From 4e9c37b1ae1a42fe923766b50a3a5c981c46252e Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Thu, 28 Mar 2019 14:37:42 -0400 Subject: [PATCH] Manual URL Cleanup --- .github/ISSUE_REPLY_TEMPLATES.md | 1 - .../config/http/OpenIDConfigTests.java | 4 +- ...gTests-DefaultsDisabledWithPlaceholder.xml | 6 +- ...ersConfigTests-DisabledWithPlaceholder.xml | 6 +- .../security/crypto/codec/Base64.java | 16 +- .../asciidoc/_includes/servlet/web/csrf.adoc | 2 +- .../openid/OpenIDAuthenticationFilter.java | 4 +- ...SimpleHttpInvokerRequestExecutorTests.java | 8 +- .../resources/resources/js/jquery-1.8.3.js | 10 +- .../js/openid-client/jquery.query-2.1.3.js | 440 +++++++++--------- .../js/openid-client/jquery.query-2.1.3.js | 440 +++++++++--------- .../www/BasicAuthenticationFilter.java | 2 +- .../web/DefaultRedirectStrategyTests.java | 2 +- .../channel/RetryWithHttpEntryPointTests.java | 4 +- ...ctAuthenticationProcessingFilterTests.java | 4 +- ...LoginUrlAuthenticationEntryPointTests.java | 6 +- .../SimpleUrlLogoutSuccessHandlerTests.java | 4 +- 17 files changed, 475 insertions(+), 484 deletions(-) diff --git a/.github/ISSUE_REPLY_TEMPLATES.md b/.github/ISSUE_REPLY_TEMPLATES.md index 516f6d5d44..7ae32fcd82 100644 --- a/.github/ISSUE_REPLY_TEMPLATES.md +++ b/.github/ISSUE_REPLY_TEMPLATES.md @@ -3,5 +3,4 @@ It would be very helpful if you could provide a complete and minimal sample that reproduces the issue and share it via a GitHub repository. This will allow us to efficiently troubleshoot and help resolve the issue. The sample should contain the minimum amount of code to reproduce the issue along with detailed steps on how to reproduce. Please see the following references for what a complete and minimal sample should consist of. -- http://sscce.org/ - https://stackoverflow.com/help/mcve diff --git a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java index 1be4f07cc6..56f851ffd1 100644 --- a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java @@ -119,7 +119,7 @@ public class OpenIDConfigTests { OpenIDAuthenticationFilter openIDFilter = getFilter(OpenIDAuthenticationFilter.class); - String openIdEndpointUrl = "http://testopenid.com?openid.return_to="; + String openIdEndpointUrl = "https://testopenid.com?openid.return_to="; Set returnToUrlParameters = new HashSet<>(); returnToUrlParameters.add(AbstractRememberMeServices.DEFAULT_PARAMETER); openIDFilter.setReturnToUrlParameters(returnToUrlParameters); @@ -142,7 +142,7 @@ public class OpenIDConfigTests { .andExpect(content().string(containsString(AbstractRememberMeServices.DEFAULT_PARAMETER))); this.mvc.perform(get("/login/openid") - .param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, "http://ww1.openid.com") + .param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, "https://ww1.openid.com") .param(AbstractRememberMeServices.DEFAULT_PARAMETER, "on")) .andExpect(status().isFound()) .andExpect(redirectedUrl(openIdEndpointUrl + expectedReturnTo)); diff --git a/config/src/test/resources/org/springframework/security/config/http/HttpHeadersConfigTests-DefaultsDisabledWithPlaceholder.xml b/config/src/test/resources/org/springframework/security/config/http/HttpHeadersConfigTests-DefaultsDisabledWithPlaceholder.xml index f4739ba31a..3247888b31 100644 --- a/config/src/test/resources/org/springframework/security/config/http/HttpHeadersConfigTests-DefaultsDisabledWithPlaceholder.xml +++ b/config/src/test/resources/org/springframework/security/config/http/HttpHeadersConfigTests-DefaultsDisabledWithPlaceholder.xml @@ -6,7 +6,7 @@ ~ you may not use this file except in compliance with the License. ~ You may obtain a copy of the License at ~ - ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ https://www.apache.org/licenses/LICENSE-2.0 ~ ~ Unless required by applicable law or agreed to in writing, software ~ distributed under the License is distributed on an "AS IS" BASIS, @@ -20,9 +20,9 @@ xmlns="http://www.springframework.org/schema/security" xsi:schemaLocation=" http://www.springframework.org/schema/security - http://www.springframework.org/schema/security/spring-security.xsd + https://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/beans - http://www.springframework.org/schema/beans/spring-beans.xsd"> + https://www.springframework.org/schema/beans/spring-beans.xsd"> diff --git a/config/src/test/resources/org/springframework/security/config/http/HttpHeadersConfigTests-DisabledWithPlaceholder.xml b/config/src/test/resources/org/springframework/security/config/http/HttpHeadersConfigTests-DisabledWithPlaceholder.xml index 86dcc5dcb4..9f80169225 100644 --- a/config/src/test/resources/org/springframework/security/config/http/HttpHeadersConfigTests-DisabledWithPlaceholder.xml +++ b/config/src/test/resources/org/springframework/security/config/http/HttpHeadersConfigTests-DisabledWithPlaceholder.xml @@ -6,7 +6,7 @@ ~ you may not use this file except in compliance with the License. ~ You may obtain a copy of the License at ~ - ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ https://www.apache.org/licenses/LICENSE-2.0 ~ ~ Unless required by applicable law or agreed to in writing, software ~ distributed under the License is distributed on an "AS IS" BASIS, @@ -20,9 +20,9 @@ xmlns="http://www.springframework.org/schema/security" xsi:schemaLocation=" http://www.springframework.org/schema/security - http://www.springframework.org/schema/security/spring-security.xsd + https://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/beans - http://www.springframework.org/schema/beans/spring-beans.xsd"> + https://www.springframework.org/schema/beans/spring-beans.xsd"> diff --git a/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java b/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java index 8e07c87c7b..8269e5f313 100644 --- a/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java +++ b/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java @@ -44,8 +44,8 @@ public final class Base64 { /** * Encode using Base64-like encoding that is URL- and Filename-safe as described in * Section 4 of RFC3548: https://www.faqs - * .org/rfcs/rfc3548.html. It is important to note that data encoded this way is + * href="https://tools.ietf.org/html/rfc3548">https://tools.ietf.org/html/rfc3548. + * It is important to note that data encoded this way is * not officially valid Base64, or at the very least should not be called * Base64 without also specifying that is was encoded using the URL- and Filename-safe * dialect. @@ -53,9 +53,7 @@ public final class Base64 { public final static int URL_SAFE = 16; /** - * Encode using the special "ordered" dialect of Base64 described here: http://www.faqs.org/qa/rfcc-1940.html. + * Encode using the special "ordered" dialect of Base64. */ public final static int ORDERED = 32; @@ -131,7 +129,7 @@ public final class Base64 { /** * Used in the URL- and Filename-safe dialect described in Section 4 of RFC3548: http://www.faqs.org/rfcs/rfc3548.html. + * ="https://tools.ietf.org/html/rfc3548">https://tools.ietf.org/html/rfc3548. * Notice that the last two bytes become "hyphen" and "underscore" instead of "plus" * and "slash." */ @@ -191,12 +189,6 @@ public final class Base64 { /* ******** O R D E R E D B A S E 6 4 A L P H A B E T ******** */ - /** - * I don't get the point of this technique, but someone requested it, and it is - * described here: http://www.faqs.org/faqs/ - * qa/rfcc-1940.html. - */ private final static byte[] _ORDERED_ALPHABET = { (byte) '-', (byte) '0', (byte) '1', (byte) '2', (byte) '3', (byte) '4', (byte) '5', (byte) '6', (byte) '7', (byte) '8', (byte) '9', (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D', diff --git a/docs/manual/src/docs/asciidoc/_includes/servlet/web/csrf.adoc b/docs/manual/src/docs/asciidoc/_includes/servlet/web/csrf.adoc index 300229a3e6..957950a5f4 100644 --- a/docs/manual/src/docs/asciidoc/_includes/servlet/web/csrf.adoc +++ b/docs/manual/src/docs/asciidoc/_includes/servlet/web/csrf.adoc @@ -257,7 +257,7 @@ $(document).ajaxSend(function(e, xhr, options) { }); ---- -As an alternative to jQuery, we recommend using http://cujojs.com/[cujoJS's] rest.js. +As an alternative to jQuery, we recommend using https://github.com/cujojs[cujoJS's] rest.js. The https://github.com/cujojs/rest[rest.js] module provides advanced support for working with HTTP requests and responses in RESTful ways. A core capability is the ability to contextualize the HTTP client adding behavior as needed by chaining interceptors on to the client. diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java index de49db5a4a..430c707800 100644 --- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java +++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java @@ -254,8 +254,8 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing * * If no mapping is provided then the returnToUrl will be parsed to extract the * protocol, hostname and port followed by a trailing slash. This means that - * https://www.example.com/login/openid will automatically become - * http://www.example.com:80/ + * https://foo.example.com/login/openid will automatically become + * http://foo.example.com:80/ * * @param realmMapping containing returnToUrl -> realm mappings */ diff --git a/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java b/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java index d3d6f45db1..75ff09c916 100644 --- a/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java +++ b/remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java @@ -57,11 +57,11 @@ public class AuthenticationSimpleHttpInvokerRequestExecutorTests { // Create a connection and ensure our executor sets its // properties correctly AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor(); - HttpURLConnection conn = new MockHttpURLConnection(new URL("http://localhost/")); + HttpURLConnection conn = new MockHttpURLConnection(new URL("https://localhost/")); executor.prepareConnection(conn, 10); // Check connection properties - // See http://www.faqs.org/rfcs/rfc1945.html section 11.1 for example + // See https://tools.ietf.org/html/rfc1945 section 11.1 for example // we are comparing against assertThat(conn.getRequestProperty("Authorization")).isEqualTo( "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="); @@ -74,7 +74,7 @@ public class AuthenticationSimpleHttpInvokerRequestExecutorTests { // Create a connection and ensure our executor sets its // properties correctly AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor(); - HttpURLConnection conn = new MockHttpURLConnection(new URL("http://localhost/")); + HttpURLConnection conn = new MockHttpURLConnection(new URL("https://localhost/")); executor.prepareConnection(conn, 10); // Check connection properties (shouldn't be an Authorization header) @@ -91,7 +91,7 @@ public class AuthenticationSimpleHttpInvokerRequestExecutorTests { // Create a connection and ensure our executor sets its // properties correctly AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor(); - HttpURLConnection conn = new MockHttpURLConnection(new URL("http://localhost/")); + HttpURLConnection conn = new MockHttpURLConnection(new URL("https://localhost/")); executor.prepareConnection(conn, 10); // Check connection properties (shouldn't be an Authorization header) diff --git a/samples/javaconfig/hellojs/src/main/resources/resources/js/jquery-1.8.3.js b/samples/javaconfig/hellojs/src/main/resources/resources/js/jquery-1.8.3.js index 29d7a3efe7..5799710a74 100644 --- a/samples/javaconfig/hellojs/src/main/resources/resources/js/jquery-1.8.3.js +++ b/samples/javaconfig/hellojs/src/main/resources/resources/js/jquery-1.8.3.js @@ -881,7 +881,7 @@ jQuery.ready.promise = function( obj ) { try { // Use the trick by Diego Perini - // http://javascript.nwbox.com/IEContentLoaded/ + // https://javascript.nwbox.com/IEContentLoaded/ top.doScroll("left"); } catch(e) { return setTimeout( doScrollCheck, 50 ); @@ -1390,7 +1390,7 @@ jQuery.support = (function() { fragment.appendChild( div ); // Technique from Juriy Zaytsev - // http://perfectionkills.com/detecting-event-support-without-browser-sniffing/ + // https://perfectionkills.com/detecting-event-support-without-browser-sniffing/ // We only care about the case where non-standard event systems // are used, namely in IE. Short-circuiting here helps us to // avoid an eval call (in setAttribute) which can cause CSP @@ -1945,7 +1945,7 @@ jQuery.fn.extend({ }); }, // Based off of the plugin by Clint Helfers, with permission. - // http://blindsignals.com + // https://blindsignals.com delay: function( time, type ) { time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time; type = type || "fx"; @@ -6867,7 +6867,7 @@ if ( window.getComputedStyle ) { } // From the awesome hack by Dean Edwards - // http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291 + // https://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291 // If we're not dealing with a regular pixel number // but a number that has a weird ending, we need to convert it to pixels @@ -9469,4 +9469,4 @@ if ( typeof define === "function" && define.amd && define.amd.jQuery ) { define( "jquery", [], function () { return jQuery; } ); } -})( window ); \ No newline at end of file +})( window ); diff --git a/samples/javaconfig/openid/src/main/resources/resources/js/openid-client/jquery.query-2.1.3.js b/samples/javaconfig/openid/src/main/resources/resources/js/openid-client/jquery.query-2.1.3.js index 29611c080b..e4320a7622 100644 --- a/samples/javaconfig/openid/src/main/resources/resources/js/openid-client/jquery.query-2.1.3.js +++ b/samples/javaconfig/openid/src/main/resources/resources/js/openid-client/jquery.query-2.1.3.js @@ -1,220 +1,220 @@ -/** - * jQuery.query - Query String Modification and Creation for jQuery - * Written by Blair Mitchelmore (blair DOT mitchelmore AT gmail DOT com) - * Licensed under the WTFPL (http://www.wtfpl.net/). - * Date: 2009/02/08 - * - * @author Blair Mitchelmore - * @version 2.1.3 - * - **/ -new function(settings) { - // Various Settings - var $separator = settings.separator || '&'; - var $spaces = settings.spaces === false ? false : true; - var $suffix = settings.suffix === false ? '' : '[]'; - var $prefix = settings.prefix === false ? false : true; - var $hash = $prefix ? settings.hash === true ? "#" : "?" : ""; - var $numbers = settings.numbers === false ? false : true; - - jQuery.query = new function() { - var is = function(o, t) { - return o != undefined && o !== null && (!!t ? o.constructor == t : true); - }; - var parse = function(path) { - var m, rx = /\[([^[]*)\]/g, match = /^(\S+?)(\[\S*\])?$/.exec(path), base = match[1], tokens = []; - while (m = rx.exec(match[2])) tokens.push(m[1]); - return [base, tokens]; - }; - var set = function(target, tokens, value) { - var o, token = tokens.shift(); - if (typeof target != 'object') target = null; - if (token === "") { - if (!target) target = []; - if (is(target, Array)) { - target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value)); - } else if (is(target, Object)) { - var i = 0; - while (target[i++] != null); - target[--i] = tokens.length == 0 ? value : set(target[i], tokens.slice(0), value); - } else { - target = []; - target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value)); - } - } else if (token && token.match(/^\s*[0-9]+\s*$/)) { - var index = parseInt(token, 10); - if (!target) target = []; - target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value); - } else if (token) { - var index = token.replace(/^\s*|\s*$/g, ""); - if (!target) target = {}; - if (is(target, Array)) { - var temp = {}; - for (var i = 0; i < target.length; ++i) { - temp[i] = target[i]; - } - target = temp; - } - target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value); - } else { - return value; - } - return target; - }; - - var queryObject = function(a) { - var self = this; - self.keys = {}; - - if (a.queryObject) { - jQuery.each(a.get(), function(key, val) { - self.SET(key, val); - }); - } else { - jQuery.each(arguments, function() { - var q = "" + this; - q = decodeURIComponent(q); - q = q.replace(/^[?#]/,''); // remove any leading ? || # - q = q.replace(/[;&]$/,''); // remove any trailing & || ; - if ($spaces) q = q.replace(/[+]/g,' '); // replace +'s with spaces - - jQuery.each(q.split(/[&;]/), function(){ - var key = this.split('=')[0]; - var val = this.split('=')[1]; - - if (!key) return; - - if ($numbers) { - if (/^[+-]?