Manual URL Cleanup

Author: jgrandja

.github/ISSUE_REPLY_TEMPLATES.md

@@ -3,5 +3,4 @@
 
 It would be very helpful if you could provide a complete and minimal sample that reproduces the issue and share it via a GitHub repository. This will allow us to efficiently troubleshoot and help resolve the issue. The sample should contain the minimum amount of code to reproduce the issue along with detailed steps on how to reproduce. Please see the following references for what a complete and minimal sample should consist of.
 
-- http://sscce.org/
 - https://stackoverflow.com/help/mcve

config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java

@@ -119,7 +119,7 @@ public void requestWhenOpenIDAndRememberMeConfiguredThenRememberMePassedToIdp()
 
 		OpenIDAuthenticationFilter openIDFilter = getFilter(OpenIDAuthenticationFilter.class);
 
-		String openIdEndpointUrl = "http://testopenid.com?openid.return_to=";
+		String openIdEndpointUrl = "https://testopenid.com?openid.return_to=";
 		Set<String> returnToUrlParameters = new HashSet<>();
 		returnToUrlParameters.add(AbstractRememberMeServices.DEFAULT_PARAMETER);
 		openIDFilter.setReturnToUrlParameters(returnToUrlParameters);
@@ -142,7 +142,7 @@ public void requestWhenOpenIDAndRememberMeConfiguredThenRememberMePassedToIdp()
 				.andExpect(content().string(containsString(AbstractRememberMeServices.DEFAULT_PARAMETER)));
 
 		this.mvc.perform(get("/login/openid")
-				.param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, "http://ww1.openid.com")
+				.param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, "https://ww1.openid.com")
 				.param(AbstractRememberMeServices.DEFAULT_PARAMETER, "on"))
 				.andExpect(status().isFound())
 				.andExpect(redirectedUrl(openIdEndpointUrl + expectedReturnTo));

config/src/test/resources/org/springframework/security/config/http/HttpHeadersConfigTests-DefaultsDisabledWithPlaceholder.xml

@@ -6,7 +6,7 @@
   ~ you may not use this file except in compliance with the License.
   ~ You may obtain a copy of the License at
   ~
-  ~      http://www.apache.org/licenses/LICENSE-2.0
+  ~      https://www.apache.org/licenses/LICENSE-2.0
   ~
   ~ Unless required by applicable law or agreed to in writing, software
   ~ distributed under the License is distributed on an "AS IS" BASIS,
@@ -20,9 +20,9 @@
 		xmlns="http://www.springframework.org/schema/security"
 		xsi:schemaLocation="
 			http://www.springframework.org/schema/security
-			http://www.springframework.org/schema/security/spring-security.xsd
+			https://www.springframework.org/schema/security/spring-security.xsd
 			http://www.springframework.org/schema/beans
-			http://www.springframework.org/schema/beans/spring-beans.xsd">
+			https://www.springframework.org/schema/beans/spring-beans.xsd">
 
 	<http auto-config="true">
 		<headers defaults-disabled="${security.headers.defaults.disabled}"/>

config/src/test/resources/org/springframework/security/config/http/HttpHeadersConfigTests-DisabledWithPlaceholder.xml

@@ -6,7 +6,7 @@
   ~ you may not use this file except in compliance with the License.
   ~ You may obtain a copy of the License at
   ~
-  ~      http://www.apache.org/licenses/LICENSE-2.0
+  ~      https://www.apache.org/licenses/LICENSE-2.0
   ~
   ~ Unless required by applicable law or agreed to in writing, software
   ~ distributed under the License is distributed on an "AS IS" BASIS,
@@ -20,9 +20,9 @@
 		xmlns="http://www.springframework.org/schema/security"
 		xsi:schemaLocation="
 			http://www.springframework.org/schema/security
-			http://www.springframework.org/schema/security/spring-security.xsd
+			https://www.springframework.org/schema/security/spring-security.xsd
 			http://www.springframework.org/schema/beans
-			http://www.springframework.org/schema/beans/spring-beans.xsd">
+			https://www.springframework.org/schema/beans/spring-beans.xsd">
 
 	<http auto-config="true">
 		<headers disabled="${security.headers.disabled}" />

crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java

@@ -44,18 +44,16 @@ public final class Base64 {
 	/**
 	 * Encode using Base64-like encoding that is URL- and Filename-safe as described in
 	 * Section 4 of RFC3548: <a
-	 * href="http://www.faqs.org/rfcs/rfc3548.html">https://www.faqs
-	 * .org/rfcs/rfc3548.html</a>. It is important to note that data encoded this way is
+	 * href="https://tools.ietf.org/html/rfc3548">https://tools.ietf.org/html/rfc3548</a>.
+	 * It is important to note that data encoded this way is
 	 * <em>not</em> officially valid Base64, or at the very least should not be called
 	 * Base64 without also specifying that is was encoded using the URL- and Filename-safe
 	 * dialect.
 	 */
 	public final static int URL_SAFE = 16;
 
 	/**
-	 * Encode using the special "ordered" dialect of Base64 described here: <a
-	 * href="http://www.faqs.org/qa/rfcc-1940.html"
-	 * >http://www.faqs.org/qa/rfcc-1940.html</a>.
+	 * Encode using the special "ordered" dialect of Base64.
 	 */
 	public final static int ORDERED = 32;
 
@@ -131,7 +129,7 @@ public final class Base64 {
 	/**
 	 * Used in the URL- and Filename-safe dialect described in Section 4 of RFC3548: <a
 	 * href
-	 * ="http://www.faqs.org/rfcs/rfc3548.html">http://www.faqs.org/rfcs/rfc3548.html</a>.
+	 * ="https://tools.ietf.org/html/rfc3548">https://tools.ietf.org/html/rfc3548</a>.
 	 * Notice that the last two bytes become "hyphen" and "underscore" instead of "plus"
 	 * and "slash."
 	 */
@@ -191,12 +189,6 @@ public final class Base64 {
 
