spring-security

Commit Graph

Author	SHA1	Message	Date
Darren Forsythe	5556b821e3	Check for multiple access tokens per rfc 6750 Check for multiple access tokens on the ServerHttpRequest rather than get get first. If multiples are found throw a OAuth2AuthenticationException. Closes gh-5708	2021-09-28 08:07:06 -06:00
Ashley Scopes	171522ebf2	Replace usages of deprecated OAuth2IntrospectionClaimNames Replace all usages of OAuth2IntrospectionClaimNames with the suggested OAuth2TokenIntrospectionClaimNames. There does not appear to be any further usages of OAuth2IntrospectionClaimNames, so it should be suitable for removal when appropriate in accordance with the deprecation policy.	2021-09-15 15:05:08 -06:00
Ashley Scopes	7ccc915b2b	Ensuring consistency in error handling of opaque providers/managers The OpaqueTokenAuthenticationProvider now propagates the cause of introspection exceptions in the same way that the reactive OpaqueTokenReactiveAuthenticationManager does. Fixed a final field warning on both OpaqueTokenAuthenticationProvider and OpaqueTokenReactiveAuthenticationManager.	2021-09-15 15:05:08 -06:00
Ashley Scopes	e9d5bbba34	Fixed final field warnings in opaque token introspectors	2021-09-15 15:05:08 -06:00
Ashley Scopes	95c2403968	Fixed potential NullPointerException in opaque token introspection It appears Nimbus does not check the presence of the Content-Type header before parsing it in some versions, and since prior to this commit, the code is .toString()-ing the result, a malformed response (such as that from a misbehaving cloud gateway) that does not include a Content-Type would currently throw a NullPointerException. In addition to this, I have added a little more information to the log output for this module on the standard and reactive implementations to aid in debugging authorization/authentication issues much more easily.	2021-09-15 15:05:08 -06:00
Ashley Scopes	dd43d9198b	Amended treatment of OAuth2 'iss' claim Prior to this commit, the OAuth2 resource server code is failing any issuer that is not a valid URL. This does not correspond to https://datatracker.ietf.org/doc/html/rfc7662#page-7 which redirects to https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.1, defining an issuer as being a "StringOrURI", which is defined at https://datatracker.ietf.org/doc/html/rfc7519#page-5 as being an "arbitrary string value" that "MUST be a URI" only for "any value containing a ':'". The issue currently is that an issuer that is not a valid URL may be provided, which will automatically result in the request being aborted due to being invalid. I have removed the check entirely, since while the claim could be invalid, it is still a response that the OAuth2 introspection endpoint has provided. In the liklihood that interpretations of this behaviour are different for the OAuth2 server implementation in use, this currently stops Spring Security from being able to be used at all without implementing a custom introspector from scratch. It is also worth noting that the spec does not specify whether it is valid to normalize issuers or not if they are valid URLs. This may cause other unintended side effects as a result of this change, so it is safer to disable it entirely.	2021-09-15 15:05:08 -06:00
/usr/local/ΕΨΗΕΛΩΝ	4302a86fad	Default principalClaimName to SUB Closes gh-10214	2021-08-20 15:02:22 -06:00
Josh Cummings	cdc902d04d	Update SpringOpaqueTokenIntrospector Issue gh-9647	2021-08-12 16:52:02 -06:00
Dávid Kováč	3ff825576b	Move and rename OAuth2IntrospectionClaimAccessor/Names Introduced OAuth2TokenIntrospectionClaimAccessor and OAuth2TokenIntrospectionClaimNames with copied implementation from OAuth2IntrospectionClaimAccessor/Names. OAuth2IntrospectionClaimAccessor and OAuth2IntrospectionClaimNames are now deprecated. Also method getScopes() returning list of scopes was introduced and getScope() is now deprecated. Closes gh-9647	2021-08-12 16:51:33 -06:00
Josh Cummings	6370906ead	Add SpringOpaqueTokenIntrospector Closes gh-9354	2021-07-26 10:50:50 -06:00
Rob Winch	f73f213f50	Remove DependencySetPlugin Closes gh-10070	2021-07-12 15:31:38 -05:00
Rob Winch	3e93b024d6	openrewrite Junit Migration	2021-07-09 14:32:52 -05:00
Eleftheria Stein	204a32aba8	Replace < and > with &lt and &gt in Javadoc Closes gh-9847	2021-06-04 12:26:07 +03:00
Marcus Hert da Coregio	6413511eb6	Update Deprecated Property in Opaque Token Introspectors Update NimbusOpaqueTokenIntrospector and NimbusReactiveOpaqueTokenIntrospector to use MediaType.APPLICATION_JSON instead of the deprecated MediaType.APPLICATION_JSON_UTF8 Closes gh-9353	2021-05-06 13:47:09 -06:00
Josh Cummings	7ded671858	Refactor AuthenticationDetailsSource support - BearerTokenAuthenticationFilter exposes this directly, simplifying configuration and removing a package tangle Closes gh-9576	2021-04-09 12:41:16 -06:00
Rob Winch	f3f1106624	Update io.spring.javaformat to 0.0.27 Closes gh-9553	2021-04-05 22:23:59 -05:00
Rob Winch	60d3db5798	add management platform(project(":spring-security-dependencies")) Closes gh-9540	2021-04-05 10:36:36 -05:00
Rob Winch	1a76ee7442	Update Gradle configuration names Closes gh-9540	2021-04-05 10:36:36 -05:00
Eleftheria Stein	4a492846f1	Revert "Lock dependencies for 2.5.0-M3" This reverts commit `f05cc6269c`.	2021-03-15 23:18:45 +01:00
Eleftheria Stein	f05cc6269c	Lock dependencies for 2.5.0-M3	2021-03-15 11:00:19 +01:00
Josh Cummings	b774e91734	Polish BearerTokenAuthenticationConverter Issue gh-8840	2021-03-12 15:05:06 -07:00
Jeongjin Kim	31f310fd22	Add BearerTokenAuthenticationConverter BearerTokenAuthenticationConverter is introduced to solve the problem of not being able to change AuthenticationDetailsSource. BearerTokenAuthenticationFilter delegates to BearerTokenAuthenticationConverter the task of creating BearerTokenAuthenticationToken and setting AuthenticationDetailsSource. BearerTokenAuthenticationConverter is customizable and the customized converter can be used in BearerTokenAuthenticationFilter. Closes gh-8840	2021-03-12 15:05:06 -07:00
Josh Cummings	c4be1c6a56	Revert "Lock Dependencies" This reverts commit `a85caa4098`.	2021-02-11 15:49:59 -07:00
Josh Cummings	a85caa4098	Lock Dependencies	2021-02-11 15:00:38 -07:00
Josh Cummings	ccb3b02888	Bearer Token Server-side Errors Return 500 Closes gh-9395	2021-02-10 12:35:34 -07:00
Josh Cummings	6499a235b0	Suppress Compiler Warnings	2021-01-08 11:30:28 -07:00
olivier.antoine	808b8c3256	Avoid ClassCastException if principalClaim value is not a String Closes gh-9212	2020-12-02 16:15:10 -07:00
grimsa	c002c6f9f3	Add ClaimAccessor#hasClaim The new method is intended to replace ClaimAccessor#containsClaim, the return type of which was non-primitive Boolean. The existing containsClaim method is now deprecated. Closes gh-9201	2020-11-25 11:58:17 -07:00
Josh Cummings	b0d4e500a8	Polish Add DelegatingJwtGrantedAuthoritiesConverter - Adjusted internal logic to follow DelegatingOAuth2TokenValidator - Changed JavaDoc to align more closely with JwtGrantedAuthoritiesConverter - Polished test names to follow Spring Security naming convention - Updated test class name to follow Spring Security naming convention - Polished tests to use TestJwts - Added tests to address additional use cases Closes gh-7596	2020-11-24 15:31:07 -07:00
Ropi	97cc119d86	Add DelegatingJwtGrantedAuthoritiesConverter Closes gh-7596	2020-11-24 14:18:40 -07:00
Josh Cummings	af669a2166	Remove Reliance on BearerTokenResolver Closes gh-9186	2020-11-12 15:40:55 -07:00
Joe Grandja	b95e1aa209	Revert "Lock dependencies for 5.5.0-M1" This reverts commit `25a7482c8c`.	2020-11-03 19:53:28 -05:00
Arvid Ottenberg	d0d655e18d	Allow Customization of Bearer Token Resolution Closes gh-8535	2020-11-03 14:34:46 -07:00
Rob Winch	25a7482c8c	Lock dependencies for 5.5.0-M1	2020-10-30 17:52:03 -05:00
Josh Cummings	366146ff80	Polish JWT Signature Algorithm Discovery - Moved support to JwtDecoders and ReactiveJwtDecoders since there is already the expectation that those classes make an outbound connection to complete configuration. Since there's no outbound connection when configuring a NimbusJwtDecoder or NimbusReactiveJwtDecoder, it would be more intrusive to change that. Closes gh-7160	2020-10-09 14:17:30 -06:00
Nick Hitchan	290786438c	Add Support for JWK Signature Algorithm Discovery Issue gh-7160	2020-10-09 13:09:38 -06:00
Phillip Webb	c502312719	Replace expected @Test attributes with AssertJ Replace JUnit expected @Test attributes with AssertJ calls.	2020-09-22 16:13:51 -06:00
Joe Grandja	7b1f574769	Revert "Lock Dependency Versions for 5.4.0" This reverts commit `3d0e459182`.	2020-09-09 18:14:12 -04:00
Joe Grandja	3d0e459182	Lock Dependency Versions for 5.4.0	2020-09-09 13:45:03 -04:00
Josh Cummings	bf067d679f	Add Logging to Resource Server Closes gh-9000	2020-09-08 13:09:33 -06:00
Rob Winch	2abf59b695	Merge Formatting Changes Issue gh-8945	2020-08-24 17:33:23 -05:00
Rob Winch	36ae1fe3f9	Polish oauth2-resource-server format Issue gh-8945	2020-08-24 17:33:09 -05:00
Phillip Webb	319d3364aa	Migrate to assertThatExceptionOfType Consistently use `assertThatExceptionOfType(...).isThrownBy(...)` rather than `assertThatCode` or `assertThatThrownBy`. This aligns with Spring Boot and Spring Cloud. It also allows the convenience `assertThatIllegalArgument` and `assertThatIllegalState` methods to be used. Issue gh-8945	2020-08-24 17:33:09 -05:00
Phillip Webb	a5aa6b3d7f	Remove blank lines from all tests Remove all blank lines from test code so that test methods are visually grouped together. This generally helps to make the test classes easer to scan, however, the "given" / "when" / "then" blocks used by some tests are now not as easy to discern. Issue gh-8945	2020-08-24 17:33:09 -05:00
Phillip Webb	ba19a9e4b6	Polish spring-security-oauth2-resource-server main code Manually polish `spring-security-oauth-resource-server` following the formatting and checkstyle fixes. Issue gh-8945	2020-08-24 17:33:09 -05:00
Phillip Webb	612fb22a7f	Remove unnecessary lambda blocks Remove lambda blocks that aren't needed and replace instead with a simple expression. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	52f20b5281	Use parenthesis with single-arg lambdas Use regular expression search/replace to ensure all single-arg lambdas have parenthesis. This aligns with the style used in Spring Boot and ensure that single-arg and multi-arg lambdas are consistent. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	01d90c9881	Hide utility class constructors Update all utility classes so that they have a private constructor. This prevents users from accidentally creating an instance, when they should just use the static methods directly. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	ff94944313	Add whitespace after copyright header Add an additional lines after the copyright header and before the `package` declaration. This aligns with the style used by Spring Framework. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	8d80166aaf	Update exception variable names Consistently use `ex` for caught exception and `cause` for Exception constructor arguments. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	e9130489a6	Remove restricted static imports Replace static imports with class referenced methods. With the exception of a few well known static imports, checkstyle restricts the static imports that a class can use. For example, `asList(...)` would be replaced with `Arrays.asList(...)`. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	db55ef4b3b	Migrate to BDD Mockito Migrate Mockito imports to use the BDD variant. This aligns better with the "given" / "when" / "then" style used in most tests since the "given" block now uses Mockito `given(...)` calls. The commit also updates a few tests that were accidentally using Power Mockito when regular Mockito could be used. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	9e08b51ed3	Apply code cleanup rules to projects Apply automated cleanup rules to add `@Override` and `@Deprecated` annotations and to fix class references used with static methods. Issue gh-8945	2020-08-24 17:33:07 -05:00
