashed data.
-#
-# WARNING: Not all combinations of algorithms and key lengths are supported.
-# If you choose to use a key length greater than 128, you MUST download the
-# unlimited strength policy files and install in the lib directory of your JRE/JDK.
-# See http://java.sun.com/javase/downloads/index.jsp for more information.
-#
-#		***** IMPORTANT: Do NOT forget to replace these with your own values! *****
-# To calculate these values, you can run:
-#		java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
-#
-#Encryptor.MasterKey=
-#Encryptor.MasterSalt=
-
-# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
-# encryption and hashing. (That is it will look to this provider first, but it
-# will defer to other providers if the requested algorithm is not implemented
-# by this provider.) If left unset, ESAPI will just use your Java VM's current
-# preferred JCE provider, which is generally set in the file
-# "$JAVA_HOME/jre/lib/security/java.security".
-#
-# The main intent of this is to allow ESAPI symmetric encryption to be
-# used with a FIPS 140-2 compliant crypto-module. For details, see the section
-# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
-# the ESAPI 2.0 Symmetric Encryption User Guide, at:
-# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
-# However, this property also allows you to easily use an alternate JCE provider
-# such as "Bouncy Castle" without having to make changes to "java.security".
-# See Javadoc for SecurityProviderLoader for further details. If you wish to use
-# a provider that is not known to SecurityProviderLoader, you may specify the
-# fully-qualified class name of the JCE provider class that implements
-# java.security.Provider. If the name contains a '.', this is interpreted as
-# a fully-qualified class name that implements java.security.Provider.
-#
-# NOTE: Setting this property has the side-effect of changing it in your application
-#       as well, so if you are using JCE in your application directly rather than
-#       through ESAPI (you wouldn't do that, would you? ;-), it will change the
-#       preferred JCE provider there as well.
-#
-# Default: Keeps the JCE provider set to whatever JVM sets it to.
-Encryptor.PreferredJCEProvider=
-
-# AES is the most widely used and strongest encryption algorithm. This
-# should agree with your Encryptor.CipherTransformation property.
-# Warning: This property does not control the default reference implementation for
-#		   ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
-#		   in the future.
-# @deprecated
-Encryptor.EncryptionAlgorithm=AES
-#		For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
-Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
-
-# Applies to ESAPI 2.0 and later only!
-# Comma-separated list of cipher modes that provide *BOTH*
-# confidentiality *AND* message authenticity. (NIST refers to such cipher
-# modes as "combined modes" so that's what we shall call them.) If any of these
-# cipher modes are used then no MAC is calculated and stored
-# in the CipherText upon encryption. Likewise, if one of these
-# cipher modes is used with decryption, no attempt will be made
-# to validate the MAC contained in the CipherText object regardless
-# of whether it contains one or not. Since the expectation is that
-# these cipher modes support support message authenticity already,
-# injecting a MAC in the CipherText object would be at best redundant.
-#
-# Note that as of JDK 1.5, the SunJCE provider does not support *any*
-# of these cipher modes. Of these listed, only GCM and CCM are currently
-# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
-# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
-# padding modes.
-Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
-
-# Applies to ESAPI 2.0 and later only!
-# Additional cipher modes allowed for ESAPI 2.0 encryption. These
-# cipher modes are in _addition_ to those specified by the property
-# 'Encryptor.cipher_modes.combined_modes'.
-# Note: We will add support for streaming modes like CFB & OFB once
-# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
-# (probably in ESAPI 2.1).
-# DISCUSS: Better name?
-Encryptor.cipher_modes.additional_allowed=CBC
-
-# Default key size to use for cipher specified by Encryptor.EncryptionAlgorithm.
-# Note that this MUST be a valid key size for the algorithm being used
-# (as specified by Encryptor.EncryptionAlgorithm). So for example, if AES is used,
-# it must be 128, 192, or 256. If DESede is chosen, then it must be either 112 or 168.
-#
-# Note that 128-bits is almost always sufficient and for AES it appears to be more
-# somewhat more resistant to related key attacks than is 256-bit AES.)
-#
-# Defaults to 128-bits if left blank.
-#
-# NOTE: If you use a key size > 128-bits, then you MUST have the JCE Unlimited
-#       Strength Jurisdiction Policy files installed!!!
-#
-Encryptor.EncryptionKeyLength=128
-
-# This is the _minimum_ key size (in bits) that we allow with ANY symmetric
-# cipher for doing encryption. (There is no minimum for decryption.)
-#
-# Generally, if you only use one algorithm, this should be set the same as