 	/* ******** O R D E R E D B A S E 6 4 A L P H A B E T ******** */
 
-	/**
-	 * I don't get the point of this technique, but someone requested it, and it is
-	 * described here: <a
-	 * href="http://www.faqs.org/qa/rfcc-1940.html">http://www.faqs.org/faqs/
-	 * qa/rfcc-1940.html</a>.
-	 */
 	private final static byte[] _ORDERED_ALPHABET = { (byte) '-', (byte) '0', (byte) '1',
 			(byte) '2', (byte) '3', (byte) '4', (byte) '5', (byte) '6', (byte) '7',
 			(byte) '8', (byte) '9', (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D',

docs/manual/src/docs/asciidoc/_includes/servlet/web/csrf.adoc

@@ -257,7 +257,7 @@ $(document).ajaxSend(function(e, xhr, options) {
 });
 ----
 
-As an alternative to jQuery, we recommend using http://cujojs.com/[cujoJS's] rest.js.
+As an alternative to jQuery, we recommend using https://github.com/cujojs[cujoJS's] rest.js.
 The https://github.com/cujojs/rest[rest.js] module provides advanced support for working with HTTP requests and responses in RESTful ways.
 A core capability is the ability to contextualize the HTTP client adding behavior as needed by chaining interceptors on to the client.
 

openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java

@@ -254,8 +254,8 @@ protected String obtainUsername(HttpServletRequest req) {
 	 *
 	 * If no mapping is provided then the returnToUrl will be parsed to extract the
 	 * protocol, hostname and port followed by a trailing slash. This means that
-	 * <tt>https://www.example.com/login/openid</tt> will automatically become
-	 * <tt>http://www.example.com:80/</tt>
+	 * <tt>https://foo.example.com/login/openid</tt> will automatically become
+	 * <tt>http://foo.example.com:80/</tt>
 	 *
 	 * @param realmMapping containing returnToUrl -&gt; realm mappings
 	 */

remoting/src/test/java/org/springframework/security/remoting/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutorTests.java

@@ -57,11 +57,11 @@ public void testNormalOperation() throws Exception {
 		// Create a connection and ensure our executor sets its
 		// properties correctly
 		AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor();
-		HttpURLConnection conn = new MockHttpURLConnection(new URL("http://localhost/"));
+		HttpURLConnection conn = new MockHttpURLConnection(new URL("https://localhost/"));
 		executor.prepareConnection(conn, 10);
 
 		// Check connection properties
-		// See http://www.faqs.org/rfcs/rfc1945.html section 11.1 for example
+		// See https://tools.ietf.org/html/rfc1945 section 11.1 for example
 		// we are comparing against
 		assertThat(conn.getRequestProperty("Authorization")).isEqualTo(
 				"Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==");
@@ -74,7 +74,7 @@ public void testNullContextHolderIsNull() throws Exception {
 		// Create a connection and ensure our executor sets its
 		// properties correctly
 		AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor();
-		HttpURLConnection conn = new MockHttpURLConnection(new URL("http://localhost/"));
+		HttpURLConnection conn = new MockHttpURLConnection(new URL("https://localhost/"));
 		executor.prepareConnection(conn, 10);
 
 		// Check connection properties (shouldn't be an Authorization header)
@@ -91,7 +91,7 @@ public void testNullContextHolderWhenAnonymous() throws Exception {
 		// Create a connection and ensure our executor sets its
 		// properties correctly
 		AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor();
-		HttpURLConnection conn = new MockHttpURLConnection(new URL("http://localhost/"));
+		HttpURLConnection conn = new MockHttpURLConnection(new URL("https://localhost/"));
 		executor.prepareConnection(conn, 10);
 
 		// Check connection properties (shouldn't be an Authorization header)

samples/javaconfig/hellojs/src/main/resources/resources/js/jquery-1.8.3.js

@@ -881,7 +881,7 @@ jQuery.ready.promise = function( obj ) {
 
 						try {
 							// Use the trick by Diego Perini
-							// http://javascript.nwbox.com/IEContentLoaded/
+							// https://javascript.nwbox.com/IEContentLoaded/
 							top.doScroll("left");
 						} catch(e) {
 							return setTimeout( doScrollCheck, 50 );
@@ -1390,7 +1390,7 @@ jQuery.support = (function() {
 	fragment.appendChild( div );
 
 	// Technique from Juriy Zaytsev
-	// http://perfectionkills.com/detecting-event-support-without-browser-sniffing/
+	// https://perfectionkills.com/detecting-event-support-without-browser-sniffing/
 	// We only care about the case where non-standard event systems
 	// are used, namely in IE. Short-circuiting here helps us to
 	// avoid an eval call (in setAttribute) which can cause CSP
@@ -1945,7 +1945,7 @@ jQuery.fn.extend({
 		});
 	},
 	// Based off of the plugin by Clint Helfers, with permission.
-	// http://blindsignals.com
+	// https://blindsignals.com
 	delay: function( time, type ) {
 		time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time;
 		type = type || "fx";
@@ -6867,7 +6867,7 @@ if ( window.getComputedStyle ) {
 		}
 
 		// From the awesome hack by Dean Edwards
-		// http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291
+		// https://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291
 
 		// If we're not dealing with a regular pixel number
 		// but a number that has a weird ending, we need to convert it to pixels
@@ -9469,4 +9469,4 @@ if ( typeof define === "function" && define.amd && define.amd.jQuery ) {
 	define( "jquery", [], function () { return jQuery; } );
 }
 
-})( window );
+})( window );