Phillip Webb	8866fa6fb0	Always use 'this.' when accessing fields Apply an Eclipse cleanup rules to ensure that fields are always accessed using `this.`. This aligns with the style used by Spring Framework and helps users quickly see the difference between a local and member variable. Issue gh-8945	2020-08-24 17:33:07 -05:00
Phillip Webb	37fa94fafc	Organize imports Use "organize imports" from Eclipse to cleanup import statements so that they appear in a consistent and well defined order. Issue gh-8945	2020-08-24 17:33:07 -05:00
Phillip Webb	5f64f53c3f	Use consistent "@" tag order in Javadoc Ensure that Javadoc "@" tags appear in a consistent and well defined order. Issue gh-8945	2020-08-24 17:33:07 -05:00
Phillip Webb	b7fc18262d	Reformat code using spring-javaformat Run `./gradlew format` to reformat all java files. Issue gh-8945	2020-08-24 17:32:56 -05:00
Joe Grandja	1d74d556c2	Revert "Lock Dependency Versions for 5.4.0-RC1" This reverts commit `f3a1e5d40c`.	2020-08-05 14:59:11 -04:00
Joe Grandja	f3a1e5d40c	Lock Dependency Versions for 5.4.0-RC1	2020-08-05 13:46:11 -04:00
Joe Grandja	3bc0b8c144	Revert "Fix snapshot build failure related to reactor-netty" This reverts commit `f37714a26f`.	2020-08-04 14:24:32 -04:00
Joe Grandja	f37714a26f	Fix snapshot build failure related to reactor-netty Closes gh-8909	2020-08-04 14:17:03 -04:00
Dávid Kováč	dfaf251970	Resolve Bearer token after subscribing to publisher Bearer token was resolved immediately after calling method convert. In situations when malformed token was provided or authorization header and access token query param were present in request exception was thrown instead of signalling error. After this change Bearer token is resolved on subscription and invalid states are handled by signaling error to subscriber. Closes gh-8865	2020-08-03 11:04:21 -05:00
Josh Cummings	d3bea02124	Polish Bearer Token Padding Issue gh-8502	2020-07-15 18:14:39 -06:00
kothasa	d38dabac02	Bearer Token Padding Closes gh-8502	2020-07-15 18:13:51 -06:00
Josh Cummings	221c33f558	Polish OAuth2IntrospectionAuthenticatedPrincipal Removed some duplication by delegating to DefaultOAuth2AuthenticatedPrincipal Changed order of listed interfaces to satisfy compiler issue. When listed with OAuth2AuthenticatedPrincipal first, then OAuth2ResourceServerBeanDefinitionParserTests would fail to import OpaqueTokenBeanDefinitionParser. Switching OAuth2AuthenticatedPrincipal with OAuth2IntrospectionClaimAccessor resolved the compilation issue. Issue gh-6489	2020-07-09 18:01:55 -06:00
Dávid Kováč	af1c96b425	Simplify OAuth 2.0 Introspection Attribute Retrieval In order to simplify retrieving of OAuth 2.0 Introspection specific attributes, OAuth2IntrospectionClaimAccessor interface was introduced and also new OAuth2AuthenticatedPrincipal implementing this new interface (OAuth2IntrospectionAuthenticatedPrincipal). Also DefaultOAuth2AuthenticatedPrincipal was replaced by OAuth2IntrospectionAuthenticatedPrincipal in cases where OAuth 2.0 Introspection is performed (NimbusOpaqueTokenIntrospector, NimbusReactiveOpaqueTokenIntrospector). DefaultOAuth2AuthenticatedPrincipal can be still used by applications that introspected the token without OAuth 2.0 Introspection. OAuth2IntrospectionAuthenticatedPrincipal will also be used as a default principal in tests where request is post-processed/mutated by OpaqueTokenRequestPostProcessor/OpaqueTokenMutator. Closes gh-6489	2020-07-09 17:26:13 -06:00
Josh Cummings	146d0b6358	Revert "Lock Dependency Versions for 5.4.0-M2" This reverts commit `68538897c8`.	2020-07-01 13:11:50 -06:00
Josh Cummings	68538897c8	Lock Dependency Versions for 5.4.0-M2	2020-07-01 12:40:29 -06:00
Rob Winch	ca1252be94	Replace whitelist with allowlist Issue gh-8676	2020-06-10 11:49:21 -05:00
Joe Grandja	86ca6b013c	Unlock dependencies This reverts commit `206960cf44`.	2020-05-06 17:27:35 -04:00
Joe Grandja	206960cf44	Lock dependencies for 5.4.0-M1	2020-05-06 17:13:04 -04:00
Julian Müller	60d4d5b7ee	Enables empty authorityPrefix - docs stated that empty authorityPrefix are allowed but implementation denied to use `""` - commit removes the `hasText`-limitation but restricts to `notNull` Fixes gh-8421	2020-04-22 08:52:54 -05:00
Evgeniy Cheban	a70d55552b	Resource Server Finds JwtAuthenticationConverter Beans Fixes gh-8185	2020-04-13 22:47:20 -06:00
Teddy Reinert	2f8eb16d76	Allow custom header during bearer token extraction Added ability to specify the header that ServerBearerTokenAuthenticationConverter and DefaultBearerTokenResolver use to extract a Bearer Token. Fixes gh-8337	2020-04-09 10:36:03 -06:00
Evgeniy Cheban	25fb1f417d	Added setPrincipalClaimName to JwtAuthenticationConverter Fixes gh-8186	2020-04-07 16:20:43 -06:00
Josh Cummings	6eadf7b140	Unlock dependencies for 5.3.0.RELEASE This reverts commit `147d7dadd7`.	2020-03-04 12:02:48 -07:00
Josh Cummings	147d7dadd7	Lock dependencies for 5.3.0.RELEASE	2020-03-04 10:28:39 -07:00
Roman Matiushchenko	9d66f2ccce	polish gh-7996 Make defensive collection copy as Collections.unmodifiableCollection does not protect from the source collection direct modification. Use Mono#map instead of Mono#flatMap as it allocates less. Use less operators to reduce allocations. Use lambda parameter instead of outer method parameter in authenticationManagers#computeIfAbsent() to make it non capturing so it could be cached by JVM. Propagate cause for InvalidBearerTokenException.	2020-02-27 09:29:43 -07:00
Roman Matiushchenko	04e671fb4d	Instantiate exceptions lazily Add lazy Exception instantiation to reduce allocations Fixes gh-7995	2020-02-27 09:29:43 -07:00
Joe Grandja	fa73b1397a	Add missing @FunctionalInterface in oauth2 modules Fixes gh-8020	2020-02-24 11:53:30 -05:00
Josh Cummings	a90e579350	Add JwtIssuerReactiveAuthenticationManagerResolver Fixes gh-7857	2020-02-06 13:45:13 -07:00
Eleftheria Stein	84b8a5abd7	Unlock dependencies for next development version This reverts commit `064616f1ef`.	2020-02-05 15:53:04 +01:00
Eleftheria Stein	064616f1ef	Lock dependencies for 5.3.0.RC1	2020-02-05 10:20:05 +01:00
Josh Cummings	209c81d65d	Add BadOpaqueTokenException Updated NimbusOpaqueTokenIntrospector and NimbusReactiveOpaqueTokenIntrospector to throw. Updated OpaqueTokenAuthenticationProvider and OpaqueTokenReactiveAuthenticationManager to catch. Fixes gh-7902	2020-02-04 17:33:08 -07:00
Josh Cummings	0c3754c811	Add BadJwtException Updated NimbusJwtDecoder and NimbusReactiveJwtDecoder to throw. Updated JwtAuthenticationProvider and JwtReactiveAuthenticationManager to catch. Fixes gh-7885	2020-02-04 17:33:08 -07:00
Josh Cummings	fbdecdafb8	Add Mapping to Invalid Bearer Token Fixes gh-7793	2020-02-04 17:33:08 -07:00
Josh Cummings	3e07b35611	Polish Bearer Token Error Handling Issue gh-7822 Issue gh-7823	2020-02-03 17:54:39 -07:00
Josh Cummings	1b15f74f57	Add InvalidBearerTokenException Fixes gh-7822	2020-02-03 17:54:39 -07:00
Josh Cummings	7b2fcd17f5	Add BearerTokenErrors Fixes gh-7823	2020-02-03 17:54:33 -07:00
Eleftheria Stein	fcc6457bef	Unlock dependencies for next development version This reverts commit `93acf8f0f1`.	2020-01-08 22:15:17 +01:00
Eleftheria Stein	93acf8f0f1	Lock dependencies for 5.3.0.M1	2020-01-08 19:41:10 +01:00
Josh Cummings	de87675f6d	Add JwtIssuerAuthenticationManagerResolver Fixes gh-7724	2020-01-07 23:30:42 -07:00
Rob Winch	65981444f1	Use Version Ranges Fixes gh-7788	2020-01-06 14:46:48 -06:00
Josh Cummings	ed02ef9773	Add Test for Malformed Scope Fixes gh-7563	2019-10-28 16:55:56 -06:00
Josh Cummings	387f765595	Catch Malformed BearerTokenError Descriptions Fixes gh-7549	2019-10-28 12:30:27 -06:00
Josh Cummings	33ba292fed	Resource Server w/ SecurityReactorContextSubscriber Fixes gh-7423	2019-09-27 11:01:04 -06:00
Rob Winch	00f8991fac	Merge Remove Redudant Throws Fixes gh-7301	2019-09-19 11:04:53 -05:00
Josh Cummings	05caf3d8fb	Use Jwt.Builder Fixes gh-7443	2019-09-16 14:00:25 -06:00
Josh Cummings	101e0a21a8	Bearer WebClient Filter Authentication Propagation Fixes: gh-7418	2019-09-11 16:27:21 +01:00
Josh Cummings	099d49aa40	Simplify currentAuthentication()	2019-09-04 15:33:41 -06:00
Josh Cummings	40ff837713	Polish Server\|ServletBearerExchangeFilterFunction Fixes gh-7353	2019-09-04 15:33:41 -06:00
Josh Cummings	d7f7e9d4b7	Add Jwt to BearerTokenAuthentication Converter Fixes gh-7346	2019-09-03 15:58:05 -06:00
Josh Cummings	068f4f0147	Polish Opaque Token Use OAuth2AuthenticatedPrincipal Use BearerTokenAuthentication Update names to reflect more generic approach. Fixes gh-7344 Fixes gh-7345	2019-09-03 15:58:05 -06:00
Josh Cummings	c019507770	Add BearerTokenAuthentication Fixes gh-7343	2019-09-03 15:58:05 -06:00
Josh Cummings	f350988285	Add Servlet and ServerBearerExchangeFilterFunction Fixes gh-5334 Fixes gh-7284	2019-09-03 15:29:06 -06:00
kostya05983	f6c650db47	Replace Streams with Loops First version of replacing streams fix wwwAuthenticate and codestyle fix errors in implementation to pass tests Fix review notes Remove uneccessary final to align with cb Short circuit way to authorize Simplify error message, make code readably Return error while duplicate key found Delete check for duplicate, checkstyle issues Return duplicate error Fixes gh-7154	2019-09-02 15:30:48 -06:00
Lars Grefer	95511331fa	fix checkstyle	2019-08-26 22:42:26 +02:00
watsta	2c2e8e5f24	Remove internal Optional usage in favor of null checks Issue gh-7155	2019-08-26 09:27:40 -04:00
Lars Grefer	34dd5fea30	Remove redundant throws clauses Removes exceptions that are declared in a method's signature but never thrown by the method itself or its implementations/derivatives.	2019-08-23 01:03:54 +02:00
Rob Winch	a377581951	Fix WebClient Memory Leaks WebClient exchange requires that the body is consumed. Before this commit there were places where an Exception was thrown without consuming the body if the status was not successful. There was also the potential for the statusCode invocation to throw an Exception of the status code was not defined which would cause a leak. This commit ensures that before the Exception is thrown the body is consumed. It also uses the http status in a way that will ensure an Exception is not thrown. Fixes gh-7293	2019-08-21 12:46:11 -05:00