-# the Encryptor.EncryptionKeyLength property.
-Encryptor.MinEncryptionKeyLength=128
-
-# Because 2.x uses CBC mode by default, it requires an initialization vector (IV).
-# (All cipher modes except ECB require an IV.) There are two choices: we can either
-# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
-# the IV does not need to be hidden from adversaries, it is important that the
-# adversary not be allowed to choose it. Also, random IVs are generally much more
-# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
-# such as CFB and OFB use a different IV for each encryption with a given key so
-# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
-# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
-# uncomment the Encryptor.fixedIV.
-#
-# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.3
-#                                               'fixed' is deprecated as of 2.2
-#                                               and will be removed in 2.3.
-Encryptor.ChooseIVMethod=random
-
-
-# If you choose to use a fixed IV, then you must place a fixed IV here that
-# is known to all others who are sharing your secret key. The format should
-# be a hex string that is the same length as the cipher block size for the
-# cipher algorithm that you are using. The following is an *example* for AES
-# from an AES test vector for AES-128/CBC as described in:
-# NIST Special Publication 800-38A (2001 Edition)
-# "Recommendation for Block Cipher Modes of Operation".
-# (Note that the block size for AES is 16 bytes == 128 bits.)
-#
-#   @Deprecated -- fixed IVs are deprecated as of the 2.2 release and support
-#                  will be removed in the next release (tentatively, 2.3).
-#                  If you MUST use this, at least replace this IV with one
-#                  that your legacy application was using.
-Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
-
-# Whether or not CipherText should use a message authentication code (MAC) with it.
-# This prevents an adversary from altering the IV as well as allowing a more
-# fool-proof way of determining the decryption failed because of an incorrect
-# key being supplied. This refers to the "separate" MAC calculated and stored
-# in CipherText, not part of any MAC that is calculated as a result of a
-# "combined mode" cipher mode.
-#
-# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
-# set this property to false. That is because ESAPI takes the master key and
-# derives 2 keys from it--a key for the MAC and a key for encryption--and
-# because ESAPI is not itself FIPS 140-2 verified such intermediary aterations
-# to keys from FIPS approved sources would have the effect of making your FIPS
-# approved key generation and thus your FIPS approved JCE provider unapproved!
-# More details in
-#       documentation/esapi4java-core-2.0-readme-crypto-changes.html
-#       documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
-# You have been warned.
-Encryptor.CipherText.useMAC=true
-
-# Whether or not the PlainText object may be overwritten and then marked
-# eligible for garbage collection. If not set, this is still treated as 'true'.
-Encryptor.PlainText.overwrite=true
-
-# Do not use DES except in a legacy situations. 56-bit is way too small key size.
-#Encryptor.EncryptionKeyLength=56
-#Encryptor.MinEncryptionKeyLength=56
-#Encryptor.EncryptionAlgorithm=DES
-
-# TripleDES is considered strong enough for most purposes.
-#	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
-#			requires downloading the special jurisdiction policy from Sun.
-#Encryptor.EncryptionKeyLength=168
-#Encryptor.MinEncryptionKeyLength=112
-#Encryptor.EncryptionAlgorithm=DESede
-
-Encryptor.HashAlgorithm=SHA-512
-Encryptor.HashIterations=1024
-Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
-Encryptor.DigitalSignatureKeyLength=1024
-Encryptor.RandomAlgorithm=SHA1PRNG
-Encryptor.CharacterEncoding=UTF-8
-
-# This is the Pseudo Random Function (PRF) that ESAPI's Key Derivation Function
-# (KDF) normally uses. Note this is *only* the PRF used for ESAPI's KDF and
-# *not* what is used for ESAPI's MAC. (Currently, HmacSHA1 is always used for
-# the MAC, mostly to keep the overall size at a minimum.)
-#
-# Currently supported choices for JDK 1.5 and 1.6 are:
-#	HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
-#	HmacSHA512 (512 bits).
-# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
-# the JDKs support it.  See the ESAPI 2.0 Symmetric Encryption User Guide
-# further details.
-Encryptor.KDF.PRF=HmacSHA256
-#===========================================================================
-# ESAPI HttpUtilties
-#
-# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods
-# protect against malicious data from attackers, such as unprintable characters, escaped characters,
-# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
-# headers, and CSRF tokens.
-#
-# Default file upload location (remember to escape backslashes with \\)
-HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
-HttpUtilities.UploadTempDir=C:\\temp
-# Force flags on cookies, if you use HttpUtilities to set cookies