[0-9]+\.[0-9]*$/.test(val)) // simple float regex - val = parseFloat(val); - else if (/^[+-]?[0-9]+$/.test(val)) // simple int regex - val = parseInt(val, 10); - } - - val = (!val && val !== 0) ? true : val; - - if (val !== false && val !== true && typeof val != 'number') - val = val; - - self.SET(key, val); - }); - }); - } - return self; - }; - - queryObject.prototype = { - queryObject: true, - has: function(key, type) { - var value = this.get(key); - return is(value, type); - }, - GET: function(key) { - if (!is(key)) return this.keys; - var parsed = parse(key), base = parsed[0], tokens = parsed[1]; - var target = this.keys[base]; - while (target != null && tokens.length != 0) { - target = target[tokens.shift()]; - } - return typeof target == 'number' ? target : target || ""; - }, - get: function(key) { - var target = this.GET(key); - if (is(target, Object)) - return jQuery.extend(true, {}, target); - else if (is(target, Array)) - return target.slice(0); - return target; - }, - SET: function(key, val) { - var value = !is(val) ? null : val; - var parsed = parse(key), base = parsed[0], tokens = parsed[1]; - var target = this.keys[base]; - this.keys[base] = set(target, tokens.slice(0), value); - return this; - }, - set: function(key, val) { - return this.copy().SET(key, val); - }, - REMOVE: function(key) { - return this.SET(key, null).COMPACT(); - }, - remove: function(key) { - return this.copy().REMOVE(key); - }, - EMPTY: function() { - var self = this; - jQuery.each(self.keys, function(key, value) { - delete self.keys[key]; - }); - return self; - }, - load: function(url) { - var hash = url.replace(/^.*?[#](.+?)(?:\?.+)?$/, "$1"); - var search = url.replace(/^.*?[?](.+?)(?:#.+)?$/, "$1"); - return new queryObject(url.length == search.length ? '' : search, url.length == hash.length ? '' : hash); - }, - empty: function() { - return this.copy().EMPTY(); - }, - copy: function() { - return new queryObject(this); - }, - COMPACT: function() { - function build(orig) { - var obj = typeof orig == "object" ? is(orig, Array) ? [] : {} : orig; - if (typeof orig == 'object') { - function add(o, key, value) { - if (is(o, Array)) - o.push(value); - else - o[key] = value; - } - jQuery.each(orig, function(key, value) { - if (!is(value)) return true; - add(obj, key, build(value)); - }); - } - return obj; - } - this.keys = build(this.keys); - return this; - }, - compact: function() { - return this.copy().COMPACT(); - }, - toString: function() { - var i = 0, queryString = [], chunks = [], self = this; - var addFields = function(arr, key, value) { - if (!is(value) || value === false) return; - var o = [encodeURIComponent(key)]; - if (value !== true) { - o.push("="); - o.push(encodeURIComponent(value)); - } - arr.push(o.join("")); - }; - var build = function(obj, base) { - var newKey = function(key) { - return !base || base == "" ? [key].join("") : [base, "[", key, "]"].join(""); - }; - jQuery.each(obj, function(key, value) { - if (typeof value == 'object') - build(value, newKey(key)); - else - addFields(chunks, newKey(key), value); - }); - }; - - build(this.keys); - - if (chunks.length > 0) queryString.push($hash); - queryString.push(chunks.join($separator)); - - return queryString.join(""); - } - }; - - return new queryObject(location.search, location.hash); - }; -}(jQuery.query || {}); // Pass in jQuery.query as settings object +/** + * jQuery.query - Query String Modification and Creation for jQuery + * Written by Blair Mitchelmore (blair DOT mitchelmore AT gmail DOT com) + * Licensed under the WTFPL (https://www.wtfpl.net/). + * Date: 2009/02/08 + * + * @author Blair Mitchelmore + * @version 2.1.3 + * + **/ +new function(settings) { + // Various Settings + var $separator = settings.separator || '&'; + var $spaces = settings.spaces === false ? false : true; + var $suffix = settings.suffix === false ? '' : '[]'; + var $prefix = settings.prefix === false ? false : true; + var $hash = $prefix ? settings.hash === true ? "#" : "?" : ""; + var $numbers = settings.numbers === false ? false : true; + + jQuery.query = new function() { + var is = function(o, t) { + return o != undefined && o !== null && (!!t ? o.constructor == t : true); + }; + var parse = function(path) { + var m, rx = /\[([^[]*)\]/g, match = /^(\S+?)(\[\S*\])?$/.exec(path), base = match[1], tokens = []; + while (m = rx.exec(match[2])) tokens.push(m[1]); + return [base, tokens]; + }; + var set = function(target, tokens, value) { + var o, token = tokens.shift(); + if (typeof target != 'object') target = null; + if (token === "") { + if (!target) target = []; + if (is(target, Array)) { + target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value)); + } else if (is(target, Object)) { + var i = 0; + while (target[i++] != null); + target[--i] = tokens.length == 0 ? value : set(target[i], tokens.slice(0), value); + } else { + target = []; + target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value)); + } + } else if (token && token.match(/^\s*[0-9]+\s*$/)) { + var index = parseInt(token, 10); + if (!target) target = []; + target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value); + } else if (token) { + var index = token.replace(/^\s*|\s*$/g, ""); + if (!target) target = {}; + if (is(target, Array)) { + var temp = {}; + for (var i = 0; i < target.length; ++i) { + temp[i] = target[i]; + } + target = temp; + } + target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value); + } else { + return value; + } + return target; + }; + + var queryObject = function(a) { + var self = this; + self.keys = {}; + + if (a.queryObject) { + jQuery.each(a.get(), function(key, val) { + self.SET(key, val); + }); + } else { + jQuery.each(arguments, function() { + var q = "" + this; + q = decodeURIComponent(q); + q = q.replace(/^[?