Andreas Falk	766c4434d4	Improve test coverage of JwtGrantedAuthoritiesConverter Some negative test cases were missing. Added these to have full test coverage for JwtGrantedAuthoritiesConverter.	2019-08-19 21:14:07 -04:00
Andreas Falk	0a058c973a	Add setter for authorities claim name in JwtGrantedAuthoritiesConverter Prior to this change authorities are always mapped using well known claim names ('scope' or 'scp'). To change this default behaviour the converter had to be replaced completely with a custom one. This commit adds an additional setter to configure a custom claim name like e.g. 'roles'. Without specifying a custom claim name the default claims to be used still remains to the well known ones. This way the authorities can be mapped according to customized token claims. Fixes gh-7100	2019-08-19 21:14:07 -04:00
Andreas Falk	b45e57cc40	Add setter for authority prefix in JwtGrantedAuthoritiesConverter Prior to this change mapped authorities are always prefixed with default value 'SCOPE_'. To change this default behaviour the converter had to be replaced completely with a custom one. This commit adds an additional setter to configure a custom authority prefix like e.g. 'ROLE_'. Without specifying a custom prefix the default prefix still remains 'SCOPE_'. This way existing authorization checks using the standard 'ROLE_' prefix can be reused without lots of effort. Fixes gh-7101	2019-08-14 11:25:42 -04:00
Josh Cummings	4ed197e515	Rename OAuth2TokenIntrospectionClient Renamed to OpaqueTokenIntrospector Fixes gh-7245	2019-08-12 18:05:28 -04:00
Lars Grefer	ff1070df36	remove redundant modifiers found by checkstyle	2019-08-10 00:18:56 +02:00
Josh Cummings	d843818e48	Polish JwtGrantedAuthoritiesConverter Rework the implementation so that it is clearer that authorities are derived from a single claim. Issue: gh-6273	2019-08-02 14:54:04 -06:00
Eddú Meléndez	50adb6abcb	Fix javadoc	2019-07-31 15:36:30 -04:00
matkocsis	e584207a85	Loggin Fix for printing the full stack trace, spring-projects/spring-security#7110	2019-07-23 16:48:37 -05:00
Édouard Hue	e8dd1325fd	Fixed misleading OAuth2 error messages Error messages sent by BearerTokenAccessDeniedHandler included information about the scopes of the rejected token instead of the scopes required by the resource. * Removal of token scopes from error_description attribute. * Removal of scope attribute from WWW-Authenticate response header. Fixes gh-7089	2019-07-18 07:01:33 -04:00
Clement Ng	cd54808718	Update Opaque Token Sample and tests Issue: gh-6498	2019-07-02 07:45:56 -06:00
Clement Ng	491da9db03	Added OAuth2TokenAttributes to wrap attributes To simplify access to OAuth 2.0 token attributes Fixes gh-6498	2019-07-02 07:45:56 -06:00
Thomas Vitale	f9747e6591	BearerTokenAuthenticationFilter exposes AuthenticationFailureHandler Make BearerTokenAuthenticationFilter expose an AuthenticationFailureHandler which, by default, invokes the AuthenticationEntryPoint set in the filter. Fixes gh-7009	2019-07-01 05:24:29 -06:00
Rob Winch	6f5a443175	ServerBearerTokenAuthenticationConverter Handles Empty Tokens Previously ServerBearerTokenAuthenticationConverter would throw an IllegalArgumentException when the access token in a URI was empty String. It also incorrectly provided HttpStatus.BAD_REQUEST for an empty String access token in the headers. This changes ServerBearerTokenAuthenticationConverter to consistently throw a OAuth2AuthenticationException with an HttpStatus.UNAUTHORIZED Fixes gh-7011	2019-06-24 13:57:29 -06:00
Tadaya Tsuyukubo	3cb0975860	Accept Converter in ReactiveJwtAuthenticationConverterAdapter Currently, "ReactiveJwtAuthenticationConverterAdapter" takes "JwtAuthenticationConverter" as its constructor argument. However, this limits the usage of this adapter. In this commit, widen the constructor to take "Converter<Jwt, AbstractAuthenticationToken>" and allow this adapter to be used by generic converters.	2019-06-10 10:47:43 -06:00
Florian Aumeier	9fe8949883	Add @transient to OAuth2IntrospectionAuthenticationToken fixes gh-6829	2019-05-29 08:42:09 -06:00
Josh Cummings	af3c6d4972	JwtAuthenticationTokenTests Polish Using Jwt.Builder to clean up some of this test's config. Issue: gh-6893	2019-05-23 11:24:40 -06:00
Josh Cummings	936d28d328	JwtAuthenticationToken Polish Aligned JavaDoc and added tests to better assess getName's functionality. Issue: gh-6893	2019-05-23 10:59:45 -06:00
HaydenMeloche	f84ab3a255	Added constructors to support custom principal name closes #6893	2019-05-23 10:59:44 -06:00
Josh Cummings	d0f5b42884	Mock Jwt Test Support and Jwt.Builder Polish Simplified the initial support to introduce fewer classes and only the features described in the ticket. Changed tests to align with existing patterns in the repository. Added JavaDoc to remaining public methods introduced for this feature. Issue: gh-6634 Issue: gh-6851	2019-05-22 14:23:02 -06:00
Jérôme Wacongne	e59d8a529b	Mock Jwt Test Support and Jwt.Builder Fixes: gh-6634 Fixes: gh-6851	2019-05-22 14:23:02 -06:00
Josh Cummings	5840e25732	Polish OAuth2TokenIntrospectionClient Placed URI.create in constructor so that the code doesn't do that processing on each request. Also moved the construction helper methods up by the constructor for added readability. Issue: gh-6798	2019-05-14 07:50:16 -06:00
MD Sayem Ahmed	0bc60dca69	Add custom parameters to token introspection requests Added support for providing custom parameters to an OAuth 2.0 token introspection request. This is done by explicitly instantiating a NimbusOAuth2TokenIntrospectionClient instance and then setting a custom Converter implementation. Fixes gh-6798	2019-05-14 07:48:07 -06:00
Josh Cummings	047bd16b51	Propagate Exception in NimbusReactiveJwtDecoder Fixes: gh-6823	2019-05-08 17:25:02 -06:00
Josh Cummings	7200fa2dce	Copy Token Introspection Attributes Map Dereference Map passed into constructor for OAuth2IntrospectionAuthenticationToken. Fixes: gh-6843	2019-05-07 13:19:02 -06:00
Elena Felder	e6ac9759e2	Extract bearer token from arbitrary header.	2019-04-30 10:41:20 -06:00
Josh Cummings	b1195e7789	Opaque Token Intermediate Type Introducing OAuth2TokenIntrospectionClient and also ReactiveOAuth2TokenIntrospectionClient as configuration points. The DSL looks in the application context for these types in the same way it looks for JwtDecoder and ReactiveJwtDecoder, and exposes similar configuration methods. Fixes: gh-6632	2019-04-29 13:39:53 -06:00
Josh Cummings	7e8aadeb96	Multi-tenancy for Resource Server Fixes: gh-5351	2019-03-29 15:00:48 -06:00
Spring Operator	3b89754926	URL Cleanup This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener). # HTTP URLs that Could Not Be Fixed These URLs were unable to be fixed. Please review them to see if they can be manually resolved. * http://blog.opensecurityresearch.com/2012/02/json-csrf-with-parameter-padding.html (200) with 1 occurrences could not be migrated: ([https](https://blog.opensecurityresearch.com/2012/02/json-csrf-with-parameter-padding.html) result ClosedChannelException). * http://bouncy-castle.1462172.n4.nabble.com/Java-Bouncy-Castle-scrypt-implementation-td4656832.html (200) with 1 occurrences could not be migrated: ([https](https://bouncy-castle.1462172.n4.nabble.com/Java-Bouncy-Castle-scrypt-implementation-td4656832.html) result SSLHandshakeException). * http://cujojs.com/ (200) with 1 occurrences could not be migrated: ([https](https://cujojs.com/) result SSLHandshakeException). * http://erik.eae.net/archives/2007/07/27/18.54.15/ (200) with 1 occurrences could not be migrated: ([https](https://erik.eae.net/archives/2007/07/27/18.54.15/) result SSLHandshakeException). * http://javascript.nwbox.com/IEContentLoaded/ (200) with 1 occurrences could not be migrated: ([https](https://javascript.nwbox.com/IEContentLoaded/) result SSLHandshakeException). * http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2011-February/007533.html (200) with 1 occurrences could not be migrated: ([https](https://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2011-February/007533.html) result SSLHandshakeException). * http://monkeymachine.co.uk/ (200) with 2 occurrences could not be migrated: ([https](https://monkeymachine.co.uk/) result SSLHandshakeException). * http://perfectionkills.com/detecting-event-support-without-browser-sniffing/ (200) with 1 occurrences could not be migrated: ([https](https://perfectionkills.com/detecting-event-support-without-browser-sniffing/) result SSLHandshakeException). * http://somesite.com/login (200) with 3 occurrences could not be migrated: ([https](https://somesite.com/login) result AnnotatedConnectException). * http://someurl.com/ (200) with 2 occurrences could not be migrated: ([https](https://someurl.com/) result SSLHandshakeException). * http://sscce.org/ (200) with 1 occurrences could not be migrated: ([https](https://sscce.org/) result SSLHandshakeException). * http://webblaze.cs.berkeley.edu/papers/barth-caballero-song.pdf (200) with 2 occurrences could not be migrated: ([https](https://webblaze.cs.berkeley.edu/papers/barth-caballero-song.pdf) result 404). * http://www.example.com:80/ (200) with 1 occurrences could not be migrated: ([https](https://www.example.com:80/) result NotSslRecordException). * http://www.faqs.org/qa/rfcc-1940.html (200) with 3 occurrences could not be migrated: ([https](https://www.faqs.org/qa/rfcc-1940.html) result AnnotatedConnectException). * http://www.faqs.org/rfcs/rfc1945.html (200) with 2 occurrences could not be migrated: ([https](https://www.faqs.org/rfcs/rfc1945.html) result AnnotatedConnectException). * http://www.faqs.org/rfcs/rfc3548.html (200) with 3 occurrences could not be migrated: ([https](https://www.faqs.org/rfcs/rfc3548.html) result AnnotatedConnectException). * http://www.zytrax.com/books/ldap/ (200) with 2 occurrences could not be migrated: ([https](https://www.zytrax.com/books/ldap/) result AnnotatedConnectException). * http://blindsignals.com/index.php/2009/07/jquery-delay/ (301) with 1 occurrences could not be migrated: ([https](https://blindsignals.com/index.php/2009/07/jquery-delay/) result SSLHandshakeException). * http://www.faqs.org/ (301) with 1 occurrences could not be migrated: ([https](https://www.faqs.org/) result AnnotatedConnectException). * http://sam.zoy.org/wtfpl/ (301) with 2 occurrences could not be migrated: ([https](https://sam.zoy.org/wtfpl/) result SSLHandshakeException). * http://hey.openid.com/ (302) with 1 occurrences could not be migrated: ([https](https://hey.openid.com/) result SSLHandshakeException). * http://iharder.net/base64 (303) with 2 occurrences could not be migrated: ([https](https://iharder.net/base64) result AnnotatedConnectException). * http://jaspan.com/improved_persistent_login_cookie_best_practice (500) with 3 occurrences could not be migrated: ([https](https://jaspan.com/improved_persistent_login_cookie_best_practice) result AnnotatedConnectException). # Fixed URLs ## Fixed But Review Recommended These URLs were fixed, but the https status was not OK. However, the https status was the same as the http request or http redirected to an https URL, so they were