From 65d5f332e93ebaa2b11702a72597603daa4614d3 Mon Sep 17 00:00:00 2001 From: Dave Syer Date: Tue, 3 May 2016 15:17:00 +0100 Subject: [PATCH 001/345] Publish authentication events in OAuth2 client authentication filter The filter processing authentications but doesn't publish regular AuthenticationSuccessEvent (or failure events). It only ever publishes the (unrelated) InteractiveAuthenticationSuccessEvent which is not a subclass, and is used in a different way by consumers. Normally such events are published by an AuthenticationManager but there isn't one in this filter. Fixes gh-744 --- .../OAuth2AuthenticationFailureEvent.java | 33 +++++++++++++++++++ ...2ClientAuthenticationProcessingFilter.java | 26 +++++++++++++-- 2 files changed, 57 insertions(+), 2 deletions(-) create mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/OAuth2AuthenticationFailureEvent.java diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/OAuth2AuthenticationFailureEvent.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/OAuth2AuthenticationFailureEvent.java new file mode 100644 index 000000000..9d3c4f0ed --- /dev/null +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/OAuth2AuthenticationFailureEvent.java @@ -0,0 +1,33 @@ +package org.springframework.security.oauth2.client.filter; + +import org.springframework.security.authentication.AbstractAuthenticationToken; +import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent; +import org.springframework.security.core.AuthenticationException; + +@SuppressWarnings("serial") +public class OAuth2AuthenticationFailureEvent extends AbstractAuthenticationFailureEvent { + + public OAuth2AuthenticationFailureEvent(AuthenticationException exception) { + super(new FailedOAuthClientAuthentication(), exception); + } + +} + +@SuppressWarnings("serial") +class FailedOAuthClientAuthentication extends AbstractAuthenticationToken { + + public FailedOAuthClientAuthentication() { + super(null); + } + + @Override + public Object getCredentials() { + return ""; + } + + @Override + public Object getPrincipal() { + return "UNKNOWN"; + } + +} \ No newline at end of file diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/OAuth2ClientAuthenticationProcessingFilter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/OAuth2ClientAuthenticationProcessingFilter.java index 6fd1a6e27..b616712ce 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/OAuth2ClientAuthenticationProcessingFilter.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/OAuth2ClientAuthenticationProcessingFilter.java @@ -23,9 +23,12 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.context.ApplicationEvent; +import org.springframework.context.ApplicationEventPublisher; import org.springframework.security.authentication.AuthenticationDetailsSource; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.BadCredentialsException; +import org.springframework.security.authentication.event.AuthenticationSuccessEvent; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.oauth2.client.OAuth2RestOperations; @@ -55,6 +58,8 @@ public class OAuth2ClientAuthenticationProcessingFilter extends AbstractAuthenti private AuthenticationDetailsSource authenticationDetailsSource = new OAuth2AuthenticationDetailsSource(); + private ApplicationEventPublisher eventPublisher; + /** * Reference to a CheckTokenServices that can validate an OAuth2AccessToken * @@ -73,6 +78,12 @@ public void setRestTemplate(OAuth2RestOperations restTemplate) { this.restTemplate = restTemplate; } + @Override + public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher) { + this.eventPublisher = eventPublisher; + super.setApplicationEventPublisher(eventPublisher); + } + public OAuth2ClientAuthenticationProcessingFilter(String defaultFilterProcessesUrl) { super(defaultFilterProcessesUrl); setAuthenticationManager(new NoopAuthenticationManager()); @@ -93,7 +104,9 @@ public Authentication attemptAuthentication(HttpServletRequest request, HttpServ try { accessToken = restTemplate.getAccessToken(); } catch (OAuth2Exception e) { - throw new BadCredentialsException("Could not obtain access token", e); + BadCredentialsException bad = new BadCredentialsException("Could not obtain access token", e); + publish(new OAuth2AuthenticationFailureEvent(bad)); + throw bad; } try { OAuth2Authentication result = tokenServices.loadAuthentication(accessToken.getValue()); @@ -102,13 +115,22 @@ public Authentication attemptAuthentication(HttpServletRequest request, HttpServ request.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_TYPE, accessToken.getTokenType()); result.setDetails(authenticationDetailsSource.buildDetails(request)); } + publish(new AuthenticationSuccessEvent(result)); return result; } catch (InvalidTokenException e) { - throw new BadCredentialsException("Could not obtain user details from token", e); + BadCredentialsException bad = new BadCredentialsException("Could not obtain user details from token", e); + publish(new OAuth2AuthenticationFailureEvent(bad)); + throw bad; } } + + private void publish(ApplicationEvent event) { + if (eventPublisher!=null) { + eventPublisher.publishEvent(event); + } + } @Override protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, From a924e1047b05960202610f05a48810242e54b4ad Mon Sep 17 00:00:00 2001 From: Dave Syer Date: Tue, 3 May 2016 15:35:00 +0100 Subject: [PATCH 002/345] Remove global anoymous authenticator from resource server config It is quite difficult (if not impossible) to configure a resource server to authenticate some of its resources not using OAuth2 without this change. The global authentication manager should never be anonymous generally, so it's better not to provide one at all than try and guess what the default should be. Fixes gh-737 --- .../ResourceServerConfiguration.java | 10 +- .../ResourceServerConfigurationTests.java | 119 +++++++----------- 2 files changed, 44 insertions(+), 85 deletions(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfiguration.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfiguration.java index 177bb287e..a88431b84 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfiguration.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfiguration.java @@ -29,7 +29,6 @@ import org.springframework.core.Ordered; import org.springframework.security.authentication.AnonymousAuthenticationProvider; import org.springframework.security.authentication.AuthenticationEventPublisher; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; @@ -114,13 +113,6 @@ private String getRequestPath(HttpServletRequest request) { } - @Autowired - protected void init(AuthenticationManagerBuilder builder) { - if (!builder.isConfigured()) { - builder.authenticationProvider(new AnonymousAuthenticationProvider("default")); - } - } - @Override protected void configure(HttpSecurity http) throws Exception { ResourceServerSecurityConfigurer resources = new ResourceServerSecurityConfigurer(); @@ -143,7 +135,7 @@ else if (endpoints != null) { configurer.configure(resources); } // @formatter:off - http + http.authenticationProvider(new AnonymousAuthenticationProvider("default")) // N.B. exceptionHandling is duplicated in resources.configure() so that // it works .exceptionHandling() diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/ResourceServerConfigurationTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/ResourceServerConfigurationTests.java index 3fc6257f3..cfad8b586 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/ResourceServerConfigurationTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/ResourceServerConfigurationTests.java @@ -21,9 +21,11 @@ import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.mock.web.MockServletContext; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; @@ -75,12 +77,9 @@ public class ResourceServerConfigurationTests { @Before public void init() { token = new DefaultOAuth2AccessToken("FOO"); - ClientDetails client = new BaseClientDetails("client", null, "read", - "client_credentials", "ROLE_CLIENT"); + ClientDetails client = new BaseClientDetails("client", null, "read", "client_credentials", "ROLE_CLIENT"); authentication = new OAuth2Authentication( - new TokenRequest(null, "client", null, "client_credentials") - .createOAuth2Request(client), - null); + new TokenRequest(null, "client", null, "client_credentials").createOAuth2Request(client), null); tokenStore.clear(); } @@ -91,18 +90,12 @@ public void testDefaults() throws Exception { context.setServletContext(new MockServletContext()); context.register(ResourceServerContext.class); context.refresh(); - MockMvc mvc = MockMvcBuilders - .webAppContextSetup(context) - .addFilters( - new DelegatingFilterProxy(context.getBean( - "springSecurityFilterChain", Filter.class))) + MockMvc mvc = MockMvcBuilders.webAppContextSetup(context) + .addFilters(new DelegatingFilterProxy(context.getBean("springSecurityFilterChain", Filter.class))) .build(); - mvc.perform(MockMvcRequestBuilders.get("/")).andExpect( - MockMvcResultMatchers.status().isUnauthorized()); - mvc.perform( - MockMvcRequestBuilders.get("/").header("Authorization", - "Bearer FOO")).andExpect( - MockMvcResultMatchers.status().isNotFound()); + mvc.perform(MockMvcRequestBuilders.get("/")).andExpect(MockMvcResultMatchers.status().isUnauthorized()); + mvc.perform(MockMvcRequestBuilders.get("/").header("Authorization", "Bearer FOO")) + .andExpect(MockMvcResultMatchers.status().isNotFound()); context.close(); } @@ -131,18 +124,12 @@ public void testCustomTokenServices() throws Exception { context.setServletContext(new MockServletContext()); context.register(TokenServicesContext.class); context.refresh(); - MockMvc mvc = MockMvcBuilders - .webAppContextSetup(context) - .addFilters( - new DelegatingFilterProxy(context.getBean( - "springSecurityFilterChain", Filter.class))) + MockMvc mvc = MockMvcBuilders.webAppContextSetup(context) + .addFilters(new DelegatingFilterProxy(context.getBean("springSecurityFilterChain", Filter.class))) .build(); - mvc.perform(MockMvcRequestBuilders.get("/")).andExpect( - MockMvcResultMatchers.status().isUnauthorized()); - mvc.perform( - MockMvcRequestBuilders.get("/").header("Authorization", - "Bearer FOO")).andExpect( - MockMvcResultMatchers.status().isNotFound()); + mvc.perform(MockMvcRequestBuilders.get("/")).andExpect(MockMvcResultMatchers.status().isUnauthorized()); + mvc.perform(MockMvcRequestBuilders.get("/").header("Authorization", "Bearer FOO")) + .andExpect(MockMvcResultMatchers.status().isNotFound()); context.close(); } @@ -153,16 +140,11 @@ public void testCustomTokenExtractor() throws Exception { context.setServletContext(new MockServletContext()); context.register(TokenExtractorContext.class); context.refresh(); - MockMvc mvc = MockMvcBuilders - .webAppContextSetup(context) - .addFilters( - new DelegatingFilterProxy(context.getBean( - "springSecurityFilterChain", Filter.class))) + MockMvc mvc = MockMvcBuilders.webAppContextSetup(context) + .addFilters(new DelegatingFilterProxy(context.getBean("springSecurityFilterChain", Filter.class))) .build(); - mvc.perform( - MockMvcRequestBuilders.get("/").header("Authorization", - "Bearer BAR")).andExpect( - MockMvcResultMatchers.status().isNotFound()); + mvc.perform(MockMvcRequestBuilders.get("/").header("Authorization", "Bearer BAR")) + .andExpect(MockMvcResultMatchers.status().isNotFound()); context.close(); } @@ -173,18 +155,13 @@ public void testCustomExpressionHandler() throws Exception { context.setServletContext(new MockServletContext()); context.register(ExpressionHandlerContext.class); context.refresh(); - MockMvc mvc = MockMvcBuilders - .webAppContextSetup(context) - .addFilters( - new DelegatingFilterProxy(context.getBean( - "springSecurityFilterChain", Filter.class))) + MockMvc mvc = MockMvcBuilders.webAppContextSetup(context) + .addFilters(new DelegatingFilterProxy(context.getBean("springSecurityFilterChain", Filter.class))) .build(); expected.expect(IllegalArgumentException.class); expected.expectMessage("#oauth2"); - mvc.perform( - MockMvcRequestBuilders.get("/").header("Authorization", - "Bearer FOO")).andExpect( - MockMvcResultMatchers.status().isUnauthorized()); + mvc.perform(MockMvcRequestBuilders.get("/").header("Authorization", "Bearer FOO")) + .andExpect(MockMvcResultMatchers.status().isUnauthorized()); context.close(); } @@ -195,16 +172,11 @@ public void testCustomAuthenticationEntryPoint() throws Exception { context.setServletContext(new MockServletContext()); context.register(AuthenticationEntryPointContext.class); context.refresh(); - MockMvc mvc = MockMvcBuilders - .webAppContextSetup(context) - .addFilters( - new DelegatingFilterProxy(context.getBean( - "springSecurityFilterChain", Filter.class))) + MockMvc mvc = MockMvcBuilders.webAppContextSetup(context) + .addFilters(new DelegatingFilterProxy(context.getBean("springSecurityFilterChain", Filter.class))) .build(); - mvc.perform( - MockMvcRequestBuilders.get("/").header("Authorization", - "Bearer FOO")).andExpect( - MockMvcResultMatchers.status().isFound()); + mvc.perform(MockMvcRequestBuilders.get("/").header("Authorization", "Bearer FOO")) + .andExpect(MockMvcResultMatchers.status().isFound()); context.close(); } @@ -222,11 +194,9 @@ public TokenStore tokenStore() { @EnableResourceServer @EnableAuthorizationServer @EnableWebSecurity - protected static class ResourceServerAndAuthorizationServerContext extends - AuthorizationServerConfigurerAdapter { + protected static class ResourceServerAndAuthorizationServerContext extends AuthorizationServerConfigurerAdapter { @Override - public void configure(ClientDetailsServiceConfigurer clients) - throws Exception { + public void configure(ClientDetailsServiceConfigurer clients) throws Exception { clients.inMemory(); } } @@ -239,17 +209,20 @@ public void configure(ClientDetailsServiceConfigurer clients) protected static class ResourceServerAndAuthorizationServerContextAndGlobalMethodSecurity extends AuthorizationServerConfigurerAdapter { @Override - public void configure(ClientDetailsServiceConfigurer clients) - throws Exception { + public void configure(ClientDetailsServiceConfigurer clients) throws Exception { clients.inMemory(); } + + @Autowired + public void setup(AuthenticationManagerBuilder builder) throws Exception { + builder.inMemoryAuthentication().withUser("user").password("password").roles("USER"); + } } @Configuration @EnableResourceServer @EnableWebSecurity - protected static class AuthenticationEntryPointContext extends - ResourceServerConfigurerAdapter { + protected static class AuthenticationEntryPointContext extends ResourceServerConfigurerAdapter { @Override public void configure(HttpSecurity http) throws Exception { @@ -257,8 +230,7 @@ public void configure(HttpSecurity http) throws Exception { } @Override - public void configure(ResourceServerSecurityConfigurer resources) - throws Exception { + public void configure(ResourceServerSecurityConfigurer resources) throws Exception { resources.authenticationEntryPoint(authenticationEntryPoint()); } @@ -271,11 +243,9 @@ private AuthenticationEntryPoint authenticationEntryPoint() { @Configuration @EnableResourceServer @EnableWebSecurity - protected static class TokenExtractorContext extends - ResourceServerConfigurerAdapter { + protected static class TokenExtractorContext extends ResourceServerConfigurerAdapter { @Override - public void configure(ResourceServerSecurityConfigurer resources) - throws Exception { + public void configure(ResourceServerSecurityConfigurer resources) throws Exception { resources.tokenExtractor(new TokenExtractor() { @Override @@ -299,13 +269,10 @@ public TokenStore tokenStore() { @Configuration @EnableResourceServer @EnableWebSecurity - protected static class ExpressionHandlerContext extends - ResourceServerConfigurerAdapter { + protected static class ExpressionHandlerContext extends ResourceServerConfigurerAdapter { @Override - public void configure(ResourceServerSecurityConfigurer resources) - throws Exception { - resources - .expressionHandler(new DefaultWebSecurityExpressionHandler()); + public void configure(ResourceServerSecurityConfigurer resources) throws Exception { + resources.expressionHandler(new DefaultWebSecurityExpressionHandler()); } @Override @@ -327,8 +294,8 @@ protected static class TokenServicesContext { @Bean protected ClientDetailsService clientDetailsService() { InMemoryClientDetailsService service = new InMemoryClientDetailsService(); - service.setClientDetailsStore(Collections.singletonMap("client", - new BaseClientDetails("client", null, null, null, null))); + service.setClientDetailsStore( + Collections.singletonMap("client", new BaseClientDetails("client", null, null, null, null))); return service; } From 1d102f19cb4ce2a5af60a0fd6ec83eb207a3dcba Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Thu, 5 May 2016 11:41:03 -0500 Subject: [PATCH 003/345] Remove Embedded Redis Embedded Redis is unreliable to start in various OS's. Specifically, it does not start successfully in the CI environment. This commit removes embedded Redis and requires the user to be running Redis to run the tests. In order to support running the tests on a Redis instance that is shared between tests we also ensure we use unique ids for tests. Issues gh-748 --- spring-security-oauth2/pom.xml | 7 ------- .../token/store/TokenStoreBaseTests.java | 19 ++++++++++++------- .../redis/RedisTokenStorePrefixTests.java | 17 +---------------- .../store/redis/RedisTokenStoreTests.java | 17 +---------------- 4 files changed, 14 insertions(+), 46 deletions(-) diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml index cae1ed9d5..ad3d0f269 100644 --- a/spring-security-oauth2/pom.xml +++ b/spring-security-oauth2/pom.xml @@ -221,13 +221,6 @@ test - - com.orange.redis-embedded - embedded-redis - 0.6 - test - - diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/TokenStoreBaseTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/TokenStoreBaseTests.java index 9f8cf26a3..4872da3e7 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/TokenStoreBaseTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/TokenStoreBaseTests.java @@ -16,6 +16,7 @@ import java.util.Collection; import java.util.Date; +import java.util.UUID; import org.junit.Test; import org.springframework.security.authentication.AbstractAuthenticationToken; @@ -98,21 +99,24 @@ public void testRetrieveAccessToken() { @Test public void testFindAccessTokensByClientIdAndUserName() { - OAuth2Authentication expectedAuthentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request("id", false), new TestAuthentication("test2", false)); + String clientId = "id" + UUID.randomUUID(); + String name = "test2" + UUID.randomUUID(); + OAuth2Authentication expectedAuthentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request(clientId, false), new TestAuthentication(name, false)); OAuth2AccessToken expectedOAuth2AccessToken = new DefaultOAuth2AccessToken("testToken"); getTokenStore().storeAccessToken(expectedOAuth2AccessToken, expectedAuthentication); - Collection actualOAuth2AccessTokens = getTokenStore().findTokensByClientIdAndUserName("id", "test2"); + Collection actualOAuth2AccessTokens = getTokenStore().findTokensByClientIdAndUserName(clientId, name); assertEquals(1, actualOAuth2AccessTokens.size()); } @Test public void testFindAccessTokensByClientId() { - OAuth2Authentication expectedAuthentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request("id", false), new TestAuthentication("test2", false)); + String clientId = "id" + UUID.randomUUID(); + OAuth2Authentication expectedAuthentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request(clientId, false), new TestAuthentication("test2", false)); OAuth2AccessToken expectedOAuth2AccessToken = new DefaultOAuth2AccessToken("testToken"); getTokenStore().storeAccessToken(expectedOAuth2AccessToken, expectedAuthentication); - Collection actualOAuth2AccessTokens = getTokenStore().findTokensByClientId("id"); + Collection actualOAuth2AccessTokens = getTokenStore().findTokensByClientId(clientId); assertEquals(1, actualOAuth2AccessTokens.size()); } @@ -139,15 +143,16 @@ public void testRefreshTokenIsNotStoredDuringAccessToken() { * NB: This used to test expiring refresh tokens. That test has been moved to sub-classes since not all stores support the functionality */ public void testStoreRefreshToken() { - DefaultOAuth2RefreshToken expectedRefreshToken = new DefaultOAuth2RefreshToken("testToken"); + String refreshToken = "testToken" + UUID.randomUUID(); + DefaultOAuth2RefreshToken expectedRefreshToken = new DefaultOAuth2RefreshToken(refreshToken); OAuth2Authentication expectedAuthentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request("id", false), new TestAuthentication("test2", false)); getTokenStore().storeRefreshToken(expectedRefreshToken, expectedAuthentication); - OAuth2RefreshToken actualExpiringRefreshToken = getTokenStore().readRefreshToken("testToken"); + OAuth2RefreshToken actualExpiringRefreshToken = getTokenStore().readRefreshToken(refreshToken); assertEquals(expectedRefreshToken, actualExpiringRefreshToken); assertEquals(expectedAuthentication, getTokenStore().readAuthenticationForRefreshToken(expectedRefreshToken)); getTokenStore().removeRefreshToken(expectedRefreshToken); - assertNull(getTokenStore().readRefreshToken("testToken")); + assertNull(getTokenStore().readRefreshToken(refreshToken)); assertNull(getTokenStore().readAuthentication(expectedRefreshToken.getValue())); } diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStorePrefixTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStorePrefixTests.java index b3563d435..be3fd740b 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStorePrefixTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStorePrefixTests.java @@ -5,8 +5,6 @@ import java.util.Date; import java.util.UUID; -import org.junit.After; -import org.junit.Assume; import org.junit.Before; import org.junit.Test; import org.springframework.data.redis.connection.jedis.JedisConnectionFactory; @@ -21,7 +19,6 @@ import org.springframework.security.oauth2.provider.token.store.TokenStoreBaseTests; import redis.clients.jedis.JedisShardInfo; -import redis.embedded.RedisServer; /** * @author efenderbosch @@ -29,7 +26,6 @@ public class RedisTokenStorePrefixTests extends TokenStoreBaseTests { private RedisTokenStore tokenStore; - private RedisServer redisServer; @Override public TokenStore getTokenStore() { @@ -38,23 +34,12 @@ public TokenStore getTokenStore() { @Before public void setup() throws Exception { - try { - redisServer = new RedisServer(); - } catch (Exception e) { - Assume.assumeNoException("Embedded Redis not starting", e); - } - redisServer.start(); - JedisShardInfo shardInfo = new JedisShardInfo("localhost", redisServer.getPort()); + JedisShardInfo shardInfo = new JedisShardInfo("localhost"); JedisConnectionFactory connectionFactory = new JedisConnectionFactory(shardInfo); tokenStore = new RedisTokenStore(connectionFactory); tokenStore.setPrefix("spring:oauth2:"); } - @After - public void tearDown() throws Exception { - redisServer.stop(); - } - @Test public void testExpiringRefreshToken() throws InterruptedException { String refreshToken = UUID.randomUUID().toString(); diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreTests.java index 55cd8a9b7..8476fb893 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreTests.java @@ -5,8 +5,6 @@ import java.util.Date; import java.util.UUID; -import org.junit.After; -import org.junit.Assume; import org.junit.Before; import org.junit.Test; import org.springframework.data.redis.connection.jedis.JedisConnectionFactory; @@ -21,7 +19,6 @@ import org.springframework.security.oauth2.provider.token.store.TokenStoreBaseTests; import redis.clients.jedis.JedisShardInfo; -import redis.embedded.RedisServer; /** * @author efenderbosch @@ -29,7 +26,6 @@ public class RedisTokenStoreTests extends TokenStoreBaseTests { private RedisTokenStore tokenStore; - private RedisServer redisServer; @Override public TokenStore getTokenStore() { @@ -38,22 +34,11 @@ public TokenStore getTokenStore() { @Before public void setup() throws Exception { - try { - redisServer = new RedisServer(); - } catch (Exception e) { - Assume.assumeNoException("Embedded Redis not starting", e); - } - redisServer.start(); - JedisShardInfo shardInfo = new JedisShardInfo("localhost", redisServer.getPort()); + JedisShardInfo shardInfo = new JedisShardInfo("localhost"); JedisConnectionFactory connectionFactory = new JedisConnectionFactory(shardInfo); tokenStore = new RedisTokenStore(connectionFactory); } - @After - public void tearDown() throws Exception { - redisServer.stop(); - } - @Test public void testExpiringRefreshToken() throws InterruptedException { String refreshToken = UUID.randomUUID().toString(); From 08d4a0de5da3e45756646aaff828d9c4456c3d39 Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Thu, 5 May 2016 13:05:31 -0500 Subject: [PATCH 004/345] Add redis to .travis Fixes gh-752 --- .travis.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.travis.yml b/.travis.yml index 53ebd0ee7..6b687043d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,5 +1,8 @@ language: java +services: + - redis-server + install: mvn -U install --quiet -DskipTests=true -P bootstrap script: mvn clean test -P bootstrap From 24f0e74550b56811fdf9800e55cf74a49acceb0b Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Thu, 5 May 2016 17:08:05 -0500 Subject: [PATCH 005/345] Change Log Levels to WARN Travis fails if there are too many logs. This commit changes the log levels to WARN. Issue gh-752 --- .../oauth/sparklr/src/main/resources/simplelog.properties | 4 ++-- .../oauth/tonr/src/main/resources/simplelog.properties | 5 ++--- .../sparklr/src/main/resources/simplelog.properties | 8 ++------ .../oauth2/tonr/src/main/resources/simplelog.properties | 8 ++------ .../src/test/resources/commons-logging.properties | 2 ++ .../src/test/resources/simplelog.properties | 2 ++ .../src/test/resources/commons-logging.properties | 2 ++ .../src/test/resources/simplelog.properties | 2 ++ .../approval/src/test/resources/logback-test.xml | 5 +++++ .../annotation/client/src/test/resources/logback-test.xml | 5 +++++ tests/annotation/common/src/main/resources/logback.xml | 5 +++++ .../annotation/common/src/test/resources/logback-test.xml | 5 +++++ .../src/test/resources/logback-test.xml | 5 +++++ .../custom-grant/src/test/resources/logback-test.xml | 5 +++++ tests/annotation/form/src/main/resources/application.yml | 2 +- tests/annotation/form/src/test/resources/logback-test.xml | 5 +++++ tests/annotation/jaxb/src/test/resources/logback-test.xml | 5 +++++ tests/annotation/jdbc/src/test/resources/logback-test.xml | 5 +++++ tests/annotation/jpa/src/test/resources/logback-test.xml | 5 +++++ tests/annotation/jwt/src/test/resources/logback-test.xml | 5 +++++ .../mappings/src/test/resources/logback-test.xml | 5 +++++ .../annotation/multi/src/test/resources/logback-test.xml | 5 +++++ tests/annotation/resource/src/main/resources/logback.xml | 7 ------- .../resource/src/test/resources/logback-test.xml | 5 +++++ tests/annotation/ssl/src/test/resources/logback-test.xml | 5 +++++ .../annotation/vanilla/src/main/resources/application.yml | 2 +- .../vanilla/src/test/resources/logback-test.xml | 5 +++++ .../common/src/main/resources/commons-logging.properties | 2 ++ tests/xml/common/src/main/resources/logback.xml | 5 +++++ tests/xml/common/src/main/resources/simplelog.properties | 2 ++ tests/xml/common/src/test/resources/logback-test.xml | 5 +++++ tests/xml/jdbc/src/main/resources/application.yml | 2 +- 32 files changed, 113 insertions(+), 27 deletions(-) create mode 100644 spring-security-oauth/src/test/resources/commons-logging.properties create mode 100644 spring-security-oauth/src/test/resources/simplelog.properties create mode 100644 spring-security-oauth2/src/test/resources/commons-logging.properties create mode 100644 spring-security-oauth2/src/test/resources/simplelog.properties create mode 100644 tests/annotation/approval/src/test/resources/logback-test.xml create mode 100644 tests/annotation/client/src/test/resources/logback-test.xml create mode 100644 tests/annotation/common/src/main/resources/logback.xml create mode 100644 tests/annotation/common/src/test/resources/logback-test.xml create mode 100644 tests/annotation/custom-authentication/src/test/resources/logback-test.xml create mode 100644 tests/annotation/custom-grant/src/test/resources/logback-test.xml create mode 100644 tests/annotation/form/src/test/resources/logback-test.xml create mode 100644 tests/annotation/jaxb/src/test/resources/logback-test.xml create mode 100644 tests/annotation/jdbc/src/test/resources/logback-test.xml create mode 100644 tests/annotation/jpa/src/test/resources/logback-test.xml create mode 100644 tests/annotation/jwt/src/test/resources/logback-test.xml create mode 100644 tests/annotation/mappings/src/test/resources/logback-test.xml create mode 100644 tests/annotation/multi/src/test/resources/logback-test.xml delete mode 100644 tests/annotation/resource/src/main/resources/logback.xml create mode 100644 tests/annotation/resource/src/test/resources/logback-test.xml create mode 100644 tests/annotation/ssl/src/test/resources/logback-test.xml create mode 100644 tests/annotation/vanilla/src/test/resources/logback-test.xml create mode 100644 tests/xml/common/src/main/resources/commons-logging.properties create mode 100644 tests/xml/common/src/main/resources/logback.xml create mode 100644 tests/xml/common/src/main/resources/simplelog.properties create mode 100644 tests/xml/common/src/test/resources/logback-test.xml diff --git a/samples/oauth/sparklr/src/main/resources/simplelog.properties b/samples/oauth/sparklr/src/main/resources/simplelog.properties index dfba30062..cba65bf4c 100644 --- a/samples/oauth/sparklr/src/main/resources/simplelog.properties +++ b/samples/oauth/sparklr/src/main/resources/simplelog.properties @@ -1,2 +1,2 @@ -org.apache.commons.logging.simplelog.defaultlog=info -org.apache.commons.logging.simplelog.log.org.springframework.security=debug +org.apache.commons.logging.simplelog.defaultlog=warn +#org.apache.commons.logging.simplelog.log.org.springframework.security=debug diff --git a/samples/oauth/tonr/src/main/resources/simplelog.properties b/samples/oauth/tonr/src/main/resources/simplelog.properties index 0bcd02751..cba65bf4c 100644 --- a/samples/oauth/tonr/src/main/resources/simplelog.properties +++ b/samples/oauth/tonr/src/main/resources/simplelog.properties @@ -1,3 +1,2 @@ -org.apache.commons.logging.simplelog.defaultlog=info -org.apache.commons.logging.simplelog.log.org.springframework.security.oauth=info -org.apache.commons.logging.simplelog.log.org.springframework.web=debug +org.apache.commons.logging.simplelog.defaultlog=warn +#org.apache.commons.logging.simplelog.log.org.springframework.security=debug diff --git a/samples/oauth2/sparklr/src/main/resources/simplelog.properties b/samples/oauth2/sparklr/src/main/resources/simplelog.properties index 62efffc15..cba65bf4c 100644 --- a/samples/oauth2/sparklr/src/main/resources/simplelog.properties +++ b/samples/oauth2/sparklr/src/main/resources/simplelog.properties @@ -1,6 +1,2 @@ -org.apache.commons.logging.simplelog.defaultlog=info -org.apache.commons.logging.simplelog.showdatetime=true -org.apache.commons.logging.simplelog.dateTimeFormat='sparklr2' HH:mm:ss.SSS -#org.apache.commons.logging.simplelog.log.org.springframework.web=debug -org.apache.commons.logging.simplelog.log.org.springframework.security=debug -org.apache.commons.logging.simplelog.log.org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource=info +org.apache.commons.logging.simplelog.defaultlog=warn +#org.apache.commons.logging.simplelog.log.org.springframework.security=debug diff --git a/samples/oauth2/tonr/src/main/resources/simplelog.properties b/samples/oauth2/tonr/src/main/resources/simplelog.properties index 0894cf565..cba65bf4c 100644 --- a/samples/oauth2/tonr/src/main/resources/simplelog.properties +++ b/samples/oauth2/tonr/src/main/resources/simplelog.properties @@ -1,6 +1,2 @@ -org.apache.commons.logging.simplelog.defaultlog=info -org.apache.commons.logging.simplelog.showdatetime=true -org.apache.commons.logging.simplelog.dateTimeFormat='tonr2' HH:mm:ss.SSS -org.apache.commons.logging.simplelog.log.org.springframework.security=debug -#org.apache.commons.logging.simplelog.log.org.springframework.security.oauth=info -org.apache.commons.logging.simplelog.log.org.springframework.web=debug +org.apache.commons.logging.simplelog.defaultlog=warn +#org.apache.commons.logging.simplelog.log.org.springframework.security=debug diff --git a/spring-security-oauth/src/test/resources/commons-logging.properties b/spring-security-oauth/src/test/resources/commons-logging.properties new file mode 100644 index 000000000..e60535218 --- /dev/null +++ b/spring-security-oauth/src/test/resources/commons-logging.properties @@ -0,0 +1,2 @@ +org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.LogFactoryImpl +org.apache.commons.logging.Log=org.apache.commons.logging.impl.SimpleLog \ No newline at end of file diff --git a/spring-security-oauth/src/test/resources/simplelog.properties b/spring-security-oauth/src/test/resources/simplelog.properties new file mode 100644 index 000000000..cba65bf4c --- /dev/null +++ b/spring-security-oauth/src/test/resources/simplelog.properties @@ -0,0 +1,2 @@ +org.apache.commons.logging.simplelog.defaultlog=warn +#org.apache.commons.logging.simplelog.log.org.springframework.security=debug diff --git a/spring-security-oauth2/src/test/resources/commons-logging.properties b/spring-security-oauth2/src/test/resources/commons-logging.properties new file mode 100644 index 000000000..e60535218 --- /dev/null +++ b/spring-security-oauth2/src/test/resources/commons-logging.properties @@ -0,0 +1,2 @@ +org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.LogFactoryImpl +org.apache.commons.logging.Log=org.apache.commons.logging.impl.SimpleLog \ No newline at end of file diff --git a/spring-security-oauth2/src/test/resources/simplelog.properties b/spring-security-oauth2/src/test/resources/simplelog.properties new file mode 100644 index 000000000..cba65bf4c --- /dev/null +++ b/spring-security-oauth2/src/test/resources/simplelog.properties @@ -0,0 +1,2 @@ +org.apache.commons.logging.simplelog.defaultlog=warn +#org.apache.commons.logging.simplelog.log.org.springframework.security=debug diff --git a/tests/annotation/approval/src/test/resources/logback-test.xml b/tests/annotation/approval/src/test/resources/logback-test.xml new file mode 100644 index 000000000..0255bdde8 --- /dev/null +++ b/tests/annotation/approval/src/test/resources/logback-test.xml @@ -0,0 +1,5 @@ + + + + + \ No newline at end of file diff --git a/tests/annotation/client/src/test/resources/logback-test.xml b/tests/annotation/client/src/test/resources/logback-test.xml new file mode 100644 index 000000000..0255bdde8 --- /dev/null +++ b/tests/annotation/client/src/test/resources/logback-test.xml @@ -0,0 +1,5 @@ + + + + + \ No newline at end of file diff --git a/tests/annotation/common/src/main/resources/logback.xml b/tests/annotation/common/src/main/resources/logback.xml new file mode 100644 index 000000000..0255bdde8 --- /dev/null +++ b/tests/annotation/common/src/main/resources/logback.xml @@ -0,0 +1,5 @@ + + + + + \ No newline at end of file diff --git a/tests/annotation/common/src/test/resources/logback-test.xml b/tests/annotation/common/src/test/resources/logback-test.xml new file mode 100644 index 000000000..0255bdde8 --- /dev/null +++ b/tests/annotation/common/src/test/resources/logback-test.xml @@ -0,0 +1,5 @@ + + + + + \ No newline at end of file diff --git a/tests/annotation/custom-authentication/src/test/resources/logback-test.xml b/tests/annotation/custom-authentication/src/test/resources/logback-test.xml new file mode 100644 index 000000000..0255bdde8 --- /dev/null +++ b/tests/annotation/custom-authentication/src/test/resources/logback-test.xml @@ -0,0 +1,5 @@ + + + + + \ No newline at end of file diff --git a/tests/annotation/custom-grant/src/test/resources/logback-test.xml b/tests/annotation/custom-grant/src/test/resources/logback-test.xml new file mode 100644 index 000000000..0255bdde8 --- /dev/null +++ b/tests/annotation/custom-grant/src/test/resources/logback-test.xml @@ -0,0 +1,5 @@ + + + + + \ No newline at end of file diff --git a/tests/annotation/form/src/main/resources/application.yml b/tests/annotation/form/src/main/resources/application.yml index d557a07c4..dbb4d4d3e 100644 --- a/tests/annotation/form/src/main/resources/application.yml +++ b/tests/annotation/form/src/main/resources/application.yml @@ -8,5 +8,5 @@ security: password: password logging: level: - org.springframework.security: DEBUG + org.springframework.security: WARN \ No newline at end of file diff --git a/tests/annotation/form/src/test/resources/logback-test.xml b/tests/annotation/form/src/test/resources/logback-test.xml new file mode 100644 index 000000000..0255bdde8 --- /dev/null +++ b/tests/annotation/form/src/test/resources/logback-test.xml @@ -0,0 +1,5 @@ + + + + + \ No newline at end of file diff --git a/tests/annotation/jaxb/src/test/resources/logback-test.xml b/tests/annotation/jaxb/src/test/resources/logback-test.xml new file mode 100644 index 000000000..0255bdde8 --- /dev/null +++ b/tests/annotation/jaxb/src/test/resources/logback-test.xml @@ -0,0 +1,5 @@ + + + + + \ No newline at end of file diff --git a/tests/annotation/jdbc/src/test/resources/logback-test.xml b/tests/annotation/jdbc/src/test/resources/logback-test.xml new file mode 100644 index 000000000..0255bdde8 --- /dev/null +++ b/tests/annotation/jdbc/src/test/resources/logback-test.xml @@ -0,0 +1,5 @@ + + + + + \ No newline at end of file diff --git a/tests/annotation/jpa/src/test/resources/logback-test.xml b/tests/annotation/jpa/src/test/resources/logback-test.xml new file mode 100644 index 000000000..0255bdde8 --- /dev/null +++ b/tests/annotation/jpa/src/test/resources/logback-test.xml @@ -0,0 +1,5 @@ + + + + + \ No newline at end of file diff --git a/tests/annotation/jwt/src/test/resources/logback-test.xml b/tests/annotation/jwt/src/test/resources/logback-test.xml new file mode 100644 index 000000000..0255bdde8 --- /dev/null +++ b/tests/annotation/jwt/src/test/resources/logback-test.xml @@ -0,0 +1,5 @@ + + + + + \ No newline at end of file diff --git a/tests/annotation/mappings/src/test/resources/logback-test.xml b/tests/annotation/mappings/src/test/resources/logback-test.xml new file mode 100644 index 000000000..0255bdde8 --- /dev/null +++ b/tests/annotation/mappings/src/test/resources/logback-test.xml @@ -0,0 +1,5 @@ + + + + + \ No newline at end of file diff --git a/tests/annotation/multi/src/test/resources/logback-test.xml b/tests/annotation/multi/src/test/resources/logback-test.xml new file mode 100644 index 000000000..0255bdde8 --- /dev/null +++ b/tests/annotation/multi/src/test/resources/logback-test.xml @@ -0,0 +1,5 @@ + + + + + \ No newline at end of file diff --git a/tests/annotation/resource/src/main/resources/logback.xml b/tests/annotation/resource/src/main/resources/logback.xml deleted file mode 100644 index f33dc9241..000000000 --- a/tests/annotation/resource/src/main/resources/logback.xml +++ /dev/null @@ -1,7 +0,0 @@ - - - - - - - diff --git a/tests/annotation/resource/src/test/resources/logback-test.xml b/tests/annotation/resource/src/test/resources/logback-test.xml new file mode 100644 index 000000000..0255bdde8 --- /dev/null +++ b/tests/annotation/resource/src/test/resources/logback-test.xml @@ -0,0 +1,5 @@ + + + + + \ No newline at end of file diff --git a/tests/annotation/ssl/src/test/resources/logback-test.xml b/tests/annotation/ssl/src/test/resources/logback-test.xml new file mode 100644 index 000000000..0255bdde8 --- /dev/null +++ b/tests/annotation/ssl/src/test/resources/logback-test.xml @@ -0,0 +1,5 @@ + + + + + \ No newline at end of file diff --git a/tests/annotation/vanilla/src/main/resources/application.yml b/tests/annotation/vanilla/src/main/resources/application.yml index a7c74036e..5414a20b3 100644 --- a/tests/annotation/vanilla/src/main/resources/application.yml +++ b/tests/annotation/vanilla/src/main/resources/application.yml @@ -8,4 +8,4 @@ security: password: password logging: level: - org.springframework.security: DEBUG \ No newline at end of file + org.springframework.security: WARN \ No newline at end of file diff --git a/tests/annotation/vanilla/src/test/resources/logback-test.xml b/tests/annotation/vanilla/src/test/resources/logback-test.xml new file mode 100644 index 000000000..0255bdde8 --- /dev/null +++ b/tests/annotation/vanilla/src/test/resources/logback-test.xml @@ -0,0 +1,5 @@ + + + + + \ No newline at end of file diff --git a/tests/xml/common/src/main/resources/commons-logging.properties b/tests/xml/common/src/main/resources/commons-logging.properties new file mode 100644 index 000000000..e60535218 --- /dev/null +++ b/tests/xml/common/src/main/resources/commons-logging.properties @@ -0,0 +1,2 @@ +org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.LogFactoryImpl +org.apache.commons.logging.Log=org.apache.commons.logging.impl.SimpleLog \ No newline at end of file diff --git a/tests/xml/common/src/main/resources/logback.xml b/tests/xml/common/src/main/resources/logback.xml new file mode 100644 index 000000000..0255bdde8 --- /dev/null +++ b/tests/xml/common/src/main/resources/logback.xml @@ -0,0 +1,5 @@ + + + + + \ No newline at end of file diff --git a/tests/xml/common/src/main/resources/simplelog.properties b/tests/xml/common/src/main/resources/simplelog.properties new file mode 100644 index 000000000..cba65bf4c --- /dev/null +++ b/tests/xml/common/src/main/resources/simplelog.properties @@ -0,0 +1,2 @@ +org.apache.commons.logging.simplelog.defaultlog=warn +#org.apache.commons.logging.simplelog.log.org.springframework.security=debug diff --git a/tests/xml/common/src/test/resources/logback-test.xml b/tests/xml/common/src/test/resources/logback-test.xml new file mode 100644 index 000000000..0255bdde8 --- /dev/null +++ b/tests/xml/common/src/test/resources/logback-test.xml @@ -0,0 +1,5 @@ + + + + + \ No newline at end of file diff --git a/tests/xml/jdbc/src/main/resources/application.yml b/tests/xml/jdbc/src/main/resources/application.yml index 2712a551f..729b49baf 100644 --- a/tests/xml/jdbc/src/main/resources/application.yml +++ b/tests/xml/jdbc/src/main/resources/application.yml @@ -8,7 +8,7 @@ security: password: password logging: level: -# org.springframework.security: DEBUG +# org.springframework.security: WARN # org.springframework.web: DEBUG # org.springframework.jdbc: DEBUG From 3b3a1d6c66ec306e48e17f2a7caebb3a5ed6d963 Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Thu, 5 May 2016 17:31:08 -0500 Subject: [PATCH 006/345] Make Javadoc quiet Travis fails if the logs are too large. This commit changes the javadoc to quiet. Issue gh-752 --- pom.xml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/pom.xml b/pom.xml index a5689e37b..ee5ef8f32 100644 --- a/pom.xml +++ b/pom.xml @@ -51,7 +51,7 @@ http://www.apache.org/licenses/LICENSE-2.0.txt - + stoicflame @@ -308,6 +308,9 @@ maven-javadoc-plugin 2.9.1 + + true + javadoc @@ -347,8 +350,8 @@ - org.apache.maven.plugins maven-eclipse-plugin @@ -395,7 +398,7 @@ **/*Tests.java - + From e30a7af8b1a98fe858fbf1c1448e4b88c3ea6c4a Mon Sep 17 00:00:00 2001 From: Anatolijs Mozgovs Date: Thu, 31 Mar 2016 17:51:10 +0300 Subject: [PATCH 007/345] Changing reference to Sparkl OAuth 1 sample app, so that mvn tomcat7:run command would work correctly. Fixing Github issue 732 (https://github.com/spring-projects/spring-security-oauth/issues/732) --- samples/oauth/tonr/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/samples/oauth/tonr/pom.xml b/samples/oauth/tonr/pom.xml index 14ed8904b..07c3b2496 100644 --- a/samples/oauth/tonr/pom.xml +++ b/samples/oauth/tonr/pom.xml @@ -33,7 +33,7 @@ true - /sparklr2 + /sparklr ${project.groupId} sparklr ${project.version} From 3ba30c7c7c1db345102b93df52de461c58e345a6 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Thu, 12 May 2016 14:45:41 -0400 Subject: [PATCH 008/345] Fix link to Java Config Samples Fixes gh-758 --- tests/xml/README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/xml/README.md b/tests/xml/README.md index 5afaf63dd..22ebde8b5 100644 --- a/tests/xml/README.md +++ b/tests/xml/README.md @@ -6,8 +6,7 @@ OAuth clients and servers, but only using XML for the Spring OAuth bits. Since Spring Security cannot be used with a mixture of `@Configuration` and XML this is probably not the nicest way to do things (pure XML or pure Java would probably be better). Pure Java -versions of the same apps can be found -[here](https://github.com/dsyer/spring-oauth-integration-tests). +versions of the same apps can be found [here](../annotation). ## Building and Running From 778f7758ad869f318008cd97bd89b22908002758 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Thu, 12 May 2016 16:18:28 -0400 Subject: [PATCH 009/345] Fix subdomain matching in DefaultRedirectResolver Fixes gh-747 --- .../endpoint/DefaultRedirectResolver.java | 16 ++++++++-------- .../endpoint/DefaultRedirectResolverTests.java | 18 +++++++++++++++++- 2 files changed, 25 insertions(+), 9 deletions(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolver.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolver.java index 4c7fb3176..57bfe0d34 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolver.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolver.java @@ -15,13 +15,6 @@ */ package org.springframework.security.oauth2.provider.endpoint; -import java.net.MalformedURLException; -import java.net.URL; -import java.util.Arrays; -import java.util.Collection; -import java.util.HashSet; -import java.util.Set; - import org.springframework.security.oauth2.common.exceptions.InvalidGrantException; import org.springframework.security.oauth2.common.exceptions.InvalidRequestException; import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; @@ -30,6 +23,13 @@ import org.springframework.util.Assert; import org.springframework.util.StringUtils; +import java.net.MalformedURLException; +import java.net.URL; +import java.util.Arrays; +import java.util.Collection; +import java.util.HashSet; +import java.util.Set; + /** * Default implementation for a redirect resolver. * @@ -132,7 +132,7 @@ protected boolean redirectMatches(String requestedRedirect, String redirectUri) */ protected boolean hostMatches(String registered, String requested) { if (matchSubdomains) { - return requested.endsWith(registered); + return registered.equals(requested) || requested.endsWith("." + registered); } return registered.equals(requested); } diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolverTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolverTests.java index f5985e1a8..a0738809b 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolverTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolverTests.java @@ -23,7 +23,6 @@ import org.springframework.security.oauth2.common.exceptions.InvalidGrantException; import org.springframework.security.oauth2.common.exceptions.RedirectMismatchException; import org.springframework.security.oauth2.provider.client.BaseClientDetails; -import org.springframework.security.oauth2.provider.endpoint.DefaultRedirectResolver; /** * @author Dave Syer @@ -108,4 +107,21 @@ public void testRedirectNotMatchingWithTraversal() throws Exception { assertEquals(redirectUris.iterator().next(), resolver.resolveRedirect(requestedRedirect, client)); } + // gh-747 + @Test(expected = RedirectMismatchException.class) + public void testRedirectNotMatchingSubdomain() throws Exception { + Set redirectUris = new HashSet(Arrays.asList("http://anywhere.com/foo")); + client.setRegisteredRedirectUri(redirectUris); + resolver.resolveRedirect("http://2anywhere.com/foo", client); + } + + // gh-747 + @Test + public void testRedirectMatchingSubdomain() throws Exception { + Set redirectUris = new HashSet(Arrays.asList("http://anywhere.com/foo")); + String requestedRedirect = "http://2.anywhere.com/foo"; + client.setRegisteredRedirectUri(redirectUris); + assertEquals(requestedRedirect, resolver.resolveRedirect(requestedRedirect, client)); + } + } From 3cc9b24ed6b75faa8384da8196231d753cdc79e5 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Thu, 12 May 2016 18:01:10 -0400 Subject: [PATCH 010/345] Apply port matching in DefaultRedirectResolver Fixes gh-746 --- .../endpoint/DefaultRedirectResolver.java | 9 +++-- .../DefaultRedirectResolverTests.java | 33 +++++++++++++++++++ 2 files changed, 40 insertions(+), 2 deletions(-) diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolver.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolver.java index 57bfe0d34..9a4a64e44 100644 --- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolver.java +++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolver.java @@ -101,7 +101,7 @@ private boolean containsRedirectGrantType(Set grantTypes) { /** * Whether the requested redirect URI "matches" the specified redirect URI. For a URL, this implementation tests if * the user requested redirect starts with the registered redirect, so it would have the same host and root path if - * it is an HTTP URL. The port is not matched. + * it is an HTTP URL. The port is also matched. *

* For other (non-URL) cases, such as for some implicit clients, the redirect_uri must be an exact match. * @@ -114,7 +114,12 @@ protected boolean redirectMatches(String requestedRedirect, String redirectUri) URL req = new URL(requestedRedirect); URL reg = new URL(redirectUri); - if (reg.getProtocol().equals(req.getProtocol()) && hostMatches(reg.getHost(), req.getHost())) { + int requestedPort = req.getPort() != -1 ? req.getPort() : req.getDefaultPort(); + int registeredPort = reg.getPort() != -1 ? reg.getPort() : reg.getDefaultPort(); + + if (reg.getProtocol().equals(req.getProtocol()) && + hostMatches(reg.getHost(), req.getHost()) && + (registeredPort == requestedPort)) { return StringUtils.cleanPath(req.getPath()).startsWith(StringUtils.cleanPath(reg.getPath())); } } diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolverTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolverTests.java index a0738809b..919c16577 100644 --- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolverTests.java +++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolverTests.java @@ -124,4 +124,37 @@ public void testRedirectMatchingSubdomain() throws Exception { assertEquals(requestedRedirect, resolver.resolveRedirect(requestedRedirect, client)); } + // gh-746 + @Test(expected = RedirectMismatchException.class) + public void testRedirectNotMatchingPort() throws Exception { + Set redirectUris = new HashSet(Arrays.asList("http://anywhere.com:90/")); + client.setRegisteredRedirectUri(redirectUris); + resolver.resolveRedirect("http://anywhere.com:91/foo", client); + } + + // gh-746 + @Test + public void testRedirectMatchingPort() throws Exception { + Set redirectUris = new HashSet(Arrays.asList("http://anywhere.com:90/")); + client.setRegisteredRedirectUri(redirectUris); + String requestedRedirect = "http://anywhere.com:90/foo"; + assertEquals(requestedRedirect, resolver.resolveRedirect(requestedRedirect, client)); + } + + // gh-746 + @Test(expected = RedirectMismatchException.class) + public void testRedirectRegisteredPortSetRequestedPortNotSet() throws Exception { + Set redirectUris = new HashSet(Arrays.asList("http://anywhere.com:90/")); + client.setRegisteredRedirectUri(redirectUris); + resolver.resolveRedirect("http://anywhere.com/foo", client); + } + + // gh-746 + @Test(expected = RedirectMismatchException.class) + public void testRedirectRegisteredPortNotSetRequestedPortSet() throws Exception { + Set redirectUris = new HashSet(Arrays.asList("https://anywhere.com/")); + client.setRegisteredRedirectUri(redirectUris); + resolver.resolveRedirect("https://anywhere.com:8443/foo", client); + } + } From 7d0d2bae0dc8117537c7046d63da5da99958acd4 Mon Sep 17 00:00:00 2001 From: Dave Syer Date: Fri, 13 May 2016 08:49:10 +0100 Subject: [PATCH 011/345] Add support for custom headers in JWT The spec allows various "key identifying" headers (e.g. "kid") but they play no role in the signing, other than being present. This change adds support for encoding a token with additional headers supplied by the user via a new public method encode(). --- .../security/jwt/JwtHelper.java | 49 ++++++++++++++----- .../security/jwt/JwtTests.java | 11 +++++ 2 files changed, 47 insertions(+), 13 deletions(-) diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/JwtHelper.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/JwtHelper.java index 1814e992a..68ee23fc8 100644 --- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/JwtHelper.java +++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/JwtHelper.java @@ -20,8 +20,10 @@ import static org.springframework.security.jwt.codec.Codecs.utf8Encode; import java.nio.CharBuffer; +import java.util.Collections; import java.util.LinkedHashMap; import java.util.Map; +import java.util.Map.Entry; import org.springframework.security.jwt.crypto.sign.SignatureVerifier; import org.springframework.security.jwt.crypto.sign.Signer; @@ -78,7 +80,12 @@ public static Jwt decodeAndVerify(String token, SignatureVerifier verifier) { } public static Jwt encode(CharSequence content, Signer signer) { - JwtHeader header = JwtHeaderHelper.create(signer); + return encode(content, signer, Collections.emptyMap()); + } + + public static Jwt encode(CharSequence content, Signer signer, + Map headers) { + JwtHeader header = JwtHeaderHelper.create(signer, headers); byte[] claims = utf8Encode(content); byte[] crypto = signer .sign(concat(b64UrlEncode(header.bytes()), PERIOD, b64UrlEncode(claims))); @@ -98,24 +105,26 @@ static JwtHeader create(String header) { return new JwtHeader(bytes, parseParams(bytes)); } - static JwtHeader create(Signer signer) { - HeaderParameters p = new HeaderParameters(sigAlg(signer.algorithm()), null, null); + static JwtHeader create(Signer signer, Map params) { + Map map = new LinkedHashMap(params); + map.put("alg", sigAlg(signer.algorithm())); + HeaderParameters p = new HeaderParameters(map); return new JwtHeader(serializeParams(p), p); } - static JwtHeader create(String alg, String enc, byte[] iv) { - HeaderParameters p = new HeaderParameters(alg, enc, utf8Decode(b64UrlEncode(iv))); + static JwtHeader create(String alg, String enc, byte[] iv, + Map params) { + Map map = new LinkedHashMap(params); + map.put("alg", alg); + map.put("enc", enc); + map.put("iv", utf8Decode(b64UrlEncode(iv))); + HeaderParameters p = new HeaderParameters(map); return new JwtHeader(serializeParams(p), p); } static HeaderParameters parseParams(byte[] header) { Map map = parseMap(utf8Decode(header)); - String alg = map.get("alg"), enc = map.get("enc"), iv = map.get("iv"), - typ = map.get("typ"); - if (typ != null && !"JWT".equalsIgnoreCase(typ)) { - throw new IllegalArgumentException("typ is not \"JWT\""); - } - return new HeaderParameters(alg, enc, iv); + return new HeaderParameters(map); } private static Map parseMap(String json) { @@ -180,6 +189,9 @@ private static byte[] serializeParams(HeaderParameters params) { if (params.typ != null) { appendField(builder, "typ", params.typ); } + for (Entry entry : params.map.entrySet()) { + appendField(builder, entry.getKey(), entry.getValue()); + } builder.append("}"); return utf8Encode(builder.toString()); @@ -229,13 +241,24 @@ class HeaderParameters { final String iv; + final Map map; + final String typ = "JWT"; HeaderParameters(String alg) { - this(alg, null, null); + this(new LinkedHashMap(Collections.singletonMap("alg", alg))); } - HeaderParameters(String alg, String enc, String iv) { + HeaderParameters(Map map) { + String alg = map.get("alg"), enc = map.get("enc"), iv = map.get("iv"), + typ = map.get("typ"); + if (typ != null && !"JWT".equalsIgnoreCase(typ)) { + throw new IllegalArgumentException("typ is not \"JWT\""); + } + map.remove("alg"); + map.remove("enc"); + map.remove("typ"); + this.map = map; if (alg == null) { throw new IllegalArgumentException("alg is required"); } diff --git a/spring-security-jwt/src/test/java/org/springframework/security/jwt/JwtTests.java b/spring-security-jwt/src/test/java/org/springframework/security/jwt/JwtTests.java index 87e379e1d..0e727fd74 100644 --- a/spring-security-jwt/src/test/java/org/springframework/security/jwt/JwtTests.java +++ b/spring-security-jwt/src/test/java/org/springframework/security/jwt/JwtTests.java @@ -18,6 +18,8 @@ import static org.springframework.security.jwt.JwtSpecData.E; import static org.springframework.security.jwt.JwtSpecData.N; +import java.util.Collections; + import org.junit.Test; import org.springframework.security.jwt.crypto.sign.InvalidSignatureException; import org.springframework.security.jwt.crypto.sign.MacSigner; @@ -56,6 +58,15 @@ public void defaultTokenContainsType() throws Exception { token.toString().contains("\"alg\":\"HS256\",\"typ\":\"JWT\"")); } + @Test + public void roundTripCustomHeaders() throws Exception { + Jwt token = JwtHelper.decode(JwtHelper + .encode(JOE_CLAIM_SEGMENT, hmac, Collections.singletonMap("foo", "bar")) + .getEncoded()); + assertTrue("Wrong header: " + token, + token.toString().contains("\"foo\":\"bar\"")); + } + @Test public void roundTripClaims() throws Exception { Jwt token = JwtHelper From f0cddd90ed9d894a42652070a41d99952ce86b73 Mon Sep 17 00:00:00 2001 From: Dave Syer Date: Fri, 13 May 2016 09:18:26 +0100 Subject: [PATCH 012/345] Remove unused enc and iv fields in header --- .../security/jwt/JwtHelper.java | 26 +------------------ 1 file changed, 1 insertion(+), 25 deletions(-) diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/JwtHelper.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/JwtHelper.java index 68ee23fc8..b22cc14d9 100644 --- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/JwtHelper.java +++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/JwtHelper.java @@ -112,16 +112,6 @@ static JwtHeader create(Signer signer, Map params) { return new JwtHeader(serializeParams(p), p); } - static JwtHeader create(String alg, String enc, byte[] iv, - Map params) { - Map map = new LinkedHashMap(params); - map.put("alg", alg); - map.put("enc", enc); - map.put("iv", utf8Decode(b64UrlEncode(iv))); - HeaderParameters p = new HeaderParameters(map); - return new JwtHeader(serializeParams(p), p); - } - static HeaderParameters parseParams(byte[] header) { Map map = parseMap(utf8Decode(header)); return new HeaderParameters(map); @@ -180,12 +170,6 @@ private static byte[] serializeParams(HeaderParameters params) { StringBuilder builder = new StringBuilder("{"); appendField(builder, "alg", params.alg); - if (params.enc != null) { - appendField(builder, "enc", params.enc); - } - if (params.iv != null) { - appendField(builder, "iv", params.iv); - } if (params.typ != null) { appendField(builder, "typ", params.typ); } @@ -237,10 +221,6 @@ public String toString() { class HeaderParameters { final String alg; - final String enc; - - final String iv; - final Map map; final String typ = "JWT"; @@ -250,21 +230,17 @@ class HeaderParameters { } HeaderParameters(Map map) { - String alg = map.get("alg"), enc = map.get("enc"), iv = map.get("iv"), - typ = map.get("typ"); + String alg = map.get("alg"), typ = map.get("typ"); if (typ != null && !"JWT".equalsIgnoreCase(typ)) { throw new IllegalArgumentException("typ is not \"JWT\""); } map.remove("alg"); - map.remove("enc"); map.remove("typ"); this.map = map; if (alg == null) { throw new IllegalArgumentException("alg is required"); } this.alg = alg; - this.enc = enc; - this.iv = iv; } } From 0e123f3f2298a1f3ec058eb04ea709a2ce096540 Mon Sep 17 00:00:00 2001 From: Dave Syer Date: Fri, 13 May 2016 09:18:36 +0100 Subject: [PATCH 013/345] Fix ruby integration test --- .../security/jwt/RubyJwtIntegrationTests.java | 41 +++++++++---------- 1 file changed, 20 insertions(+), 21 deletions(-) diff --git a/spring-security-jwt/src/test/java/org/springframework/security/jwt/RubyJwtIntegrationTests.java b/spring-security-jwt/src/test/java/org/springframework/security/jwt/RubyJwtIntegrationTests.java index 004c3007f..4c871dc8a 100644 --- a/spring-security-jwt/src/test/java/org/springframework/security/jwt/RubyJwtIntegrationTests.java +++ b/spring-security-jwt/src/test/java/org/springframework/security/jwt/RubyJwtIntegrationTests.java @@ -29,18 +29,17 @@ * Tests for compatibility with Ruby's JWT Gem. * * Requires a local JRuby installation and maven must be run with: + * * 

  * mvn -DargLine="-Djruby.home=${JRUBY_HOME}" test
  *
* * See https://github.com/jruby/jruby/wiki/JavaIntegration for issues with gem loading * - * You also need to: - * jruby -S gem install jwt - * jruby -S gem install jruby-openssl + * You also need to: jruby -S gem install jwt jruby -S gem install jruby-openssl * - * for the tests to work. If the environment isn't set up correctly or jruby.home isn't set, - * they will be skipped. + * for the tests to work. If the environment isn't set up correctly or jruby.home isn't + * set, they will be skipped. * * @author Luke Taylor */ @@ -55,8 +54,8 @@ public class RubyJwtIntegrationTests { @BeforeClass public static void setUp() throws Exception { -// System.setProperty("jruby.home", "/Users/luke/Work/tools/jruby-1.6.5.1"); -// System.setProperty("jruby.lib", "/Users/luke/Work/tools/jruby-1.6.5.1/lib"); + // System.setProperty("jruby.home", "/Users/luke/Work/tools/jruby-1.6.5.1"); + // System.setProperty("jruby.lib", "/Users/luke/Work/tools/jruby-1.6.5.1/lib"); } @Test @@ -65,10 +64,9 @@ public void rubyCanDecodeHmacSignedToken() throws Exception { ScriptingContainer container = new ScriptingContainer(); container.put("@token", jwt.getEncoded()); container.put("@claims", ""); - String script = - "require \"jwt\"\n" + - "@claims = JWT.decode(@token, \"secret\", \"HS256\").to_json\n" + - "puts @claims"; + String script = "require \"jwt\"\n" + + "@claims = JWT.decode(@token, \"secret\", \"HS256\")[0].to_json\n" + + "puts @claims"; container.runScriptlet(script); assertEquals(TEST_CLAIMS, container.get("@claims")); } @@ -77,10 +75,9 @@ public void rubyCanDecodeHmacSignedToken() throws Exception { public void canDecodeRubyHmacSignedToken() throws Exception { ScriptingContainer container = new ScriptingContainer(); container.put("@token", "xxx"); - String script = - "require \"jwt\"\n" + - "@token = JWT.encode({\"some\" => \"payload\"}, \"secret\", \"HS256\")\n" + - "puts @token"; + String script = "require \"jwt\"\n" + + "@token = JWT.encode({\"some\" => \"payload\"}, \"secret\", \"HS256\")\n" + + "puts @token"; container.runScriptlet(script); String token = (String) container.get("@token"); Jwt jwt = JwtHelper.decodeAndVerify(token, hmac); @@ -97,21 +94,23 @@ public JRubyJwtInstalled() { setupOk = false; setupOkSet = true; try { - String script = - "require \"jwt\"\n" + - "require \"bouncy-castle-java\"\n" + - "require \"openssl\""; + String script = "require \"jwt\"\n" + + "require \"bouncy-castle-java\"\n" + "require \"openssl\""; ScriptingContainer container = new ScriptingContainer(); container.runScriptlet(script); setupOk = true; } catch (Exception e) { - System.out.println("jruby.home not set or JWT gem not available. JWT ruby integration tests will be skipped" + e.getMessage()); + System.out.println( + "jruby.home not set or JWT gem not available. JWT ruby integration tests will be skipped" + + e.getMessage()); } } } - public Statement apply(final Statement base, FrameworkMethod method, Object target) { + @Override + public Statement apply(final Statement base, FrameworkMethod method, + Object target) { return new Statement() { @Override public void evaluate() throws Throwable { From 4d30116cd20dff91b0e87edeb118fb30a96f09e4 Mon Sep 17 00:00:00 2001 From: Dave Syer Date: Fri, 13 May 2016 09:21:31 +0100 Subject: [PATCH 014/345] Update for 1.0.5 release --- spring-security-jwt/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spring-security-jwt/pom.xml b/spring-security-jwt/pom.xml index 9884edb5e..88c927134 100755 --- a/spring-security-jwt/pom.xml +++ b/spring-security-jwt/pom.xml @@ -5,7 +5,7 @@ org.springframework.security spring-security-jwt - 1.0.5.BUILD-SNAPSHOT + 1.0.5.RELEASE jar Spring Security JWT Library From 9e18028e9acf23810760eafcbf100f2e8301ce31 Mon Sep 17 00:00:00 2001 From: Dave Syer Date: Fri, 13 May 2016 09:21:58 +0100 Subject: [PATCH 015/345] Revert to snapshots --- spring-security-jwt/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spring-security-jwt/pom.xml b/spring-security-jwt/pom.xml index 88c927134..4d8535614 100755 --- a/spring-security-jwt/pom.xml +++ b/spring-security-jwt/pom.xml @@ -5,7 +5,7 @@ org.springframework.security spring-security-jwt - 1.0.5.RELEASE + 1.0.6.BUILD-SNAPSHOT jar Spring Security JWT Library From ea335729cf24a9e8a37563a6a2bfa2cb5c2c0e70 Mon Sep 17 00:00:00 2001 From: Dave Syer Date: Fri, 13 May 2016 09:24:32 +0100 Subject: [PATCH 016/345] Clarify usage of ruby integration test --- .../springframework/security/jwt/RubyJwtIntegrationTests.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/spring-security-jwt/src/test/java/org/springframework/security/jwt/RubyJwtIntegrationTests.java b/spring-security-jwt/src/test/java/org/springframework/security/jwt/RubyJwtIntegrationTests.java index 4c871dc8a..dd2f3bd74 100644 --- a/spring-security-jwt/src/test/java/org/springframework/security/jwt/RubyJwtIntegrationTests.java +++ b/spring-security-jwt/src/test/java/org/springframework/security/jwt/RubyJwtIntegrationTests.java @@ -28,7 +28,9 @@ /** * Tests for compatibility with Ruby's JWT Gem. * - * Requires a local JRuby installation and maven must be run with: + * Requires a local JRuby installation with jruby.home as a system property. Using RVM + * sets this up automatically (e.g. "rvm use jruby-1.7.12"), or alternatively Maven can be + * run with: * * 
  * mvn -DargLine="-Djruby.home=${JRUBY_HOME}" test

From 3b2e212742adb14ffde4e1cdbb6f72f319385aea Mon Sep 17 00:00:00 2001
From: Dave Syer 
Date: Fri, 13 May 2016 09:25:23 +0100
Subject: [PATCH 017/345] Add Maven wrapper for better stability of build

---
 .mvn/jvm.config                               |   1 +
 .mvn/maven.config                             |   1 +
 .mvn/wrapper/maven-wrapper.jar                | Bin 0 -> 49502 bytes
 .mvn/wrapper/maven-wrapper.properties         |   1 +
 .travis.yml                                   |   4 +-
 mvnw                                          | 243 ++++++++++++++++++
 mvnw.cmd                                      | 145 +++++++++++
 spring-security-jwt/.mvn/jvm.config           |   1 +
 spring-security-jwt/.mvn/maven.config         |   1 +
 .../.mvn/wrapper/maven-wrapper.jar            | Bin 0 -> 49502 bytes
 .../.mvn/wrapper/maven-wrapper.properties     |   1 +
 spring-security-jwt/mvnw                      | 243 ++++++++++++++++++
 spring-security-jwt/mvnw.cmd                  | 145 +++++++++++
 13 files changed, 784 insertions(+), 2 deletions(-)
 create mode 100644 .mvn/jvm.config
 create mode 100644 .mvn/maven.config
 create mode 100644 .mvn/wrapper/maven-wrapper.jar
 create mode 100644 .mvn/wrapper/maven-wrapper.properties
 create mode 100755 mvnw
 create mode 100644 mvnw.cmd
 create mode 100644 spring-security-jwt/.mvn/jvm.config
 create mode 100644 spring-security-jwt/.mvn/maven.config
 create mode 100644 spring-security-jwt/.mvn/wrapper/maven-wrapper.jar
 create mode 100644 spring-security-jwt/.mvn/wrapper/maven-wrapper.properties
 create mode 100755 spring-security-jwt/mvnw
 create mode 100644 spring-security-jwt/mvnw.cmd

diff --git a/.mvn/jvm.config b/.mvn/jvm.config
new file mode 100644
index 000000000..0e7dabeff
--- /dev/null
+++ b/.mvn/jvm.config
@@ -0,0 +1 @@
+-Xmx1024m -XX:CICompilerCount=1 -XX:TieredStopAtLevel=1 -Djava.security.egd=file:/dev/./urandom
\ No newline at end of file
diff --git a/.mvn/maven.config b/.mvn/maven.config
new file mode 100644
index 000000000..3b8cf46e1
--- /dev/null
+++ b/.mvn/maven.config
@@ -0,0 +1 @@
+-DaltSnapshotDeploymentRepository=repo.spring.io::default::https://repo.spring.io/libs-snapshot-local -P spring
diff --git a/.mvn/wrapper/maven-wrapper.jar b/.mvn/wrapper/maven-wrapper.jar
new file mode 100644
index 0000000000000000000000000000000000000000..5fd4d5023f1463b5ba3970e33c460c1eb26d748d
GIT binary patch
literal 49502
zcmb@tV|1n6wzeBvGe*U>ZQHh;%-Bg)Y}={WHY%yuwkkF%MnzxVwRUS~wY|@J_gP;%
z^VfXZ{5793?z><89(^dufT2xlYVOQnYG>@?lA@vQF|UF0&X7tk8BUf?wq2J&
zZe&>>paKUg4@;fwk0yeUPvM$yk)=f>TSFFB^a8f|_@mbE#MaBnd5qf6;hXq}c%IeK
zn7gB0Kldbedq-vl@2wxJi{$%lufroKUjQLSFmt|<;M8~<5otM5ur#Dgc@ivmwRiYZW(Oco7kb8DWmo|a{coqYMU2raB9r6e9viK6MI3c&%jp05-Tf*O#6@8Ra=egYy01
z-V!G;_omANEvU-8!*>*)lWka9M<+IkNsrsenbXOfLc6qrYe`;lpst;vfs*70$z9UM
zq%L>pFCOr$X*|9&3L2h;?VA9-IU*iR6FiGlJ=b~DzE5s^thxXUs4%~*zD#K&k>wZAU8
zpaa!M+Z-zjkfGK15N!&o<3=cgbZV7%ex@j^)Q9V`q^i;Fsbkbe6eHJ;dx{QbdCCs1
zdxq^WxoPsr`eiK3D0Ep}k$ank-0G&+lY!ZHDZBYEx%%
z2FyE?Lb0cflLB)kDIj;G=m`^UO<4h(RWdF-DT>p{1J5J90!K!AgC0)?jxPbm$KUjg
zJED+#7xQmAmr`(S%BQTV-c97As~r3zD$E;3S)@}p5udA@m6pLgRL5h-;m>LvCq?&Q
zokC7Vnk-zBEaa;=Y;6(LJHS>mOJV&%0YfRdUOqbKZy~b
z(905jIW0Pg;y`Yv2t+RnDvL4yGEUX*tK)JT6TWn4ik~L)fX#tAV!d8)+A)qWtSjcr
z7s|f%f;*%XW!jiRvv9ayj@f&dc|1tKDc{O3BWcLGsn-OYyXRLXEOEwP4k?c`nIut0
z?4S;eO@EoynmkxHq>QpDL1q^wOQxrl))2qya?dk05^5hK?