#]/,''); // remove any leading ? || # + q = q.replace(/[;&]$/,''); // remove any trailing & || ; + if ($spaces) q = q.replace(/[+]/g,' '); // replace +'s with spaces + + jQuery.each(q.split(/[&;]/), function(){ + var key = this.split('=')[0]; + var val = this.split('=')[1]; + + if (!key) return; + + if ($numbers) { + if (/^[+-]?[0-9]+\.[0-9]*$/.test(val)) // simple float regex + val = parseFloat(val); + else if (/^[+-]?[0-9]+$/.test(val)) // simple int regex + val = parseInt(val, 10); + } + + val = (!val && val !== 0) ? true : val; + + if (val !== false && val !== true && typeof val != 'number') + val = val; + + self.SET(key, val); + }); + }); + } + return self; + }; + + queryObject.prototype = { + queryObject: true, + has: function(key, type) { + var value = this.get(key); + return is(value, type); + }, + GET: function(key) { + if (!is(key)) return this.keys; + var parsed = parse(key), base = parsed[0], tokens = parsed[1]; + var target = this.keys[base]; + while (target != null && tokens.length != 0) { + target = target[tokens.shift()]; + } + return typeof target == 'number' ? target : target || ""; + }, + get: function(key) { + var target = this.GET(key); + if (is(target, Object)) + return jQuery.extend(true, {}, target); + else if (is(target, Array)) + return target.slice(0); + return target; + }, + SET: function(key, val) { + var value = !is(val) ? null : val; + var parsed = parse(key), base = parsed[0], tokens = parsed[1]; + var target = this.keys[base]; + this.keys[base] = set(target, tokens.slice(0), value); + return this; + }, + set: function(key, val) { + return this.copy().SET(key, val); + }, + REMOVE: function(key) { + return this.SET(key, null).COMPACT(); + }, + remove: function(key) { + return this.copy().REMOVE(key); + }, + EMPTY: function() { + var self = this; + jQuery.each(self.keys, function(key, value) { + delete self.keys[key]; + }); + return self; + }, + load: function(url) { + var hash = url.replace(/^.*?[#](.+?)(?:\?.+)?$/, "$1"); + var search = url.replace(/^.*?[?](.+?)(?:#.+)?$/, "$1"); + return new queryObject(url.length == search.length ? '' : search, url.length == hash.length ? '' : hash); + }, + empty: function() { + return this.copy().EMPTY(); + }, + copy: function() { + return new queryObject(this); + }, + COMPACT: function() { + function build(orig) { + var obj = typeof orig == "object" ? is(orig, Array) ? [] : {} : orig; + if (typeof orig == 'object') { + function add(o, key, value) { + if (is(o, Array)) + o.push(value); + else + o[key] = value; + } + jQuery.each(orig, function(key, value) { + if (!is(value)) return true; + add(obj, key, build(value)); + }); + } + return obj; + } + this.keys = build(this.keys); + return this; + }, + compact: function() { + return this.copy().COMPACT(); + }, + toString: function() { + var i = 0, queryString = [], chunks = [], self = this; + var addFields = function(arr, key, value) { + if (!is(value) || value === false) return; + var o = [encodeURIComponent(key)]; + if (value !== true) { + o.push("="); + o.push(encodeURIComponent(value)); + } + arr.push(o.join("")); + }; + var build = function(obj, base) { + var newKey = function(key) { + return !base || base == "" ? [key].join("") : [base, "[", key, "]"].join(""); + }; + jQuery.each(obj, function(key, value) { + if (typeof value == 'object') + build(value, newKey(key)); + else + addFields(chunks, newKey(key), value); + }); + }; + + build(this.keys); + + if (chunks.length > 0) queryString.push($hash); + queryString.push(chunks.join($separator)); + + return queryString.join(""); + } + }; + + return new queryObject(location.search, location.hash); + }; +}(jQuery.query || {}); // Pass in jQuery.query as settings object diff --git a/samples/xml/openid/src/main/webapp/js/openid-client/jquery.query-2.1.3.js b/samples/xml/openid/src/main/webapp/js/openid-client/jquery.query-2.1.3.js index 29611c080b..e4320a7622 100644 --- a/samples/xml/openid/src/main/webapp/js/openid-client/jquery.query-2.1.3.js +++ b/samples/xml/openid/src/main/webapp/js/openid-client/jquery.query-2.1.3.js @@ -1,220 +1,220 @@ -/** - * jQuery.query - Query String Modification and Creation for jQuery - * Written by Blair Mitchelmore (blair DOT mitchelmore AT gmail DOT com) - * Licensed under the WTFPL (http://www.wtfpl.net/). - * Date: 2009/02/08 - * - * @author Blair Mitchelmore - * @version 2.1.3 - * - **/ -new function(settings) { - // Various Settings - var $separator = settings.separator || '&'; - var $spaces = settings.spaces === false ? false : true; - var $suffix = settings.suffix === false ? '' : '[]'; - var $prefix = settings.prefix === false ? false : true; - var $hash = $prefix ? settings.hash === true ? "#" : "?" : ""; - var $numbers = settings.numbers === false ? false : true; - - jQuery.query = new function() { - var is = function(o, t) { - return o != undefined && o !