migrated. Your review is recommended. * http://www.relaxng.org/ (301) with 1 occurrences migrated to: https://relaxng.org/ ([https](https://www.relaxng.org/) result SSLHandshakeException). * http://www.relaxng.org (301) with 1 occurrences migrated to: https://relaxng.org/ ([https](https://www.relaxng.org) result SSLHandshakeException). * http://tools.ietf.org/html/draft-ietf-websec-x-frame-options (301) with 2 occurrences migrated to: https://tools.ietf.org/html/draft-ietf-websec-x-frame-options ([https](https://tools.ietf.org/html/draft-ietf-websec-x-frame-options) result ReadTimeoutException). * http://foo.test.com (302) with 2 occurrences migrated to: https://www.test.com ([https](https://foo.test.com) result SSLHandshakeException). * http://abc.test.com (302) with 2 occurrences migrated to: https://www.test.com ([https](https://abc.test.com) result SSLHandshakeException). * http://192.168.1:8080 (ConnectTimeoutException) with 2 occurrences migrated to: https://192.168.1:8080 ([https](https://192.168.1:8080) result ConnectTimeoutException). * http://www.example.com:8080/mycontext/secure/page.html (ConnectTimeoutException) with 1 occurrences migrated to: https://www.example.com:8080/mycontext/secure/page.html ([https](https://www.example.com:8080/mycontext/secure/page.html) result ConnectTimeoutException). * http://www.example.com:8888/bigWebApp/hello (ConnectTimeoutException) with 1 occurrences migrated to: https://www.example.com:8888/bigWebApp/hello ([https](https://www.example.com:8888/bigWebApp/hello) result ConnectTimeoutException). * http://www.example.com:8888/bigWebApp/hello/pathInfo.html?open=true (ConnectTimeoutException) with 1 occurrences migrated to: https://www.example.com:8888/bigWebApp/hello/pathInfo.html?open=true ([https](https://www.example.com:8888/bigWebApp/hello/pathInfo.html?open=true) result ConnectTimeoutException). * http://www.opensymphony.com/sitemesh/decorator (ConnectTimeoutException) with 1 occurrences migrated to: https://www.opensymphony.com/sitemesh/decorator ([https](https://www.opensymphony.com/sitemesh/decorator) result ConnectTimeoutException). * http://www.opensymphony.com/sitemesh/page (ConnectTimeoutException) with 1 occurrences migrated to: https://www.opensymphony.com/sitemesh/page ([https](https://www.opensymphony.com/sitemesh/page) result ConnectTimeoutException). * http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd (ReadTimeoutException) with 1 occurrences migrated to: https://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd ([https](https://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd) result ReadTimeoutException). * http://axschema.org/ (UnknownHostException) with 2 occurrences migrated to: https://axschema.org/ ([https](https://axschema.org/) result UnknownHostException). * http://axschema.org/contact/email (UnknownHostException) with 23 occurrences migrated to: https://axschema.org/contact/email ([https](https://axschema.org/contact/email) result UnknownHostException). * http://axschema.org/namePerson (UnknownHostException) with 5 occurrences migrated to: https://axschema.org/namePerson ([https](https://axschema.org/namePerson) result UnknownHostException). * http://axschema.org/namePerson/first (UnknownHostException) with 4 occurrences migrated to: https://axschema.org/namePerson/first ([https](https://axschema.org/namePerson/first) result UnknownHostException). * http://axschema.org/namePerson/last (UnknownHostException) with 4 occurrences migrated to: https://axschema.org/namePerson/last ([https](https://axschema.org/namePerson/last) result UnknownHostException). * http://context.blah.com/context/remainder (UnknownHostException) with 1 occurrences migrated to: https://context.blah.com/context/remainder ([https](https://context.blah.com/context/remainder) result UnknownHostException). * http://default (UnknownHostException) with 12 occurrences migrated to: https://default ([https](https://default) result UnknownHostException). * http://endpoint (UnknownHostException) with 4 occurrences migrated to: https://endpoint ([https](https://endpoint) result UnknownHostException). * http://endpoint?id_token_hint=id-token (UnknownHostException) with 2 occurrences migrated to: https://endpoint?id_token_hint=id-token ([https](https://endpoint?id_token_hint=id-token) result UnknownHostException). * http://example.com&param1=value1&param2=value2 (UnknownHostException) with 1 occurrences migrated to: https://example.com&param1=value1&param2=value2 ([https](https://example.com&param1=value1&param2=value2) result UnknownHostException). * http://host/myapp/index.html;jsessionid=blah (UnknownHostException) with 1 occurrences migrated to: https://host/myapp/index.html;jsessionid=blah ([https](https://host/myapp/index.html;jsessionid=blah) result UnknownHostException). * http://http://context.blah.com/context/remainder (UnknownHostException) with 1 occurrences migrated to: https://http://context.blah.com/context/remainder ([https](https://https://context.blah.com/context/remainder) result UnknownHostException). * http://id.openid.zz (UnknownHostException) with 2 occurrences migrated to: https://id.openid.zz ([https](https://id.openid.zz) result UnknownHostException). * http://invalid-provider.com/oauth2/token (UnknownHostException) with 4 occurrences migrated to: https://invalid-provider.com/oauth2/token ([https](https://invalid-provider.com/oauth2/token) result UnknownHostException). * http://invalid-provider.com/user (UnknownHostException) with 4 occurrences migrated to: https://invalid-provider.com/user ([https](https://invalid-provider.com/user) result UnknownHostException). * http://issuer/.well-known/jwks.json (UnknownHostException) with 2 occurrences migrated to: https://issuer/.well-known/jwks.json ([https](https://issuer/.well-known/jwks.json) result UnknownHostException). * http://issuer/certs (UnknownHostException) with 1 occurrences migrated to: https://issuer/certs ([https](https://issuer/certs) result UnknownHostException). * http://jimi.hendrix.myopenid.com/ (UnknownHostException) with 1 occurrences migrated to: https://jimi.hendrix.myopenid.com/ ([https](https://jimi.hendrix.myopenid.com/) result UnknownHostException). * http://joe.myopenid.com/ (UnknownHostException) with 3 occurrences migrated to: https://joe.myopenid.com/ ([https](https://joe.myopenid.com/) result UnknownHostException). * http://logout (UnknownHostException) with 2 occurrences migrated to: https://logout ([https](https://logout) result UnknownHostException). * http://logout?id_token_hint=id-token (UnknownHostException) with 2 occurrences migrated to: https://logout?id_token_hint=id-token ([https](https://logout?id_token_hint=id-token) result UnknownHostException). * http://openid.aol.com/ (UnknownHostException) with 2 occurrences migrated to: https://openid.aol.com/ ([https](https://openid.aol.com/) result UnknownHostException). * http://pip.verisignlabs.com/server (UnknownHostException) with 2 occurrences migrated to: https://pip.verisignlabs.com/server ([https](https://pip.verisignlabs.com/server) result UnknownHostException). * http://postlogout?encodedparam%3Dvalue (UnknownHostException) with 2 occurrences migrated to: https://postlogout?encodedparam%3Dvalue ([https](https://postlogout?encodedparam%3Dvalue) result UnknownHostException). * http://postlogout?encodedparam=value (UnknownHostException) with 2 occurrences migrated to: https://postlogout?encodedparam=value ([https](https://postlogout?encodedparam=value) result UnknownHostException). * http://schema.openid.net/contact/email (UnknownHostException) with 5 occurrences migrated to: https://schema.openid.net/contact/email ([https](https://schema.openid.net/contact/email) result UnknownHostException). * http://schema.openid.net/namePerson (UnknownHostException) with 2 occurrences migrated to: https://schema.openid.net/namePerson ([https](https://schema.openid.net/namePerson) result UnknownHostException). * http://some.site.org/index.html (UnknownHostException) with 1 occurrences migrated to: https://some.site.org/index.html ([https](https://some.site.org/index.html) result UnknownHostException). * http://something/ (UnknownHostException) with 1 occurrences migrated to: https://something/ ([https](https://something/) result UnknownHostException). * http://specs.openid.net/auth/2.0 (UnknownHostException) with 2 occurrences migrated to: https://specs.openid.net/auth/2.0 ([https](https://specs.openid.net/auth/2.0) result UnknownHostException). * http://specs.openid.net/auth/2.0/identifier_select (UnknownHostException) with 4 occurrences migrated to: https://specs.openid.net/auth/2.0/identifier_select ([https](https://specs.openid.net/auth/2.0/identifier_select) result UnknownHostException). * http://wiki.fasterxml.com/JacksonFeatureModules (UnknownHostException) with 1 occurrences migrated to: https://wiki.fasterxml.com/JacksonFeatureModules ([https](https://wiki.fasterxml.com/JacksonFeatureModules) result UnknownHostException). * http://www.faqs (UnknownHostException) with 1 occurrences migrated to: https://www.faqs ([https](https://www.faqs) result UnknownHostException). * http://www.test123.com (UnknownHostException) with 1 occurrences migrated to: https://www.test123.com ([https](https://www.test123.com) result UnknownHostException). * http://en.wikipedia.org/wiki/Defense_in_depth_%28computing%29 (301) with 1 occurrences migrated to: https://en.wikipedia.org/wiki/Defense_in_depth_%2528computing%2529 ([https](https://en.wikipedia.org/wiki/Defense_in_depth_%28computing%29) result 400). * http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ForwardedRequestCustomizer.html (404) with 1 occurrences migrated to: https://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ForwardedRequestCustomizer.html ([https](https://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ForwardedRequestCustomizer.html) result 404). * http://example.com/auth (404) with 2 occurrences migrated to: https://example.com/auth ([https](https://example.com/auth) result 404). * http://example.com/info (404) with 2 occurrences migrated to: https://example.com/info ([https](https://example.com/info) result 404). * http://example.com/jwkset (404) with 2 occurrences migrated to: https://example.com/jwkset ([https](https://example.com/jwkset) result 404). * http://example.com/login/oauth2/code/registration-id (404) with 1 occurrences migrated to: https://example.com/login/oauth2/code/registration-id ([https](https://example.com/login/oauth2/code/registration-id) result 404). * http://example.com/login/oauth2/code/registration-id-2 (404) with 1 occurrences migrated to: https://example.com/login/oauth2/code/registration-id-2 ([https](https://example.com/login/oauth2/code/registration-id-2) result 404). * http://example.com/path?a=b&c=d (404) with 1 occurrences migrated to: https://example.com/path?a=b&c=d ([https](https://example.com/path?a=b&c=d) result 404). * http://example.com/pkp-report (404) with 5 occurrences migrated to: https://example.com/pkp-report ([https](https://example.com/pkp-report) result 404). * http://example.com/token (404) with 