-HttpUtilities.ForceHttpOnlySession=false
-HttpUtilities.ForceSecureSession=false
-HttpUtilities.ForceHttpOnlyCookies=true
-HttpUtilities.ForceSecureCookies=true
-# Maximum size of HTTP header key--the validator regex may have additional values.
-HttpUtilities.MaxHeaderNameSize=256
-# Maximum size of HTTP header value--the validator regex may have additional values.
-HttpUtilities.MaxHeaderValueSize=4096
-# Maximum size of JSESSIONID for the application--the validator regex may have additional values.
-HttpUtilities.HTTPJSESSIONIDLENGTH=50
-# Maximum length of a URL (see https://stackoverflow.com/questions/417142/what-is-the-maximum-length-of-a-url-in-different-browsers)
-HttpUtilities.URILENGTH=2000
-# Maximum length of a redirect
-HttpUtilities.maxRedirectLength=512
-# Maximum length for an http scheme
-HttpUtilities.HTTPSCHEMELENGTH=10
-# Maximum length for an http host
-HttpUtilities.HTTPHOSTLENGTH=100
-# Maximum length for an http path
-HttpUtilities.HTTPPATHLENGTH=150
-#Maximum length for a context path
-HttpUtilities.contextPathLength=150
-#Maximum length for an httpServletPath
-HttpUtilities.HTTPSERVLETPATHLENGTH=100
-#Maximum length for an http query parameter name
-HttpUtilities.httpQueryParamNameLength=100
-#Maximum length for an http query parameter -- old default was 2000, but that's the max length for a URL...
-HttpUtilities.httpQueryParamValueLength=500
-# File upload configuration
-HttpUtilities.ApprovedUploadExtensions=.pdf,.doc,.docx,.ppt,.pptx,.xls,.xlsx,.rtf,.txt,.jpg,.png
-HttpUtilities.MaxUploadFileBytes=500000000
-# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
-# container, and any other technologies you may be using. Failure to do this may expose you
-# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
-HttpUtilities.ResponseContentType=text/html; charset=UTF-8
-# This is the name of the cookie used to represent the HTTP session
-# Typically this will be the default "JSESSIONID"
-HttpUtilities.HttpSessionIdName=JSESSIONID
-#Sets whether or not we will overwrite http status codes to 200.
-HttpUtilities.OverwriteStatusCodes=true
-#Sets the application's base character encoding.  This is forked from the Java Encryptor property.
-HttpUtilities.CharacterEncoding=UTF-8
-
-#===========================================================================
-# ESAPI Executor
-# CHECKME - This should be made OS independent. Don't use unsafe defaults.
-# # Examples only -- do NOT blindly copy!
-#   For Windows:
-#     Executor.WorkingDirectory=C:\\Windows\\Temp
-#     Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
-#   For *nux, MacOS:
-#     Executor.WorkingDirectory=/tmp
-#     Executor.ApprovedExecutables=/bin/bash
-Executor.WorkingDirectory=
-Executor.ApprovedExecutables=
-
-
-#===========================================================================
-# ESAPI Logging
-# Set the application name if these logs are combined with other applications
-Logger.ApplicationName=ExampleApplication
-# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
-Logger.LogEncodingRequired=false
-# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
-Logger.LogApplicationName=true
-# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
-Logger.LogServerIP=true
-# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
-# want to place it in a specific directory.
-Logger.LogFileName=ESAPI_logging_file
-# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
-Logger.MaxLogFileSize=10000000
-# Determines whether ESAPI should log the user info.
-Logger.UserInfo=true
-# Determines whether ESAPI should log the session id and client IP.
-Logger.ClientInfo=true
-
-#===========================================================================
-# ESAPI Intrusion Detection
-#
-# Each event has a base to which .count, .interval, and .action are added
-# The IntrusionException will fire if we receive "count" events within "interval" seconds
-# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
-#  (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
-#
-# Custom Events
-# Names must start with "event." as the base
-# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
-# You can also disable intrusion detection completely by changing
-# the following parameter to true
-#
-IntrusionDetector.Disable=false
-#
-IntrusionDetector.event.test.count=2
-IntrusionDetector.event.test.interval=10
-IntrusionDetector.event.test.actions=disable,log
-
-# Exception Events
-# All EnterpriseSecurityExceptions are registered automatically
-# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
-# Use the fully qualified classname of the exception as the base
-
-# any intrusion is an attack
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
-
-# for test purposes
-# CHECKME: Shouldn't there be something in the property name itself that designates
-#		   that these are for testing???
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
-
-# rapid validation errors indicate scans or attacks in progress
-# org.owasp.esapi.errors.ValidationException.count=10
-# org.owasp.esapi.errors.ValidationException.interval=10