== null && (!!t ? o.constructor == t : true); - }; - var parse = function(path) { - var m, rx = /\[([^[]*)\]/g, match = /^(\S+?)(\[\S*\])?$/.exec(path), base = match[1], tokens = []; - while (m = rx.exec(match[2])) tokens.push(m[1]); - return [base, tokens]; - }; - var set = function(target, tokens, value) { - var o, token = tokens.shift(); - if (typeof target != 'object') target = null; - if (token === "") { - if (!target) target = []; - if (is(target, Array)) { - target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value)); - } else if (is(target, Object)) { - var i = 0; - while (target[i++] != null); - target[--i] = tokens.length == 0 ? value : set(target[i], tokens.slice(0), value); - } else { - target = []; - target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value)); - } - } else if (token && token.match(/^\s*[0-9]+\s*$/)) { - var index = parseInt(token, 10); - if (!target) target = []; - target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value); - } else if (token) { - var index = token.replace(/^\s*|\s*$/g, ""); - if (!target) target = {}; - if (is(target, Array)) { - var temp = {}; - for (var i = 0; i < target.length; ++i) { - temp[i] = target[i]; - } - target = temp; - } - target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value); - } else { - return value; - } - return target; - }; - - var queryObject = function(a) { - var self = this; - self.keys = {}; - - if (a.queryObject) { - jQuery.each(a.get(), function(key, val) { - self.SET(key, val); - }); - } else { - jQuery.each(arguments, function() { - var q = "" + this; - q = decodeURIComponent(q); - q = q.replace(/^[?#]/,''); // remove any leading ? || # - q = q.replace(/[;&]$/,''); // remove any trailing & || ; - if ($spaces) q = q.replace(/[+]/g,' '); // replace +'s with spaces - - jQuery.each(q.split(/[&;]/), function(){ - var key = this.split('=')[0]; - var val = this.split('=')[1]; - - if (!key) return; - - if ($numbers) { - if (/^[+-]?[0-9]+\.[0-9]*$/.test(val)) // simple float regex - val = parseFloat(val); - else if (/^[+-]?[0-9]+$/.test(val)) // simple int regex - val = parseInt(val, 10); - } - - val = (!val && val !== 0) ? true : val; - - if (val !== false && val !== true && typeof val != 'number') - val = val; - - self.SET(key, val); - }); - }); - } - return self; - }; - - queryObject.prototype = { - queryObject: true, - has: function(key, type) { - var value = this.get(key); - return is(value, type); - }, - GET: function(key) { - if (!is(key)) return this.keys; - var parsed = parse(key), base = parsed[0], tokens = parsed[1]; - var target = this.keys[base]; - while (target != null && tokens.length != 0) { - target = target[tokens.shift()]; - } - return typeof target == 'number' ? target : target || ""; - }, - get: function(key) { - var target = this.GET(key); - if (is(target, Object)) - return jQuery.extend(true, {}, target); - else if (is(target, Array)) - return target.slice(0); - return target; - }, - SET: function(key, val) { - var value = !is(val) ? null : val; - var parsed = parse(key), base = parsed[0], tokens = parsed[1]; - var target = this.keys[base]; - this.keys[base] = set(target, tokens.slice(0), value); - return this; - }, - set: function(key, val) { - return this.copy().SET(key, val); - }, - REMOVE: function(key) { - return this.SET(key, null).COMPACT(); - }, - remove: function(key) { - return this.copy().REMOVE(key); - }, - EMPTY: function() { - var self = this; - jQuery.each(self.keys, function(key, value) { - delete self.keys[key]; - }); - return self; - }, - load: function(url) { - var hash = url.replace(/^.*?[#](.+?)(?:\?.+)?$/, "$1"); - var search = url.replace(/^.*?[?](.+?)(?:#.+)?$/, "$1"); - return new queryObject(url.length == search.length ? '' : search, url.length == hash.length ? '' : hash); - }, - empty: function() { - return this.copy().EMPTY(); - }, - copy: function() { - return new queryObject(this); - }, - COMPACT: function() { - function build(orig) { - var obj = typeof orig == "object" ? is(orig, Array) ? [] : {} : orig; - if (typeof orig == 'object') { - function add(o, key, value) { - if (is(o, Array)) - o.push(value); - else - o[key] = value; - } - jQuery.each(orig, function(key, value) { - if (!is(value)) return true; - add(obj, key, build(value)); - }); - } - return obj; - } - this.keys = build(this.keys); - return this; - }, - compact: function() { - return this.copy().COMPACT(); - }, - toString: function() { - var i = 0, queryString = [], chunks = [], self = this; - var addFields = function(arr, key, value) { - if (!is(value) || value === false) return; - var o = [encodeURIComponent(key)]; - if (value !== true) { - o.push("="); - o.push(encodeURIComponent(value)); - } - arr.push(o.join("")); - }; - var build = function(obj, base) { - var newKey = function(key) { - return !base || base == "" ? [key].join("") : [base, "[", key, "]"].join(""); - }; - jQuery.each(obj, function(key, value) { - if (typeof value == 'object') - build(value, newKey(key)); - else - addFields(chunks, newKey(key), value); - }); - }; - - build(this.keys); - - if (chunks.length > 0) queryString.push($hash); - queryString.push(chunks.join($separator)); - - return queryString.join(""); - } - }; - - return new queryObject(location.search, location.hash); - }; -}(jQuery.query || {}); // Pass in jQuery.query as settings object +/** + * jQuery.query - Query String Modification and Creation for jQuery + * Written by Blair Mitchelmore (blair DOT mitchelmore AT gmail DOT com) + * Licensed under the WTFPL (https://www.wtfpl.net/). + * Date: 2009/02/08 + * + * @author Blair Mitchelmore + * @version 2.1.3 + * + **/ +new function(settings) { + // Various Settings + var $separator = settings.separator || '&'; + var $spaces = settings.spaces === false ? false : true; + var $suffix = settings.suffix === false ? '' : '[]'; + var $prefix = settings.prefix === false ? false : true; + var $hash = $prefix ? settings.hash === true ? "#" : "?" : ""; + var $numbers = settings.numbers === false ? false : true; + + jQuery.query = new function() { + var is = function(o, t) { + return o != undefined && o !