z{P6;WKHUaHw9B0dd&|xw&CYN2fVrn};Gq<=Z^QZk3e~HzzY~JrnPCs0XwMp#B<9Gm
zw0?7h#4EY%O-ub6mi&O2vcpIkuM?st;RtEpKSz^Xr#3WHhpsZd!gh|_jGQ`KA30T-
zKlz9vgB;pY^}Uh??nQKSzk>2&J+Qi*r3DeX4^$%2ag9^x_YckA-f9p_;8ulh(8j9~
zes{O#{v!m%n^el(VryTF-C%xfJJ$rZj)|Y|8o&))q9CEwg2;Wz&xzyHD=@T_B%b}C
z=8G^*4*J4#jUJn{7-3^U(_uUp6E8+GDt#le)nya-Q4kL5ZGiFxT4bF+mX`whcif*?
z>CL&Ryn3HHT^^QmWYr<}Q1_Jj7fOh}cS8r+^R#at-CnNl3!1_$96&7nR}gh}))7a0J&z-_eI))+{RCt)r8|7|sV9o01^9nv?aePxMqwPP!x|sNmnn&6{K$K*mVX9lxSAmcqAV1(hKA-=coeTb*otxTOGYXsh
zW$31^q7L@<#y~SUYoNKP1JK?4|FQNQb$i8mCG@WhX9i_^;@M2f#!nq7_K*M!4lGz1
z5tfADkO7BZDLgVQ?k7C)f;$eqjHI&zgxhf}x$8^ZEwFfm-qY=+M+fbS)9r8fFE5H9
zv{WPU35cR8%z;(W%5<>y+E&v84J4^Y##N!$B++RI`CZ1i3IW9Nau=*pSxW&^Ov-F>
zex=&9XYLVcm1Y?am>2VC`%gMev9$#~;
zYwxYvMfeKFsd!OBB@eOb2QNHFcsfKm;&z{OVEUiYmQ}~L@>$Ms@|Ptf3jQO-=Q;1+
zFCw+p+Z3lK_FmIAYnk2V;o915cDM}%Ht5RH%w}P>Yg9{h1mZ}~R6tUII4X7i4-2i%
z2Uiw3_uHR!d~5(s;p6btI@-xhAkRg9K|n#}PNT9Dw9P>z$3>30lP1(=mcQ|tpyv3@
ze1qU!69OAx4s7$8r7Y-#5I`m!BXq`f!6C(BtUlG-oq+liqMCS_D@0nSFc%y+N6_Zh
zi%L3LhF3zZP{d1)L&SXxPD(fp@T@J;jZeNaf$zl>vAh7=tI
z2;wS^QyRdZm~)Ur&!af;8eB8*7(F96K^=WbC$)#TWvB~Awo5AtPf8Il4snD}Xsqd<
z>cH+gcg72nTg5tl>oFbwdT{BDyy1=f=4~h~L$)UX;FXa;NdSlyF{(YLrx&VDp`pQI
zh3pQtC=d8i1V6yUmFon*LQsNYWen?eO-gSZ4cvYcdEd0klSxcBYw+|5AyCv6TT96h
z{7Yh9`h}biU?3oBFn=d8>Hn`1Q*w6rgeX^QbC-WFwjY}Int0;qUny4WMjIee@#0%l
z>YAWLVCNo1lp$>9L$Tx`t!dp?>5Pfbhc*!*wzfWkj_x`Q?`3Jc@9r8uq~dgb+lgeh
zlA`eUal3e2ZnWQSSYB>qy#85^>j7!=uO-hG5*erp22NaC81#Ytioc>r?D9$b_JiC+
zSp)8KR$%}FjFNRkeE#c5vKbXNJDBoO<
z)73Jt7Y|3v45efud1xkg2GO3OwYfsuBV`f6S_D>Aoh2%=`1Y$bHP>0kBvTSowX57H
z&1nbbx=IT>X^ScKYL&&{LNq~^UNgR|at`D;SxTYpLvnj_F*bGgNV2tEl1k$ccA&NW
zmX(LV*>Op)BOgoric(98mIU)$eUa&jM5bKlnOrHm$p^v@u;W0J)!@XWg+#X=9En(-tiw!l?65rD=zzl(+%<)bI{ZN;SRco{jO;>7
zlSY|TIxuN|d#YHx^^~>iYj2V>cC>wQwWzGVI!6#epjJ6tl_`7tDY17WMKMB@s*Jr&
zXOs*@>EwQ6s>M13eZEBJ#q0|;8jao{wK4keesH9?$OSk~_3#*x`8fAzQa7fprQ6(Z
zi$}B%m81y*S)RxaX;wW!5{{EDw8)IE3XDRO1Y^%TMr}c|Y>WBAKT=b*K&uMT(?JSl
zO>gVtl_bKQ$??TeWr7wYO+Vbl?CTQj?JrW&td`|#@;R2Gca9jq^p`{@)KY97o3}Af
zfTh{pUUWD;P7sq=I!lA6;*hq0Nq`F56T)x$K?BMOk}tptYw(%$?*otp2N6IF3#GgqM46Cda!qzvGZcMgcGV`bY5ZIfOB6^;US#WgRai
zq#vS8ZqPY953|eFw<-p2Cakx|z#_{4pG}mk{EANI{PnK*CUslvS8whko=OTe13|It
z>{O2p=mmanR2-n>LQHaMo}noWCmjFO@7^z~`Y{V>O`@rT{yBS=VXsb}*Pi_zDqM3?
zjCZqWR}fEzAkms+Hiq8~qRAFvo}dVW{1gcZ?v&PdX?UG*yS}zT9g7nZ!F1WRH}sHA
zJ4~B2Br~8?uhbaX!3g+7=3fVM)q^wEzv**rk5e34==NRCV
z3G$G5B!DICFslm)c){oesa_0muLxGoq`xYVNURl*NhE#v2>y9vDz&vJwrB`Q>DhN#
zY2GnY!Y^8E%PU0}haXL$8a5QN1-&7NWuC~{62j|
z2ozmFyx8GpOzj?&KK1JF28;E8H_p4N^LMm9K0y}!lCxcK79eFGTtGm?7jy?t94Q@X
zli|our1#|>f*68fyA0bSn=YisYSl8HB(dFN4Y$qb7p4DR0YQt=^eEMnJkgiM48$>QV6x5*^a|D|t
zMPDk}u<^YEYrt|H&hy)DRk%rDIb{LTo;h7=fp^J9Lr&`{9`8_pS*tQ_$KXB$2#5{h
z-&yPbN-zInq{7aYZuaItS8-2Mb4OQe2jD*&)0~898E|HlAq`o!M&It@vvnj
z_y@))>~_oR%S8OfmFTGYIat^#8_YKMqWLac<^}RZFDcJqvSJa>&6HaLS7p-$)QyL=
zHrO|t75`d41Bp37RZtKR%g^%o@9C5Ce=CjuvVQ-KI#Uw2WWa>cho;jztUt~Le*_pT
zkfA2iif9QFp;vhd)|A?tdAQ?9o~?EqgL;=)eKFQ{E^u?OIP}fl^5A;$^ZVutCIqj5
z&*i+G?!Px|5~~6zTYf>~uw*kM`5p&Hju&#w!7^An3*mQwTK22wC7p^OsvMjWf`$MY
zLX|ZFV#+>Uq2!QyRD9cgbI9nswteMAMWtK(_=d%r?TLrx?_rkjbjI(rbK#T9Gn}J|
z5ajow3ZErpw+%}YfVL-q^{r~##xJ^_ux2yO1!LJZXg)>F70STV=&Ruwp&XP^_?$h0
zn>$a?!>N+Kt$UXzg`e+szB}*uw)Z$uL6?>*!0IrE)SgV~#a?Qgg7HuTsu3ncrcs|l
z=sQSMtr}S!sQ4SriKg=M`1Y|bC`XJ+J(YT)op!Q);kj0_e)YNVNw8SI|1f%9%X?i5>$lLE(Wfc$wY?(O985d5e*)UPtF!7gG3(Kd
z-^=-%-wWCEK`r4oFh^{|;Ci%W^P>K%9dBNDqi%c$Q{iY#(zbwN7~pQI=SHd%WuV7Z
zO?0P;Zc6yeN;)IbJIP0=>W)EgE!76jM^?IyQ*D(T})1NGmP
z~YAb6T^#R6;)Ls;cV~LWk
z33lcLpbSjxStw9Z>Nv&+rPOXxCGB=?ttZs?{OF7;GYlV&w7-82POb$XrogqFpLA2`j&MLZXr=IG>PAFSb2np~x;E_kV{
zsDwbK$?iYRn7$;mHYZhQn6P2#_hXAHd?;q~!Zy}%;@%wT3u|Sa-!WxxOE_fwyFv*Db@>X;Rl+fK1oP?55*dN0#2%SuikZ)y7Kx>`8*9d?}5
zKvXF7J5&Ey6{A8qUFxrFOh<$xdSWV^dw7z|`7RVZJhAwO72V
zRrM_3*wI`^ycl7~>6KaCYBr#WGR>}B)Q(V%&$MhVrU>u~ql
zjGeZF&>=_ld$oY!V}5}Gb>
z*iP38KOav9RHY)0uITwgz99w-
zJX-0BGCdY*$c7pi@>@-`2>#>}c(DHaI62ntpKz
z`c01Z#u7WuMZ71!jl7hv5|o61+uv5nG?*dffEL~328P5HlKh2&RQ;9X@f>c1x<>v=
zZWNSz3Ii~oyAsKCmbd}|$2%ZN&3gc9>(NV=Z4Fnz2F@)PPbx1wwVMsUn=-G=cqE3#
zjY{G4OI~2o$|*iuswTg1=hcZK$C=0^rOt-aOwXuxU=*uT?yF00)6sE}ZAZyy*$ZTH
zk!P*xILX#5RygHy{k?2((&pRQv9_Ew+wZ>KPho_o1-{~I*s1h8
zBse@ONdkk-8EG?r5qof}lwTxdmmEN|%qw(STW|PFsw1LD!h_Vjo;C4?@h|da4Y;*;
zvApQ=T&=jWU39Uz=_yN@Bn0{{)yn8RZ2&X!<*KBv-7tcWdkF1Ij8D0mU
zwbcs}0vDaLGd@xx%S_QZ1H)GTt`~>+#z}HXJTl9S!sd9seVJc|_wUMSdD$>k`K_RG
zlq(fsnR@KM^;C}}&vG2t+}_nGPuI5ovg$6TYeMPIREGxP@2r~RKd@>gV`mq0XENsh
z%IRZ-ZNP+4#J`o-yRpP;w@;CrSr3wiix3e9Qc|s(WapRq950P->g|JYC$A)$YrGeH
zz5dKlAHAPJ>%?llqqB&#+#VU3sp=9>Xms1J;tSYN>LMwNtU68yr!})K4X>%^IrIDp
z>SHy&6fJHybwS^BW>okFeaQp6wxaVP`hy;ZX#e+=w3c?PGD&_LmeqL8oZ*YaM1+#S
z5WNAKo4+99JW(+qcMjh;+c%R#R?t;(aQ`2`C=bo((ERzgAwKKazXy*0wHN;v;P|f>
zBW&?`h#_I^?Bc5GX7XP@|MOiw%&-#?EQ|w+FdCl_&qPN&s$|Z17UCF9oXS#N
z)px6>zm&}0osTnCGI;AXsj`q=LpIsW4x}q~70uey5N_NpdJ*Gv^@$g@f2{EB>LP7Y
zE5P`jZh1vHNgk7LfMT({jLCjRZa4ubW;UA#%<@Zj?efrPdm{W3J5UEFgm`YkVqz;AMFetZuM5uQpvORb1GDX`WZGwTrF
z46+&sAri5QXCfGYpdgonWR5`>ZEa;?jrKvfNvXF<&l)1uU-3q#4X16R2~?P0yg3H`
zfw82QWZo^cac+%(g^_6`+2>~Fvy{pOCGnj86+=-!N`GPWAjus1ejhn6f4|mDkU6EE
z&u~;xfdRMkj=h;4d~~+4(>L8weT3cz9e@E11EH!tX<IC!@kS+dsIQA`HQ2vdoS
zzSD0U?mb1M0@qXu{yhZk2Y6}2B-AvvYg|tRr6z*_*2l*VLiR6G;M{O^Znq~LI%=I_
zCEU{htx&Bo+69G`p|A@R>KlY1*;;!{aWq?Pc0Cu!mT-0S`!>3<@s%Ri;utYNQ+CXDj+LC5<*$4*$-mogGg^S~3JRv{ry
zPJzKJg!XKb>P}yJVc^1V@T&MV{z;@DLhvV{dG?RogCcPkROivliSr58>5Zw&&A2?n
z9`JOLU;eQGaOr6GB(u{t3!+$NaLge$x#M&*sg!J;m~rRc)Ij5|?KX_4WiM-eE%t8e
zqUM7eZ~ZonavR;K4g2t$4Fj=UVyEHM7LPb%8#0?Ks{~?!qhx9)2^>rg8{0npLtFKR
zJB)19TFiD^T7IUXA8wt!@n5gj&@OK~EO}MR6^qd?^-?%-0~b2K9RWh+_mSEQQWsLCFOt#JlAQMgNxvv-m
z;sF*r;WZ*Wi@I|6pMN+|_rLYKlWwvpKZY9rA;fo8l8hFQGI?4#kt1-r4UL;nPF@{~
z2T~a@2>yD|GuU55boxoIIe_BFo2Vq&rs&2itv|B>OC*bIeOqMBRw~y5KRMwiVHc)`
zIBdliiY?Ai7*+k#NZf3MW5!hya~RZ6r7k)b?HF0e(n`ZX=iCpT7St`FDwL@SGgKlq
zNnnU*3IcnYDzJg{7V$cb`xeb4(s(({&%f69XMTw-JQErS%?X_}?&y&tvHw@>1v{#R
z4J@(=el^kRI+jGa;4)l#v%-jM^$~0ulxh6-{w*4Lsa>Tuc
z>ElR3uM~GUChI)c{TW${73A3$vs<&iH;e?4HjW2MvSz9tp9@69+`_@x{Qte^eFo5IlAi&zw$=t6u8K%8JtjRI88PFNM7R>DaCO3rgngmk
zI-RMOyt@kr-gVra=tl^@J#tI7M$dird(?aU!`&1xcm~2;dHN(RCxh4H((f|orQ!BS
zu;(3Vn+^doXaqlhnjBJj-)w?5{;EEZTMx+?G>Rp4U^g<_yw_blAkdbj=5YrNhZB9@
zNmW=-!yFx5?5aF^+6*1XI|s3lIn_eyh`uv%?liNzSC#z&z^R(mqEYL@TdWzgkf>g1
zedzs*={eJavn{8vF%4nf@et<@wkOPR>NiVuYtESbFXQ;sDz_;|ITVeoW|me5>jN5P
z5--{13JT{3ktkAf9M;Jty)yectg#{+9sK{C;2CvPU81tB3{8S5>hK{EXdVe?fR?sd8m`V
zPM*$)g$HKp0~9Xf6#z!YJ&g!%VkCMxkt>ofE!62?#-&%|95^)JJ9
zk;GlJdoH0HwtDF(_aTv}mt$?EyRyE6@pm5DG~Gj-2%3HcZT13e)$)z99bdK_WCx|Q
zQNza(R)Z>ZKTn8oIdcw%c^pFaMpFZ4HOds!BODgSBWJJYW3I_WJvoEm4xsfs%#LZ6
zdPCk{5XJ>2f7Hj-i*9lTW6BKCIuy)3L!b3(uPoSgW1WA+OEYYBRgSsJq7wjHh%c8ymMs3FU%~cprqL*084p*^T3{J%Gwq`jB30n(&y6-
zII8-_r-s5&CVtsoNZ9%On?7yn;oZG03-$wx^uRk9>b*ufh15|HHk|%=MA^ioyb9CYU$7y$4R|M5HvpiCTxKSU`LUg$+
zB3IBl&{qO}agqF~BFM6&11wMeR-#Rkuh_(^j+P4{;X_w|siva$5P`dykyhfAUD%e8
z+{G0|7(Q`_U91sMKFO^rHoCWfXi0$^ev)-187G}klYv@+Rf%uZ&T4-Uhh=)pcU6O1
znXc^c5)!$X+39|4`yNHuCj0wkm+K1VN0G3_EL?-ZH$p5Y*v6ec4MV
zS~1~}ZUhl&i^4`Fa|zyH4I%rXp;D6{&@*^TPEX2;4aI$}H@*ROEyFfe^RZI%;T>X>
z>WVSUmx@2gGBxkV&nfyPK=JI$HxRKUv(-*xA_C;lDxT|PgX*&YYdkrd5-*3E1OSXBs>35DLsHHp%zm+n0N(Yu{lMo>_t&d1Xy
zfCxl=(CNNx>ze+7w)60mp>(M``Qn$aUrVb$cJAb6=Do7VgW`Qn2;v5{9tB)jP$_mB
zn{Hb_sMs4yxK|!`PI7+zO68}{Iv)dpu!+ZZl)xuoVU(oFsm<3gT{j2c*ORl|Lt+?dR^M?0
znW6rNA)cR*ci;z?BaG(f(XynY_y+kTjj~T$9{N{>ITQ4-DmZ6{cOkoea9*LpYL{Apo0hSpLqJu
z9`tjP&ei;%pn9QY>-$9=<73M#X;qGb+%Bt0x>=u`eDtthI+LWB9CdAO=ulZo9&Ohs2X8GW>b7#&U|py28KTvPBl#Nqv^{AgkVXrOyS
z@%3)}$I&mJOYWoG$BBb)Kb~0ptDmBxHNH^i6B8FA7NR2HfTnjP?eDnoY4NS_aYg4P
zGGPw11sAf^^fTkY#j@T#6Ll*^GVaPo-1;aS6_a}{r{tWZilzse2m
zc?LS=B|EWxCD|!O%|%t3C@Rd7=rKJRsteAWRoDu|*Kx-QwYZQeYpGrZ_1J%mFM;*S*u=0
z%1OC9>kmCGqBBu#-1jVPRVW*BTv%3uPI8fO?JOZD#P_W^V+K7&KVB>hzZ@PdY*%Ezo;}|5Mk`Mo2m*_K%no*jDJGp(s9j;&U`Z>z
zO#SEe)k!p$VE-j2xDoX$!;Up5%8x$c`GH$l+gTA*YQaE0jwCOA<*__2NkV){z_u2=4NQ
zSk$(oj$%ygio?3V8T3IyGMYvPs`t{im2IoHs7or+>>MYvG%Q?PwOLqe%73uGh6Wn;
zo>e7qI$9?%cVVkvQLOLKcU5n*`~qn8pzkdu=Z4#2VnhUy>S*;kT=NqA!dQtnE?wVg
zOKobxJ|QCjk`!(2*~5NQx{{=Lr=)ndyn{V|&PxUa=xQXVU?#M24F8H%C*uvs(#Va0
zSkp}0EFYq0#9xp&$O?gIInc#^^_6Ol88W%)S5A@HeE0(SR&!Yl>u=*5JEoUViDR@2
zJBjTsp=Y44W`Nb2+*CcZCkwP(QChX1s)b09DEIZCKt1$q2~;&DJ9!{bQ1Y6&T_9u1
zZM8^im8Wf#FUO6tZqc7#`z0cN_JA>#U_b7he%?cCnlV2&47y5Fc)Z7bp5xGe1zNq9
zl1VaV-tsm3fY=oIX^SPl!P;9$o?**0brq#ShM~3CXhh^SK0oOKB9O>;q3G@
z&4&h$mLSgohc^5IC|H>IGfZvVQFUT>T$|U7{znY`56<5d)07oiv*2R0+-BGPPkWJ!