-# org.owasp.esapi.errors.ValidationException.actions=log,logout
-
-# sessions jumping between hosts indicates session hijacking
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
-
-
-#===========================================================================
-# ESAPI Validation
-#
-# The ESAPI Validator works on regular expressions with defined names. You can define names
-# either here, or you may define application specific patterns in a separate file defined below.
-# This allows enterprises to specify both organizational standards as well as application specific
-# validation rules.
-#
-# Use '\p{L}' (without the quotes) within the character class to match
-# any Unicode LETTER. You can also use a range, like:  \u00C0-\u017F
-# You can also use any of the regex flags as documented at
-# https://docs.oracle.com/javase/tutorial/essential/regex/pattern.html, e.g. (?u)
-#
-Validator.ConfigurationFile=validation.properties
-
-# Validators used by ESAPI
-Validator.AccountName=^[a-zA-Z0-9]{3,20}$
-Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
-Validator.RoleName=^[a-z]{1,20}$
-
-#the word TEST below should be changed to your application
-#name - only relative URL's are supported
-Validator.Redirect=^\\/test.*$
-
-# Global HTTP Validation Rules
-# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
-Validator.HTTPScheme=^(http|https)$
-Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
-Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
-# Note that headerName and Value length is also configured in the HTTPUtilities section
-Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,256}$
-Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
-Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
-Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
-Validator.HTTPURL=^.*$
-Validator.HTTPJSESSIONID=^[A-Z0-9]{10,32}$
-
-
-# Contributed by Fraenku@gmx.ch
-# Github Issue 126 https://github.com/ESAPI/esapi-java-legacy/issues/126
-Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
-Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
-Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
-Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
-Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
-
-
-# Validation of file related input
-Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
-Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
-
-# Validation of dates. Controls whether or not 'lenient' dates are accepted.
-# See DataFormat.setLenient(boolean flag) for further details.
-Validator.AcceptLenientDates=false
-
-#                       ~~~~~ Important Note ~~~~~
-# This is a workaround to make sure that a commit to address GitHub issue #509
-# doesn't accidentally break someone's production code. So essentially what we
-# are doing is to reverting back to the previous possibly buggy (by
-# documentation intent at least), but, by now, expected legacy behavior.
-# Prior to the code changes for issue #509, if invalid / malicious HTML input was
-# observed, AntiSamy would simply attempt to sanitize (cleanse) it and it would
-# only be logged. However, the code change made ESAPI comply with its
-# documentation, which stated that a ValidationException should be thrown in
-# such cases. Unfortunately, changing this behavior--especially when no one is
-# 100% certain that the documentation was correct--could break existing code
-# using ESAPI so after a lot of debate, issue #521 was created to restore the
-# previous behavior, but still allow the documented behavior. (We did this
-# because it wasn't really causing an security issues since AntiSamy would clean
-# it up anyway and we value backward compatibility as long as it doesn't clearly
-# present security vulnerabilities.)
-# More defaults about this are written up under GitHub issue #521 and
-# the pull request it references. Future major releases of ESAPI (e.g., ESAPI 3.x)
-# will not support this previous behavior, but it will remain for ESAPI 2.x.
-# Set this to 'throw' if you want the originally intended behavior of throwing
-# that was fixed via issue #509. Set to 'clean' if you want want the HTML input
-# sanitized instead.
-#
-# Possible values:
-#   clean -- Use the legacy behavior where unsafe HTML input is logged and the
-#            sanitized (i.e., clean) input as determined by AntiSamy and your
-#            AntiSamy rules is returned. This is the default behavior if this
-#            new property is not found.
-#   throw -- The new, presumably correct and originally intended behavior where
-#            a ValidationException is thrown when unsafe HTML input is
-#            encountered.
-#
-#Validator.HtmlValidationAction=clean
-Validator.HtmlValidationAction=throw
-
-# With the fix for #310 to enable loading antisamy-esapi.xml from the classpath
-# also an enhancement was made to be able to use a different filename for the configuration.
-# You don't have to configure the filename here, but in that case the code will keep looking for antisamy-esapi.xml.
-# This is the default behaviour of ESAPI.
-#
-#Validator.HtmlValidationConfigurationFile=antisamy-esapi.xml