== null && (!!t ? o.constructor == t : true); + }; + var parse = function(path) { + var m, rx = /\[([^[]*)\]/g, match = /^(\S+?)(\[\S*\])?$/.exec(path), base = match[1], tokens = []; + while (m = rx.exec(match[2])) tokens.push(m[1]); + return [base, tokens]; + }; + var set = function(target, tokens, value) { + var o, token = tokens.shift(); + if (typeof target != 'object') target = null; + if (token === "") { + if (!target) target = []; + if (is(target, Array)) { + target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value)); + } else if (is(target, Object)) { + var i = 0; + while (target[i++] != null); + target[--i] = tokens.length == 0 ? value : set(target[i], tokens.slice(0), value); + } else { + target = []; + target.push(tokens.length == 0 ? value : set(null, tokens.slice(0), value)); + } + } else if (token && token.match(/^\s*[0-9]+\s*$/)) { + var index = parseInt(token, 10); + if (!target) target = []; + target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value); + } else if (token) { + var index = token.replace(/^\s*|\s*$/g, ""); + if (!target) target = {}; + if (is(target, Array)) { + var temp = {}; + for (var i = 0; i < target.length; ++i) { + temp[i] = target[i]; + } + target = temp; + } + target[index] = tokens.length == 0 ? value : set(target[index], tokens.slice(0), value); + } else { + return value; + } + return target; + }; + + var queryObject = function(a) { + var self = this; + self.keys = {}; + + if (a.queryObject) { + jQuery.each(a.get(), function(key, val) { + self.SET(key, val); + }); + } else { + jQuery.each(arguments, function() { + var q = "" + this; + q = decodeURIComponent(q); + q = q.replace(/^[?#]/,''); // remove any leading ? || # + q = q.replace(/[;&]$/,''); // remove any trailing & || ; + if ($spaces) q = q.replace(/[+]/g,' '); // replace +'s with spaces + + jQuery.each(q.split(/[&;]/), function(){ + var key = this.split('=')[0]; + var val = this.split('=')[1]; + + if (!key) return; + + if ($numbers) { + if (/^[+-]?[0-9]+\.[0-9]*$/.test(val)) // simple float regex + val = parseFloat(val); + else if (/^[+-]?[0-9]+$/.test(val)) // simple int regex + val = parseInt(val, 10); + } + + val = (!val && val !== 0) ? true : val; + + if (val !== false && val !== true && typeof val != 'number') + val = val; + + self.SET(key, val); + }); + }); + } + return self; + }; + + queryObject.prototype = { + queryObject: true, + has: function(key, type) { + var value = this.get(key); + return is(value, type); + }, + GET: function(key) { + if (!is(key)) return this.keys; + var parsed = parse(key), base = parsed[0], tokens = parsed[1]; + var target = this.keys[base]; + while (target != null && tokens.length != 0) { + target = target[tokens.shift()]; + } + return typeof target == 'number' ? target : target || ""; + }, + get: function(key) { + var target = this.GET(key); + if (is(target, Object)) + return jQuery.extend(true, {}, target); + else if (is(target, Array)) + return target.slice(0); + return target; + }, + SET: function(key, val) { + var value = !is(val) ? null : val; + var parsed = parse(key), base = parsed[0], tokens = parsed[1]; + var target = this.keys[base]; + this.keys[base] = set(target, tokens.slice(0), value); + return this; + }, + set: function(key, val) { + return this.copy().SET(key, val); + }, + REMOVE: function(key) { + return this.SET(key, null).COMPACT(); + }, + remove: function(key) { + return this.copy().REMOVE(key); + }, + EMPTY: function() { + var self = this; + jQuery.each(self.keys, function(key, value) { + delete self.keys[key]; + }); + return self; + }, + load: function(url) { + var hash = url.replace(/^.*?[#](.+?)(?:\?.+)?$/, "$1"); + var search = url.replace(/^.*?[?](.+?)(?:#.+)?$/, "$1"); + return new queryObject(url.length == search.length ? '' : search, url.length == hash.length ? '' : hash); + }, + empty: function() { + return this.copy().EMPTY(); + }, + copy: function() { + return new queryObject(this); + }, + COMPACT: function() { + function build(orig) { + var obj = typeof orig == "object" ? is(orig, Array) ? [] : {} : orig; + if (typeof orig == 'object') { + function add(o, key, value) { + if (is(o, Array)) + o.push(value); + else + o[key] = value; + } + jQuery.each(orig, function(key, value) { + if (!is(value)) return true; + add(obj, key, build(value)); + }); + } + return obj; + } + this.keys = build(this.keys); + return this; + }, + compact: function() { + return this.copy().COMPACT(); + }, + toString: function() { + var i = 0, queryString = [], chunks = [], self = this; + var addFields = function(arr, key, value) { + if (!is(value) || value === false) return; + var o = [encodeURIComponent(key)]; + if (value !== true) { + o.push("="); + o.push(encodeURIComponent(value)); + } + arr.push(o.join("")); + }; + var build = function(obj, base) { + var newKey = function(key) { + return !base || base == "" ? [key].join("") : [base, "[", key, "]"].join(""); + }; + jQuery.each(obj, function(key, value) { + if (typeof value == 'object') + build(value, newKey(key)); + else + addFields(chunks, newKey(key), value); + }); + }; + + build(this.keys); + + if (chunks.length > 0) queryString.push($hash); + queryString.push(chunks.join($separator)); + + return queryString.join(""); + } + }; + + return new queryObject(location.search, location.hash); + }; +}(jQuery.query || {}); // Pass in jQuery.query as settings object diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java index 3646aa4bb8..1872d36793 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java @@ -46,7 +46,7 @@ import org.springframework.web.filter.OncePerRequestFilter; * *