2 occurrences migrated to: https://example.com/token ([https](https://example.com/token) result 404). * http://example.net/pkp-report (404) with 7 occurrences migrated to: https://example.net/pkp-report ([https](https://example.net/pkp-report) result 404). * http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/ (301) with 1 occurrences migrated to: https://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/ ([https](https://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/) result 404). * http://html5shim.googlecode.com/svn/trunk/html5.js (404) with 6 occurrences migrated to: https://html5shim.googlecode.com/svn/trunk/html5.js ([https](https://html5shim.googlecode.com/svn/trunk/html5.js) result 404). * http://json.org/json2.js (404) with 1 occurrences migrated to: https://json.org/json2.js ([https](https://json.org/json2.js) result 404). * http://openid-selector.googlecode.com/svn/trunk/ (404) with 2 occurrences migrated to: https://openid-selector.googlecode.com/svn/trunk/ ([https](https://openid-selector.googlecode.com/svn/trunk/) result 404). * http://provider.com/user (302) with 2 occurrences migrated to: https://provider.com/user ([https](https://provider.com/user) result 404). * http://relaxng.org/ns/compatibility/annotations/1.0 (301) with 8 occurrences migrated to: https://relaxng.org/ns/compatibility/annotations/1.0 ([https](https://relaxng.org/ns/compatibility/annotations/1.0) result 404). * http://www.example.com/bigWebApp/hello (404) with 2 occurrences migrated to: https://www.example.com/bigWebApp/hello ([https](https://www.example.com/bigWebApp/hello) result 404). * http://www.example.com/bigWebApp/hello/pathInfo.html?open=true (404) with 1 occurrences migrated to: https://www.example.com/bigWebApp/hello/pathInfo.html?open=true ([https](https://www.example.com/bigWebApp/hello/pathInfo.html?open=true) result 404). * http://www.example.com/identity (404) with 1 occurrences migrated to: https://www.example.com/identity ([https](https://www.example.com/identity) result 404). * http://www.example.com/login/openid (404) with 2 occurrences migrated to: https://www.example.com/login/openid ([https](https://www.example.com/login/openid) result 404). * http://www.example.com/mycontext/HelloWorld (404) with 1 occurrences migrated to: https://www.example.com/mycontext/HelloWorld ([https](https://www.example.com/mycontext/HelloWorld) result 404). * http://www.example.com/mycontext/HelloWorld/some/more/segments.html (404) with 1 occurrences migrated to: https://www.example.com/mycontext/HelloWorld/some/more/segments.html ([https](https://www.example.com/mycontext/HelloWorld/some/more/segments.html) result 404). * http://www.example.com/mycontext/HelloWorld?foo=bar (404) with 1 occurrences migrated to: https://www.example.com/mycontext/HelloWorld?foo=bar ([https](https://www.example.com/mycontext/HelloWorld?foo=bar) result 404). * http://www.example.com/mycontext/secure/page.html (404) with 3 occurrences migrated to: https://www.example.com/mycontext/secure/page.html ([https](https://www.example.com/mycontext/secure/page.html) result 404). * http://www.example.com/realm (404) with 1 occurrences migrated to: https://www.example.com/realm ([https](https://www.example.com/realm) result 404). * http://www.example.com/redirect (404) with 1 occurrences migrated to: https://www.example.com/redirect ([https](https://www.example.com/redirect) result 404). * http://www.example.org/do/something (404) with 4 occurrences migrated to: https://www.example.org/do/something ([https](https://www.example.org/do/something) result 404). * http://www.ibm.com/developerworks/tivoli/library/t-ldap-controls/ (301) with 1 occurrences migrated to: https://www.ibm.com/developerworks/tivoli/library/t-ldap-controls/ ([https](https://www.ibm.com/developerworks/tivoli/library/t-ldap-controls/) result 404). * http://www.json.org/json2.js (404) with 1 occurrences migrated to: https://www.json.org/json2.js ([https](https://www.json.org/json2.js) result 404). * http://www.thymeleaf.org/thymeleaf-extras-springsecurity5 (301) with 5 occurrences migrated to: https://www.thymeleaf.org/thymeleaf-extras-springsecurity5 ([https](https://www.thymeleaf.org/thymeleaf-extras-springsecurity5) result 404). ## Fixed Success These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended. * http://blog.ircmaxell.com/2014/03/why-i-dont-recommend-scrypt.html with 1 occurrences migrated to: https://blog.ircmaxell.com/2014/03/why-i-dont-recommend-scrypt.html ([https](https://blog.ircmaxell.com/2014/03/why-i-dont-recommend-scrypt.html) result 200). * http://bugs.jquery.com/ticket/12282 with 1 occurrences migrated to: https://bugs.jquery.com/ticket/12282 ([https](https://bugs.jquery.com/ticket/12282) result 200). * http://bugs.jquery.com/ticket/12359 with 1 occurrences migrated to: https://bugs.jquery.com/ticket/12359 ([https](https://bugs.jquery.com/ticket/12359) result 200). * http://claimid.com/ with 2 occurrences migrated to: https://claimid.com/ ([https](https://claimid.com/) result 200). * http://dist.springsource.org/snapshot/GRECLIPSE/e4.7/ with 1 occurrences migrated to: https://dist.springsource.org/snapshot/GRECLIPSE/e4.7/ ([https](https://dist.springsource.org/snapshot/GRECLIPSE/e4.7/) result 200). * http://docs.oracle.com/javaee/6/api/javax/servlet/AsyncContext.html with 1 occurrences migrated to: https://docs.oracle.com/javaee/6/api/javax/servlet/AsyncContext.html ([https](https://docs.oracle.com/javaee/6/api/javax/servlet/AsyncContext.html) result 200). * http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html with 26 occurrences migrated to: https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html ([https](https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html) result 200). * http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html with 1 occurrences migrated to: https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html ([https](https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html) result 200). * http://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html with 1 occurrences migrated to: https://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html ([https](https://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html) result 200). * http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html with 1 occurrences migrated to: https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html ([https](https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html) result 200). * http://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html with 1 occurrences migrated to: https://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html ([https](https://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html) result 200). * http://docs.spring.io/spring-framework/docs/4.0.x/spring-framework-reference/htmlsingle/ with 2 occurrences migrated to: https://docs.spring.io/spring-framework/docs/4.0.x/spring-framework-reference/htmlsingle/ ([https](https://docs.spring.io/spring-framework/docs/4.0.x/spring-framework-reference/htmlsingle/) result 200). * http://static.springsource.org/spring-security/site/docs/3.0.x/reference/remember-me.html (301) with 1 occurrences migrated to: https://docs.spring.io/spring-security/site/docs/3.0.x/reference/remember-me.html ([https](https://static.springsource.org/spring-security/site/docs/3.0.x/reference/remember-me.html) result 200). * http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html (301) with 1 occurrences migrated to: https://docs.spring.io/spring-security/site/docs/3.1.x/reference/springsecurity-single.html ([https](https://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html) result 200). * http://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/ with 1 occurrences migrated to: https://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/ ([https](https://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/) result 200). * http://docs.spring.io/spring-security/site/docs/current/api/ with 1 occurrences migrated to: https://docs.spring.io/spring-security/site/docs/current/api/ ([https](https://docs.spring.io/spring-security/site/docs/current/api/) result 200). * http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/ with 3 occurrences migrated to: https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/ ([https](https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/) result 200). * http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html (301) with 1 occurrences migrated to: https://docs.spring.io/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html ([https](https://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html) result 200). * http://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/beans.html with 1 occurrences migrated to: https://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/beans.html ([https](https://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/beans.html) result 200). * http://docs.spring.io/spring/docs/3.2.x/javadoc-api/org/springframework/web/multipart/support/MultipartFilter.html with 1 occurrences migrated to: https://docs.spring.io/spring/docs/3.2.x/javadoc-api/org/springframework/web/multipart/support/MultipartFilter.html ([https](https://docs.spring.io/spring/docs/3.2.x/javadoc-api/org/springframework/web/multipart/support/MultipartFilter.html) result 200). * http://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/mvc.html with 3 occurrences migrated to: https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/mvc.html ([https](https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/mvc.html) result 200). * http://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/view.html with 1 occurrences migrated to: https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/view.html ([https](https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/view.html) result 200). * http://en.wikipedia.org/wiki/Clickjacking with 9 occurrences migrated to: https://en.wikipedia.org/wiki/Clickjacking ([https](https://en.wikipedia.org/wiki/Clickjacking) result 200). * http://en.wikipedia.org/wiki/Content_sniffing with 2 occurrences migrated to: https://en.wikipedia.org/wiki/Content_sniffing ([https](https://en.wikipedia.org/wiki/Content_sniffing) result 200). * http://en.wikipedia.org/wiki/Cross-site_request_forgery with 11 occurrences migrated to: https://en.wikipedia.org/wiki/Cross-site_request_forgery ([https](https://en.wikipedia.org/wiki/Cross-site_request_forgery) result 200). * http://en.wikipedia.org/wiki/Cross-site_scripting with 7 occurrences migrated to: https://en.wikipedia.org/wiki/Cross-site_scripting ([https](https://en.wikipedia.org/wiki/Cross-site_scripting) result 200). * http://en.wikipedia.org/wiki/Firesheep with 1 occurrences migrated to: https://en.wikipedia.org/wiki/Firesheep ([https](https://en.wikipedia.org/wiki/Firesheep) result 200). * http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security with 4 occurrences migrated to: https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security ([https](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) result 