spring-security-modules/spring-5-security/src/main/resources/templates/index.html

@@ -1,11 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<head>
-    <title>Home</title>
-    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-</head>
-<body>
-   Home
-   Welcome!
-</body>
-</html>

spring-security-modules/spring-security-core-2/README.md

@@ -5,6 +5,9 @@ This module contains articles about core Spring Security
 ### Relevant Articles:
 - [Handle Spring Security Exceptions](https://www.baeldung.com/spring-security-exceptions)
 - [Handle Spring Security Exceptions With @ExceptionHandler](https://www.baeldung.com/spring-security-exceptionhandler)
+- [Prevent Cross-Site Scripting (XSS) in a Spring Application](https://www.baeldung.com/spring-prevent-xss)
+- [Guide to the AuthenticationManagerResolver in Spring Security](https://www.baeldung.com/spring-security-authenticationmanagerresolver)
+- [A Custom Spring SecurityConfigurer|https://www.baeldung.com/spring-security-custom-configurer]
 
 ### Build the Project
 

spring-security-modules/spring-security-core-2/src/test/java/com/baeldung/SpringContextTest.java

@@ -1,5 +1,6 @@
 package com.baeldung;
 
+
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.boot.test.context.SpringBootTest;

spring-security-modules/spring-security-web-login-2/README.md

@@ -0,0 +1,9 @@
+## Spring Security Login - 2
+
+This module contains articles about login/logout mechanisms with Spring Security.
+
+## Relevant articles:
+
+- [Manual Logout With Spring Security](https://www.baeldung.com/spring-security-manual-logout)
+- [How to Disable Spring Security Logout Redirects](https://www.baeldung.com/spring-security-disable-logout-redirects)
+- More articles: [[<-- prev]](/spring-security-modules/spring-security-web-login)

spring-security-modules/spring-security-web-login-2/pom.xml

@@ -3,11 +3,10 @@
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
-    <artifactId>spring-5-security</artifactId>
+    <artifactId>spring-security-web-login-2</artifactId>
     <version>0.0.1-SNAPSHOT</version>
-    <name>spring-5-security</name>
+    <name>spring-security-web-login-2</name>
     <packaging>jar</packaging>   
-    <description>spring 5 security sample project</description>
 