zIOzKF+<5o2YLWP|SGCx8w@<>u6K1o`++xJ+6kaJrt<&0Haq
zyUccgxI$sR07Vo9-pF);heBva;?&NcAzC*gSSG9B3c?A;IH9J
zl$j%F4*8;F0;H2Cjo*kWz4{kSh?nX}23&&KL+U(#nOAuR`wn@uwUNkWEgb*ZShKPy
z`aXTJT4f*Um4`iv2KOfzf-~`#pOfH8>is*xnLBDTyx2Xuc8Y2Od6z((P2AZK@b_96
z#0V6jdw>sEDJ#uNGV|EshD1g&bYZCzCZTZ)286HLHc8Eyy_HPi;d#%;Wx}d6tUUxq
z_VB$+898z_{9-A<*v6VI7?(dC04o!8$>DQ$OdbrA_@<6auiBNp{Dw$Hs@@gcybIQT
zAU7Pc5YEX&&9IZ~iDo&V`&8K$-4o$)g?wF8xdv1I8-n}1bc7tviIBqt
z#iIl1Hn;W?>2&#bU#VZ1wxq(7z=Q15#0yoz)#|r`KSPKI-{aN%l61^?B4RMDt?Vk`
z)G#K6vUN?C!t{Q<@O4$0(qI>$U@@TI2FVF;AhSSb5}LtXx&=k&8%MWM3wv;Xq0p~W
z#ZX;QFv5G9-i6=+d;R7Dwi)ciIZ1_V!aw;K^etau+g0fOA2HXpV#LQZGzf?h#@}(o
z|3w!sZ|&mp$;tmDiO=zef5C|Alz+@@4u5#yZ7yNpP=&`432%a{K#{;nsS!jwk-$Qs
zZRty}+N`Y~)c8|$&ra{bOQWM2K7qa}4Y{ndK%dKp&{
zFCvX{PAy_C{xzS_-`0>JlPP7&5!5
zBQ$NQz^z#2y-VeIxnfY|RzU`w+1t6vwQ|wM)LlpuaUzYehGII;>2DYyR|~wC@l97s
zgX=f*1qtfDyco%BHmN+o<2qoi`D67R+RM$$NN5-moE4kx3MCFfuip*45nComOZKQf
z3!(8tkSdhY5+A%@Y=eVEZkXU3S6B2V-R$ZuRIXWhsrJg3g)p4vXY@RV60bKuG
zT6T!enE<;(A{*HPQhae*(@_!maV~AWD4EOwq10tkCXq+HPoe_Pu?d4Kg=2ypcs?&f
zLa>mEmPF4ucJ%i~fEsNIa{QmQU27%Abh|w(`q)s~He5$5WYQ_wNJX6Qop<=7;I1jd
zNZak`}0lVm+^O!i;|Lwo}ofXuJ)*UtH4xaPm*R7?YS*<&D__=@Kki>{f_Z-XqM;Tj195+~@d;rx
zh5pj8oMuupWa#E(%85**I~1Zat-Sa^_R11-CiKdd`8m(DGuzOm9lX$Dd!DX!_Al}d
zS!-|}dWG80S;`jSKDH%Uv;-OJNeBI0Bp$z->{_>1KU%h&Af7nns(L=xRN1
zLvOP=*UWIr)_5G2+fCsUV7mV|D>-~_VnvZ3_>=9
z_bL6`eK%W*9eJ34&Puz^@^ZIyoF@%DTun#OOEdUEn8>N9q(}?5*?`o?!_<(i%yc`k
zf!xXD6SQscHgPgiHt>x6{n{+}%azrfV4VHi#umyi0;11c816`E??2`$;Rc`)qA2H(
z5L|{o=ut7Te=^~@cR0_#cah0?w0Me$&>}ga8xxy=?DDl#}S~Y
z4o2n`%IyGjQEP%8qS|v(kFK&RCJbF1gsRVJ>ceSjU`LuYJu%C>SRV#l`)ShD&KKzv
ztD<9l0lcW0UQ8xjv|1NXRrCZhZh3JFX_BNT@V|u9$o~8M=cjOX|5iBS|9PAGPvQLc
z6sA~BTM(~!c&V=5<}ZIx}O7A;|&bd7vR_y)t+
z?Vm7kb^gJ88g;!fRfMTSvKaPozQz4WcYD8l#0WxQ${P%0A$pwhjXzyA0ZzErH{1@M
z22-6b1SQ!SMNyqj_7MXE2cwcEm)W)YwB)ji`3Y^5ABx--A11WB3mBQB<7K!~``j&@
z8PKJ^KSa>#M(rar$h}aBFuNI9sB5uAquDlzKW+hYB&WKf9i&+q$j5P;sz2u$f`uHS
zaX8$!@N2b81<<0w<{CpXzQGqSZRpfVb3R%bjsw-Kl}2UH>}1M?MLA#ojYaagiYL!P
z$_@7yOl~PbidzJ8yx{Jz9&4NS99(R5R&lf~X_{xjXj|tuvPgvzbyC}#ABy^+H+FN0
z8p5U!{kxOvdv3fr35|Kb`J(eXzo*GvF6`_5GI)&6EW}&OGp=!8n`W0mr_o~Xq-t?%
z_pDDfIW#L^DmX?q#mA%Jz-f86KG`^7V|1zdA#4#<=}91g$#@J`gOqMu+7H&yMdNIt
zp02(*8z*i{Zu;#S#uP#q!6oNjQzC|?>fgzorE(d+S#iv4$if+$-4$8&eo
zuSZJ1>R2HJ^3T9dr{tn+#JMGv#x@&C$EZapW9)uhp0`rDsISKrv`~3j)08JZlP&}HwA!z^~-?Ma(x0_AS{@r
z8!(Z}5d8+5f7`r3pw_a=Z`!0r6r4%OAGYBoq3T7^xI@9xG3prNo>`}k>@VAQk>(=DIy(szD&6@u?YVdC|pJLT@lx{=IZ;
zIkO4)YWp*Dpp$`H$Ok#yf;yBmHvTb@)4j)jVNF-O?$nD25z7)I!cWQ|Yt
zeS<_C{i|BS4HICD=}T(|)@vd(v!?P4t4>APo7`K5RJvcTpr_KgWeB~zMLknrKMgpx
zyN-EI%es5e)FNho=}qGu$`98v(QDPUMUGrY4tq>?x$md>qgNO0@aAQLMLr8XD8z%;
z2Osn1D>N^22w4Xb8{~fi^i~SthAo7%ZjNb)ikgj0_AsXqF_0+W6E_doOUi0uV6Lvg
z98Xk#>IK|-YHx!XV64==b(nYKMEyqPF?D)yxE=~;LS?LI_0)|1!T3ZtLa?(qd|YlXdI-e$W
z(3J*FbOe3cSXvDaTHU^Hqpf2i8aH+ZzqY$cFFIH;fxMtW^(AmiMkBtb9esujw?rte
zoo&0%Afb~VBn6A1@R1!OFJ0)6)Fn72x{}7n
z+b#5gMommvlyz7c@XE`{
zXj(%~zhQne`$UZ5#&JH0g={XdiEKUyUZwIMH1rZTl%r@(dsvBg5PwEk^<+f_Yd~a@
z%+u%0@?lPzTD>!bR(}RQoc>?JwI|dTEmoL`T?7B
zYl^`d{9)rW)|4&_Uc3J=RW25@?ygT$C4l-nsr+B0>HjK~{|+nFYWkm77qP!iX}31a
z^$Mj&DlEuh+s(y*%1DHpDT`(sv4|FUgw5IwR_k{lz0o=zIzuCNz|(LMNJwongUHy#|&`T5_TnHLo4d+5bE
zo*yU%b=5~wR@CN3YB0To^mV?3SuD~%_?Q{LQ+U){I8r*?&}iWNtji=w&GuF9t~=Q2
z$1cFAw1BTAh23~s$Ht$w!S2!8I;ONwQnAJ;-P4$qOx-7&)dWgIoy-8{>qC8LE?LhJ
zR-L4qCha@z*X+j|V<+C(v)-UZmK0CYB?5`xkI)g2KgKl-q&7(tjcrhp5ZaBma4wAd
zn`{j>KNPG>Q$xr7zxX}iRo=M#@?>}?F`Sv+j6>G9tN!g@14LUf(YfA4e=z+4f
zNpL4g?eJK`S${tcfA{wbn({8i+$wMaLhSJo`-Yp@G2i0Yq~@wdyFxoVH$w9{5Ql2t
zFdKG?0$
zV7nmYC@PSsDhnELrvd8}+T=C6ZcR?`uapdWLc2eaww5vKtjQQgbvEr^)ga?IF;@1(?PAE8Xx5`Ej&qg|)5L}yQA1<^}Y
zp7WZpk%}L9gMMyB^(mFrl&2Ng$@#Ox3@Z6r%eJ`sGDQbT0a9ruO`T|71C;oCFwTVT
zaTnu)eVKURM`1QuvrBhj;1e>1TEZW54sKUfx0Z=N*;Jpdh~Aj-3WB
zR|EYVGDxSvnjeA?xxGF41Wj?~loVahklw|zJ=v3pOEVZFJG^TvR
z-tJN5m;wZp!E7=z;5J*Oaq%2bc|Jw!{|O+*sja+B(0D2_X`c2)nVkzP1S~LOj~xs!@>aN
z3$K2^pW}@R-70K!X&s4DHHoV&BmGWTG4vi9P1H$JxmD|t_V{GlHZv(`yJ234IVuSr
z~!;~#ublS8qdL8SJG@XRCwWhkZyg_EKH(sB2}QQSv4W}|CT0ntD_4Eyp519d1%yKvc33|`yW9QzeJ4*XLP7@l=td+bwxSL~jCf-ny)IDC^~u5s)E-y^FdtU?)hkN{82Y{Lo)bCWcBOx;Jbw;)Pg9bWQQTY-3RWehpok!>D>Sa2EcEOS@ua)#G3I+GxL_ra^92Y!}tMX
zwAp*Fv-aAarn`ME7N#Uyim%ynre6u?KS15L#$#rKZSgLnXx;g8TP9suMpO055p278
z%o-6eT(3gdIVFN}Gb3k$zbTyrHYel1x6OxETsk&h0E?&}KUA4>2mi0len7~*;{Io~
znf+tX?|;&u^`Bk-KYtx6Rb6!y7F)kP<5OGX(;)+Re0Y;asCLP;3yO#p>BRy*>lC$}LiEEUGJHB!a=&3CddUu?Qw>{{zm)83wYRy%i}UV2s|
z9e>ZXHzuMV#R1yJZato0-F|Jl_w2sUjAw@FzM=DxH}vM>dlB&bQ!>51aGc}&WAH`b
z6M6iG$AyJIAJ7-c0+(;pf=2=!B=%yoM1i9r==Q+}CK3uW%##U1rP~mwjUb8PLsi8Q
zq!aTLLYK4HQ$vN1sU;d3XW{oFA{u@1$tduWmdOqc(~AqWq+`V)G&?YOOwAK20x>{q
zOgII2&A_FXPzVtgrD80Y5J+_SEmyUcdM2N%q);|ZF_m
z)6PBcOcAAy3kN*`8ac%zPH3^61_zn6_2FT#NCOWYx>ezqZzCC;tzM%pJC^gFAFcTs
ze6C3WE-a*=nt8tErPG9zfPRn$QHqB7aHe8x3w&rWT(0F54<2uBJDYtbB}y|@9V6T(
zmM!t}T5SuwxyTCma14&l|yiQRw5Pn|OiDBkx
z?4tUGrIVsC9zs=F{W>zl9XeknEc+~Mz7zCnefUPUF8iF?A)QJK8=84#-TLLxq?BTM
z=VYjYW%TOhrBp>3D@K{vStlEUt%e{HRc=766AQ+s7V_F|1A!)P3?y*=gUgbZO;O39
zX*BC((-XbnoaRGxxhRQRVKCDG9|qC6?7TwCz{A{OZp$Wu(~0DFo(w^P3f>4gr8@P^
zl8`!vA=_fvwTZc%-Z42}m>Q;KQ~&v;ipZzbA2;}Peg*v}TlKRmU%4WNN<%qb!cLo=
zoSx;XBrv4}ErykT!)z)Qar4o?(q6!mpWLNFe~Nz0S@yI{1)Lxt<0K=Q$~>*HH+Wbp
zQ~fx0aup_lZb|e6*@IJOJjw~Ypiwdq69&Y2vthfGq6u1!Joy%;v;~4`B@B*S(}}i-
zmZc^*aHOK(dd(geOKg)P+J4+*eThk;P@wRjvm}e)h|#EpsV9YoqqRW{)ABhRlvGA*
zL$&k5w*_-X1ITCwXiH=)=5lzjxY5tQJTBrv<{dM7$98pdK%i;RGZtiJKaSGCji7w)aNrHu_9_IPGHS-mMN5AheTn_ia^YdunCzcp2ap8eI-RQEm
zj(q7_CT)o|w_noPm@MVqIjv%H4Bdo6*9*!Zj)bLx!p9POp(`$dj1QW`V=;=|`Gx8QST=OnK5jlJX3!KBz>v7j$&5b5YrhIArRVL)1C^o{@DJ}*mk*s=<
zDK{e2f%fG)mK_Mz*x@#ahOO)cQQ#VH+8Wef>NKWcu4J>PIc3iz8y6PwCmY|UQ(O3!B;HtsE&jvyv^XjL7Env5#i
zH4-k5GzPr-%36#%+Hvw1*UiOIk3b7F^|1dPi!-i7C^ZWp~_KI%D!sGYb@@zXa?*{XfjZ~%Y^mT!kaK_>K8
z_jL78^
zS0eRdqZ0v~WWow1CE;vDBh#{w9R4JgB!})W9N{{D=p-RMnehZ#pH*ABzDP46ryZkt
z4ek|LHS{CDhTTMQa3a5fO9OLg?y$+#Gi2}Fv>QD-+ZEQKX2Fv{jr~miXz1ZpPcXvJ
zNvQT@kQbBz_Y4Kg)*`E2t;tPh5_7tSGvL-|-A`lgHX3uVG4jLev9>YCZUeNNzioL?
z;OBD{z+=Gs3+*ph)#bO#7IHl|rOFfvpK%cF>W??Q!Nh&B@hByD&}g|>a?GJ4uhX3g
zPJXKKAh&zWv&wITO66G{PuGLsxpWSqaadFsv>_vQt?LVslVob7wylsa+O`IYWySoO
z$tw#v7=&7ZGZqS}N!c##5-bC%>ze*s0H9J%d|!JgE#uZ|k1_bAn*x(Y%r{c=(HLwNkPZOUT#@j4{YfG#@=49YJ{?7?
zddbK}G-@Dod&^Vf`GOo)G|`n@kq?Z=o84x{889+?F*dQz(kr@9lQ-TXhGN`)^-Li1
zb}xO2W(FvB2)EA;%qAkHbDd&#h`iW06N1LYz%)9;A&A25joc!4x+4%D@w1R+doLs=
z#@(A@oWJq?1*oT>$+4=V=UnuMvEk;IcEnp4kcC<_>x=Hw9~h+03Og7#DK(3y3ohIp
z-gQ$-RQIJTx%0o@PDST|NW41VgAR?CH`Sj-OTS0)?Y*M_wo|92;Oz)aya`^I0@?S{
z<%^epAw!Tw(bvSmU_k~Im^%#|0`Xkcmxj;31jX2Gg?PbzdXp9Dg~P)PW+Xi%iWiCr
zV-Vv9IR5guDS2lGV!lfTWxkD8w%yz=UB`2j2Zb0eg~arRA*Q6>`q=8#4&OC|L6O}8
z)!w(idG0yk-BF#~k@Avk>an9z_ibOP*Rb;db_PsakNWYdNoygT?yRG=+5>ud<6Vxhk?P9rk!+8?xMg!x5kD*f2XOd^`O3U
zlO;ImEy0SYI_J05cMW{dk@%d@iZFCNhIVtOm8$viM>=zM+EKJG%c0)dZ0D$4*-psQ
zW+Fq|WmbYkBh5|^-l$w-`Uy8#T#<+3=}z!(6RadEpFlr1f6OFuQ5sG735YicWaoYR
z`wuEZT2dntHGC7G*Kzk$tsm?Fd25LTHJj?Zo2RH;9rW9WY1`;@t_O3NC};dayX;Ib
zgq6afb4!50qL-o5%yzgcR-1Xm-l4SE!rE>o!L=E`Jeug(IoZ36piq6d)aek0AV)EJ
zaha2uBM!>RkZHRN0#w07A=yf4(DBmy(IN6NdGe$?(7h?5H)*?(Li#GjB!M{nq@C3#
z^y{4CK_XQKuO>(88PRb&&8LbRDW1Ib>gl6qu(7g}zSkf<8=nFPXE1~pvmOT3pn^sa
z+6oK0Bn$TBMWYTmhJzk_6)$>>W)nF^N$ld9
z8f^Y^MLVz@5b}F0fZID^9%hRL#()Xw*%yhs&~|PK|MGI8zuO!f!FqbmX9icd
zXU(JOCwac|Z|=Yr(>Q3)HsXl!^$8VSzsgI#)D2XkpZ2=WOBcFF!2&d;*nF%h0I!`mRHl$91jYzqtLfNHUoYzrMzjR)u
zP_|Hti4^){G?Ge6L_T^zVdS@KHwtq^+*+aBNl=hVc6#KB-It()qb&8LhnVW9Yxn&S
z&^s^u1OzB(d_ByXz=xm4cpJzNzV+Txh`~H(176n4RGlY6(
zg?ed(a!J?4(oL}@UfBpgPL*)KrGtM_hMIdu!RywK@d!b-{YAY?(?w3yB@Fi3g|G)|
zho%)<=%Q$Lo7S-BxEjTL;M74{y+`Q^Xg#j}VvF|Y>X7s+Ps~aqT--tJNd9U6;Ej&o
zj@|!`{Xy90t_Zdb>+m8tCFJ@X(Y$mR>%)gv4Vt;oGr`idhQ7H1^L3v4<_2}-UoguorcscRfdgumUVa0mK7-Wm~#vbrnX9ro}@82q=9t;lM9nH<}
zLL#=1L7*f+mQWfyFnETMi*fe8AI+gdY6BM7CkRS&i4$ZRv$v*=*`oo>TjZ84sYD&T
zI!DgZ4ueeJKvjBAmHNu|A?R2>?p{kQCRy
zRnGg@C%oB#-;H-o-n##G`wcPWhTviRCjB{?mR20|wE9Kn3m6(%Sf_oNXWP^b;dz7(
zb{blETKwpl`AT#W7E6T|0*bl?%r{}-BYdwrn0zN(DZXM1~53hGjjP9xzr$p
z>ZH?35!~7LHiD7yo7-zzH18eTSAZjW>7-q5TYzDvJ$$S$Z@q)h)ZnY(3YBl+_ZK~*
zd6T1UEKdrzmv2xc>eFj2^eQPu;gqBdB@TLqWgPk|#WAS0c@!t08Ph)b>F3
zGP}9_Pfp;kelV05nUfnb%*Oa{h;3Yi^B5xyDM~1r@o%v#RYi-%EYfSYY&02eW#bGb
zu8(H8i9zhyn%?kx5Txx^6
z2i}CK(HeQ_R2_u?PFp#6CK
zjr}k8Cx#C?DFgP`uN<;}x*Gd$-JgG3J_i3s>fk@_Po}b|JNz=Dm+<{^51m=mO;n4B&azYm{>+VhB{iyxuW+j>w@>VHcJyoSBQi=hu0;p
zPw3Aj?%Ai^UeD{ySPIqsf|v0L&f_fmE7oh(s|jwbkK5^AQ9F|;a5V}EdSE?fyxdgf
zHTq!f0;+-V{0oF+l_~>rMGk?f~m^wDXlxqt1@+)6Zv?BNR$+%$i
z*NF93f}~4d9H2C7@?IibyqUtLL!XZW2ap4fkkxMqDZuZ>`+AfWJQ%~O2WR}NoA=OP
zieg@q!mP
z?=qU=EE6L0_UpzXt0qwX2tF~}c|;`#MUY2TMz6k({hpkiSz>Dxt*4-PtkAdAA*0hn
zk~CK6#V=*^m5
zg$tB6rSO-=9l>GAl^DjJBHdk0wD0(L!OrcZ?qmtYbl+}s(@rtE-O=RTx*1cZq~u~5
zQPVt(IB=*?Pm;Le%#i1SFxHY|>=Y$^RF-FGAUSkBpn`|+p!4RHyv-Q(XgZ5Xg5W}J
z8RcT?+4FdVQ>z~9kP5By8eM95f_LDnsnA%K;i6`OpcuJS=^n|6nH-B2EhH=dLbO@Z
zuw=Ug>7gsu33`Pzy3Lji0x8OCH={?VRqFEi;@oDIS<*?dG@9X1*tlYCm4YUIMhyfo
zJ~=K@-X$D
z<-4dH<-5o#yMj%f@U{nfWYVdrREJ}_o4&|c*_+M6gk
z-Up9-i~jM-bwR;Bf0&C5wteli>r7ZjGi+mHk3aC4mS5
zPC^{w+G%menlWun+&<#i&DJ41thvk;OKZEB`S%sZ6
zzYpO2x_Ce@fa0LuIeC=7gRHN#os!MQ7h}m9k3@u68K2$&;_mSe2`>uvV<`RgC)TKX
z`J}&Kb%*f{Oznj$%-QafB}Zb$Pi%@D&^ZTcgJ0+Bk6-iOJ-P|Q10)5ie2u0JzKb2r
z2C@{f?ZBcPw5%h&aKG+6%Qvhw(t1Y{hZ82YE4(Tlk`2VCgE&1x;AUt+5U*$%>P|iWLeb_PJL!VX=b4#>#QM;TGjFHBNRy+d{v>2cVXFyqaLd300
zFHWrc8lB1KSOH3dkJClJ%A5oE^31WrQZ3^-3`Zk?1GqoV7Wr62=V9C=(;#R
zhzXAT03)d
z9OdZ|;CjSnqQeqF-CUNR=x9x76JYnpr|T+6u#$y=7cMVG72k4f*BJIG>l1NNvyv6NQzr4U`r;=
z&%W1Ri2sI5p|8%q5~zM-AMptHj_eX7FzJN7t(%+2dA)efyFbePBsClxY_yMqWbEdT
z+jm?SZgH3mCzU?e^psnyd8UK
zfZ$^_^}C1WYB1-$m4qwT@#=wsAq$9Xj=%IRvc#V?1azEi|RSc;M
zQn;3%Gjk3D)R+3`gZplB>Pt;g?#EiwRzxON;%
z#P5IK*YAh1Md<$o21R}j^8Y#t#`fP`nErnb@&CkI{`XNXulcVIXwLcS%VE4i4-!8a
zpj-q)#TqXkFg&z4G9pG45A-$B_Lfacr)H85ge*yqTLAb(oY1$6Xu7Rc%^aVOmzsKd
z=WEXA40~hm@7FKD9t14nSRt)m0XWkP1YbAE009nIupf`md=v&J;C}estaY0%^Z;;lf>5AF-y%Xf1QEK(}4n+
zhKsTx^bQSpwM=UWd3WRcpEQfw>P%zuhLeEdY}s%cGitMZa14Ui*Mzm%=(7<#b2gHmJ?kdeymT7H+Z8k8tgd
zp-dhC)R!P!)w(n%RgOi%^)LGZX)yxC%@f@d4x@IRbq{elrCHyIuphEE6qd6l6O`;B
zi0WQg;j`hcu51uYTBSSYNvY{Lkn$iu=Ae0g6o1cSTRwXmEvNcNI
zv;)Z_?g>?aG`Zp}*gY8%LGI}{>J#`x;v=*ykuY@z2Erz>@b*)tMp2>=C20MI8|{Z2
z9hbyDJ7d#MdWK&fyZB>Jdm!#x_uRw%>`OuM!&QMim}baa76{L|VAuq%1UpXVHsClm
zPD4}hjj{lj`)aaD;x|PJ9v@?8gZ!t5hER6!b~HJ_l9P|(h&R6js3mAfrC|c+fcH^1
zPF*w*_~+k%_~6|eE;-x}zc%qi-D-UpTcAg|5@FCEbYw6FhECLo+mVn^>@s-RqkhuDbDmM~lo<4sa`|9|$AltN_;g>$|B}Qs
zpWVSnKNq69{}?|I`EOT~owb>vzQg|?@OEL`xKtkxLeMnWZ@ejqjJ%orYIs!jq3
zTfqdNelN8sLy2|MAkv`bxx`RN?4Dq{EIvjMbjI57d*`pO?Ns{7jxNsbUp=rF$GCut
z7#7Dm#Gvh}E8~2Tyhj2reA%=ji|G6yr%@QV{(90cE{JYOW$0F|2MO+TM^`cAu$B7s
zmBV^{IqUIbw5~muv}st`dDdIxSU@Eb>xf3$qwEcg;H+vp1^ArN@A)RtQ4hrid2B{9
zb~pG8?SC3#xctpJXWRGXt=cx6Cw!IqoJrK)kuLL&`UYYB{R6Dw)k9nKy>R#q_X|V*
z%zVsST$=d(HozVBc|=9<175^~M$v$hL9azT^)TL7BIA#qt>N2^iWvMQgt;!YZt~cv
zn!x^OB!3mOVj>^^{mloGiJhLI4qy3Vt-148>9j~d8coH)q|Cg5P89Xj>>hjtzq5iT
z%go41Nhi}x7ZztTWj|deVpj>Oc#IrI{NxIm;qhnuNlvNZ0}d=DVa}=H0}Vi-I+wKK
z*1uD=0_)b-!9S^5#(%_>3jcS-mv^;yFtq$1)!wGk2QP%=EbpoW++nvbFgbun1Eqri
z<%yp)iPo|>^$*IHm@*O74Jve%nSmDeNGrZ&)N9
z)1rSz4ib+_{4ss2rSXRiDy
zgh(descvk^&W|y)Oj#V@#)C658!**J#=ckpxGniX#zs0tA~NG>E#Hn3Q3wdKBfMG&
zK}2y#|FLt}E`UQ6t3jK#G&e22bMBc3=C)LyqU706frdCAqa;~Q0L5)KJ4?@h*FFu4
z!s=hOC;G?Q)BRKJ1q_XJ9W5LLejp1L*187&5Bo4Of)k>T=WpQl3v#4iX$574fW`p+
z3m}r-F8Gjv1m3yTia=+2An1+E&psbXKjH2{<1xMb37`|D<%7c`0`~m0r>AQD^%nUJ`%PxS>)*{i
zg?VHw)ju!$@$>xGszUyM_BsCF3*%>rxVZ8vrYB?PvDBBHQWz04T&UpxKU7{
zrb~8R4W>e)){FrKo^O5ts8O^r^t70=!se(2-(8&aTdaFU2;SR=dyECLBp|MVU@JIt
z)z$TAHMKRnyX*5;O<*xm+(>Fo41G;Tk0w01ilh#uFJa{teQne`QCOHZp`&du5gkAWr@9Ywz%@P@KB0bD{lXo7PmrPC%J!A
z%orlB>F}qRa$`XC2Ai_4L56#h2GWm;>sScPxhMO5a*guk2
z+56H}PZnq-sxASPn!B~W#8B1W=OQPf-lEbhOh%>%{AND;w%w;t<8%a%HNk`LQ0GpT
z6au2l)=Brql2Fq{Kw316jHdW-WF<{46(Xad0uxi%3aEARVi*dKaR^jjW)$<$7QEiF
z0uK-~dQ@|hxT5M|t$pBl+9IJig2o;?4>qY%<|sZ4Rk0Dc{ud;zd`g$&UcwLjY))aV
z4jh&lc(;hjQaWB)K9EB@b^I)LQ~N_;SFEEWA&}`)g!E7-wzF%J8)yZaSOeR=igBiM
zaU=T>5*oyz3jYaqv-RSC;r$%d^Z(cbLGwTQiT+3KCMt*OBOD@rPZ}8;)1_*l<5aBp
zjl{A?HiE$Y6$NWUgPY(x@k^9)A|CC#nqZ?B&q-ceGE;Y7F{@0{lQuPnsj0~YX(VoZ
zdJ})6X8821kH4_0vt$gocDeSve(SuROm_bM98&+q72$1m(x?A;;)@TWyuVXQV!{#(
z41CN;(vq_a|56Yny*sb>5`lt+>?dvF0++3L!wQ_eJmXi)z_1UAmNi80_bG^|J$GZs
zK^|0X@8jq9pyPt$dpiWWAG)mNg7X_BME=&UYoq>nc0gtk_YoXNb5hYb!hG
ztf(P(6Bcy6`wroiv-5NLLjVBx&|;W6WwKMmB+ph%7$AJfV95||OktlFlTMqdKP0i#Y*rj`(XeYUz=adk`3hA(LvO`y
z|0%R3GMWC#x}RbCNX_Cf;_wEOS}%lqj#-CXQDIpi8Qis%Radz>q0vjbY&8DdR>jXU
zmvR%au!=9lMN?P=hzQpNGOJRw?Cn8@B@kEp4r5$bgdM0?Fdua~*H~mGTf}17rZog%
z!Kj#>m=l>Po$A`_fcT-pHy*aya+n%rXmG0CJ6a{nF%>TfyzKC2Dit7a;!8r;X^G$~
zS03MClV}lI)S^Py2I2rLnpjR64L!#Fl!mCP0td}~3GFB3?F31>5JCwIC
zC~8VAun2Z}@%MZ{PlIWpU@CJ06F_<61le-_Ws+FSmJ@j>XyyV(BH@K!JRR^~iGjAh
zQ+NnRD1C)ttcyijf*{xky2tyhTpJvac8m%=FR-LL@s>rN`?kMDGf2yMliwkYj=
zwEEJ0wlFp%TmE6|fiti_^wVrxJ#gh7z@f0+P!kS>c>;BHH)N`PW0JHTqA?B~fz6H+
zdQq>iwU2Kne+4kR2e~l2`>(-^qqujX*@|w7k>s=e)Y-lwoI{$Tx_2}&y$9LZzKG-w
z{TH06d?a9;01ze%EvqDCEt;qAaOYdf@X)zT)ScQs**7gQ**A5+o9p#P*X5~lMpNl2
z6p=Ecy7#f++P2sk;I2Nd`w-!5Y^3QHV0RVy2<55pqQ
z&Q&b+JIKTf&6N(UjwrECT(BwKhkdpc#(Aq=
zyG*N2frC~4B2Ko7O)bOHP8(}XKc;_(GP&+{?#dJ;Y$YXT$y<%YZmc>C?Sik?i?6E1
zk~VKGMLlNws0d#wk-11tBrAf?Tbes4F)oqxr_*7R-?Yn4IlyyP_ce6(J&tXSFI~P^
zYG1K1&Y@OY%nE}Gsa8~iq!!=l4a+yi7?Rxi#owl|2CnVfey<;AkI<2^CN^r`;-)ob
zX7Ccao0G6Ic0ENcm7#3(8Y>}hb9aL6Gi?llW(Kss_CW07Z*0rgVhbod7+2-z3EC%(
zq7QLJy|>bn^fyDVwISg;I%*4-lpnL5wLoe=B5sV^!Vdseg%7piW`#>KU*HD}MZ&J=jCFG;)9zqX;~A15Xsg;+mAtJruykiiD4Qc5$;lWT@^-j>F$$|0*{U
zmrM6Kwy7I0>uJ&DC#8>dW7&)!1!_uGQ@Mvr)n^bH?_w|*J_E0?B{C&x%7+%$9&Umb
zMv=?f8jwV=X`(6MfQLkyXGt_A~#T^(h~B7+v?~%F6k&ziM^m_Cqb!a
zf0y+(L*8N@-&FfWsxPx%V97(F{QW`L&>2NJyB_}HBTWa|xRs*TT-y}_qovhF=%OCJ
zf)sDf8#yYtG3ySQ*(qqz9dXI;CfS6yLi>4H9w9ii-!j5NwHL>oEN83>IsEP+V_1~u
z`?}q?(o8RjDY5V?z9HC@t*0V_hFqA|HyZ8k)T!UJQ`KEKMLlNlIq<$2s!x;)o#SW0?w*zVYU?yc(v(2qyZg
z0(^T!7Qzhpm)`?PLS7z|(>s+ZUO?_>f0y8LjB9{7he}@4-%l99L!vhyLW=yQr!);4vCSd-wC1QX-%H=?#UM-D_Wg8t3W
z0*rY0Q4xwb5i(lBSOs^u(IgRSP$j!PkhbcIr^rh}e})V_kU5jW{q)m0CALP$`wKi&
z?444cDxl;D;SqSw0^h%eA6Ro@BhxmD!}qpGb6OxRi6;iFai!)ctW|gmF3jQz2*O}Z
z*TPvZAxFr1-Dd!53U_WQMQh$aauyVf;O60e>&G;Mg83(TOZt!6;s2KT{}By>k&-_m
zA1YA0q3ID6fx`!qxy=@dYO@Rn%rEb~7P_%;Dxvl(WAfiJUtti0?~ah#_1`K#A}P2n
z7^D~GQL#`hC}2w`btD`i%)VBWnn*jWF=d!kI*6T5-wBdsT)$EZD=mrn&EhxJQ^3>1
zbLeDA3&BIDAv=kWsp0t6>a3lITA;khMX^(B8Ecb^U%P-|RNGB@XLq*Q5a
zR9aZ8RFNDYvD`dcva-5ti*`CcV%ltLG;emYG)5Hvo^Boe6!Fu0ekZ(k<<5G3_4>Mg
z-?ILGT9yB`Gy?Cnu(PO#(bsKyf9>@F_MJQFZFaBE?dA7x40K@HNwA20g&JE&q
z6&$MUcmsL)Sq;;@a9!*!?ct(XynVCJutm{pZ5w3Xci1lQ!9oB`xCdL!