200). * http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol with 1 occurrences migrated to: https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol ([https](https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol) result 200). * http://en.wikipedia.org/wiki/Man-in-the-middle_attack with 2 occurrences migrated to: https://en.wikipedia.org/wiki/Man-in-the-middle_attack ([https](https://en.wikipedia.org/wiki/Man-in-the-middle_attack) result 200). * http://en.wikipedia.org/wiki/Null_Object_pattern with 1 occurrences migrated to: https://en.wikipedia.org/wiki/Null_Object_pattern ([https](https://en.wikipedia.org/wiki/Null_Object_pattern) result 200). * http://en.wikipedia.org/wiki/SRV_record with 2 occurrences migrated to: https://en.wikipedia.org/wiki/SRV_record ([https](https://en.wikipedia.org/wiki/SRV_record) result 200). * http://en.wikipedia.org/wiki/Same-origin_policy with 1 occurrences migrated to: https://en.wikipedia.org/wiki/Same-origin_policy ([https](https://en.wikipedia.org/wiki/Same-origin_policy) result 200). * http://en.wikipedia.org/wiki/Session_fixation with 6 occurrences migrated to: https://en.wikipedia.org/wiki/Session_fixation ([https](https://en.wikipedia.org/wiki/Session_fixation) result 200). * http://example.com with 8 occurrences migrated to: https://example.com ([https](https://example.com) result 200). * http://example.com/ with 1 occurrences migrated to: https://example.com/ ([https](https://example.com/) result 200). * http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice with 2 occurrences migrated to: https://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice ([https](https://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice) result 200). * http://flywaydb.org/ with 1 occurrences migrated to: https://flywaydb.org/ ([https](https://flywaydb.org/) result 200). * http://getbootstrap.com/docs/4.0/examples/signin/signin.css with 1 occurrences migrated to: https://getbootstrap.com/docs/4.0/examples/signin/signin.css ([https](https://getbootstrap.com/docs/4.0/examples/signin/signin.css) result 200). * http://gradle.org with 1 occurrences migrated to: https://gradle.org ([https](https://gradle.org) result 200). * http://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/ with 2 occurrences migrated to: https://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/ ([https](https://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/) result 200). * http://joshlong.com/jl/blogPost/tech_tip_geting_started_with_spring_boot.html with 2 occurrences migrated to: https://joshlong.com/jl/blogPost/tech_tip_geting_started_with_spring_boot.html ([https](https://joshlong.com/jl/blogPost/tech_tip_geting_started_with_spring_boot.html) result 200). * http://jquery.com/ with 1 occurrences migrated to: https://jquery.com/ ([https](https://jquery.com/) result 200). * http://knockoutjs.com/ with 1 occurrences migrated to: https://knockoutjs.com/ ([https](https://knockoutjs.com/) result 200). * http://marketplace.eclipse.org/content/anyedit-tools with 1 occurrences migrated to: https://marketplace.eclipse.org/content/anyedit-tools ([https](https://marketplace.eclipse.org/content/anyedit-tools) result 200). * http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html with 1 occurrences migrated to: https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html ([https](https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html) result 200). * http://openid.net with 1 occurrences migrated to: https://openid.net ([https](https://openid.net) result 200). * http://openid.net/ with 1 occurrences migrated to: https://openid.net/ ([https](https://openid.net/) result 200). * http://openid.net/certification/ with 4 occurrences migrated to: https://openid.net/certification/ ([https](https://openid.net/certification/) result 200). * http://openid.net/connect/ with 4 occurrences migrated to: https://openid.net/connect/ ([https](https://openid.net/connect/) result 200). * http://openid.net/specs/openid-attribute-exchange-1_0.html with 3 occurrences migrated to: https://openid.net/specs/openid-attribute-exchange-1_0.html ([https](https://openid.net/specs/openid-attribute-exchange-1_0.html) result 200). * http://openid.net/specs/openid-connect-core-1_0.html with 50 occurrences migrated to: https://openid.net/specs/openid-connect-core-1_0.html ([https](https://openid.net/specs/openid-connect-core-1_0.html) result 200). * http://openid.net/specs/openid-connect-session-1_0.html with 2 occurrences migrated to: https://openid.net/specs/openid-connect-session-1_0.html ([https](https://openid.net/specs/openid-connect-session-1_0.html) result 200). * http://sizzlejs.com/ with 2 occurrences migrated to: https://sizzlejs.com/ ([https](https://sizzlejs.com/) result 200). * http://spring.io/blog/2009/01/03/spring-security-customization-part-2-adjusting-secured-session-in-real-time with 1 occurrences migrated to: https://spring.io/blog/2009/01/03/spring-security-customization-part-2-adjusting-secured-session-in-real-time ([https](https://spring.io/blog/2009/01/03/spring-security-customization-part-2-adjusting-secured-session-in-real-time) result 200). * http://blog.springsource.com/2010/03/06/behind-the-spring-security-namespace/ (301) with 1 occurrences migrated to: https://spring.io/blog/2010/03/06/behind-the-spring-security-namespace/ ([https](https://blog.springsource.com/2010/03/06/behind-the-spring-security-namespace/) result 200). * http://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/ (301) with 1 occurrences migrated to: https://spring.io/blog/2010/08/02/spring-security-in-google-app-engine/ ([https](https://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/) result 200). * http://spring.io/projects with 1 occurrences migrated to: https://spring.io/projects ([https](https://spring.io/projects) result 200). * http://spring.io/services with 1 occurrences migrated to: https://spring.io/services ([https](https://spring.io/services) result 200). * http://stackoverflow.com/questions/tagged/spring-security with 1 occurrences migrated to: https://stackoverflow.com/questions/tagged/spring-security ([https](https://stackoverflow.com/questions/tagged/spring-security) result 200). * http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html with 2 occurrences migrated to: https://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html ([https](https://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html) result 200). * http://tools.ietf.org/html/rfc6797 with 15 occurrences migrated to: https://tools.ietf.org/html/rfc6797 ([https](https://tools.ietf.org/html/rfc6797) result 200). * http://tools.ietf.org/html/rfc7469 with 18 occurrences migrated to: https://tools.ietf.org/html/rfc7469 ([https](https://tools.ietf.org/html/rfc7469) result 200). * http://vimeo.com/34436402 with 1 occurrences migrated to: https://vimeo.com/34436402 ([https](https://vimeo.com/34436402) result 200). * http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails/ with 1 occurrences migrated to: https://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails/ ([https](https://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails/) result 200). * http://www.ja-sig.org/cas (301) with 1 occurrences migrated to: https://www.apereo.org ([https](https://www.ja-sig.org/cas) result 200). * http://ehcache.sourceforge.net (301) with 2 occurrences migrated to: https://www.ehcache.org/ ([https](https://ehcache.sourceforge.net) result 200). * http://www.html5rocks.com/en/tutorials/security/content-security-policy/ with 2 occurrences migrated to: https://www.html5rocks.com/en/tutorials/security/content-security-policy/ ([https](https://www.html5rocks.com/en/tutorials/security/content-security-policy/) result 200). * http://www.ietf.org/rfc/rfc2396.txt with 3 occurrences migrated to: https://www.ietf.org/rfc/rfc2396.txt ([https](https://www.ietf.org/rfc/rfc2396.txt) result 200). * http://www.ietf.org/rfc/rfc2617.txt with 1 occurrences migrated to: https://www.ietf.org/rfc/rfc2617.txt ([https](https://www.ietf.org/rfc/rfc2617.txt) result 200). * http://www.liquibase.org/ with 1 occurrences migrated to: https://www.liquibase.org/ ([https](https://www.liquibase.org/) result 200). * http://www.openbsd.org/papers/bcrypt-paper.ps with 1 occurrences migrated to: https://www.openbsd.org/papers/bcrypt-paper.ps ([https](https://www.openbsd.org/papers/bcrypt-paper.ps) result 200). * http://www.springframework.org/schema/aop/spring-aop-2.5.xsd with 1 occurrences migrated to: https://www.springframework.org/schema/aop/spring-aop-2.5.xsd ([https](https://www.springframework.org/schema/aop/spring-aop-2.5.xsd) result 200). * http://www.springframework.org/schema/beans/spring-beans-2.5.xsd with 1 occurrences migrated to: https://www.springframework.org/schema/beans/spring-beans-2.5.xsd ([https](https://www.springframework.org/schema/beans/spring-beans-2.5.xsd) result 200). * http://www.springframework.org/schema/beans/spring-beans-3.0.xsd with 2 occurrences migrated to: https://www.springframework.org/schema/beans/spring-beans-3.0.xsd ([https](https://www.springframework.org/schema/beans/spring-beans-3.0.xsd) result 200). * http://www.springframework.org/schema/beans/spring-beans.xsd with 1 occurrences migrated to: https://www.springframework.org/schema/beans/spring-beans.xsd ([https](https://www.springframework.org/schema/beans/spring-beans.xsd) result 200). * http://www.springframework.org/schema/context/spring-context-2.5.xsd with 1 occurrences migrated to: https://www.springframework.org/schema/context/spring-context-2.5.xsd ([https](https://www.springframework.org/schema/context/spring-context-2.5.xsd) result 200). * http://www.springframework.org/schema/mvc/spring-mvc.xsd with 1 occurrences migrated to: https://www.springframework.org/schema/mvc/spring-mvc.xsd ([https](https://www.springframework.org/schema/mvc/spring-mvc.xsd) result 200). * http://www.springframework.org/schema/security/spring-security.xsd with 3 occurrences migrated to: https://www.springframework.org/schema/security/spring-security.xsd ([https](https://www.springframework.org/schema/security/spring-security.xsd) result 200). * http://www.springframework.org/schema/websocket/spring-websocket.xsd with 1 occurrences migrated to: https://www.springframework.org/schema/websocket/spring-websocket.xsd ([https](https://www.springframework.org/schema/websocket/spring-websocket.xsd) result 200). * http://www.test.com with 9 occurrences migrated to: https://www.test.com ([https](https://www.test.com) result 200). * http://www.thymeleaf.org with 25 occurrences migrated to: https://www.thymeleaf.org ([https](https://www.thymeleaf.org) result 200). * http://www.thymeleaf.org/ with 3 occurrences migrated to: https://www.thymeleaf.org/ ([https](https://www.thymeleaf.org/) result 200). * http://www.thymeleaf.org/dtd/xhtml1-strict-thymeleaf-spring4-3.dtd with 1 occurrences migrated to: https://www.thymeleaf.org/dtd/xhtml1-strict-thymeleaf-spring4-3.dtd ([https](https://www.thymeleaf.org/dtd/xhtml1-strict-thymeleaf-spring4-3.dtd) result 