     <parent>
         <groupId>com.baeldung</groupId>
@@ -47,21 +46,6 @@
             <artifactId>spring-security-test</artifactId>
             <scope>test</scope>
         </dependency>
-        <dependency>
-            <groupId>org.owasp.esapi</groupId>
-            <artifactId>esapi</artifactId>
-            <version>${esapi.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.jsoup</groupId>
-            <artifactId>jsoup</artifactId>
-            <version>${jsoup.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>commons-io</groupId>
-            <artifactId>commons-io</artifactId>
-            <version>${commons-io.version}</version>
-        </dependency>
     </dependencies>
 
     <build>
@@ -69,16 +53,8 @@
             <plugin>
                 <groupId>org.springframework.boot</groupId>
                 <artifactId>spring-boot-maven-plugin</artifactId>
-                <configuration>
-                    <mainClass>com.baeldung.passwordstorage.PasswordStorageApplication</mainClass>
-                    <layout>JAR</layout>
-                </configuration>
             </plugin>
         </plugins>
     </build>
 
-    <properties>
-        <jsoup.version>1.13.1</jsoup.version>
-    </properties>
-
 </project>

spring-security-modules/spring-security-web-login-2/src/main/resources/application.properties

@@ -2,6 +2,4 @@ server.port=8081
 
 logging.level.root=INFO
 
-logging.level.com.baeldung.dsl.ClientErrorLoggingFilter=DEBUG
-
 logging.level.org.springframework.security=DEBUG

spring-security-modules/spring-security-web-login/README.md

@@ -13,6 +13,7 @@ The "Learn Spring Security" Classes: http://github.learnspringsecurity.com
 - [Spring Security – Redirect to the Previous URL After Login](https://www.baeldung.com/spring-security-redirect-login)
 - [Spring Security Custom AuthenticationFailureHandler](https://www.baeldung.com/spring-security-custom-authentication-failure-handler)
 - [Extra Login Fields with Spring Security](https://www.baeldung.com/spring-security-extra-login-fields)
+- More articles: [[next -->]](/spring-security-modules/spring-security-web-login-2)
 