* For a detailed background on what this filter is designed to process, refer to - * RFC 1945, Section 11.1. Any realm + * RFC 1945, Section 11.1. Any realm * name presented in the HTTP request is ignored. * *

diff --git a/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java b/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java index c542b070c9..925feb900d 100644 --- a/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java +++ b/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java @@ -52,7 +52,7 @@ public class DefaultRedirectStrategyTests { MockHttpServletResponse response = new MockHttpServletResponse(); rds.sendRedirect(request, response, - "https://http://context.blah.com/context/remainder"); + "https://context.blah.com/context/remainder"); assertThat(response.getRedirectedUrl()).isEqualTo("remainder"); } diff --git a/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java b/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java index 2cdece7c35..a4d2140d7e 100644 --- a/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java +++ b/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java @@ -85,7 +85,7 @@ public class RetryWithHttpEntryPointTests { "/bigWebApp/hello/pathInfo.html"); request.setQueryString("open=true"); request.setScheme("https"); - request.setServerName("www.example.com"); + request.setServerName("localhost"); request.setServerPort(443); MockHttpServletResponse response = new MockHttpServletResponse(); @@ -96,7 +96,7 @@ public class RetryWithHttpEntryPointTests { ep.commence(request, response); assertThat(response.getRedirectedUrl()).isEqualTo( - "http://www.example.com/bigWebApp/hello/pathInfo.html?open=true"); + "http://localhost/bigWebApp/hello/pathInfo.html?open=true"); } @Test diff --git a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java index 380d36c203..ccab24af43 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java @@ -385,7 +385,7 @@ public class AbstractAuthenticationProcessingFilterTests { MockHttpServletResponse response = new MockHttpServletResponse(); MockAuthenticationFilter filter = new MockAuthenticationFilter(false); - successHandler.setDefaultTargetUrl("http://monkeymachine.co.uk/"); + successHandler.setDefaultTargetUrl("https://monkeymachine.co.uk/"); filter.setAuthenticationSuccessHandler(successHandler); filter.doFilter(request, response, chain); @@ -409,7 +409,7 @@ public class AbstractAuthenticationProcessingFilterTests { ReflectionTestUtils.setField(filter, "logger", logger); filter.exceptionToThrow = new InternalAuthenticationServiceException( "Mock requested to do so"); - successHandler.setDefaultTargetUrl("http://monkeymachine.co.uk/"); + successHandler.setDefaultTargetUrl("https://monkeymachine.co.uk/"); filter.setAuthenticationSuccessHandler(successHandler); filter.doFilter(request, response, chain); diff --git a/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java index 1d8c2ac2a0..b78faee771 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java @@ -249,7 +249,7 @@ public class LoginUrlAuthenticationEntryPointTests { // SEC-1498 @Test public void absoluteLoginFormUrlIsSupported() throws Exception { - final String loginFormUrl = "http://somesite.com/login"; + final String loginFormUrl = "https://somesite.com/login"; LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint( loginFormUrl); ep.afterPropertiesSet(); @@ -260,9 +260,9 @@ public class LoginUrlAuthenticationEntryPointTests { @Test(expected = IllegalArgumentException.class) public void absoluteLoginFormUrlCantBeUsedWithForwarding() throws Exception { - final String loginFormUrl = "http://somesite.com/login"; + final String loginFormUrl = "https://somesite.com/login"; LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint( - "http://somesite.com/login"); + "https://somesite.com/login"); ep.setUseForward(true); ep.afterPropertiesSet(); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandlerTests.java index 3f22575552..4c0d417d6f 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandlerTests.java @@ -45,11 +45,11 @@ public class SimpleUrlLogoutSuccessHandlerTests { @Test public void absoluteUrlIsSupported() throws Exception { SimpleUrlLogoutSuccessHandler lsh = new SimpleUrlLogoutSuccessHandler(); - lsh.setDefaultTargetUrl("http://someurl.com/"); + lsh.setDefaultTargetUrl("https://someurl.com/"); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); lsh.onLogoutSuccess(request, response, mock(Authentication.class)); - assertThat(response.getRedirectedUrl()).isEqualTo("http://someurl.com/"); + assertThat(response.getRedirectedUrl()).isEqualTo("https://someurl.com/"); } }