z6i6sX5X8iljX<8L4KC)P_hyjfBo3W=8BfQ5^inG|_NhXI*k)fvrDRq;Mtl#IdM%t^
zo(9yQnnQj}I{C__YBGYykMvG(5)bL%7>X@vm&+vnDMvZ(QMVC;#;@DZ9#6!r74JA`7phVA#`JE`
z>BU^K@B>jj8Maz2m^>t$!%J^m)e|Ylem4L>e=OHtOVBCDy{0or$Np^VjdNl=g3xT8
zqsE*&O{Q9{>LhP;F2vpR<1t@fO4^Fbd{cO753U@l
zLFAlS*(cze1w03?ZyLxG9S&n_udo?=8ddzgt#cv5fKd+uyogyl;44IK1&z^wj=!YK
zzUD&kgK%`pt9A4nks?WMImECKCAt*xUXcPbo9e1&PmWU$X9~!}HO|j@r(`+=V^^Lc
zcLMKF*Yj`EaS|pmb1uaDbkZvx6m%4{=z+MdgTuv?mT=4T&n?h7T_tQNFYhz$`~(DF
zx4T%9nS-@(gWPm3?tZwJIpHDGWzAJ__zZKP;Hw>~%&n=s$Pn?6CaJ>bJzY?o)(O#~
z1fxWpkgP7ukZGyitR1C364Jp*?#{WzBom;9o=XrY;V#_Y5@5*}T5v*hcW#I;Sb)H;
z6^g4&{fOcGP0zWCURc5J$ExdSY5s?r-^r#;|BS)8NjQH2--6b}!Q-Aa$mx_pNnz4q
z(1_zCdqOu|4b4oo+-*jjTTV_j3WmL9=u`0(l@>00B5Vg?4f?fqwWRCX*2JwC(Yd+i
z5A-Rm0r4e~4ceSJnEmWF6Nk>Q;(7sYyQ<-CgPa1fO8m6_pu=Maf0e2hd92Q#i7j?U
z-VR;%F~r=@Xs>J2`Nx))UK=X`Shhg3AWzbwE<#%hM+KSQ)y~F!~7j*2}qu
zgT9Z6kE4Z|n9Leb=N0%JnFI$AeNrV+!>E(WT7dyOjN~44BhNVL4(%Eo(1JGjS^)Oc
zjSPsu`3wT8k`$>Na;G3pMU(9;+ov}PpiRt6*)WNMy(rEUak-14^(K`73yJ1#LZna?
zS)ypsH=xt_
z1V%Pk;E@JqJeE1&xI}|JylZJSsu+mw#r=)G*5DBGv*`Q|1AC+!MW979QEZ{H5*8ZW
z_U8EI1(M1LDjG^#yy~(OGH)?SdmR~=ma_^2Q#k>)`v#$t=~Ih|79!ZutXQTK^S&w`
z1)ONotPDL(cz!_@bFBBOo6W@;7Zz--d9JaOs{)ss4P|Mr%>FaiMR=(fn-Y3SA->6~
zp`5h}dOcY_YfweZB*^el7qqa$&_r-Lg-I+9~U
z`JxVCD<$VmoiR$g^3dU%7Sij)XYi*?$#ihSxCBHGOaRRr|Lo9+E}O~M>I}tnokI`}F32Aty#b8rpABEKl|B;*o8ge^^)Kyk
z0!(>gFV=c)Q2Y%>gz+sa3xYTUy_X`rK5ca{{erC9WJ3EPKG{|Nng_-78kAD{oh_=K
zn*wopK3cG}MBJf%6=}9YouD;zyWbjRt%A#pWc1zb3@FB`_Q~~UI!uvse(FQfl
zUt=Qy2DSjwpzAUJ048~^;@Yo{C56R_8nZEeF}vm)0xoYe0y|tYI!>Y(d}mSro0`z;
zeb6Eg*(a2{5Ypj8S$-_~L)+IlozZn|Iak`$jQKd63hldhts0=m>k~HC&`@|~;XaG6
zLVxC))8>^?13P*mV#ydlkC0V6AWK(BjWpqu|
zbh7#bkKuL<kv5;Emm4zkF;X>rfbzAc7!Z)i};f=*bypYUD
zho5-B5n;)FP(nzq8FG3TH?7l0vS{G}G9@~zxY>CqbX^mb$|JncS3I_2RD@?I9bz>LbX13A0N_LQmd(!3AxqmR_;3bJavc81%v
z)Q~pDm0d1VrVe~>X?GOUOz94e6Nbt|fe6(S@cN64Gy6{i*TPukTmfvgPR>+qe>)@w
z8mS6=rvR0~cqVfEWFsL|kZ3t~m-iV}va(IjJ;Hh4R9uISa6;@9d{D+7CwskGx!7MGZ6|rdE_I{cMD}-`
zoi0%doDSznN-Evavf!_d@UNJt*Fl;hNrnVT2Fal8iBh(LU^l>8I1%x!q=6A@zO6O}
zs0R@~z(6E;t~6L7tclb6A}zwwIvS;W`?F>>P)INWt6N9r4JbH*;&^6B!lHNAY+v3R
zwCVoTTSL`1XtRZ_9vWH*(HcV?PImcNBOtbC4{U(v-HA~xMdpP8<);Xv0y_e1i%t|f
zdyL`MtgjoC^Z-wGt@&6(9Wx>;qYcYwopK7H4iejT?T|>BSm)-fV&7yB;ANW4ZRzzc
z?^;uh#-bDq@QjjBiIf-00TSw~)V;r?BHNEpDb(dLsJ_Z!zT7<{oC-V^NTEs|MeD0-
zzuH~jmz>@&JaYIW>X&?~S>~+R!;wQOq|+{tI&#vV^n%|7ksh!vXzONlSb4zc!X;}>
zMaUjix==sr4oMiHxL@~MPL%PrMzU{DPuz`9zWln9XnqKqNo3TZc;22OZ{
zy(90FLmd!qHIv!b-q){c(0@VYnzE(k5#rf~N5m{u-X
za_J$`vM`7Bh@_`N%&n~35!O^m^pyWGR65?W@EH_fG}veT4I>@L72iny$1yuwBopv>
zsSxe4Htw2+2f`M-+7|iva$OjEp*e=6r{J`{W_IyMTo#x0Yayp+V8z~17Hx&~6G%t?
zN=#7bc$BWFl&qzMvU^iRl>Rvj(_`fR9T%ZBYX1?fg((%9FgbGrBl_7^rRQW9GA*@E
zLN~c4F@W|oNmH$kHZ)4U$u(P4S;GSPDy671d;6L8z}?RfSb0PHN)PsKViOm_PLB-7
z+-+jjpC&oGWj(BQ{|L#DFOC3+-%fvGOOx^u^Ysxsq)Ox4^;}rM$!;(?`m@wtkXb~%u$Zx%
za#IBD9hq=no-2H90jB}1^>TfWp)=Sb1v9w#UAHvYbn1PpHFbB+hwSXWK(ta=^8VN<
z^j!PhT^ZXf#;?$ZWkn?(vJ20u-_SsGO1os)z;s=hI)d6iN-4mC9>EtcU@Mybflo@|
z82lRHB)FEu4k@P9W+a)>t{^Jl;)gL&tWZBy(gWmfXX8XiUdnU>LtbceRd2RogiprV
zK3KHRpSd5n#Hy5wQ!-Fg;{(9?K%pRuAEZwPR-E)JGeljq?MUmP=K$zkEO46*td&DL
z%C4c|+^C204zq3rsTdE?%Y;lc1vKitClZ79P)GU-k`VCL5(kX_>5D{)C18r$^duj)
zab$~pZ#$FLi^ihhytr80x6p2DsA3IsHPguaQ&s4izcL;7qGj1rPQM)4uc!I=d^j7S
zs{`eqUlX0}s<8@_Iij-NBLD<2BE3VJ&k4Z6H;z?!7!7-XeeC-aX{Tl6ml!93m*cFJ
z#Z5Q7fr}UC|2wXN*{|KEWPZ(V^*agnsVlrYkAd651IAl&yHxt9OnMCJBht5xn*lR2&NabYN
zSWC^|d16K9!d@LjLiX4uEhz;%>2G#@i;bdI;t=8bK>y@P)WT!mDr~z}pG-
zRg0M$Qpz0mbKF!xENTw8!Wwu{`9|04Gou}nTQ_L@`rl58B6UT^4~-?*}V`fYfKSaDIH
zavlsK6XsL9-WmdH$C72oMpwJp)?;)Z4K6Es0B$SXP*QhM!gvpdUyI?}p1c2yYhY~r
z_VvRqI~hi$_97U@cE5#Z{Zhy&EqB*`vAMpf?Ya?h{;uuk-}E1T!ah4kx_Q*9mOjl*
zv62c1x-eMCSfQ*b3b|P6*~#_2>fN2y=iJQy-I$q_TIV>AHLGvxzY#v#{w}OBR>mny
zZ+4AXVq%F7d*h&{U!c8&&KUXS@X->Bu@pTF71|eeQVYw8ns~h`7|n?)2@d35c_1Jn
zeG)5*kFZ<}MejgYN(?7Nw?Mod)k5v*wm{$@osr)Ywv-QvXpeI;3Qku^T}zo`go?co
z|65!$tORilITCe4GfhNoqaj~NtO|@obiA%Tub@&qQ)*Sn14oz#=<2osGcxe*+@PL<
zyx=_nR&*Un8g$Iu#el1FV8xS6kKlqt6Q_nLmsoyCCicctlpM=xVMApO3V7u00mxNJ
zn8H5H7~1cY0)_}KJSfc2QSG+HDoQlkX^Iwi_%Qb4&1XPlDw$%cwf-dlhzTK+<_D-)
z&P@=34aLr)@%x%0WcLNFBZ4im4biAYc
zX48#WytT#YP@@jEfGgaR&J#HZzJa@HjxyMYHe{pLPnxkn;~Nj*Rk*wS5*frI0o^@#
z&G3U*-hF=Y_v1Euf&ZeY$+hsoi~%M`iq}OU5nnKjI6qCo7#tk{_f3pIO(8(pMmgCr#+;(8d(-5n@oY{gBKSFB;sfY
zEGd8%M6}wgw88w$*dURSw+YzI2N!gycd}~V$*T@AlPt*-f=web80-YsRGL;
zIurEoITNgt(oy6p0G%)TAq})jmI~qDOTd#8SWUAuE(*k}kk&NIGfR#?MWZ&@WgOiL
z>$#C7>im5ft}NgVUz#o-;GS~3h`u>vuPTQ6J_?slXE&+uSm7V8X2xqGN*g32wQVF?
z60uDVd}|BtzXW}IHl+O9$Y${gL@oN<={bc5POfF*UaM4*ulAX=jeCFG9716kCF{ap
z+Aa!D*;gIqFWp_D0@7TOln&`G=|&m}X{5WP1i2vScNypR7x`wGaTX8H
zJ@~rx)5+w$k^uMixVE%C0WLCO~Q+tBA;H0@eFG)
z9eC{^DN&Wg*!QSPZ&6UQTXd8o&~Nom);LFsVoC&=vbu|xNN`s-1=AH*8)z4To#%#y
zdd$@UB#=RyuU6;>-mgB-YAnr|4VG~L%5Zu?2?e8cV@hX1%$C
z-Y!`@^OUFtA7Pe=$M(LJiXU=J1!QUEtKOP0NQ3X
zL0EH2;5m@t@SxuG%G+4`P52~ZYSYtf<5_!E_05F>!Og3NVhP<3((hbndMVWA>MlDv
zn$&G-7+NQ3%TTa+SwC{12rdHZ(>d@r=%m6}QzK^c#Jf1mYV4ihwfN65H)@P8$MxDc
zTjl)d2R0#MAxtC@z=02~@CN4)F3cc@}c$eNk#9s}m0
zCQU1m>8KltX-7??Rz`KAa9O`78vwc
z96b`^On^}8Uq2X$nJstj(oDH3I)|mIuLz
zwkCtM6CN9f((dN*4jqG4{_r(Wh
z2u?7~;PfTgKZy`BNs+soV7l`vUoj0Zs59#tk&2GGS#}^vM~n9_o1()DH&=e+1J8g6
z?KqAZE{5+wu
z^h1JTDHbTO>mUG#C?;6@CZ1@94=<&=#wE65{;Up>sTq@gJ?nsNSa6zE7ZoR|eSK`&
ziwVJeio-qK&1`}djVaTPBHAtX-iedlv!W}@HqzoQ&gu~oM(#ZleNhagi2S^z0$`*2
zvXv*_l*3vp7N$6SniJ6keA;%N);Z;F2X+yzHXEKK>|!l-K+oBIB9Rg(r?T)}`0nwz
zW>J5H2T!yBBQv!CV3wS!?e?ao$JZGHB3>?^p;I0oEq1rFbn-K-z1;UX^Zco(t|y{F
z&aaht8|ducgto&gzsFOSGgDA6d{NN+DwNR7IvD2_ztxv{`PTvRQAD{R>ii;bqI6H$
zi~7*gkXL6sk*D(
zRfRn^T)TGZOa5H8)%KL|b$feS+tmm`x=ir7xA_SFtXdrfwMW*l6LlqDsdN9czC4LZ
zxQ1hx2G%}RlTH8PFjxmCx{XLh9X)5F)BD@x`3Yu(w&|MQ@Wn))MQ5P40oe6lq
zj6&YQ)Y$fsl?yoMn2DRKmBXL&;#5@wIec)ey+_r)wLWKQ$%Nl|=)1S>2v2Br1GB0z
z{26J4KqT_fthh6KL4A_nUGh|M?rQeB3d2M>f>?eF=%>&KBi
ztb~177I8YO@8HV-(xw2pP4vCgNM_ODMc*XT)Vb84bZ$(aRZCi0SD4Vb5~0yzn-7uD
z8&6`h4|PfG#@4O=sM;eev2gieyH}I*Rnq8!MO>k8@S&aMNX9c!hpUjKeRDUN*M<4&
z`yP541rMR2;EXAYLf51%0hfLwoLO*VT(v!KEHyrD(8{a*@p_=xOtG6Ck0QfS>k&u_69rGu_Jt&YG97L`S7&3_{l%EQ)VAjX
z2UV7D9)#I1Jv#8Fd6X+dOxjZTXFW0vpAv0)rZ!Ck6!Fz&&ZCezKS|5
z__!pv3>!#(zZ}MQfb=Bz4!aBypX`XnE#6B?yfTCmP8;tZVe#%QC2|cSbs$Q7mx9Wk
zrhgq}S`lflHu@AX)_|0m0Dgy%FGt|ZP!H;(BN8Ff)p``6P$lT2Z4~=eFDFmYJt6Yd
zs+IG46y)X4Cg=VU%>5u$6hq|9hlX$~MPeX{3SWik%ZBMETV^`}7l|$=T9oPv=>MfAuVpVuT?xQI-5MnhAwB~WKF3p#jb^%x)hgQ5w
zEYy^HY%m(3qgTb0>_xhyGy49WgkavN*iwr9){qxmZ}0h)}ji`R&Z0sEAcs4@JVrXS$uNXI67&^So5DE
z_wSSV)|hizP*Za+cCTn0^tCx`&1B`kM^^O^qqM)Or4WgFyEKhu_AWCV(8q?&7iiv8?d=$)b
z1MCx)Px;%)v~QO*(UKzoMpj-f68L&<9G&jy%k26a6l~xWa27d=0zy9Y?Knv>uTy3B
z#R4dYL0;(wG{B!VU<)
zL0dQ}cE7}kSnh!@UA2Nn@KkO8%G$oaXs^?*bXW`@IS`edO
zPr)lZK}u7D_99TTzwi<#blDq<%z2HzF#{9rVJal40r))tDNA4@UK9YkbOz5og)RphDfLoH8TaTJ5@i1x@Ntowsmz3c5mldGTpqbAC8z+-y
z3YUgK2;tdm95YQ4$o=gR_I;ot|JG0jq~!w!JryDgGKTgLd#SK)h0Z1kh907bO~U(%
zT6jiFnX@TWSv@xNo`&z|2;9Rf1$ArDtzSTk!BFYr;&ymtj4Bt1vK|q*ut&Efy?Wd;
zk}_qM;ziWm-`?rC{al#%^wRcw6wOCC6Gv|Oa7>zIK{tOroHE9p3-q;DwTZq9(y|SP
zOB|hi75t%%z@ZErp@owZiI?H$xHMR7h2k#XwmQmT>7xof5gx@XC`fVWVA~cioSE&K
zoAYasmf;04$arj
zg1&eL7=I?+WRf^o3qFw^#Y?d9v=-_zeL94x2|usB_;~yo&#*;J>I2Yf+qzIM|Bzwn
zf!lXOXQspLmvN-cJ7Fy^Z9K-=NwWY4W8RL-q!b82mgurWTar+^3SwpU*Swg_MY|-s469h*lM(kJ74z%e#v1B%~p6k+k`Zr4M;9Y)5
zrQ#%yC8mb5QdUfV#)WRwxc!2-9CA{=B
zX*|`We_=f<%xhLdJy`#KbR#+lj|R6pJG@ZTcZtr=Ff(n00MTQyi<~xkl6_QIxuYG4
zAn6QsfWJSaT0)kmDQ#9{(H8{k;(F3zbIvl5oA9MZn}6VxAW4VEuDJQJ_tvW3^8<=i
zgp3DjuXDefv#|&0?0j(&4lc6i2+%kQ@a&fm9)1GxAuGZrRy#lIac(Y6!xvAGHrz|(
z)4AuuEkq7`w4@FDUqah3+{y7xTbMo!P#&kbRy-1zFRXRTL}Q62x?q@Ltwnr
zqyF|*{ZdFu!MG|}fKcf)Jk0y#Qk3t&@IZLWry+1U{!CF4(R_B8fZnVnvN#y`yJk&8
z5o|-I$t$7DEs@z0(ie7=MpaKrn9UfAR;(N*a)J1eej0*KIXkIFx?K6bYtjN0RG<87MN5Ph
zVo*0Xd;_STda7fc?U{jG%U9FOdo7NOGFCBEBwR&j;4Q&)m*JVsL7mSZgs;+{K}z*uLldQDk~pDMMpTRSMayDpW3jXcP-aFaK4SRwhOg43SAApaG6v=#1q
zJc}I6RObkNMZVE@gW2>|4+xVVmeNu`#F_MzWq24w2tz{n%bb;&u07(#9!N=hc`@qKm@EtkN&lDJr;L
zvk}HQSsd&o7#d_Yb%Py=9{clqy|F19S81|cMmz<+n!5J&3Ck5~Y}=}arb30r5}^V2
zwD^K-=syNKf8H+4r==Oz7M~|D34$w9WiTg+r6;uognB=hj*}U3^eWO|j0up?kWWmA
zbEER8t!`eQ+ApRkQmsrzPN32!_e#P_Bfh6aGOTD3gOGBH=Ob&R+Zi30Sc%Aea9H~7
zEB4j%17ym*rkGd>UA_HLZ^3@`9`Eu;NC;;HEL3An;iEgR+j-;5@XGL#4o02(SG@?!
zmNW>y;+PQTA_i>3r%-PIQ`x*!@b_24mk5(I-0
zzIJW*ZBIgn{B;FFhh;m=5q`WK>P;)21@!H0ON)E1P2mW93!PsfiMK!~#1#~LLfyQC
z=}TF_5|H{5J7GF~A2vvJiJs7KH5%w}$Y@iz%2sMQefiYTC#VW!XWSEusTc6L|ImO)
zFuc>MCylPg;Rn_By}7kLshEh9A0guK0m6Y_KKvx}_MX5@{;8^|M4lHz59q-^n>s3N%P-)wu*Apy1c*uY%ls6{?1UoxSMsVN7r!vmY$4U1ZpCFZp
zSB*$nRK#ut<0W7!D`6u+bGR?I9e<3Zx6iW5FM1YNJ5roEjQwT4gD$elG@b7S?XgGj
z6?8Gv(sGLkkFv-Bz!vs_FSNi1>W-{uoLZyfxL5}8Z{yqaEK9mx*?8EyKbB&|oe3nO
z8VPv6K-BGik_oh;MUxzP=SHYz+sWoU*_Pc|ZAp%rEG2OgkyA{O@|sV48aj}*$c=#ReFzE9^##pCm4G|
z2ExX>|7BshOX&F%0r(Syy*@UGUX!?ky}6Zz8#t5q|1GZL;`G!$N@DbUPo4((w_%ge
zvSuqV7dVNPK^Ue9v@t}A{2cJ=Vt!H6_jWRDXA_0fHLnagK+aM{WcrW(C(d1S@nS3RlL
zUYh7&54coZVswV%&><$802)Ds6(5Ty!)=(|2PPPUY}b*5H@uVe7@L=Qb0@q9St`u+
zN_!X`!fP90I@Pzd3+=S%-p@UT)RD36;vT`l)y>59$+Nk(IHfmD3&VHLW5m_Y`<9v9=7o^jo4Lz36MNl!%1
z3c{>#C-z6vmYddm?8F5!nukB?&9Qdzs!KMBj{!#L!8zi1kBIRuP=&b|uHG%D0++Ww
zKF=0w;?gq+M!;#eX^_}Pr4<(R>gE(Ur;1)gwTux=f1IQG>fb4lRG
zauq6JTk=W;nN0r%g|iMMZts2#+~Kw1kA-3nBBM<2&r;0npESg~K6u!!V7Y-zgy%jr
z!=09xB~ev~Jcp)_SGwX7G$-j)q(48uz%aSH{(e4l252lUj``uz&I8@A_=KdyUZ?@Q(rXR552h$Wp&%Sm$b-Okpa9CMXW*$|8A3#-)8|R{nX6*
zrI}P?wPY7piep=yrIXLRu5>57uq2UvzR<1~NwK~f8JrI9srnbs2UA;5UgdfyLRR&X
zAXqb}GL2YZjX`a)UZ~1kU9Bst!uiUq9|M?TT{2V70AVJ|-z~5F6{)i=C=%eGKF6%Y
z7Ft=6dZdWTXx8KXRhtxFSRyM*AuF=@3GUfDy+`L!cV
z`(^xDDBY+K4#OC;>}DddEs8FK>ce{#!e2#ud;xxKyt5wP;!mD`4l^XIWLkqgMWo%f
zaflwyB3@QC!jweeSK)r;DGG-cCu&bG3U3{ikLdi;H(v7DU?2%M?3qCC8b93Hb2PJ8
z@QeX-JYCs{mGVMLlFvfm&_dn3r$3Xx;jR^+ts(ChilDJchx+!Diue#c4B
z*?P;?K7WLbI!9T{JovmNd>w<{$E!;H66`ObfV*qFGyRM4F5w9=Avky7CqrbX!vrp)1mkD1rC#mdLXdN5pFSJ
z*(*Zoh!M$6Z&r2Qz%JRl;UnMd*_o@|;^NH2X#LxwMlEsQulGJjB@VuxX*cV4`Lws>
zjl|ByKhtDk-fUo=Yh_xY^aZC}aF!_|(lIkA7TzQRY(t0p>Gd&tc>
zes@Omai_pyi@$|MbZVE&ERRd{jvv1`xy40nO-yXFC#y+=4&S)Sp)+(Djck1bYeH4!
zm3cZ@u`K`0Js)Lp=f+iJs`n|0M3vE<8>IBf1WpRk4Sn<9nsijK^v9}F8FXx52olT*
z%Rek&eO%wFlj3mYQhb}!v=YZXUUOO=$D~YwDZ#~m7
z44|QAFF^b`OSw!ZP+^L^zK)1>UerWGO_E%p^2sP({CtErlFQfrt$O>4
zcuslow^_3ri0HuWcigZz2w%Q*7cm;>40)1o@kz}pysE50TzoIPQwuXFW}elhNffQq
ztZ)$Oz@XwhOmbLQ@
zHdq2g<@TQ%lSARCV#zL2X2O~fLkuTD81
z;n(NWjoQXwD1@m_!wBJ5PzLd0<=A+CCKTW<`dnOI=yAmO5HaW9zyjJ<0ws*rHnyd_&^78n&clLII+-hONNCDg>?d-5cWDLC_b)9n6o{P1CU-$7L407s-_
z-pN>_?^HhHRDQmVX3NRF#4(=Jdi27iXbVZSm@Te&4UHIPDSbLIRgksrcMi!}LH8kx
zi1kkV?^GlM!Caxc9^)p1vBDD=F(&PD^l79>spQ`#vz{QD@
z9VQiviBfRP&y$x0E-FU?(j7DNYgz5FnO9-1U7Fj10D;J3`ywYGRtdNp5Y>Qo+1-P@|$#4vrd!{It&D4(5
z88MK>t&(M*q{{bk+gKz8BV8NoUls7#Pa(Gk7HG*!WO1MnoAKw=-;D)9T2XpobRN@;R9$
zdDZ*TNdMDRe3pcxxWT#?Gvz6$N>L_At8M<_Nu!G9BUfJBQ
zeod4i4j8la+F6~Ch&@o#a%JWXtFx6-@5vSL5;@>X>|ze$N=4Jovjt5>8c*=P)os?J
z=UlsoH#$Jz7vfg0g=+%Jf)w{Z(Z%^d5W}1#^0}%BgEhRzNs8I2&P7V?GtK0o$CS>y
zS%AH91idyPyNX-#5}K5@2VRQ>?Da%6Q(1)*NzRxW9-2LG&+L
zW9v~&N*UPrd!ao6TTvM1O*2z1?grU81wdZsv-2#9){B=Yo58FPq{90cNRy?PdBzqr
zbXR&i)#}mnzKE|yj_#pCV$njDr<`4a;0d&q@G_^+74Q(M$6rW^ZRcZS?r=zYm%#Gj
z!Sc1I-ZxAVPnlVmU2ukuW86&QC4@4nDGZNmY%^`PdC5+u~%7?p{5Ihg@E{qe%G7|%$x8>B2lP60{y^WAi!)2f5_jj
zyAZ&Czma_OcZ!1f$!-?4yN(KE{v8Flf2F|VM_l1=DI&Z}(RBvZ-?=MJurdV+bx}qc
zMM>r#Mp-#9xf(Dlj7$ur%9-=K=m+1QT9ro_U?#&Wv%M{`+o5WT)8b>jv9
z{(W;{+`KsjQAHU^2{m;l1<5DCcK8k!lt%~8FU9>xGEa>%xpxcvNwk|}rEBVH6gs&y
zcc%2{>C}&E29pz0OWd`^u-ES8cTVPzX`)(qt=d?&K@&=Rotx78SlqgrEVG_qUo)_mC$8U`F#qlHOCD&RSroexT?YJLzvne^0W
z@;=|QRR6AVW@n3W0fEJOGM5gbEhzW#FFa{0FL+k>kgt~r3DnajgxZvn2mk*LWvgsJNdYFw~S!X4cFe+Q;Q-_W%N
z9+%cg5D+rIfU$v>NB;`!-|$Y|w(+s#2VpgER|yU}|IL~d1DHEF1OAnnMj?dmwqP?|!Tm)27hExl-^LX;b^(CT
z!UODGtX!?!0czl=9(xOLEjt>6{g40iN!)JVBc;&q!{D7LBTNX0>kPC%g@yXJ??CR3
z^oF;AH}dO}OTni1fx&;Ra!+t5|8G{gf|ZL4*w`O!41NfJAE&N>zi#R(&V#)+FzyN%
z_g90{z|?BLiTfv@hp{u@$1u7B_-1N#iJ#RBzM2BR!2c8QKQ->n9NpJB+kXlz_@(`y
zApg-W%GVs=-$=u6Jp_Mfr34rf;5=qxnT`lG`0>Z&B#n)_ODW`1+jPPicN}
zhgOBZJau)7R=(j9e&@_!Y{d>iX#+|6|i>`&Q={(}Kji+O
zpFcjFOMd9Ss|3O?C362PVeDvZY6)PztKhZE=cg?HTJXn${I25H4xgVwR(eM*+@Z8Irh^0H1^@(vM%fLB8x9<0IcS*cf20Th
OJOEd-=rxTO#Qy`$*1Hh^

literal 0
HcmV?d00001

diff --git a/.mvn/wrapper/maven-wrapper.properties b/.mvn/wrapper/maven-wrapper.properties
new file mode 100644
index 000000000..eb9194764
--- /dev/null
+++ b/.mvn/wrapper/maven-wrapper.properties
@@ -0,0 +1 @@
+distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.3.3/apache-maven-3.3.3-bin.zip
\ No newline at end of file
diff --git a/.travis.yml b/.travis.yml
index 6b687043d..c6252a7c9 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -3,7 +3,7 @@ language: java
 services:
   - redis-server
 
-install: mvn -U install --quiet -DskipTests=true -P bootstrap
-script: mvn clean test -P bootstrap
+install: ./mvnw -U install --quiet -DskipTests=true -P bootstrap
+script: ./mvnw clean test -P bootstrap
 
 
diff --git a/mvnw b/mvnw
new file mode 100755
index 000000000..53c0d7219
--- /dev/null
+++ b/mvnw
@@ -0,0 +1,243 @@
+#!/bin/sh
+# ----------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+# ----------------------------------------------------------------------------
+
+# ----------------------------------------------------------------------------
+# Maven2 Start Up Batch script
+#
+# Required ENV vars:
+# ------------------
+#   JAVA_HOME - location of a JDK home dir
+#
+# Optional ENV vars
+# -----------------
+#   M2_HOME - location of maven2's installed home dir
+#   MAVEN_OPTS - parameters passed to the Java VM when running Maven
+#     e.g. to debug Maven itself, use
+#       set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+#   MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+# ----------------------------------------------------------------------------
+
+if [ -z "$MAVEN_SKIP_RC" ] ; then
+
+  if [ -f /etc/mavenrc ] ; then
+    . /etc/mavenrc
+  fi
+
+  if [ -f "$HOME/.mavenrc" ] ; then
+    . "$HOME/.mavenrc"
+  fi
+
+fi
+
+VERSION=$(awk '/ 0) {$0=$0} 1' `dirname $0`/pom.xml| grep '\(.*\)<.*/\1/')
+if echo $VERSION | egrep -q 'M|RC'; then
+    echo Activating \"milestone\" profile for version=\"$VERSION\"
+    echo $MAVEN_ARGS | grep -q milestone || MAVEN_ARGS="$MAVEN_ARGS -Pmilestone"
+else
+    echo Deactivating \"milestone\" profile for version=\"$VERSION\"
+    echo $MAVEN_ARGS | grep -q milestone && MAVEN_ARGS=$(echo $MAVEN_ARGS | sed -e 's/-Pmilestone//')
+fi
+
+# OS specific support.  $var _must_ be set to either true or false.
+cygwin=false;
+darwin=false;
+mingw=false
+case "`uname`" in
+  CYGWIN*) cygwin=true ;;
+  MINGW*) mingw=true;;
+  Darwin*) darwin=true
+           #
+           # Look for the Apple JDKs first to preserve the existing behaviour, and then look
+           # for the new JDKs provided by Oracle.
+           # 
+           if [ -z "$JAVA_HOME" ] && [ -L /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK ] ; then
+             #
+             # Apple JDKs
+             #
+             export JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home
+           fi
+           
+           if [ -z "$JAVA_HOME" ] && [ -L /System/Library/Java/JavaVirtualMachines/CurrentJDK ] ; then
+             #
+             # Apple JDKs
+             #
+             export JAVA_HOME=/System/Library/Java/JavaVirtualMachines/CurrentJDK/Contents/Home
+           fi
+             
+           if [ -z "$JAVA_HOME" ] && [ -L "/Library/Java/JavaVirtualMachines/CurrentJDK" ] ; then
+             #
+             # Oracle JDKs
+             #
+             export JAVA_HOME=/Library/Java/JavaVirtualMachines/CurrentJDK/Contents/Home
+           fi           
+
+           if [ -z "$JAVA_HOME" ] && [ -x "/usr/libexec/java_home" ]; then
+             #
+             # Apple JDKs
+             #
+             export JAVA_HOME=`/usr/libexec/java_home`
+           fi
+           ;;
+esac
+
+if [ -z "$JAVA_HOME" ] ; then
+  if [ -r /etc/gentoo-release ] ; then
+    JAVA_HOME=`java-config --jre-home`
+  fi
+fi
+
+if [ -z "$M2_HOME" ] ; then
+  ## resolve links - $0 may be a link to maven's home
+  PRG="$0"
+
+  # need this for relative symlinks
+  while [ -h "$PRG" ] ; do
+    ls=`ls -ld "$PRG"`
+    link=`expr "$ls" : '.*-> \(.*\)$'`
+    if expr "$link" : '/.*' > /dev/null; then
+      PRG="$link"
+    else
+      PRG="`dirname "$PRG"`/$link"
+    fi
+  done
+
+  saveddir=`pwd`
+
+  M2_HOME=`dirname "$PRG"`/..