 ### Build the Project
 ```

spring-security-modules/spring-security-web-rest-basic-auth/README.md

@@ -11,3 +11,6 @@ The "Learn Spring Security" Classes: http://github.learnspringsecurity.com
 - [Basic Authentication with the RestTemplate](https://www.baeldung.com/how-to-use-resttemplate-with-basic-authentication-in-spring)
 - [A Custom Filter in the Spring Security Filter Chain](https://www.baeldung.com/spring-security-custom-filter)
 - [Spring Security Basic Authentication](https://www.baeldung.com/spring-security-basic-authentication)
+- [New Password Storage In Spring Security 5](https://www.baeldung.com/spring-security-5-password-storage)
+- [Default Password Encoder in Spring Security 5](https://www.baeldung.com/spring-security-5-default-password-encoder)
+

spring-security-modules/spring-security-web-rest-basic-auth/pom.xml

@@ -10,28 +10,29 @@
 
     <parent>
         <groupId>com.baeldung</groupId>
-        <artifactId>parent-spring-5</artifactId>
+        <artifactId>parent-boot-2</artifactId>
         <version>0.0.1-SNAPSHOT</version>
-        <relativePath>../../parent-spring-5</relativePath>
+       <relativePath>../../parent-boot-2</relativePath>
     </parent>
 
     <dependencies>
+    <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
         <!-- Spring Security -->
         <dependency>
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-web</artifactId>
-            <version>${spring-security.version}</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-config</artifactId>
-            <version>${spring-security.version}</version>
         </dependency>
         <!-- Spring -->
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-core</artifactId>
-            <version>${spring.version}</version>
             <exclusions>
                 <exclusion>
                     <artifactId>commons-logging</artifactId>
@@ -42,59 +43,48 @@
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-context</artifactId>
-            <version>${spring.version}</version>
         </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-jdbc</artifactId>
-            <version>${spring.version}</version>
         </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-beans</artifactId>
-            <version>${spring.version}</version>
         </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-aop</artifactId>
-            <version>${spring.version}</version>
         </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-tx</artifactId>
-            <version>${spring.version}</version>
         </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-expression</artifactId>
-            <version>${spring.version}</version>
         </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-web</artifactId>
-            <version>${spring.version}</version>
         </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-webmvc</artifactId>
-            <version>${spring.version}</version>
         </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-oxm</artifactId>
-            <version>${spring.version}</version>
         </dependency>
         <!-- marshalling -->
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>${jackson.version}</version>
         </dependency>
         <!-- http -->
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpcore</artifactId>
-            <version>${httpcore.version}</version>
             <exclusions>
                 <exclusion>
                     <artifactId>commons-logging</artifactId>
@@ -105,7 +95,6 @@
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpclient</artifactId>
-            <version>${httpclient.version}</version>
             <exclusions>
                 <exclusion>
                     <artifactId>commons-logging</artifactId>
@@ -136,7 +125,6 @@
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-test</artifactId>
-            <version>${spring.version}</version>
             <scope>test</scope>
         </dependency>
     </dependencies>

xml-2/pom.xml

@@ -20,6 +20,12 @@
             <artifactId>dom4j</artifactId>
             <version>${dom4j.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-api</artifactId>
+            <version>${junit-jupiter.version}</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>

xml-2/src/main/java/com/baeldung/xml/validation/XmlErrorHandler.java

@@ -0,0 +1,35 @@
+package com.baeldung.xml.validation;
+
+import org.xml.sax.ErrorHandler;
+import org.xml.sax.SAXParseException;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class XmlErrorHandler implements ErrorHandler {
+
+    private List<SAXParseException> exceptions;
+
+    public XmlErrorHandler() {
+        this.exceptions = new ArrayList<>();
+    }
+
+    public List<SAXParseException> getExceptions() {
+        return exceptions;
+    }
+
+    @Override
+    public void warning(SAXParseException exception) {
+        exceptions.add(exception);
+    }
+
+    @Override
+    public void error(SAXParseException exception) {
+        exceptions.add(exception);
+    }
+
+    @Override
+    public void fatalError(SAXParseException exception) {
+        exceptions.add(exception);
+    }
+}

xml-2/src/main/java/com/baeldung/xml/validation/XmlValidator.java

@@ -0,0 +1,62 @@
+package com.baeldung.xml.validation;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.xml.sax.SAXException;
+import org.xml.sax.SAXParseException;