200). * http://www.thymeleaf.org/whatsnew21.html with 1 occurrences migrated to: https://www.thymeleaf.org/whatsnew21.html ([https](https://www.thymeleaf.org/whatsnew21.html) result 200). * http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html with 2 occurrences migrated to: https://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html ([https](https://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html) result 200). * http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html with 1 occurrences migrated to: https://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html ([https](https://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html) result 200). * http://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html with 1 occurrences migrated to: https://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html ([https](https://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html) result 200). * http://www.w3.org/TR/2011/REC-css3-selectors-20110929/ with 2 occurrences migrated to: https://www.w3.org/TR/2011/REC-css3-selectors-20110929/ ([https](https://www.w3.org/TR/2011/REC-css3-selectors-20110929/) result 200). * http://www.w3.org/TR/CSS21/syndata.html with 1 occurrences migrated to: https://www.w3.org/TR/CSS21/syndata.html ([https](https://www.w3.org/TR/CSS21/syndata.html) result 200). * http://www.w3.org/TR/selectors/ with 3 occurrences migrated to: https://www.w3.org/TR/selectors/ ([https](https://www.w3.org/TR/selectors/) result 200). * http://www.youtube.com/watch?v=3mk0RySeNsU with 2 occurrences migrated to: https://www.youtube.com/watch?v=3mk0RySeNsU ([https](https://www.youtube.com/watch?v=3mk0RySeNsU) result 200). * http://api.jquery.com/jQuery.browser with 1 occurrences migrated to: https://api.jquery.com/jQuery.browser ([https](https://api.jquery.com/jQuery.browser) result 301). * http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx with 1 occurrences migrated to: https://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx ([https](https://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx) result 301). * http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx with 2 occurrences migrated to: https://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx ([https](https://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx) result 301). * http://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx with 2 occurrences migrated to: https://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx ([https](https://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx) result 301). * http://code.google.com/p/openid-selector/ with 3 occurrences migrated to: https://code.google.com/p/openid-selector/ ([https](https://code.google.com/p/openid-selector/) result 301). * http://contributor-covenant.org with 1 occurrences migrated to: https://contributor-covenant.org ([https](https://contributor-covenant.org) result 301). * http://contributor-covenant.org/version/1/3/0/ with 1 occurrences migrated to: https://contributor-covenant.org/version/1/3/0/ ([https](https://contributor-covenant.org/version/1/3/0/) result 301). * http://dev.w3.org/csswg/cssom/ with 1 occurrences migrated to: https://dev.w3.org/csswg/cssom/ ([https](https://dev.w3.org/csswg/cssom/) result 301). * http://docs.spring.io with 1 occurrences migrated to: https://docs.spring.io ([https](https://docs.spring.io) result 301). * http://docs.spring.io/spring/docs/current/spring-framework-reference/html/testing.html with 1 occurrences migrated to: https://docs.spring.io/spring/docs/current/spring-framework-reference/html/testing.html ([https](https://docs.spring.io/spring/docs/current/spring-framework-reference/html/testing.html) result 301). * http://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html with 7 occurrences migrated to: https://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html ([https](https://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html) result 301). * http://forum.springsource.org/showthread.php?102783-How-to-use-hasIpAddress&p=343971 (301) with 1 occurrences migrated to: https://forum.spring.io/showthread.php?102783-How-to-use-hasIpAddress&p=343971 ([https](https://forum.springsource.org/showthread.php?102783-How-to-use-hasIpAddress&p=343971) result 301). * http://help.github.com/set-up-git-redirect with 1 occurrences migrated to: https://help.github.com/set-up-git-redirect ([https](https://help.github.com/set-up-git-redirect) result 301). * http://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_ with 1 occurrences migrated to: https://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_ ([https](https://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_) result 301). * http://jquery.org/license with 1 occurrences migrated to: https://jquery.org/license ([https](https://jquery.org/license) result 301). * http://msdn.microsoft.com/en-us/library/dd565647 with 4 occurrences migrated to: https://msdn.microsoft.com/en-us/library/dd565647 ([https](https://msdn.microsoft.com/en-us/library/dd565647) result 301). * http://msdn.microsoft.com/en-us/library/ie/gg622941 with 5 occurrences migrated to: https://msdn.microsoft.com/en-us/library/ie/gg622941 ([https](https://msdn.microsoft.com/en-us/library/ie/gg622941) result 301). * http://openid.net/get/ with 2 occurrences migrated to: https://openid.net/get/ ([https](https://openid.net/get/) result 301). * http://openid.net/what/ with 2 occurrences migrated to: https://openid.net/what/ ([https](https://openid.net/what/) result 301). * http://technorati.com/people/technorati/ with 2 occurrences migrated to: https://technorati.com/people/technorati/ ([https](https://technorati.com/people/technorati/) result 301). * http://twitter.github.com/bootstrap/javascript.html with 13 occurrences migrated to: https://twitter.github.com/bootstrap/javascript.html ([https](https://twitter.github.com/bootstrap/javascript.html) result 301). * http://www.jasig.org/cas with 1 occurrences migrated to: https://www.jasig.org/cas ([https](https://www.jasig.org/cas) result 301). * http://www.modernizr.com/ with 1 occurrences migrated to: https://www.modernizr.com/ ([https](https://www.modernizr.com/) result 301). * http://www.opensource.org/licenses/mit-license.php with 1 occurrences migrated to: https://www.opensource.org/licenses/mit-license.php ([https](https://www.opensource.org/licenses/mit-license.php) result 301). * http://www.oracle.com/technetwork/java/javase/downloads with 1 occurrences migrated to: https://www.oracle.com/technetwork/java/javase/downloads ([https](https://www.oracle.com/technetwork/java/javase/downloads) result 301). * http://www.springframework.org/security with 1 occurrences migrated to: https://www.springframework.org/security ([https](https://www.springframework.org/security) result 301). * http://www.springsource.com/ with 2 occurrences migrated to: https://www.springsource.com/ ([https](https://www.springsource.com/) result 301). * http://www.springsource.org with 1 occurrences migrated to: https://www.springsource.org ([https](https://www.springsource.org) result 301). * http://www.springsource.org/sts with 1 occurrences migrated to: https://www.springsource.org/sts ([https](https://www.springsource.org/sts) result 301). * http://www.thoughtcrime.org/software/sslstrip/ with 1 occurrences migrated to: https://www.thoughtcrime.org/software/sslstrip/ ([https](https://www.thoughtcrime.org/software/sslstrip/) result 301). * http://www.w3.org/TR/css3-selectors/ with 2 occurrences migrated to: https://www.w3.org/TR/css3-selectors/ ([https](https://www.w3.org/TR/css3-selectors/) result 301). * http://www.w3.org/TR/css3-syntax/ with 1 occurrences migrated to: https://www.w3.org/TR/css3-syntax/ ([https](https://www.w3.org/TR/css3-syntax/) result 301). * http://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/ with 2 occurrences migrated to: https://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/ ([https](https://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/) result 302). * http://download.oracle.com/javase/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/login/ConfigFile.html with 1 occurrences migrated to: https://download.oracle.com/javase/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/login/ConfigFile.html ([https](https://download.oracle.com/javase/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/login/ConfigFile.html) result 302). * http://example2.com with 3 occurrences migrated to: https://example2.com ([https](https://example2.com) result 302). * http://flickr.com/ with 2 occurrences migrated to: https://flickr.com/ ([https](https://flickr.com/) result 302). * http://git-scm.com/book/cs/ch7-3.html with 1 occurrences migrated to: https://git-scm.com/book/cs/ch7-3.html ([https](https://git-scm.com/book/cs/ch7-3.html) result 302). * http://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd with 1 occurrences migrated to: https://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd ([https](https://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd) result 302). * http://java.sun.com/j2se/1.4.2/docs/api/javax/naming/directory/DirContext.html with 1 occurrences migrated to: https://java.sun.com/j2se/1.4.2/docs/api/javax/naming/directory/DirContext.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/naming/directory/DirContext.html) result 302). * http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html with 4 occurrences migrated to: https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html) result 302). * http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html with 1 occurrences migrated to: https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html) result 302). * http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/NameCallback.html with 1 occurrences migrated to: https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/NameCallback.