+
+  # make it fully qualified
+  M2_HOME=`cd "$M2_HOME" && pwd`
+
+  cd "$saveddir"
+  # echo Using m2 at $M2_HOME
+fi
+
+# For Cygwin, ensure paths are in UNIX format before anything is touched
+if $cygwin ; then
+  [ -n "$M2_HOME" ] &&
+    M2_HOME=`cygpath --unix "$M2_HOME"`
+  [ -n "$JAVA_HOME" ] &&
+    JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
+  [ -n "$CLASSPATH" ] &&
+    CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
+fi
+
+# For Migwn, ensure paths are in UNIX format before anything is touched
+if $mingw ; then
+  [ -n "$M2_HOME" ] &&
+    M2_HOME="`(cd "$M2_HOME"; pwd)`"
+  [ -n "$JAVA_HOME" ] &&
+    JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`"
+  # TODO classpath?
+fi
+
+if [ -z "$JAVA_HOME" ]; then
+  javaExecutable="`which javac`"
+  if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
+    # readlink(1) is not available as standard on Solaris 10.
+    readLink=`which readlink`
+    if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then
+      if $darwin ; then
+        javaHome="`dirname \"$javaExecutable\"`"
+        javaExecutable="`cd \"$javaHome\" && pwd -P`/javac"
+      else
+        javaExecutable="`readlink -f \"$javaExecutable\"`"
+      fi
+      javaHome="`dirname \"$javaExecutable\"`"
+      javaHome=`expr "$javaHome" : '\(.*\)/bin'`
+      JAVA_HOME="$javaHome"
+      export JAVA_HOME
+    fi
+  fi
+fi
+
+if [ -z "$JAVACMD" ] ; then
+  if [ -n "$JAVA_HOME"  ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+      # IBM's JDK on AIX uses strange locations for the executables
+      JAVACMD="$JAVA_HOME/jre/sh/java"
+    else
+      JAVACMD="$JAVA_HOME/bin/java"
+    fi
+  else
+    JAVACMD="`which java`"
+  fi
+fi
+
+if [ ! -x "$JAVACMD" ] ; then
+  echo "Error: JAVA_HOME is not defined correctly." >&2
+  echo "  We cannot execute $JAVACMD" >&2
+  exit 1
+fi
+
+if [ -z "$JAVA_HOME" ] ; then
+  echo "Warning: JAVA_HOME environment variable is not set."
+fi
+
+CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher
+
+# For Cygwin, switch paths to Windows format before running java
+if $cygwin; then
+  [ -n "$M2_HOME" ] &&
+    M2_HOME=`cygpath --path --windows "$M2_HOME"`
+  [ -n "$JAVA_HOME" ] &&
+    JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
+  [ -n "$CLASSPATH" ] &&
+    CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
+fi
+
+# traverses directory structure from process work directory to filesystem root
+# first directory with .mvn subdirectory is considered project base directory
+find_maven_basedir() {
+  local basedir=$(pwd)
+  local wdir=$(pwd)
+  while [ "$wdir" != '/' ] ; do
+    if [ -d "$wdir"/.mvn ] ; then
+      basedir=$wdir
+      break
+    fi
+    wdir=$(cd "$wdir/.."; pwd)
+  done
+  echo "${basedir}"
+}
+
+# concatenates all lines of a file
+concat_lines() {
+  if [ -f "$1" ]; then
+    echo "$(tr -s '\n' ' ' < "$1")"
+  fi
+}
+
+export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-$(find_maven_basedir)}
+MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
+
+# Provide a "standardized" way to retrieve the CLI args that will 
+# work with both Windows and non-Windows executions.
+MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@"
+export MAVEN_CMD_LINE_ARGS
+
+WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+exec "$JAVACMD" \
+  $MAVEN_OPTS \
+  -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
+  "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
+  ${WRAPPER_LAUNCHER} ${MAVEN_ARGS} "$@"
+
diff --git a/mvnw.cmd b/mvnw.cmd
new file mode 100644
index 000000000..fc8302432
--- /dev/null
+++ b/mvnw.cmd
@@ -0,0 +1,145 @@
+@REM ----------------------------------------------------------------------------
+@REM Licensed to the Apache Software Foundation (ASF) under one
+@REM or more contributor license agreements.  See the NOTICE file
+@REM distributed with this work for additional information
+@REM regarding copyright ownership.  The ASF licenses this file
+@REM to you under the Apache License, Version 2.0 (the
+@REM "License"); you may not use this file except in compliance
+@REM with the License.  You may obtain a copy of the License at
+@REM
+@REM    http://www.apache.org/licenses/LICENSE-2.0
+@REM
+@REM Unless required by applicable law or agreed to in writing,
+@REM software distributed under the License is distributed on an
+@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+@REM KIND, either express or implied.  See the License for the
+@REM specific language governing permissions and limitations
+@REM under the License.
+@REM ----------------------------------------------------------------------------
+
+@REM ----------------------------------------------------------------------------
+@REM Maven2 Start Up Batch script
+@REM
+@REM Required ENV vars:
+@REM JAVA_HOME - location of a JDK home dir
+@REM
+@REM Optional ENV vars
+@REM M2_HOME - location of maven2's installed home dir
+@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
+@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending
+@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
+@REM     e.g. to debug Maven itself, use
+@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+@REM ----------------------------------------------------------------------------
+
+@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
+@echo off
+@REM enable echoing my setting MAVEN_BATCH_ECHO to 'on'
+@if "%MAVEN_BATCH_ECHO%" == "on"  echo %MAVEN_BATCH_ECHO%
+
+@REM set %HOME% to equivalent of $HOME
+if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
+
+@REM Execute a user defined script before this one
+if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
+@REM check for pre script, once with legacy .bat ending and once with .cmd ending
+if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat"
+if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd"
+:skipRcPre
+
+@setlocal
+
+set ERROR_CODE=0
+
+@REM To isolate internal variables from possible post scripts, we use another setlocal
+@setlocal
+
+@REM ==== START VALIDATION ====
+if not "%JAVA_HOME%" == "" goto OkJHome
+
+echo.
+echo Error: JAVA_HOME not found in your environment. >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+:OkJHome
+if exist "%JAVA_HOME%\bin\java.exe" goto init
+
+echo.
+echo Error: JAVA_HOME is set to an invalid directory. >&2
+echo JAVA_HOME = "%JAVA_HOME%" >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+@REM ==== END VALIDATION ====
+
+:init
+
+set MAVEN_CMD_LINE_ARGS=%*
+
+@REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
+@REM Fallback to current working directory if not found.
+
+set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
+IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
+
+set EXEC_DIR=%CD%
+set WDIR=%EXEC_DIR%
+:findBaseDir
+IF EXIST "%WDIR%"\.mvn goto baseDirFound
+cd ..
+IF "%WDIR%"=="%CD%" goto baseDirNotFound
+set WDIR=%CD%
+goto findBaseDir
+
+:baseDirFound
+set MAVEN_PROJECTBASEDIR=%WDIR%
+cd "%EXEC_DIR%"
+goto endDetectBaseDir
+
+:baseDirNotFound
+set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
+cd "%EXEC_DIR%"
+
+:endDetectBaseDir
+
+IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
+
+@setlocal EnableExtensions EnableDelayedExpansion
+for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
+@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
+
+:endReadAdditionalConfig
+
+SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
+
+set WRAPPER_JAR="".\.mvn\wrapper\maven-wrapper.jar""
+set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+%MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CMD_LINE_ARGS%
+if ERRORLEVEL 1 goto error
+goto end
+
+:error
+set ERROR_CODE=1
+
+:end
+@endlocal & set ERROR_CODE=%ERROR_CODE%
+
+if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost
+@REM check for post script, once with legacy .bat ending and once with .cmd ending
+if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat"
+if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd"
+:skipRcPost
+
+@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
+if "%MAVEN_BATCH_PAUSE%" == "on" pause
+
+if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE%
+
+exit /B %ERROR_CODE%
diff --git a/spring-security-jwt/.mvn/jvm.config b/spring-security-jwt/.mvn/jvm.config
new file mode 100644
index 000000000..0e7dabeff
--- /dev/null
+++ b/spring-security-jwt/.mvn/jvm.config
@@ -0,0 +1 @@
+-Xmx1024m -XX:CICompilerCount=1 -XX:TieredStopAtLevel=1 -Djava.security.egd=file:/dev/./urandom
\ No newline at end of file
diff --git a/spring-security-jwt/.mvn/maven.config b/spring-security-jwt/.mvn/maven.config
new file mode 100644
index 000000000..3b8cf46e1
--- /dev/null
+++ b/spring-security-jwt/.mvn/maven.config
@@ -0,0 +1 @@
+-DaltSnapshotDeploymentRepository=repo.spring.io::default::https://repo.spring.io/libs-snapshot-local -P spring
diff --git a/spring-security-jwt/.mvn/wrapper/maven-wrapper.jar b/spring-security-jwt/.mvn/wrapper/maven-wrapper.jar
new file mode 100644
index 0000000000000000000000000000000000000000..5fd4d5023f1463b5ba3970e33c460c1eb26d748d
GIT binary patch
literal 49502
zcmb@tV|1n6wzeBvGe*U>ZQHh;%-Bg)Y}={WHY%yuwkkF%MnzxVwRUS~wY|@J_gP;%
z^VfXZ{5793?z><89(^dufT2xlYVOQnYG>@?lA@vQF|UF0&X7tk8BUf?wq2J&
zZe&>>paKUg4@;fwk0yeUPvM$yk)=f>TSFFB^a8f|_@mbE#MaBnd5qf6;hXq}c%IeK
zn7gB0Kldbedq-vl@2wxJi{$%lufroKUjQLSFmt|<;M8~<5otM5ur#Dgc@ivmwRiYZW(Oco7kb8DWmo|a{coqYMU2raB9r6e9viK6MI3c&%jp05-Tf*O#6@8Ra=egYy01
z-V!G;_omANEvU-8!*>*)lWka9M<+IkNsrsenbXOfLc6qrYe`;lpst;vfs*70$z9UM
zq%L>pFCOr$X*|9&3L2h;?VA9-IU*iR6FiGlJ=b~DzE5s^thxXUs4%~*zD#K&k>wZAU8
zpaa!M+Z-zjkfGK15N!&o<3=cgbZV7%ex@j^)Q9V`q^i;Fsbkbe6eHJ;dx{QbdCCs1
zdxq^WxoPsr`eiK3D0Ep}k$ank-0G&+lY!ZHDZBYEx%%
z2FyE?Lb0cflLB)kDIj;G=m`^UO<4h(RWdF-DT>p{1J5J90!K!AgC0)?jxPbm$KUjg
zJED+#7xQmAmr`(S%BQTV-c97As~r3zD$E;3S)@}p5udA@m6pLgRL5h-;m>LvCq?&Q
zokC7Vnk-zBEaa;=Y;6(LJHS>mOJV&%0YfRdUOqbKZy~b
z(905jIW0Pg;y`Yv2t+RnDvL4yGEUX*tK)JT6TWn4ik~L)fX#tAV!d8)+A)qWtSjcr
z7s|f%f;*%XW!jiRvv9ayj@f&dc|1tKDc{O3BWcLGsn-OYyXRLXEOEwP4k?c`nIut0
z?4S;eO@EoynmkxHq>QpDL1q^wOQxrl))2qya?dk05^5hK?
z{P6;WKHUaHw9B0dd&|xw&CYN2fVrn};Gq<=Z^QZk3e~HzzY~JrnPCs0XwMp#B<9Gm
zw0?7h#4EY%O-ub6mi&O2vcpIkuM?st;RtEpKSz^Xr#3WHhpsZd!gh|_jGQ`KA30T-
zKlz9vgB;pY^}Uh??nQKSzk>2&J+Qi*r3DeX4^$%2ag9^x_YckA-f9p_;8ulh(8j9~
zes{O#{v!m%n^el(VryTF-C%xfJJ$rZj)|Y|8o&))q9CEwg2;Wz&xzyHD=@T_B%b}C
z=8G^*4*J4#jUJn{7-3^U(_uUp6E8+GDt#le)nya-Q4kL5ZGiFxT4bF+mX`whcif*?
z>CL&Ryn3HHT^^QmWYr<}Q1_Jj7fOh}cS8r+^R#at-CnNl3!1_$96&7nR}gh}))7a0J&z-_eI))+{RCt)r8|7|sV9o01^9nv?aePxMqwPP!x|sNmnn&6{K$K*mVX9lxSAmcqAV1(hKA-=coeTb*otxTOGYXsh
zW$31^q7L@<#y~SUYoNKP1JK?4|FQNQb$i8mCG@WhX9i_^;@M2f#!nq7_K*M!4lGz1
z5tfADkO7BZDLgVQ?k7C)f;$eqjHI&zgxhf}x$8^ZEwFfm-qY=+M+fbS)9r8fFE5H9
zv{WPU35cR8%z;(W%5<>y+E&v84J4^Y##N!$B++RI`CZ1i3IW9Nau=*pSxW&^Ov-F>
zex=&9XYLVcm1Y?am>2VC`%gMev9$#~;
zYwxYvMfeKFsd!OBB@eOb2QNHFcsfKm;&z{OVEUiYmQ}~L@>$Ms@|Ptf3jQO-=Q;1+
zFCw+p+Z3lK_FmIAYnk2V;o915cDM}%Ht5RH%w}P>Yg9{h1mZ}~R6tUII4X7i4-2i%
z2Uiw3_uHR!d~5(s;p6btI@-xhAkRg9K|n#}PNT9Dw9P>z$3>30lP1(=mcQ|tpyv3@
ze1qU!69OAx4s7$8r7Y-#5I`m!BXq`f!6C(BtUlG-oq+liqMCS_D@0nSFc%y+N6_Zh
zi%L3LhF3zZP{d1)L&SXxPD(fp@T@J;jZeNaf$zl>vAh7=tI
z2;wS^QyRdZm~)Ur&!af;8eB8*7(F96K^=WbC$)#TWvB~Awo5AtPf8Il4snD}Xsqd<
z>cH+gcg72nTg5tl>oFbwdT{BDyy1=f=4~h~L$)UX;FXa;NdSlyF{(YLrx&VDp`pQI
zh3pQtC=d8i1V6yUmFon*LQsNYWen?eO-gSZ4cvYcdEd0klSxcBYw+|5AyCv6TT96h
z{7Yh9`h}biU?3oBFn=d8>Hn`1Q*w6rgeX^QbC-WFwjY}Int0;qUny4WMjIee@#0%l
z>YAWLVCNo1lp$>9L$Tx`t!dp?>5Pfbhc*!*wzfWkj_x`Q?`3Jc@9r8uq~dgb+lgeh
zlA`eUal3e2ZnWQSSYB>qy#85^>j7!=uO-hG5*erp22NaC81#Ytioc>r?D9$b_JiC+
zSp)8KR$%}FjFNRkeE#c5vKbXNJDBoO<
z)73Jt7Y|3v45efud1xkg2GO3OwYfsuBV`f6S_D>Aoh2%=`1Y$bHP>0kBvTSowX57H
z&1nbbx=IT>X^ScKYL&&{LNq~^UNgR|at`D;SxTYpLvnj_F*bGgNV2tEl1k$ccA&NW
zmX(LV*>Op)BOgoric(98mIU)$eUa&jM5bKlnOrHm$p^v@u;W0J)!@XWg+#X=9En(-tiw!l?65rD=zzl(+%<)bI{ZN;SRco{jO;>7
zlSY|TIxuN|d#YHx^^~>iYj2V>cC>wQwWzGVI!6#epjJ6tl_`7tDY17WMKMB@s*Jr&
zXOs*@>EwQ6s>M13eZEBJ#q0|;8jao{wK4keesH9?$OSk~_3#*x`8fAzQa7fprQ6(Z
zi$}B%m81y*S)RxaX;wW!5{{EDw8)IE3XDRO1Y^%TMr}c|Y>WBAKT=b*K&uMT(?JSl
zO>gVtl_bKQ$??TeWr7wYO+Vbl?CTQj?JrW&td`|#@;R2Gca9jq^p`{@)KY97o3}Af
zfTh{pUUWD;P7sq=I!lA6;*hq0Nq`F56T)x$K?BMOk}tptYw(%$?*otp2N6IF3#GgqM46Cda!qzvGZcMgcGV`bY5ZIfOB6^;US#WgRai
zq#vS8ZqPY953|eFw<-p2Cakx|z#_{4pG}mk{EANI{PnK*CUslvS8whko=OTe13|It
z>{O2p=mmanR2-n>LQHaMo}noWCmjFO@7^z~`Y{V>O`@rT{yBS=VXsb}*Pi_zDqM3?
zjCZqWR}fEzAkms+Hiq8~qRAFvo}dVW{1gcZ?v&PdX?UG*yS}zT9g7nZ!F1WRH}sHA
zJ4~B2Br~8?uhbaX!3g+7=3fVM)q^wEzv**rk5e34==NRCV
z3G$G5B!DICFslm)c){oesa_0muLxGoq`xYVNURl*NhE#v2>y9vDz&vJwrB`Q>DhN#
zY2GnY!Y^8E%PU0}haXL$8a5QN1-&7NWuC~{62j|
z2ozmFyx8GpOzj?&KK1JF28;E8H_p4N^LMm9K0y}!lCxcK79eFGTtGm?7jy?t94Q@X
zli|our1#|>f*68fyA0bSn=YisYSl8HB(dFN4Y$qb7p4DR0YQt=^eEMnJkgiM48$>QV6x5*^a|D|t
zMPDk}u<^YEYrt|H&hy)DRk%rDIb{LTo;h7=fp^J9Lr&`{9`8_pS*tQ_$KXB$2#5{h
z-&yPbN-zInq{7aYZuaItS8-2Mb4OQe2jD*&)0~898E|HlAq`o!M&It@vvnj
z_y@))>~_oR%S8OfmFTGYIat^#8_YKMqWLac<^}RZFDcJqvSJa>&6HaLS7p-$)QyL=
zHrO|t75`d41Bp37RZtKR%g^%o@9C5Ce=CjuvVQ-KI#Uw2WWa>cho;jztUt~Le*_pT
zkfA2iif9QFp;vhd)|A?tdAQ?9o~?EqgL;=)eKFQ{E^u?OIP}fl^5A;$^ZVutCIqj5
z&*i+G?!Px|5~~6zTYf>~uw*kM`5p&Hju&#w!7^An3*mQwTK22wC7p^OsvMjWf`$MY
zLX|ZFV#+>Uq2!QyRD9cgbI9nswteMAMWtK(_=d%r?TLrx?_rkjbjI(rbK#T9Gn}J|
z5ajow3ZErpw+%}YfVL-q^{r~##xJ^_ux2yO1!LJZXg)>F70STV=&Ruwp&XP^_?$h0
zn>$a?!>N+Kt$UXzg`e+szB}*uw)Z$uL6?>*!0IrE)SgV~#a?Qgg7HuTsu3ncrcs|l
z=sQSMtr}S!sQ4SriKg=M`1Y|bC`XJ+J(YT)op!Q);kj0_e)YNVNw8SI|1f%9%X?i5>$lLE(Wfc$wY?(O985d5e*)UPtF!7gG3(Kd
z-^=-%-wWCEK`r4oFh^{|;Ci%W^P>K%9dBNDqi%c$Q{iY#(zbwN7~pQI=SHd%WuV7Z
zO?0P;Zc6yeN;)IbJIP0=>W)EgE!76jM^?IyQ*D(T})1NGmP
z~YAb6T^#R6;)Ls;cV~LWk
z33lcLpbSjxStw9Z>Nv&+rPOXxCGB=?ttZs?{OF7;GYlV&w7-82POb$XrogqFpLA2`j&MLZXr=IG>PAFSb2np~x;E_kV{
zsDwbK$?iYRn7$;mHYZhQn6P2#_hXAHd?;q~!Zy}%;@%wT3u|Sa-!WxxOE_fwyFv*Db@>X;Rl+fK1oP?55*dN0#2%SuikZ)y7Kx>`8*9d?}5
zKvXF7J5&Ey6{A8qUFxrFOh<$xdSWV^dw7z|`7RVZJhAwO72V
zRrM_3*wI`^ycl7~>6KaCYBr#WGR>}B)Q(V%&$MhVrU>u~ql
zjGeZF&>=_ld$oY!V}5}Gb>
z*iP38KOav9RHY)0uITwgz99w-
zJX-0BGCdY*$c7pi@>@-`2>#>}c(DHaI62ntpKz
z`c01Z#u7WuMZ71!jl7hv5|o61+uv5nG?*dffEL~328P5HlKh2&RQ;9X@f>c1x<>v=
zZWNSz3Ii~oyAsKCmbd}|$2%ZN&3gc9>(NV=Z4Fnz2F@)PPbx1wwVMsUn=-G=cqE3#
zjY{G4OI~2o$|*iuswTg1=hcZK$C=0^rOt-aOwXuxU=*uT?yF00)6sE}ZAZyy*$ZTH
zk!P*xILX#5RygHy{k?2((&pRQv9_Ew+wZ>KPho_o1-{~I*s1h8
zBse@ONdkk-8EG?r5qof}lwTxdmmEN|%qw(STW|PFsw1LD!h_Vjo;C4?@h|da4Y;*;
zvApQ=T&=jWU39Uz=_yN@Bn0{{)yn8RZ2&X!<*KBv-7tcWdkF1Ij8D0mU
zwbcs}0vDaLGd@xx%S_QZ1H)GTt`~>+#z}HXJTl9S!sd9seVJc|_wUMSdD$>k`K_RG
zlq(fsnR@KM^;C}}&vG2t+}_nGPuI5ovg$6TYeMPIREGxP@2r~RKd@>gV`mq0XENsh
z%IRZ-ZNP+4#J`o-yRpP;w@;CrSr3wiix3e9Qc|s(WapRq950P->g|JYC$A)$YrGeH
zz5dKlAHAPJ>%?llqqB&#+#VU3sp=9>Xms1J;tSYN>LMwNtU68yr!})K4X>%^IrIDp
z>SHy&6fJHybwS^BW>okFeaQp6wxaVP`hy;ZX#e+=w3c?PGD&_LmeqL8oZ*YaM1+#S
z5WNAKo4+99JW(+qcMjh;+c%R#R?t;(aQ`2`C=bo((ERzgAwKKazXy*0wHN;v;P|f>
zBW&?`h#_I^?Bc5GX7XP@|MOiw%&-#?EQ|w+FdCl_&qPN&s$|Z17UCF9oXS#N
z)px6>zm&}0osTnCGI;AXsj`q=LpIsW4x}q~70uey5N_NpdJ*Gv^@$g@f2{EB>LP7Y
zE5P`jZh1vHNgk7LfMT({jLCjRZa4ubW;UA#%<@Zj?efrPdm{W3J5UEFgm`YkVqz;AMFetZuM5uQpvORb1GDX`WZGwTrF
z46+&sAri5QXCfGYpdgonWR5`>ZEa;?jrKvfNvXF<&l)1uU-3q#4X16R2~?P0yg3H`
zfw82QWZo^cac+%(g^_6`+2>~Fvy{pOCGnj86+=-!N`GPWAjus1ejhn6f4|mDkU6EE
z&u~;xfdRMkj=h;4d~~+4(>L8weT3cz9e@E11EH!tX<IC!@kS+dsIQA`HQ2vdoS
zzSD0U?mb1M0@qXu{yhZk2Y6}2B-AvvYg|tRr6z*_*2l*VLiR6G;M{O^Znq~LI%=I_
zCEU{htx&Bo+69G`p|A@R>KlY1*;;!{aWq?Pc0Cu!mT-0S`!>3<@s%Ri;utYNQ+CXDj+LC5<*$4*$-mogGg^S~3JRv{ry
zPJzKJg!XKb>P}yJVc^1V@T&MV{z;@DLhvV{dG?RogCcPkROivliSr58>5Zw&&A2?n
z9`JOLU;eQGaOr6GB(u{t3!+$NaLge$x#M&*sg!J;m~rRc)Ij5|?KX_4WiM-eE%t8e
zqUM7eZ~ZonavR;K4g2t$4Fj=UVyEHM7LPb%8#0?Ks{~?!qhx9)2^>rg8{0npLtFKR
zJB)19TFiD^T7IUXA8wt!@n5gj&@OK~EO}MR6^qd?^-?%-0~b2K9RWh+_mSEQQWsLCFOt#JlAQMgNxvv-m
z;sF*r;WZ*Wi@I|6pMN+|_rLYKlWwvpKZY9rA;fo8l8hFQGI?4#kt1-r4UL;nPF@{~
z2T~a@2>yD|GuU55boxoIIe_BFo2Vq&rs&2itv|B>OC*bIeOqMBRw~y5KRMwiVHc)`
zIBdliiY?Ai7*+k#NZf3MW5!hya~RZ6r7k)b?HF0e(n`ZX=iCpT7St`FDwL@SGgKlq
zNnnU*3IcnYDzJg{7V$cb`xeb4(s(({&%f69XMTw-JQErS%?X_}?&y&tvHw@>1v{#R
z4J@(=el^kRI+jGa;4)l#v%-jM^$~0ulxh6-{w*4Lsa>Tuc
z>ElR3uM~GUChI)c{TW${73A3$vs<&iH;e?4HjW2MvSz9tp9@69+`_@x{Qte^eFo5IlAi&zw$=t6u8K%8JtjRI88PFNM7R>DaCO3rgngmk
zI-RMOyt@kr-gVra=tl^@J#tI7M$dird(?aU!`&1xcm~2;dHN(RCxh4H((f|orQ!BS
zu;(3Vn+^doXaqlhnjBJj-)w?5{;EEZTMx+?G>Rp4U^g<_yw_blAkdbj=5YrNhZB9@
zNmW=-!yFx5?5aF^+6*1XI|s3lIn_eyh`uv%?liNzSC#z&z^R(mqEYL@TdWzgkf>g1
zedzs*={eJavn{8vF%4nf@et<@wkOPR>NiVuYtESbFXQ;sDz_;|ITVeoW|me5>jN5P
z5--{13JT{3ktkAf9M;Jty)yectg#{+9sK{C;2CvPU81tB3{8S5>hK{EXdVe?fR?sd8m`V
zPM*$)g$HKp0~9Xf6#z!YJ&g!%VkCMxkt>ofE!62?#-&%|95^)JJ9
zk;GlJdoH0HwtDF(_aTv}mt$?EyRyE6@pm5DG~Gj-2%3HcZT13e)$)z99bdK_WCx|Q
zQNza(R)Z>ZKTn8oIdcw%c^pFaMpFZ4HOds!BODgSBWJJYW3I_WJvoEm4xsfs%#LZ6
zdPCk{5XJ>2f7Hj-i*9lTW6BKCIuy)3L!b3(uPoSgW1WA+OEYYBRgSsJq7wjHh%c8ymMs3FU%~cprqL*084p*^T3{J%Gwq`jB30n(&y6-
zII8-_r-s5&CVtsoNZ9%On?7yn;oZG03-$wx^uRk9>b*ufh15|HHk|%=MA^ioyb9CYU$7y$4R|M5HvpiCTxKSU`LUg$+
zB3IBl&{qO}agqF~BFM6&11wMeR-#Rkuh_(^j+P4{;X_w|siva$5P`dykyhfAUD%e8
z+{G0|7(Q`_U91sMKFO^rHoCWfXi0$^ev)-187G}klYv@+Rf%uZ&T4-Uhh=)pcU6O1
znXc^c5)!$X+39|4`yNHuCj0wkm+K1VN0G3_EL?-ZH$p5Y*v6ec4MV
zS~1~}ZUhl&i^4`Fa|zyH4I%rXp;D6{&@*^TPEX2;4aI$}H@*ROEyFfe^RZI%;T>X>
z>WVSUmx@2gGBxkV&nfyPK=JI$HxRKUv(-*xA_C;lDxT|PgX*&YYdkrd5-*3E1OSXBs>35DLsHHp%zm+n0N(Yu{lMo>_t&d1Xy
zfCxl=(CNNx>ze+7w)60mp>(M``Qn$aUrVb$cJAb6=Do7VgW`Qn2;v5{9tB)jP$_mB
zn{Hb_sMs4yxK|!`PI7+zO68}{Iv)dpu!+ZZl)xuoVU(oFsm<3gT{j2c*ORl|Lt+?dR^M?0
znW6rNA)cR*ci;z?BaG(f(XynY_y+kTjj~T$9{N{>ITQ4-DmZ6{cOkoea9*LpYL{Apo0hSpLqJu
z9`tjP&ei;%pn9QY>-$9=<73M#X;qGb+%Bt0x>=u`eDtthI+LWB9CdAO=ulZo9&Ohs2X8GW>b7#&U|py28KTvPBl#Nqv^{AgkVXrOyS
z@%3)}$I&mJOYWoG$BBb)Kb~0ptDmBxHNH^i6B8FA7NR2HfTnjP?eDnoY4NS_aYg4P
zGGPw11sAf^^fTkY#j@T#6Ll*^GVaPo-1;aS6_a}{r{tWZilzse2m
zc?LS=B|EWxCD|!O%|%t3C@Rd7=rKJRsteAWRoDu|*Kx-QwYZQeYpGrZ_1J%mFM;*S*u=0
z%1OC9>kmCGqBBu#-1jVPRVW*BTv%3uPI8fO?JOZD#P_W^V+K7&KVB>hzZ@PdY*%Ezo;}|5Mk`Mo2m*_K%no*jDJGp(s9j;&U`Z>z
zO#SEe)k!p$VE-j2xDoX$!;Up5%8x$c`GH$l+gTA*YQaE0jwCOA<*__2NkV){z_u2=4NQ
zSk$(oj$%ygio?3V8T3IyGMYvPs`t{im2IoHs7or+>>MYvG%Q?PwOLqe%73uGh6Wn;
zo>e7qI$9?%cVVkvQLOLKcU5n*`~qn8pzkdu=Z4#2VnhUy>S*;kT=NqA!dQtnE?wVg
zOKobxJ|QCjk`!(2*~5NQx{{=Lr=)ndyn{V|&PxUa=xQXVU?#M24F8H%C*uvs(#Va0
zSkp}0EFYq0#9xp&$O?gIInc#^^_6Ol88W%)S5A@HeE0(SR&!Yl>u=*5JEoUViDR@2
zJBjTsp=Y44W`Nb2+*CcZCkwP(QChX1s)b09DEIZCKt1$q2~;&DJ9!{bQ1Y6&T_9u1
zZM8^im8Wf#FUO6tZqc7#`z0cN_JA>#U_b7he%?cCnlV2&47y5Fc)Z7bp5xGe1zNq9
zl1VaV-tsm3fY=oIX^SPl!P;9$o?**0brq#ShM~3CXhh^SK0oOKB9O>;q3G@
z&4&h$mLSgohc^5IC|H>IGfZvVQFUT>T$|U7{znY`56<5d)07oiv*2R0+-BGPPkWJ!