+
+import javax.xml.XMLConstants;
+import javax.xml.transform.Source;
+import javax.xml.transform.stream.StreamSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.SchemaFactory;
+import javax.xml.validation.Validator;
+import java.io.File;
+import java.io.IOException;
+import java.util.List;
+
+public class XmlValidator {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(XmlValidator.class);
+
+    private String xsdPath;
+    private String xmlPath;
+
+    public XmlValidator(String xsdPath, String xmlPath) {
+        this.xsdPath = xsdPath;
+        this.xmlPath = xmlPath;
+    }
+
+    public boolean isValid() throws IOException, SAXException {
+        Validator validator = initValidator(xsdPath);
+        try {
+            validator.validate(new StreamSource(getFile(xmlPath)));
+            return true;
+        } catch (SAXException e) {
+            return false;
+        }
+    }
+
+    public List<SAXParseException> listParsingExceptions() throws IOException, SAXException {
+        XmlErrorHandler xsdErrorHandler = new XmlErrorHandler();
+        Validator validator = initValidator(xsdPath);
+        validator.setErrorHandler(xsdErrorHandler);
+        try {
+            validator.validate(new StreamSource(getFile(xmlPath)));
+        } catch (SAXParseException e) {}
+        xsdErrorHandler.getExceptions().forEach(e -> LOGGER.info(e.getMessage()));
+        return xsdErrorHandler.getExceptions();
+    }
+
+    private Validator initValidator(String xsdPath) throws SAXException {
+        SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
+        Source schemaFile = new StreamSource(getFile(xsdPath));
+        Schema schema = factory.newSchema(schemaFile);
+        return schema.newValidator();
+    }
+
+    private File getFile(String location) {
+        return new File(getClass().getClassLoader().getResource(location).getFile());
+    }
+
+}

xml-2/src/main/resources/xml/validation/baeldung.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<individual>
+    <name>Baeldung</name>
+    <address>
+        <zip>00001</zip>
+        <city>New York</city>
+    </address>
+</individual>

xml-2/src/main/resources/xml/validation/full-person.xsd

@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
+    <xs:element name="individual">
+        <xs:complexType>
+            <xs:sequence>
+                <xs:element name="name">
+                    <xs:simpleType>
+                        <xs:restriction base="xs:string">
+                            <xs:maxLength value="5" />
+                        </xs:restriction>
+                    </xs:simpleType>
+                </xs:element>
+                <xs:element name="address">
+                    <xs:complexType>
+                        <xs:sequence>
+                            <xs:element name="zip" type="xs:positiveInteger" />
+                            <xs:element name="city" type="xs:string" />
+                            <xs:element name="street" type="xs:string" />
+                        </xs:sequence>
+                    </xs:complexType>
+                </xs:element>
+            </xs:sequence>
+        </xs:complexType>
+    </xs:element>
+</xs:schema>

xml-2/src/main/resources/xml/validation/person.xsd

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
+    <xs:element name="individual">
+        <xs:complexType>
+            <xs:sequence>
+                <xs:element name="name" type="xs:string" />
+                <xs:element name="address">
+                    <xs:complexType>
+                        <xs:sequence>
+                            <xs:element name="zip" type="xs:positiveInteger" />
+                            <xs:element name="city" type="xs:string" />
+                        </xs:sequence>
+                    </xs:complexType>
+                </xs:element>
+            </xs:sequence>
+        </xs:complexType>
+    </xs:element>
+</xs:schema>

xml-2/src/test/java/com/baeldung/xml/validation/XmlValidatorUnitTest.java

@@ -0,0 +1,35 @@
+package com.baeldung.xml.validation;
+
+import org.junit.jupiter.api.Test;
+import org.xml.sax.SAXException;
+import java.io.IOException;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+class XmlValidatorUnitTest {
+
+    private static final String BAELDUNG_XML_PATH = "xml/validation/baeldung.xml";
+    private static final String PERSON_XSD_PATH = "xml/validation/person.xsd";
+    private static final String FULL_PERSON_XSD_PATH = "xml/validation/full-person.xsd";
+
+    @Test
+    public void givenValidXML_WhenIsValid_ThenTrue() throws IOException, SAXException {
+        assertTrue(new XmlValidator(PERSON_XSD_PATH, BAELDUNG_XML_PATH).isValid());
+    }
+
+    @Test
+    public void givenInvalidXML_WhenIsValid_ThenFalse() throws IOException, SAXException {
+        assertFalse(new XmlValidator(FULL_PERSON_XSD_PATH, BAELDUNG_XML_PATH).isValid());
+    }
+
+    @Test
+    public void givenValidXML_WhenListParsingExceptions_ThenNone() throws IOException, SAXException {
+        assertEquals(0, new XmlValidator(PERSON_XSD_PATH, BAELDUNG_XML_PATH).listParsingExceptions().size());
+    }
+
+    @Test
+    public void givenInvalidXML_WhenListParsingExceptions_ThenHasThree() throws IOException, SAXException {
+        assertEquals(3, new XmlValidator(FULL_PERSON_XSD_PATH, BAELDUNG_XML_PATH).listParsingExceptions().size());
+    }
+
+}