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/NameCallback.html) result 302). * http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/PasswordCallback.html with 1 occurrences migrated to: https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/PasswordCallback.html ([https](https://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/PasswordCallback.html) result 302). * http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html with 1 occurrences migrated to: https://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html ([https](https://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html) result 302). * http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/callback/CallbackHandler.html with 2 occurrences migrated to: https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/callback/CallbackHandler.html ([https](https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/callback/CallbackHandler.html) result 302). * http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html with 1 occurrences migrated to: https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html ([https](https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html) result 302). * http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html with 2 occurrences migrated to: https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html ([https](https://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html) result 302). * http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html with 3 occurrences migrated to: https://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html ([https](https://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html) result 302). * http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd with 1 occurrences migrated to: https://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd ([https](https://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd) result 302). * http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd with 1 occurrences migrated to: https://java.sun.com/xml/ns/javaee/web-app_2_5.xsd ([https](https://java.sun.com/xml/ns/javaee/web-app_2_5.xsd) result 302). * http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd with 2 occurrences migrated to: https://java.sun.com/xml/ns/javaee/web-app_3_0.xsd ([https](https://java.sun.com/xml/ns/javaee/web-app_3_0.xsd) result 302). * http://msdn.microsoft.com/en-us/library/ms680857%28VS.85%29.aspx with 1 occurrences migrated to: https://msdn.microsoft.com/en-us/library/ms680857%28VS.85%29.aspx ([https](https://msdn.microsoft.com/en-us/library/ms680857%28VS.85%29.aspx) result 302). * http://spring.io/spring-security with 1 occurrences migrated to: https://spring.io/spring-security ([https](https://spring.io/spring-security) result 302). * http://spring.io/spring-security/ with 2 occurrences migrated to: https://spring.io/spring-security/ ([https](https://spring.io/spring-security/) result 302). * http://spring.io/tools/sts with 1 occurrences migrated to: https://spring.io/tools/sts ([https](https://spring.io/tools/sts) result 302). * http://tools.ietf.org/draft/draft-behera-ldap-password-policy/draft-behera-ldap-password-policy-09.txt with 2 occurrences migrated to: https://tools.ietf.org/draft/draft-behera-ldap-password-policy/draft-behera-ldap-password-policy-09.txt ([https](https://tools.ietf.org/draft/draft-behera-ldap-password-policy/draft-behera-ldap-password-policy-09.txt) result 302). * http://webauth.stanford.edu/manual/mod/mod_webauth.html with 1 occurrences migrated to: https://webauth.stanford.edu/manual/mod/mod_webauth.html ([https](https://webauth.stanford.edu/manual/mod/mod_webauth.html) result 302). * http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context with 1 occurrences migrated to: https://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context ([https](https://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context) result 302). * http://www.ietf.org/internet-drafts/draft-ietf-ldapbis-authmeth-19.txt with 1 occurrences migrated to: https://www.ietf.org/internet-drafts/draft-ietf-ldapbis-authmeth-19.txt ([https](https://www.ietf.org/internet-drafts/draft-ietf-ldapbis-authmeth-19.txt) result 302). # Ignored These URLs were intentionally ignored. * http://java.sun.com/JSP/Page with 14 occurrences * http://java.sun.com/jsp/jstl/core with 31 occurrences * http://java.sun.com/jsp/jstl/fmt with 6 occurrences * http://java.sun.com/jsp/jstl/functions with 1 occurrences * http://java.sun.com/jstl/core with 1 occurrences * http://java.sun.com/xml/ns/j2ee with 2 occurrences * http://java.sun.com/xml/ns/javaee with 6 occurrences * http://localhost with 20 occurrences * http://localhost/ with 6 occurrences * http://localhost/Test</value></property&gt with 1 occurrences * http://localhost/appcontext/page with 1 occurrences * http://localhost/authenticated with 1 occurrences * http://localhost/authentication/login with 2 occurrences * http://localhost/authorize/oauth2/code/registration-id with 3 occurrences * http://localhost/authorize/oauth2/implicit/registration-3 with 1 occurrences * http://localhost/callback/client-1 with 1 occurrences * http://localhost/callback/client-1?error=invalid_grant with 1 occurrences * http://localhost/client-1 with 9 occurrences * http://localhost/cookie with 1 occurrences * http://localhost/cookie/delete with 1 occurrences * http://localhost/custom-login with 1 occurrences * http://localhost/custom-logout with 1 occurrences * http://localhost/form-page with 1 occurrences * http://localhost/iss with 1 occurrences * http://localhost/issuer with 2 occurrences * http://localhost/login with 38 occurrences * http://localhost/login/oauth2/code/ with 4 occurrences * http://localhost/login/oauth2/code/pkce-client-registration-id& with 1 occurrences * http://localhost/login/oauth2/code/registration-id with 3 occurrences * http://localhost/login/oauth2/code/registration-id& with 2 occurrences * http://localhost/login/oauth2/code/registration-id-2 with 2 occurrences * http://localhost/login/openid with 1 occurrences * http://localhost/login2 with 1 occurrences * http://localhost/loginPage with 2 occurrences * http://localhost/logout with 1 occurrences * http://localhost/messages with 4 occurrences * http://localhost/oauth2/authorization/google with 1 occurrences * http://localhost/openid-page with 1 occurrences * http://localhost/saved-request with 1 occurrences * http://localhost/secured with 2 occurrences * http://localhost/signin with 1 occurrences * http://localhost/some-url with 1 occurrences * http://localhost/tosave with 1 occurrences * http://localhost/user with 1 occurrences * http://localhost:123456 with 3 occurrences * http://localhost:1280/certs with 1 occurrences * http://localhost:314 with 1 occurrences * http://localhost:4080 with 1 occurrences * http://localhost:543 with 1 occurrences * http://localhost:8080 with 16 occurrences * http://localhost:8080/ with 4 occurrences * http://localhost:8080/SomeService with 1 occurrences * http://localhost:8080/contacts with 1 occurrences * http://localhost:8080/login/oauth2/code with 1 occurrences * http://localhost:8080/login/oauth2/code/client-id with 2 occurrences * http://localhost:8080/login/oauth2/code/facebook with 2 occurrences * http://localhost:8080/login/oauth2/code/github with 2 occurrences * http://localhost:8080/login/oauth2/code/google with 4 occurrences * http://localhost:8080/login/oauth2/code/okta with 2 occurrences * http://localhost:8080/path/page.html?query=string with 1 occurrences * http://localhost:8080/sample/ with 15 occurrences * http://localhost:8080/secure with 1 occurrences * http://localhost:8080/spring-security-samples-tutorial/listAccounts.html with 4 occurrences * http://localhost:8080/spring-security-samples-tutorial/post.html?id=1 with 4 occurrences * http://localhost:9080/protected with 2 occurrences * http://localhost:9080/secured with 1 occurrences * http://localhost:9080/unsecured with 1 occurrences * http://localhost:9080/user with 1 occurrences * http://test.com with 1 occurrences * http://test.foobar.com with 1 occurrences * http://testopenid.com?openid.return_to= with 1 occurrences * http://www.springframework.org/schema/aop with 2 occurrences * http://www.springframework.org/schema/beans with 8 occurrences * http://www.springframework.org/schema/context with 2 occurrences * http://www.springframework.org/schema/mvc with 2 occurrences * http://www.springframework.org/schema/security with 45 occurrences * http://www.springframework.org/schema/security/spring-security- with 1 occurrences * http://www.springframework.org/schema/websocket with 2 occurrences * http://www.springframework.org/security/tags with 17 occurrences * http://www.springframework.org/tags with 12 occurrences * http://www.springframework.org/tags/form with 14 occurrences * http://www.w3.org/1999/XSL/Transform with 1 occurrences * http://www.w3.org/1999/xhtml with 26 occurrences * http://www.w3.org/2001/XMLSchema with 15 occurrences * http://www.w3.org/2001/XMLSchema-datatypes with 8 occurrences * http://www.w3.org/2001/XMLSchema-instance with 9 occurrences	2019-03-19 23:53:23 -05:00
Spring Operator	b93528138e	URL Cleanup This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener). # Fixed URLs ## Fixed Success These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended. * http://www.apache.org/licenses/ with 1 occurrences migrated to: https://www.apache.org/licenses/ ([https](https://www.apache.org/licenses/) result 200). * http://www.apache.org/licenses/LICENSE-2.0 with 2691 occurrences migrated to: https://www.apache.org/licenses/LICENSE-2.0 ([https](https://www.apache.org/licenses/LICENSE-2.0) result 200). * http://www.apache.org/licenses/LICENSE-2.0.html with 2 occurrences migrated to: https://www.apache.org/licenses/LICENSE-2.0.html ([https](https://www.apache.org/licenses/LICENSE-2.0.html) result 200).	2019-03-14 15:46:20 -05:00
Josh Cummings	fba25614bf	Reactive Opaque Token Support Fixes: gh-6513	2019-02-15 15:59:25 -06:00
Josh Cummings	ef9c3e4771	Opaque Token Support Fixes: gh-5200	2019-02-07 12:40:12 -07:00
Eric Deandrea	0f7dff3774	Introduce ReactiveJwtAuthenticationConverter Some changes based on PR comments Fixes gh-6273	2018-12-17 14:12:53 -07:00
Nicolas Le Bas	ba8a337f9a	Accept a case-insensitive "Bearer" keyword The Authorization header was matched for OAuth2 against the "Bearer" keyword in a case sensitive fashion. According to RFC 2617, it should be case insensitive and some oauth clients (including some earlier versions of spring-security) expect it so. This is the reactive counterpart to commit `63f2b6094f` . Fixes gh-6195	2018-12-02 09:32:27 -05:00
Nicolas Le Bas	63f2b6094f	The "Bearer" keyword should be case-insensitive The Authorization header was matched for OAuth2 against the "Bearer" keyword in a case sensitive fashion. According to RFC 2617, it should be case insensitive and some oauth clients (including some earlier versions of spring-security) expect it so.	2018-11-28 19:34:47 -07:00
Josh Cummings	22bd8f1c1f	Reactive Jwt Authentication Converter Support Fixes: gh-5092	2018-10-15 11:55:12 -05:00
Josh Cummings	65c81ce952	Make JwtReactiveAuthenticationManager final	2018-09-06 13:46:18 -06:00
Josh Cummings	8510e9a285	Reactive Resource Server insufficient_scope This introduces an implementation of ServerAccessDeniedHandler that is compliant with the OAuth 2.0 spec for insufficent_scope errors. Fixes: gh-5705	2018-08-31 10:33:11 -05:00
Rob Winch	713e1e3356	BearerTokenServerAuthenticationEntryPoint waits for subscriber Fixes: gh-5742	2018-08-27 14:26:45 -05:00
Rob Winch	e3eaa99ad0	Polish ServerAuthenticationConverter Update changes for ServerAuthenticationConverter to be passive. Issue: gh-5338	2018-08-18 19:55:39 -05:00
Eric Deandrea	b6afe66d32	Add ServerAuthenticationConverter interface - Adding an ServerAuthenticationConverter interface - Retro-fitting ServerOAuth2LoginAuthenticationTokenConverter, ServerBearerTokenAuthentivationConverter, ServerFormLoginAuthenticationConverter, and ServerHttpBasicAuthenticationConverter to implement ServerAuthenticationConverter - Deprecate existing AuthenticationWebFilter.setAuthenticationConverter and add overloaded one which takes ServerAuthenticationConverter Fixes gh-5338	2018-08-18 19:55:39 -05:00

1 2 3 4 5 ...

258 Commits