zIOzKF+<5o2YLWP|SGCx8w@<>u6K1o`++xJ+6kaJrt<&0Haq
zyUccgxI$sR07Vo9-pF);heBva;?&NcAzC*gSSG9B3c?A;IH9J
zl$j%F4*8;F0;H2Cjo*kWz4{kSh?nX}23&&KL+U(#nOAuR`wn@uwUNkWEgb*ZShKPy
z`aXTJT4f*Um4`iv2KOfzf-~`#pOfH8>is*xnLBDTyx2Xuc8Y2Od6z((P2AZK@b_96
z#0V6jdw>sEDJ#uNGV|EshD1g&bYZCzCZTZ)286HLHc8Eyy_HPi;d#%;Wx}d6tUUxq
z_VB$+898z_{9-A<*v6VI7?(dC04o!8$>DQ$OdbrA_@<6auiBNp{Dw$Hs@@gcybIQT
zAU7Pc5YEX&&9IZ~iDo&V`&8K$-4o$)g?wF8xdv1I8-n}1bc7tviIBqt
z#iIl1Hn;W?>2&#bU#VZ1wxq(7z=Q15#0yoz)#|r`KSPKI-{aN%l61^?B4RMDt?Vk`
z)G#K6vUN?C!t{Q<@O4$0(qI>$U@@TI2FVF;AhSSb5}LtXx&=k&8%MWM3wv;Xq0p~W
z#ZX;QFv5G9-i6=+d;R7Dwi)ciIZ1_V!aw;K^etau+g0fOA2HXpV#LQZGzf?h#@}(o
z|3w!sZ|&mp$;tmDiO=zef5C|Alz+@@4u5#yZ7yNpP=&`432%a{K#{;nsS!jwk-$Qs
zZRty}+N`Y~)c8|$&ra{bOQWM2K7qa}4Y{ndK%dKp&{
zFCvX{PAy_C{xzS_-`0>JlPP7&5!5
zBQ$NQz^z#2y-VeIxnfY|RzU`w+1t6vwQ|wM)LlpuaUzYehGII;>2DYyR|~wC@l97s
zgX=f*1qtfDyco%BHmN+o<2qoi`D67R+RM$$NN5-moE4kx3MCFfuip*45nComOZKQf
z3!(8tkSdhY5+A%@Y=eVEZkXU3S6B2V-R$ZuRIXWhsrJg3g)p4vXY@RV60bKuG
zT6T!enE<;(A{*HPQhae*(@_!maV~AWD4EOwq10tkCXq+HPoe_Pu?d4Kg=2ypcs?&f
zLa>mEmPF4ucJ%i~fEsNIa{QmQU27%Abh|w(`q)s~He5$5WYQ_wNJX6Qop<=7;I1jd
zNZak`}0lVm+^O!i;|Lwo}ofXuJ)*UtH4xaPm*R7?YS*<&D__=@Kki>{f_Z-XqM;Tj195+~@d;rx
zh5pj8oMuupWa#E(%85**I~1Zat-Sa^_R11-CiKdd`8m(DGuzOm9lX$Dd!DX!_Al}d
zS!-|}dWG80S;`jSKDH%Uv;-OJNeBI0Bp$z->{_>1KU%h&Af7nns(L=xRN1
zLvOP=*UWIr)_5G2+fCsUV7mV|D>-~_VnvZ3_>=9
z_bL6`eK%W*9eJ34&Puz^@^ZIyoF@%DTun#OOEdUEn8>N9q(}?5*?`o?!_<(i%yc`k
zf!xXD6SQscHgPgiHt>x6{n{+}%azrfV4VHi#umyi0;11c816`E??2`$;Rc`)qA2H(
z5L|{o=ut7Te=^~@cR0_#cah0?w0Me$&>}ga8xxy=?DDl#}S~Y
z4o2n`%IyGjQEP%8qS|v(kFK&RCJbF1gsRVJ>ceSjU`LuYJu%C>SRV#l`)ShD&KKzv
ztD<9l0lcW0UQ8xjv|1NXRrCZhZh3JFX_BNT@V|u9$o~8M=cjOX|5iBS|9PAGPvQLc
z6sA~BTM(~!c&V=5<}ZIx}O7A;|&bd7vR_y)t+
z?Vm7kb^gJ88g;!fRfMTSvKaPozQz4WcYD8l#0WxQ${P%0A$pwhjXzyA0ZzErH{1@M
z22-6b1SQ!SMNyqj_7MXE2cwcEm)W)YwB)ji`3Y^5ABx--A11WB3mBQB<7K!~``j&@
z8PKJ^KSa>#M(rar$h}aBFuNI9sB5uAquDlzKW+hYB&WKf9i&+q$j5P;sz2u$f`uHS
zaX8$!@N2b81<<0w<{CpXzQGqSZRpfVb3R%bjsw-Kl}2UH>}1M?MLA#ojYaagiYL!P
z$_@7yOl~PbidzJ8yx{Jz9&4NS99(R5R&lf~X_{xjXj|tuvPgvzbyC}#ABy^+H+FN0
z8p5U!{kxOvdv3fr35|Kb`J(eXzo*GvF6`_5GI)&6EW}&OGp=!8n`W0mr_o~Xq-t?%
z_pDDfIW#L^DmX?q#mA%Jz-f86KG`^7V|1zdA#4#<=}91g$#@J`gOqMu+7H&yMdNIt
zp02(*8z*i{Zu;#S#uP#q!6oNjQzC|?>fgzorE(d+S#iv4$if+$-4$8&eo
zuSZJ1>R2HJ^3T9dr{tn+#JMGv#x@&C$EZapW9)uhp0`rDsISKrv`~3j)08JZlP&}HwA!z^~-?Ma(x0_AS{@r
z8!(Z}5d8+5f7`r3pw_a=Z`!0r6r4%OAGYBoq3T7^xI@9xG3prNo>`}k>@VAQk>(=DIy(szD&6@u?YVdC|pJLT@lx{=IZ;
zIkO4)YWp*Dpp$`H$Ok#yf;yBmHvTb@)4j)jVNF-O?$nD25z7)I!cWQ|Yt
zeS<_C{i|BS4HICD=}T(|)@vd(v!?P4t4>APo7`K5RJvcTpr_KgWeB~zMLknrKMgpx
zyN-EI%es5e)FNho=}qGu$`98v(QDPUMUGrY4tq>?x$md>qgNO0@aAQLMLr8XD8z%;
z2Osn1D>N^22w4Xb8{~fi^i~SthAo7%ZjNb)ikgj0_AsXqF_0+W6E_doOUi0uV6Lvg
z98Xk#>IK|-YHx!XV64==b(nYKMEyqPF?D)yxE=~;LS?LI_0)|1!T3ZtLa?(qd|YlXdI-e$W
z(3J*FbOe3cSXvDaTHU^Hqpf2i8aH+ZzqY$cFFIH;fxMtW^(AmiMkBtb9esujw?rte
zoo&0%Afb~VBn6A1@R1!OFJ0)6)Fn72x{}7n
z+b#5gMommvlyz7c@XE`{
zXj(%~zhQne`$UZ5#&JH0g={XdiEKUyUZwIMH1rZTl%r@(dsvBg5PwEk^<+f_Yd~a@
z%+u%0@?lPzTD>!bR(}RQoc>?JwI|dTEmoL`T?7B
zYl^`d{9)rW)|4&_Uc3J=RW25@?ygT$C4l-nsr+B0>HjK~{|+nFYWkm77qP!iX}31a
z^$Mj&DlEuh+s(y*%1DHpDT`(sv4|FUgw5IwR_k{lz0o=zIzuCNz|(LMNJwongUHy#|&`T5_TnHLo4d+5bE
zo*yU%b=5~wR@CN3YB0To^mV?3SuD~%_?Q{LQ+U){I8r*?&}iWNtji=w&GuF9t~=Q2
z$1cFAw1BTAh23~s$Ht$w!S2!8I;ONwQnAJ;-P4$qOx-7&)dWgIoy-8{>qC8LE?LhJ
zR-L4qCha@z*X+j|V<+C(v)-UZmK0CYB?5`xkI)g2KgKl-q&7(tjcrhp5ZaBma4wAd
zn`{j>KNPG>Q$xr7zxX}iRo=M#@?>}?F`Sv+j6>G9tN!g@14LUf(YfA4e=z+4f
zNpL4g?eJK`S${tcfA{wbn({8i+$wMaLhSJo`-Yp@G2i0Yq~@wdyFxoVH$w9{5Ql2t
zFdKG?0$
zV7nmYC@PSsDhnELrvd8}+T=C6ZcR?`uapdWLc2eaww5vKtjQQgbvEr^)ga?IF;@1(?PAE8Xx5`Ej&qg|)5L}yQA1<^}Y
zp7WZpk%}L9gMMyB^(mFrl&2Ng$@#Ox3@Z6r%eJ`sGDQbT0a9ruO`T|71C;oCFwTVT
zaTnu)eVKURM`1QuvrBhj;1e>1TEZW54sKUfx0Z=N*;Jpdh~Aj-3WB
zR|EYVGDxSvnjeA?xxGF41Wj?~loVahklw|zJ=v3pOEVZFJG^TvR
z-tJN5m;wZp!E7=z;5J*Oaq%2bc|Jw!{|O+*sja+B(0D2_X`c2)nVkzP1S~LOj~xs!@>aN
z3$K2^pW}@R-70K!X&s4DHHoV&BmGWTG4vi9P1H$JxmD|t_V{GlHZv(`yJ234IVuSr
z~!;~#ublS8qdL8SJG@XRCwWhkZyg_EKH(sB2}QQSv4W}|CT0ntD_4Eyp519d1%yKvc33|`yW9QzeJ4*XLP7@l=td+bwxSL~jCf-ny)IDC^~u5s)E-y^FdtU?)hkN{82Y{Lo)bCWcBOx;Jbw;)Pg9bWQQTY-3RWehpok!>D>Sa2EcEOS@ua)#G3I+GxL_ra^92Y!}tMX
zwAp*Fv-aAarn`ME7N#Uyim%ynre6u?KS15L#$#rKZSgLnXx;g8TP9suMpO055p278
z%o-6eT(3gdIVFN}Gb3k$zbTyrHYel1x6OxETsk&h0E?&}KUA4>2mi0len7~*;{Io~
znf+tX?|;&u^`Bk-KYtx6Rb6!y7F)kP<5OGX(;)+Re0Y;asCLP;3yO#p>BRy*>lC$}LiEEUGJHB!a=&3CddUu?Qw>{{zm)83wYRy%i}UV2s|
z9e>ZXHzuMV#R1yJZato0-F|Jl_w2sUjAw@FzM=DxH}vM>dlB&bQ!>51aGc}&WAH`b
z6M6iG$AyJIAJ7-c0+(;pf=2=!B=%yoM1i9r==Q+}CK3uW%##U1rP~mwjUb8PLsi8Q
zq!aTLLYK4HQ$vN1sU;d3XW{oFA{u@1$tduWmdOqc(~AqWq+`V)G&?YOOwAK20x>{q
zOgII2&A_FXPzVtgrD80Y5J+_SEmyUcdM2N%q);|ZF_m
z)6PBcOcAAy3kN*`8ac%zPH3^61_zn6_2FT#NCOWYx>ezqZzCC;tzM%pJC^gFAFcTs
ze6C3WE-a*=nt8tErPG9zfPRn$QHqB7aHe8x3w&rWT(0F54<2uBJDYtbB}y|@9V6T(
zmM!t}T5SuwxyTCma14&l|yiQRw5Pn|OiDBkx
z?4tUGrIVsC9zs=F{W>zl9XeknEc+~Mz7zCnefUPUF8iF?A)QJK8=84#-TLLxq?BTM
z=VYjYW%TOhrBp>3D@K{vStlEUt%e{HRc=766AQ+s7V_F|1A!)P3?y*=gUgbZO;O39
zX*BC((-XbnoaRGxxhRQRVKCDG9|qC6?7TwCz{A{OZp$Wu(~0DFo(w^P3f>4gr8@P^
zl8`!vA=_fvwTZc%-Z42}m>Q;KQ~&v;ipZzbA2;}Peg*v}TlKRmU%4WNN<%qb!cLo=
zoSx;XBrv4}ErykT!)z)Qar4o?(q6!mpWLNFe~Nz0S@yI{1)Lxt<0K=Q$~>*HH+Wbp
zQ~fx0aup_lZb|e6*@IJOJjw~Ypiwdq69&Y2vthfGq6u1!Joy%;v;~4`B@B*S(}}i-
zmZc^*aHOK(dd(geOKg)P+J4+*eThk;P@wRjvm}e)h|#EpsV9YoqqRW{)ABhRlvGA*
zL$&k5w*_-X1ITCwXiH=)=5lzjxY5tQJTBrv<{dM7$98pdK%i;RGZtiJKaSGCji7w)aNrHu_9_IPGHS-mMN5AheTn_ia^YdunCzcp2ap8eI-RQEm
zj(q7_CT)o|w_noPm@MVqIjv%H4Bdo6*9*!Zj)bLx!p9POp(`$dj1QW`V=;=|`Gx8QST=OnK5jlJX3!KBz>v7j$&5b5YrhIArRVL)1C^o{@DJ}*mk*s=<
zDK{e2f%fG)mK_Mz*x@#ahOO)cQQ#VH+8Wef>NKWcu4J>PIc3iz8y6PwCmY|UQ(O3!B;HtsE&jvyv^XjL7Env5#i
zH4-k5GzPr-%36#%+Hvw1*UiOIk3b7F^|1dPi!-i7C^ZWp~_KI%D!sGYb@@zXa?*{XfjZ~%Y^mT!kaK_>K8
z_jL78^
zS0eRdqZ0v~WWow1CE;vDBh#{w9R4JgB!})W9N{{D=p-RMnehZ#pH*ABzDP46ryZkt
z4ek|LHS{CDhTTMQa3a5fO9OLg?y$+#Gi2}Fv>QD-+ZEQKX2Fv{jr~miXz1ZpPcXvJ
zNvQT@kQbBz_Y4Kg)*`E2t;tPh5_7tSGvL-|-A`lgHX3uVG4jLev9>YCZUeNNzioL?
z;OBD{z+=Gs3+*ph)#bO#7IHl|rOFfvpK%cF>W??Q!Nh&B@hByD&}g|>a?GJ4uhX3g
zPJXKKAh&zWv&wITO66G{PuGLsxpWSqaadFsv>_vQt?LVslVob7wylsa+O`IYWySoO
z$tw#v7=&7ZGZqS}N!c##5-bC%>ze*s0H9J%d|!JgE#uZ|k1_bAn*x(Y%r{c=(HLwNkPZOUT#@j4{YfG#@=49YJ{?7?
zddbK}G-@Dod&^Vf`GOo)G|`n@kq?Z=o84x{889+?F*dQz(kr@9lQ-TXhGN`)^-Li1
zb}xO2W(FvB2)EA;%qAkHbDd&#h`iW06N1LYz%)9;A&A25joc!4x+4%D@w1R+doLs=
z#@(A@oWJq?1*oT>$+4=V=UnuMvEk;IcEnp4kcC<_>x=Hw9~h+03Og7#DK(3y3ohIp
z-gQ$-RQIJTx%0o@PDST|NW41VgAR?CH`Sj-OTS0)?Y*M_wo|92;Oz)aya`^I0@?S{
z<%^epAw!Tw(bvSmU_k~Im^%#|0`Xkcmxj;31jX2Gg?PbzdXp9Dg~P)PW+Xi%iWiCr
zV-Vv9IR5guDS2lGV!lfTWxkD8w%yz=UB`2j2Zb0eg~arRA*Q6>`q=8#4&OC|L6O}8
z)!w(idG0yk-BF#~k@Avk>an9z_ibOP*Rb;db_PsakNWYdNoygT?yRG=+5>ud<6Vxhk?P9rk!+8?xMg!x5kD*f2XOd^`O3U
zlO;ImEy0SYI_J05cMW{dk@%d@iZFCNhIVtOm8$viM>=zM+EKJG%c0)dZ0D$4*-psQ
zW+Fq|WmbYkBh5|^-l$w-`Uy8#T#<+3=}z!(6RadEpFlr1f6OFuQ5sG735YicWaoYR
z`wuEZT2dntHGC7G*Kzk$tsm?Fd25LTHJj?Zo2RH;9rW9WY1`;@t_O3NC};dayX;Ib
zgq6afb4!50qL-o5%yzgcR-1Xm-l4SE!rE>o!L=E`Jeug(IoZ36piq6d)aek0AV)EJ
zaha2uBM!>RkZHRN0#w07A=yf4(DBmy(IN6NdGe$?(7h?5H)*?(Li#GjB!M{nq@C3#
z^y{4CK_XQKuO>(88PRb&&8LbRDW1Ib>gl6qu(7g}zSkf<8=nFPXE1~pvmOT3pn^sa
z+6oK0Bn$TBMWYTmhJzk_6)$>>W)nF^N$ld9
z8f^Y^MLVz@5b}F0fZID^9%hRL#()Xw*%yhs&~|PK|MGI8zuO!f!FqbmX9icd
zXU(JOCwac|Z|=Yr(>Q3)HsXl!^$8VSzsgI#)D2XkpZ2=WOBcFF!2&d;*nF%h0I!`mRHl$91jYzqtLfNHUoYzrMzjR)u
zP_|Hti4^){G?Ge6L_T^zVdS@KHwtq^+*+aBNl=hVc6#KB-It()qb&8LhnVW9Yxn&S
z&^s^u1OzB(d_ByXz=xm4cpJzNzV+Txh`~H(176n4RGlY6(
zg?ed(a!J?4(oL}@UfBpgPL*)KrGtM_hMIdu!RywK@d!b-{YAY?(?w3yB@Fi3g|G)|
zho%)<=%Q$Lo7S-BxEjTL;M74{y+`Q^Xg#j}VvF|Y>X7s+Ps~aqT--tJNd9U6;Ej&o
zj@|!`{Xy90t_Zdb>+m8tCFJ@X(Y$mR>%)gv4Vt;oGr`idhQ7H1^L3v4<_2}-UoguorcscRfdgumUVa0mK7-Wm~#vbrnX9ro}@82q=9t;lM9nH<}
zLL#=1L7*f+mQWfyFnETMi*fe8AI+gdY6BM7CkRS&i4$ZRv$v*=*`oo>TjZ84sYD&T
zI!DgZ4ueeJKvjBAmHNu|A?R2>?p{kQCRy
zRnGg@C%oB#-;H-o-n##G`wcPWhTviRCjB{?mR20|wE9Kn3m6(%Sf_oNXWP^b;dz7(
zb{blETKwpl`AT#W7E6T|0*bl?%r{}-BYdwrn0zN(DZXM1~53hGjjP9xzr$p
z>ZH?35!~7LHiD7yo7-zzH18eTSAZjW>7-q5TYzDvJ$$S$Z@q)h)ZnY(3YBl+_ZK~*
zd6T1UEKdrzmv2xc>eFj2^eQPu;gqBdB@TLqWgPk|#WAS0c@!t08Ph)b>F3
zGP}9_Pfp;kelV05nUfnb%*Oa{h;3Yi^B5xyDM~1r@o%v#RYi-%EYfSYY&02eW#bGb
zu8(H8i9zhyn%?kx5Txx^6
z2i}CK(HeQ_R2_u?PFp#6CK
zjr}k8Cx#C?DFgP`uN<;}x*Gd$-JgG3J_i3s>fk@_Po}b|JNz=Dm+<{^51m=mO;n4B&azYm{>+VhB{iyxuW+j>w@>VHcJyoSBQi=hu0;p
zPw3Aj?%Ai^UeD{ySPIqsf|v0L&f_fmE7oh(s|jwbkK5^AQ9F|;a5V}EdSE?fyxdgf
zHTq!f0;+-V{0oF+l_~>rMGk?f~m^wDXlxqt1@+)6Zv?BNR$+%$i
z*NF93f}~4d9H2C7@?IibyqUtLL!XZW2ap4fkkxMqDZuZ>`+AfWJQ%~O2WR}NoA=OP
zieg@q!mP
z?=qU=EE6L0_UpzXt0qwX2tF~}c|;`#MUY2TMz6k({hpkiSz>Dxt*4-PtkAdAA*0hn
zk~CK6#V=*^m5
zg$tB6rSO-=9l>GAl^DjJBHdk0wD0(L!OrcZ?qmtYbl+}s(@rtE-O=RTx*1cZq~u~5
zQPVt(IB=*?Pm;Le%#i1SFxHY|>=Y$^RF-FGAUSkBpn`|+p!4RHyv-Q(XgZ5Xg5W}J
z8RcT?+4FdVQ>z~9kP5By8eM95f_LDnsnA%K;i6`OpcuJS=^n|6nH-B2EhH=dLbO@Z
zuw=Ug>7gsu33`Pzy3Lji0x8OCH={?VRqFEi;@oDIS<*?dG@9X1*tlYCm4YUIMhyfo
zJ~=K@-X$D
z<-4dH<-5o#yMj%f@U{nfWYVdrREJ}_o4&|c*_+M6gk
z-Up9-i~jM-bwR;Bf0&C5wteli>r7ZjGi+mHk3aC4mS5
zPC^{w+G%menlWun+&<#i&DJ41thvk;OKZEB`S%sZ6
zzYpO2x_Ce@fa0LuIeC=7gRHN#os!MQ7h}m9k3@u68K2$&;_mSe2`>uvV<`RgC)TKX
z`J}&Kb%*f{Oznj$%-QafB}Zb$Pi%@D&^ZTcgJ0+Bk6-iOJ-P|Q10)5ie2u0JzKb2r
z2C@{f?ZBcPw5%h&aKG+6%Qvhw(t1Y{hZ82YE4(Tlk`2VCgE&1x;AUt+5U*$%>P|iWLeb_PJL!VX=b4#>#QM;TGjFHBNRy+d{v>2cVXFyqaLd300
zFHWrc8lB1KSOH3dkJClJ%A5oE^31WrQZ3^-3`Zk?1GqoV7Wr62=V9C=(;#R
zhzXAT03)d
z9OdZ|;CjSnqQeqF-CUNR=x9x76JYnpr|T+6u#$y=7cMVG72k4f*BJIG>l1NNvyv6NQzr4U`r;=
z&%W1Ri2sI5p|8%q5~zM-AMptHj_eX7FzJN7t(%+2dA)efyFbePBsClxY_yMqWbEdT
z+jm?SZgH3mCzU?e^psnyd8UK
zfZ$^_^}C1WYB1-$m4qwT@#=wsAq$9Xj=%IRvc#V?1azEi|RSc;M
zQn;3%Gjk3D)R+3`gZplB>Pt;g?#EiwRzxON;%
z#P5IK*YAh1Md<$o21R}j^8Y#t#`fP`nErnb@&CkI{`XNXulcVIXwLcS%VE4i4-!8a
zpj-q)#TqXkFg&z4G9pG45A-$B_Lfacr)H85ge*yqTLAb(oY1$6Xu7Rc%^aVOmzsKd
z=WEXA40~hm@7FKD9t14nSRt)m0XWkP1YbAE009nIupf`md=v&J;C}estaY0%^Z;;lf>5AF-y%Xf1QEK(}4n+
zhKsTx^bQSpwM=UWd3WRcpEQfw>P%zuhLeEdY}s%cGitMZa14Ui*Mzm%=(7<#b2gHmJ?kdeymT7H+Z8k8tgd
zp-dhC)R!P!)w(n%RgOi%^)LGZX)yxC%@f@d4x@IRbq{elrCHyIuphEE6qd6l6O`;B
zi0WQg;j`hcu51uYTBSSYNvY{Lkn$iu=Ae0g6o1cSTRwXmEvNcNI
zv;)Z_?g>?aG`Zp}*gY8%LGI}{>J#`x;v=*ykuY@z2Erz>@b*)tMp2>=C20MI8|{Z2
z9hbyDJ7d#MdWK&fyZB>Jdm!#x_uRw%>`OuM!&QMim}baa76{L|VAuq%1UpXVHsClm
zPD4}hjj{lj`)aaD;x|PJ9v@?8gZ!t5hER6!b~HJ_l9P|(h&R6js3mAfrC|c+fcH^1
zPF*w*_~+k%_~6|eE;-x}zc%qi-D-UpTcAg|5@FCEbYw6FhECLo+mVn^>@s-RqkhuDbDmM~lo<4sa`|9|$AltN_;g>$|B}Qs
zpWVSnKNq69{}?|I`EOT~owb>vzQg|?@OEL`xKtkxLeMnWZ@ejqjJ%orYIs!jq3
zTfqdNelN8sLy2|MAkv`bxx`RN?4Dq{EIvjMbjI57d*`pO?Ns{7jxNsbUp=rF$GCut
z7#7Dm#Gvh}E8~2Tyhj2reA%=ji|G6yr%@QV{(90cE{JYOW$0F|2MO+TM^`cAu$B7s
zmBV^{IqUIbw5~muv}st`dDdIxSU@Eb>xf3$qwEcg;H+vp1^ArN@A)RtQ4hrid2B{9
zb~pG8?SC3#xctpJXWRGXt=cx6Cw!IqoJrK)kuLL&`UYYB{R6Dw)k9nKy>R#q_X|V*
z%zVsST$=d(HozVBc|=9<175^~M$v$hL9azT^)TL7BIA#qt>N2^iWvMQgt;!YZt~cv
zn!x^OB!3mOVj>^^{mloGiJhLI4qy3Vt-148>9j~d8coH)q|Cg5P89Xj>>hjtzq5iT
z%go41Nhi}x7ZztTWj|deVpj>Oc#IrI{NxIm;qhnuNlvNZ0}d=DVa}=H0}Vi-I+wKK
z*1uD=0_)b-!9S^5#(%_>3jcS-mv^;yFtq$1)!wGk2QP%=EbpoW++nvbFgbun1Eqri
z<%yp)iPo|>^$*IHm@*O74Jve%nSmDeNGrZ&)N9
z)1rSz4ib+_{4ss2rSXRiDy
zgh(descvk^&W|y)Oj#V@#)C658!**J#=ckpxGniX#zs0tA~NG>E#Hn3Q3wdKBfMG&
zK}2y#|FLt}E`UQ6t3jK#G&e22bMBc3=C)LyqU706frdCAqa;~Q0L5)KJ4?@h*FFu4
z!s=hOC;G?Q)BRKJ1q_XJ9W5LLejp1L*187&5Bo4Of)k>T=WpQl3v#4iX$574fW`p+
z3m}r-F8Gjv1m3yTia=+2An1+E&psbXKjH2{<1xMb37`|D<%7c`0`~m0r>AQD^%nUJ`%PxS>)*{i
zg?VHw)ju!$@$>xGszUyM_BsCF3*%>rxVZ8vrYB?PvDBBHQWz04T&UpxKU7{
zrb~8R4W>e)){FrKo^O5ts8O^r^t70=!se(2-(8&aTdaFU2;SR=dyECLBp|MVU@JIt
z)z$TAHMKRnyX*5;O<*xm+(>Fo41G;Tk0w01ilh#uFJa{teQne`QCOHZp`&du5gkAWr@9Ywz%@P@KB0bD{lXo7PmrPC%J!A
z%orlB>F}qRa$`XC2Ai_4L56#h2GWm;>sScPxhMO5a*guk2
z+56H}PZnq-sxASPn!B~W#8B1W=OQPf-lEbhOh%>%{AND;w%w;t<8%a%HNk`LQ0GpT
z6au2l)=Brql2Fq{Kw316jHdW-WF<{46(Xad0uxi%3aEARVi*dKaR^jjW)$<$7QEiF
z0uK-~dQ@|hxT5M|t$pBl+9IJig2o;?4>qY%<|sZ4Rk0Dc{ud;zd`g$&UcwLjY))aV
z4jh&lc(;hjQaWB)K9EB@b^I)LQ~N_;SFEEWA&}`)g!E7-wzF%J8)yZaSOeR=igBiM
zaU=T>5*oyz3jYaqv-RSC;r$%d^Z(cbLGwTQiT+3KCMt*OBOD@rPZ}8;)1_*l<5aBp
zjl{A?HiE$Y6$NWUgPY(x@k^9)A|CC#nqZ?B&q-ceGE;Y7F{@0{lQuPnsj0~YX(VoZ
zdJ})6X8821kH4_0vt$gocDeSve(SuROm_bM98&+q72$1m(x?A;;)@TWyuVXQV!{#(
z41CN;(vq_a|56Yny*sb>5`lt+>?dvF0++3L!wQ_eJmXi)z_1UAmNi80_bG^|J$GZs
zK^|0X@8jq9pyPt$dpiWWAG)mNg7X_BME=&UYoq>nc0gtk_YoXNb5hYb!hG
ztf(P(6Bcy6`wroiv-5NLLjVBx&|;W6WwKMmB+ph%7$AJfV95||OktlFlTMqdKP0i#Y*rj`(XeYUz=adk`3hA(LvO`y
z|0%R3GMWC#x}RbCNX_Cf;_wEOS}%lqj#-CXQDIpi8Qis%Radz>q0vjbY&8DdR>jXU
zmvR%au!=9lMN?P=hzQpNGOJRw?Cn8@B@kEp4r5$bgdM0?Fdua~*H~mGTf}17rZog%
z!Kj#>m=l>Po$A`_fcT-pHy*aya+n%rXmG0CJ6a{nF%>TfyzKC2Dit7a;!8r;X^G$~
zS03MClV}lI)S^Py2I2rLnpjR64L!#Fl!mCP0td}~3GFB3?F31>5JCwIC
zC~8VAun2Z}@%MZ{PlIWpU@CJ06F_<61le-_Ws+FSmJ@j>XyyV(BH@K!JRR^~iGjAh
zQ+NnRD1C)ttcyijf*{xky2tyhTpJvac8m%=FR-LL@s>rN`?kMDGf2yMliwkYj=
zwEEJ0wlFp%TmE6|fiti_^wVrxJ#gh7z@f0+P!kS>c>;BHH)N`PW0JHTqA?B~fz6H+
zdQq>iwU2Kne+4kR2e~l2`>(-^qqujX*@|w7k>s=e)Y-lwoI{$Tx_2}&y$9LZzKG-w
z{TH06d?a9;01ze%EvqDCEt;qAaOYdf@X)zT)ScQs**7gQ**A5+o9p#P*X5~lMpNl2
z6p=Ecy7#f++P2sk;I2Nd`w-!5Y^3QHV0RVy2<55pqQ
z&Q&b+JIKTf&6N(UjwrECT(BwKhkdpc#(Aq=
zyG*N2frC~4B2Ko7O)bOHP8(}XKc;_(GP&+{?#dJ;Y$YXT$y<%YZmc>C?Sik?i?6E1
zk~VKGMLlNws0d#wk-11tBrAf?Tbes4F)oqxr_*7R-?Yn4IlyyP_ce6(J&tXSFI~P^
zYG1K1&Y@OY%nE}Gsa8~iq!!=l4a+yi7?Rxi#owl|2CnVfey<;AkI<2^CN^r`;-)ob
zX7Ccao0G6Ic0ENcm7#3(8Y>}hb9aL6Gi?llW(Kss_CW07Z*0rgVhbod7+2-z3EC%(
zq7QLJy|>bn^fyDVwISg;I%*4-lpnL5wLoe=B5sV^!Vdseg%7piW`#>KU*HD}MZ&J=jCFG;)9zqX;~A15Xsg;+mAtJruykiiD4Qc5$;lWT@^-j>F$$|0*{U
zmrM6Kwy7I0>uJ&DC#8>dW7&)!1!_uGQ@Mvr)n^bH?_w|*J_E0?B{C&x%7+%$9&Umb
zMv=?f8jwV=X`(6MfQLkyXGt_A~#T^(h~B7+v?~%F6k&ziM^m_Cqb!a
zf0y+(L*8N@-&FfWsxPx%V97(F{QW`L&>2NJyB_}HBTWa|xRs*TT-y}_qovhF=%OCJ
zf)sDf8#yYtG3ySQ*(qqz9dXI;CfS6yLi>4H9w9ii-!j5NwHL>oEN83>IsEP+V_1~u
z`?}q?(o8RjDY5V?z9HC@t*0V_hFqA|HyZ8k)T!UJQ`KEKMLlNlIq<$2s!x;)o#SW0?w*zVYU?yc(v(2qyZg
z0(^T!7Qzhpm)`?PLS7z|(>s+ZUO?_>f0y8LjB9{7he}@4-%l99L!vhyLW=yQr!);4vCSd-wC1QX-%H=?#UM-D_Wg8t3W
z0*rY0Q4xwb5i(lBSOs^u(IgRSP$j!PkhbcIr^rh}e})V_kU5jW{q)m0CALP$`wKi&
z?444cDxl;D;SqSw0^h%eA6Ro@BhxmD!}qpGb6OxRi6;iFai!)ctW|gmF3jQz2*O}Z
z*TPvZAxFr1-Dd!53U_WQMQh$aauyVf;O60e>&G;Mg83(TOZt!6;s2KT{}By>k&-_m
zA1YA0q3ID6fx`!qxy=@dYO@Rn%rEb~7P_%;Dxvl(WAfiJUtti0?~ah#_1`K#A}P2n
z7^D~GQL#`hC}2w`btD`i%)VBWnn*jWF=d!kI*6T5-wBdsT)$EZD=mrn&EhxJQ^3>1
zbLeDA3&BIDAv=kWsp0t6>a3lITA;khMX^(B8Ecb^U%P-|RNGB@XLq*Q5a
zR9aZ8RFNDYvD`dcva-5ti*`CcV%ltLG;emYG)5Hvo^Boe6!Fu0ekZ(k<<5G3_4>Mg
z-?ILGT9yB`Gy?Cnu(PO#(bsKyf9>@F_MJQFZFaBE?dA7x40K@HNwA20g&JE&q
z6&$MUcmsL)Sq;;@a9!*!?ct(XynVCJutm{pZ5w3Xci1lQ!9oB`xCdL!
z6i6sX5X8iljX<8L4KC)P_hyjfBo3W=8BfQ5^inG|_NhXI*k)fvrDRq;Mtl#IdM%t^
zo(9yQnnQj}I{C__YBGYykMvG(5)bL%7>X@vm&+vnDMvZ(QMVC;#;@DZ9#6!r74JA`7phVA#`JE`
z>BU^K@B>jj8Maz2m^>t$!%J^m)e|Ylem4L>e=OHtOVBCDy{0or$Np^VjdNl=g3xT8
zqsE*&O{Q9{>LhP;F2vpR<1t@fO4^Fbd{cO753U@l
zLFAlS*(cze1w03?ZyLxG9S&n_udo?=8ddzgt#cv5fKd+uyogyl;44IK1&z^wj=!YK
zzUD&kgK%`pt9A4nks?WMImECKCAt*xUXcPbo9e1&PmWU$X9~!}HO|j@r(`+=V^^Lc
zcLMKF*Yj`EaS|pmb1uaDbkZvx6m%4{=z+MdgTuv?mT=4T&n?h7T_tQNFYhz$`~(DF
zx4T%9nS-@(gWPm3?tZwJIpHDGWzAJ__zZKP;Hw>~%&n=s$Pn?6CaJ>bJzY?o)(O#~
z1fxWpkgP7ukZGyitR1C364Jp*?#{WzBom;9o=XrY;V#_Y5@5*}T5v*hcW#I;Sb)H;
z6^g4&{fOcGP0zWCURc5J$ExdSY5s?r-^r#;|BS)8NjQH2--6b}!Q-Aa$mx_pNnz4q
z(1_zCdqOu|4b4oo+-*jjTTV_j3WmL9=u`0(l@>00B5Vg?4f?fqwWRCX*2JwC(Yd+i
z5A-Rm0r4e~4ceSJnEmWF6Nk>Q;(7sYyQ<-CgPa1fO8m6_pu=Maf0e2hd92Q#i7j?U
z-VR;%F~r=@Xs>J2`Nx))UK=X`Shhg3AWzbwE<#%hM+KSQ)y~F!~7j*2}qu
zgT9Z6kE4Z|n9Leb=N0%JnFI$AeNrV+!>E(WT7dyOjN~44BhNVL4(%Eo(1JGjS^)Oc
zjSPsu`3wT8k`$>Na;G3pMU(9;+ov}PpiRt6*)WNMy(rEUak-14^(K`73yJ1#LZna?
zS)ypsH=xt_
z1V%Pk;E@JqJeE1&xI}|JylZJSsu+mw#r=)G*5DBGv*`Q|1AC+!MW979QEZ{H5*8ZW
z_U8EI1(M1LDjG^#yy~(OGH)?SdmR~=ma_^2Q#k>)`v#$t=~Ih|79!ZutXQTK^S&w`
z1)ONotPDL(cz!_@bFBBOo6W@;7Zz--d9JaOs{)ss4P|Mr%>FaiMR=(fn-Y3SA->6~
zp`5h}dOcY_YfweZB*^el7qqa$&_r-Lg-I+9~U
z`JxVCD<$VmoiR$g^3dU%7Sij)XYi*?$#ihSxCBHGOaRRr|Lo9+E}O~M>I}tnokI`}F32Aty#b8rpABEKl|B;*o8ge^^)Kyk
z0!(>gFV=c)Q2Y%>gz+sa3xYTUy_X`rK5ca{{erC9WJ3EPKG{|Nng_-78kAD{oh_=K
zn*wopK3cG}MBJf%6=}9YouD;zyWbjRt%A#pWc1zb3@FB`_Q~~UI!uvse(FQfl
zUt=Qy2DSjwpzAUJ048~^;@Yo{C56R_8nZEeF}vm)0xoYe0y|tYI!>Y(d}mSro0`z;
zeb6Eg*(a2{5Ypj8S$-_~L)+IlozZn|Iak`$jQKd63hldhts0=m>k~HC&`@|~;XaG6
zLVxC))8>^?13P*mV#ydlkC0V6AWK(BjWpqu|
zbh7#bkKuL<kv5;Emm4zkF;X>rfbzAc7!Z)i};f=*bypYUD
zho5-B5n;)FP(nzq8FG3TH?7l0vS{G}G9@~zxY>CqbX^mb$|JncS3I_2RD@?I9bz>LbX13A0N_LQmd(!3AxqmR_;3bJavc81%v
z)Q~pDm0d1VrVe~>X?GOUOz94e6Nbt|fe6(S@cN64Gy6{i*TPukTmfvgPR>+qe>)@w
z8mS6=rvR0~cqVfEWFsL|kZ3t~m-iV}va(IjJ;Hh4R9uISa6;@9d{D+7CwskGx!7MGZ6|rdE_I{cMD}-`
zoi0%doDSznN-Evavf!_d@UNJt*Fl;hNrnVT2Fal8iBh(LU^l>8I1%x!q=6A@zO6O}
zs0R@~z(6E;t~6L7tclb6A}zwwIvS;W`?F>>P)INWt6N9r4JbH*;&^6B!lHNAY+v3R
zwCVoTTSL`1XtRZ_9vWH*(HcV?PImcNBOtbC4{U(v-HA~xMdpP8<);Xv0y_e1i%t|f
zdyL`MtgjoC^Z-wGt@&6(9Wx>;qYcYwopK7H4iejT?T|>BSm)-fV&7yB;ANW4ZRzzc
z?^;uh#-bDq@QjjBiIf-00TSw~)V;r?BHNEpDb(dLsJ_Z!zT7<{oC-V^NTEs|MeD0-
zzuH~jmz>@&JaYIW>X&?~S>~+R!;wQOq|+{tI&#vV^n%|7ksh!vXzONlSb4zc!X;}>
zMaUjix==sr4oMiHxL@~MPL%PrMzU{DPuz`9zWln9XnqKqNo3TZc;22OZ{
zy(90FLmd!qHIv!b-q){c(0@VYnzE(k5#rf~N5m{u-X
za_J$`vM`7Bh@_`N%&n~35!O^m^pyWGR65?W@EH_fG}veT4I>@L72iny$1yuwBopv>
zsSxe4Htw2+2f`M-+7|iva$OjEp*e=6r{J`{W_IyMTo#x0Yayp+V8z~17Hx&~6G%t?
zN=#7bc$BWFl&qzMvU^iRl>Rvj(_`fR9T%ZBYX1?fg((%9FgbGrBl_7^rRQW9GA*@E
zLN~c4F@W|oNmH$kHZ)4U$u(P4S;GSPDy671d;6L8z}?RfSb0PHN)PsKViOm_PLB-7
z+-+jjpC&oGWj(BQ{|L#DFOC3+-%fvGOOx^u^Ysxsq)Ox4^;}rM$!;(?`m@wtkXb~%u$Zx%
za#IBD9hq=no-2H90jB}1^>TfWp)=Sb1v9w#UAHvYbn1PpHFbB+hwSXWK(ta=^8VN<
z^j!PhT^ZXf#;?$ZWkn?(vJ20u-_SsGO1os)z;s=hI)d6iN-4mC9>EtcU@Mybflo@|
z82lRHB)FEu4k@P9W+a)>t{^Jl;)gL&tWZBy(gWmfXX8XiUdnU>LtbceRd2RogiprV
zK3KHRpSd5n#Hy5wQ!-Fg;{(9?K%pRuAEZwPR-E)JGeljq?MUmP=K$zkEO46*td&DL
z%C4c|+^C204zq3rsTdE?%Y;lc1vKitClZ79P)GU-k`VCL5(kX_>5D{)C18r$^duj)
zab$~pZ#$FLi^ihhytr80x6p2DsA3IsHPguaQ&s4izcL;7qGj1rPQM)4uc!I=d^j7S
zs{`eqUlX0}s<8@_Iij-NBLD<2BE3VJ&k4Z6H;z?!7!7-XeeC-aX{Tl6ml!93m*cFJ
z#Z5Q7fr}UC|2wXN*{|KEWPZ(V^*agnsVlrYkAd651IAl&yHxt9OnMCJBht5xn*lR2&NabYN
zSWC^|d16K9!d@LjLiX4uEhz;%>2G#@i;bdI;t=8bK>y@P)WT!mDr~z}pG-
zRg0M$Qpz0mbKF!xENTw8!Wwu{`9|04Gou}nTQ_L@`rl58B6UT^4~-?*}V`fYfKSaDIH
zavlsK6XsL9-WmdH$C72oMpwJp)?;)Z4K6Es0B$SXP*QhM!gvpdUyI?}p1c2yYhY~r
z_VvRqI~hi$_97U@cE5#Z{Zhy&EqB*`vAMpf?Ya?h{;uuk-}E1T!ah4kx_Q*9mOjl*
zv62c1x-eMCSfQ*b3b|P6*~#_2>fN2y=iJQy-I$q_TIV>AHLGvxzY#v#{w}OBR>mny
zZ+4AXVq%F7d*h&{U!c8&&KUXS@X->Bu@pTF71|eeQVYw8ns~h`7|n?)2@d35c_1Jn
zeG)5*kFZ<}MejgYN(?7Nw?Mod)k5v*wm{$@osr)Ywv-QvXpeI;3Qku^T}zo`go?co
z|65!$tORilITCe4GfhNoqaj~NtO|@obiA%Tub@&qQ)*Sn14oz#=<2osGcxe*+@PL<
zyx=_nR&*Un8g$Iu#el1FV8xS6kKlqt6Q_nLmsoyCCicctlpM=xVMApO3V7u00mxNJ
zn8H5H7~1cY0)_}KJSfc2QSG+HDoQlkX^Iwi_%Qb4&1XPlDw$%cwf-dlhzTK+<_D-)
z&P@=34aLr)@%x%0WcLNFBZ4im4biAYc
zX48#WytT#YP@@jEfGgaR&J#HZzJa@HjxyMYHe{pLPnxkn;~Nj*Rk*wS5*frI0o^@#
z&G3U*-hF=Y_v1Euf&ZeY$+hsoi~%M`iq}OU5nnKjI6qCo7#tk{_f3pIO(8(pMmgCr#+;(8d(-5n@oY{gBKSFB;sfY
zEGd8%M6}wgw88w$*dURSw+YzI2N!gycd}~V$*T@AlPt*-f=web80-YsRGL;
zIurEoITNgt(oy6p0G%)TAq})jmI~qDOTd#8SWUAuE(*k}kk&NIGfR#?MWZ&@WgOiL
z>$#C7>im5ft}NgVUz#o-;GS~3h`u>vuPTQ6J_?slXE&+uSm7V8X2xqGN*g32wQVF?
z60uDVd}|BtzXW}IHl+O9$Y${gL@oN<={bc5POfF*UaM4*ulAX=jeCFG9716kCF{ap
z+Aa!D*;gIqFWp_D0@7TOln&`G=|&m}X{5WP1i2vScNypR7x`wGaTX8H
zJ@~rx)5+w$k^uMixVE%C0WLCO~Q+tBA;H0@eFG)
z9eC{^DN&Wg*!QSPZ&6UQTXd8o&~Nom);LFsVoC&=vbu|xNN`s-1=AH*8)z4To#%#y
zdd$@UB#=RyuU6;>-mgB-YAnr|4VG~L%5Zu?2?e8cV@hX1%$C
z-Y!`@^OUFtA7Pe=$M(LJiXU=J1!QUEtKOP0NQ3X
zL0EH2;5m@t@SxuG%G+4`P52~ZYSYtf<5_!E_05F>!Og3NVhP<3((hbndMVWA>MlDv
zn$&G-7+NQ3%TTa+SwC{12rdHZ(>d@r=%m6}QzK^c#Jf1mYV4ihwfN65H)@P8$MxDc
zTjl)d2R0#MAxtC@z=02~@CN4)F3cc@}c$eNk#9s}m0
zCQU1m>8KltX-7??Rz`KAa9O`78vwc
z96b`^On^}8Uq2X$nJstj(oDH3I)|mIuLz
zwkCtM6CN9f((dN*4jqG4{_r(Wh
z2u?7~;PfTgKZy`BNs+soV7l`vUoj0Zs59#tk&2GGS#}^vM~n9_o1()DH&=e+1J8g6
z?KqAZE{5+wu
z^h1JTDHbTO>mUG#C?;6@CZ1@94=<&=#wE65{;Up>sTq@gJ?nsNSa6zE7ZoR|eSK`&
ziwVJeio-qK&1`}djVaTPBHAtX-iedlv!W}@HqzoQ&gu~oM(#ZleNhagi2S^z0$`*2
zvXv*_l*3vp7N$6SniJ6keA;%N);Z;F2X+yzHXEKK>|!l-K+oBIB9Rg(r?T)}`0nwz
zW>J5H2T!yBBQv!CV3wS!?e?ao$JZGHB3>?^p;I0oEq1rFbn-K-z1;UX^Zco(t|y{F
z&aaht8|ducgto&gzsFOSGgDA6d{NN+DwNR7IvD2_ztxv{`PTvRQAD{R>ii;bqI6H$
zi~7*gkXL6sk*D(
zRfRn^T)TGZOa5H8)%KL|b$feS+tmm`x=ir7xA_SFtXdrfwMW*l6LlqDsdN9czC4LZ
zxQ1hx2G%}RlTH8PFjxmCx{XLh9X)5F)BD@x`3Yu(w&|MQ@Wn))MQ5P40oe6lq
zj6&YQ)Y$fsl?yoMn2DRKmBXL&;#5@wIec)ey+_r)wLWKQ$%Nl|=)1S>2v2Br1GB0z
z{26J4KqT_fthh6KL4A_nUGh|M?rQeB3d2M>f>?eF=%>&KBi
ztb~177I8YO@8HV-(xw2pP4vCgNM_ODMc*XT)Vb84bZ$(aRZCi0SD4Vb5~0yzn-7uD
z8&6`h4|PfG#@4O=sM;eev2gieyH}I*Rnq8!MO>k8@S&aMNX9c!hpUjKeRDUN*M<4&
z`yP541rMR2;EXAYLf51%0hfLwoLO*VT(v!KEHyrD(8{a*@p_=xOtG6Ck0QfS>k&u_69rGu_Jt&YG97L`S7&3_{l%EQ)VAjX
z2UV7D9)#I1Jv#8Fd6X+dOxjZTXFW0vpAv0)rZ!Ck6!Fz&&ZCezKS|5
z__!pv3>!#(zZ}MQfb=Bz4!aBypX`XnE#6B?yfTCmP8;tZVe#%QC2|cSbs$Q7mx9Wk
zrhgq}S`lflHu@AX)_|0m0Dgy%FGt|ZP!H;(BN8Ff)p``6P$lT2Z4~=eFDFmYJt6Yd
zs+IG46y)X4Cg=VU%>5u$6hq|9hlX$~MPeX{3SWik%ZBMETV^`}7l|$=T9oPv=>MfAuVpVuT?xQI-5MnhAwB~WKF3p#jb^%x)hgQ5w
zEYy^HY%m(3qgTb0>_xhyGy49WgkavN*iwr9){qxmZ}0h)}ji`R&Z0sEAcs4@JVrXS$uNXI67&^So5DE
z_wSSV)|hizP*Za+cCTn0^tCx`&1B`kM^^O^qqM)Or4WgFyEKhu_AWCV(8q?&7iiv8?d=$)b
z1MCx)Px;%)v~QO*(UKzoMpj-f68L&<9G&jy%k26a6l~xWa27d=0zy9Y?Knv>uTy3B
z#R4dYL0;(wG{B!VU<)
zL0dQ}cE7}kSnh!@UA2Nn@KkO8%G$oaXs^?*bXW`@IS`edO
zPr)lZK}u7D_99TTzwi<#blDq<%z2HzF#{9rVJal40r))tDNA4@UK9YkbOz5og)RphDfLoH8TaTJ5@i1x@Ntowsmz3c5mldGTpqbAC8z+-y
z3YUgK2;tdm95YQ4$o=gR_I;ot|JG0jq~!w!JryDgGKTgLd#SK)h0Z1kh907bO~U(%
zT6jiFnX@TWSv@xNo`&z|2;9Rf1$ArDtzSTk!BFYr;&ymtj4Bt1vK|q*ut&Efy?Wd;
zk}_qM;ziWm-`?rC{al#%^wRcw6wOCC6Gv|Oa7>zIK{tOroHE9p3-q;DwTZq9(y|SP
zOB|hi75t%%z@ZErp@owZiI?H$xHMR7h2k#XwmQmT>7xof5gx@XC`fVWVA~cioSE&K
zoAYasmf;04$arj
zg1&eL7=I?+WRf^o3qFw^#Y?d9v=-_zeL94x2|usB_;~yo&#*;J>I2Yf+qzIM|Bzwn
zf!lXOXQspLmvN-cJ7Fy^Z9K-=NwWY4W8RL-q!b82mgurWTar+^3SwpU*Swg_MY|-s469h*lM(kJ74z%e#v1B%~p6k+k`Zr4M;9Y)5
zrQ#%yC8mb5QdUfV#)WRwxc!2-9CA{=B
zX*|`We_=f<%xhLdJy`#KbR#+lj|R6pJG@ZTcZtr=Ff(n00MTQyi<~xkl6_QIxuYG4
zAn6QsfWJSaT0)kmDQ#9{(H8{k;(F3zbIvl5oA9MZn}6VxAW4VEuDJQJ_tvW3^8<=i
zgp3DjuXDefv#|&0?0j(&4lc6i2+%kQ@a&fm9)1GxAuGZrRy#lIac(Y6!xvAGHrz|(
z)4AuuEkq7`w4@FDUqah3+{y7xTbMo!P#&kbRy-1zFRXRTL}Q62x?q@Ltwnr
zqyF|*{ZdFu!MG|}fKcf)Jk0y#Qk3t&@IZLWry+1U{!CF4(R_B8fZnVnvN#y`yJk&8
z5o|-I$t$7DEs@z0(ie7=MpaKrn9UfAR;(N*a)J1eej0*KIXkIFx?K6bYtjN0RG<87MN5Ph
zVo*0Xd;_STda7fc?U{jG%U9FOdo7NOGFCBEBwR&j;4Q&)m*JVsL7mSZgs;+{K}z*uLldQDk~pDMMpTRSMayDpW3jXcP-aFaK4SRwhOg43SAApaG6v=#1q
zJc}I6RObkNMZVE@gW2>|4+xVVmeNu`#F_MzWq24w2tz{n%bb;&u07(#9!N=hc`@qKm@EtkN&lDJr;L
zvk}HQSsd&o7#d_Yb%Py=9{clqy|F19S81|cMmz<+n!5J&3Ck5~Y}=}arb30r5}^V2
zwD^K-=syNKf8H+4r==Oz7M~|D34$w9WiTg+r6;uognB=hj*}U3^eWO|j0up?kWWmA
zbEER8t!`eQ+ApRkQmsrzPN32!_e#P_Bfh6aGOTD3gOGBH=Ob&R+Zi30Sc%Aea9H~7
zEB4j%17ym*rkGd>UA_HLZ^3@`9`Eu;NC;;HEL3An;iEgR+j-;5@XGL#4o02(SG@?!
zmNW>y;+PQTA_i>3r%-PIQ`x*!@b_24mk5(I-0
zzIJW*ZBIgn{B;FFhh;m=5q`WK>P;)21@!H0ON)E1P2mW93!PsfiMK!~#1#~LLfyQC
z=}TF_5|H{5J7GF~A2vvJiJs7KH5%w}$Y@iz%2sMQefiYTC#VW!XWSEusTc6L|ImO)
zFuc>MCylPg;Rn_By}7kLshEh9A0guK0m6Y_KKvx}_MX5@{;8^|M4lHz59q-^n>s3N%P-)wu*Apy1c*uY%ls6{?1UoxSMsVN7r!vmY$4U1ZpCFZp
zSB*$nRK#ut<0W7!D`6u+bGR?I9e<3Zx6iW5FM1YNJ5roEjQwT4gD$elG@b7S?XgGj
z6?8Gv(sGLkkFv-Bz!vs_FSNi1>W-{uoLZyfxL5}8Z{yqaEK9mx*?8EyKbB&|oe3nO
z8VPv6K-BGik_oh;MUxzP=SHYz+sWoU*_Pc|ZAp%rEG2OgkyA{O@|sV48aj}*$c=#ReFzE9^##pCm4G|
z2ExX>|7BshOX&F%0r(Syy*@UGUX!?ky}6Zz8#t5q|1GZL;`G!$N@DbUPo4((w_%ge
zvSuqV7dVNPK^Ue9v@t}A{2cJ=Vt!H6_jWRDXA_0fHLnagK+aM{WcrW(C(d1S@nS3RlL
zUYh7&54coZVswV%&><$802)Ds6(5Ty!)=(|2PPPUY}b*5H@uVe7@L=Qb0@q9St`u+
zN_!X`!fP90I@Pzd3+=S%-p@UT)RD36;vT`l)y>59$+Nk(IHfmD3&VHLW5m_Y`<9v9=7o^jo4Lz36MNl!%1
z3c{>#C-z6vmYddm?8F5!nukB?&9Qdzs!KMBj{!#L!8zi1kBIRuP=&b|uHG%D0++Ww
zKF=0w;?gq+M!;#eX^_}Pr4<(R>gE(Ur;1)gwTux=f1IQG>fb4lRG
zauq6JTk=W;nN0r%g|iMMZts2#+~Kw1kA-3nBBM<2&r;0npESg~K6u!!V7Y-zgy%jr
z!=09xB~ev~Jcp)_SGwX7G$-j)q(48uz%aSH{(e4l252lUj``uz&I8@A_=KdyUZ?@Q(rXR552h$Wp&%Sm$b-Okpa9CMXW*$|8A3#-)8|R{nX6*
zrI}P?wPY7piep=yrIXLRu5>57uq2UvzR<1~NwK~f8JrI9srnbs2UA;5UgdfyLRR&X
zAXqb}GL2YZjX`a)UZ~1kU9Bst!uiUq9|M?TT{2V70AVJ|-z~5F6{)i=C=%eGKF6%Y
z7Ft=6dZdWTXx8KXRhtxFSRyM*AuF=@3GUfDy+`L!cV
z`(^xDDBY+K4#OC;>}DddEs8FK>ce{#!e2#ud;xxKyt5wP;!mD`4l^XIWLkqgMWo%f
zaflwyB3@QC!jweeSK)r;DGG-cCu&bG3U3{ikLdi;H(v7DU?2%M?3qCC8b93Hb2PJ8
z@QeX-JYCs{mGVMLlFvfm&_dn3r$3Xx;jR^+ts(ChilDJchx+!Diue#c4B
z*?P;?K7WLbI!9T{JovmNd>w<{$E!;H66`ObfV*qFGyRM4F5w9=Avky7CqrbX!vrp)1mkD1rC#mdLXdN5pFSJ
z*(*Zoh!M$6Z&r2Qz%JRl;UnMd*_o@|;^NH2X#LxwMlEsQulGJjB@VuxX*cV4`Lws>
zjl|ByKhtDk-fUo=Yh_xY^aZC}aF!_|(lIkA7TzQRY(t0p>Gd&tc>
zes@Omai_pyi@$|MbZVE&ERRd{jvv1`xy40nO-yXFC#y+=4&S)Sp)+(Djck1bYeH4!
zm3cZ@u`K`0Js)Lp=f+iJs`n|0M3vE<8>IBf1WpRk4Sn<9nsijK^v9}F8FXx52olT*
z%Rek&eO%wFlj3mYQhb}!v=YZXUUOO=$D~YwDZ#~m7
z44|QAFF^b`OSw!ZP+^L^zK)1>UerWGO_E%p^2sP({CtErlFQfrt$O>4
zcuslow^_3ri0HuWcigZz2w%Q*7cm;>40)1o@kz}pysE50TzoIPQwuXFW}elhNffQq
ztZ)$Oz@XwhOmbLQ@
zHdq2g<@TQ%lSARCV#zL2X2O~fLkuTD81
z;n(NWjoQXwD1@m_!wBJ5PzLd0<=A+CCKTW<`dnOI=yAmO5HaW9zyjJ<0ws*rHnyd_&^78n&clLII+-hONNCDg>?d-5cWDLC_b)9n6o{P1CU-$7L407s-_
z-pN>_?^HhHRDQmVX3NRF#4(=Jdi27iXbVZSm@Te&4UHIPDSbLIRgksrcMi!}LH8kx
zi1kkV?^GlM!Caxc9^)p1vBDD=F(&PD^l79>spQ`#vz{QD@
z9VQiviBfRP&y$x0E-FU?(j7DNYgz5FnO9-1U7Fj10D;J3`ywYGRtdNp5Y>Qo+1-P@|$#4vrd!{It&D4(5
z88MK>t&(M*q{{bk+gKz8BV8NoUls7#Pa(Gk7HG*!WO1MnoAKw=-;D)9T2XpobRN@;R9$
zdDZ*TNdMDRe3pcxxWT#?Gvz6$N>L_At8M<_Nu!G9BUfJBQ
zeod4i4j8la+F6~Ch&@o#a%JWXtFx6-@5vSL5;@>X>|ze$N=4Jovjt5>8c*=P)os?J
z=UlsoH#$Jz7vfg0g=+%Jf)w{Z(Z%^d5W}1#^0}%BgEhRzNs8I2&P7V?GtK0o$CS>y
zS%AH91idyPyNX-#5}K5@2VRQ>?Da%6Q(1)*NzRxW9-2LG&+L
zW9v~&N*UPrd!ao6TTvM1O*2z1?grU81wdZsv-2#9){B=Yo58FPq{90cNRy?PdBzqr
zbXR&i)#}mnzKE|yj_#pCV$njDr<`4a;0d&q@G_^+74Q(M$6rW^ZRcZS?r=zYm%#Gj
z!Sc1I-ZxAVPnlVmU2ukuW86&QC4@4nDGZNmY%^`PdC5+u~%7?p{5Ihg@E{qe%G7|%$x8>B2lP60{y^WAi!)2f5_jj
zyAZ&Czma_OcZ!1f$!-?4yN(KE{v8Flf2F|VM_l1=DI&Z}(RBvZ-?=MJurdV+bx}qc
zMM>r#Mp-#9xf(Dlj7$ur%9-=K=m+1QT9ro_U?#&Wv%M{`+o5WT)8b>jv9
z{(W;{+`KsjQAHU^2{m;l1<5DCcK8k!lt%~8FU9>xGEa>%xpxcvNwk|}rEBVH6gs&y
zcc%2{>C}&E29pz0OWd`^u-ES8cTVPzX`)(qt=d?&K@&=Rotx78SlqgrEVG_qUo)_mC$8U`F#qlHOCD&RSroexT?YJLzvne^0W
z@;=|QRR6AVW@n3W0fEJOGM5gbEhzW#FFa{0FL+k>kgt~r3DnajgxZvn2mk*LWvgsJNdYFw~S!X4cFe+Q;Q-_W%N
z9+%cg5D+rIfU$v>NB;`!-|$Y|w(+s#2VpgER|yU}|IL~d1DHEF1OAnnMj?dmwqP?|!Tm)27hExl-^LX;b^(CT
z!UODGtX!?!0czl=9(xOLEjt>6{g40iN!)JVBc;&q!{D7LBTNX0>kPC%g@yXJ??CR3
z^oF;AH}dO}OTni1fx&;Ra!+t5|8G{gf|ZL4*w`O!41NfJAE&N>zi#R(&V#)+FzyN%
z_g90{z|?BLiTfv@hp{u@$1u7B_-1N#iJ#RBzM2BR!2c8QKQ->n9NpJB+kXlz_@(`y
zApg-W%GVs=-$=u6Jp_Mfr34rf;5=qxnT`lG`0>Z&B#n)_ODW`1+jPPicN}
zhgOBZJau)7R=(j9e&@_!Y{d>iX#+|6|i>`&Q={(}Kji+O
zpFcjFOMd9Ss|3O?C362PVeDvZY6)PztKhZE=cg?HTJXn${I25H4xgVwR(eM*+@Z8Irh^0H1^@(vM%fLB8x9<0IcS*cf20Th
OJOEd-=rxTO#Qy`$*1Hh^

literal 0
HcmV?d00001

diff --git a/spring-security-jwt/.mvn/wrapper/maven-wrapper.properties b/spring-security-jwt/.mvn/wrapper/maven-wrapper.properties
new file mode 100644
index 000000000..eb9194764
--- /dev/null
+++ b/spring-security-jwt/.mvn/wrapper/maven-wrapper.properties
@@ -0,0 +1 @@
+distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.3.3/apache-maven-3.3.3-bin.zip
\ No newline at end of file
diff --git a/spring-security-jwt/mvnw b/spring-security-jwt/mvnw
new file mode 100755
index 000000000..53c0d7219
--- /dev/null
+++ b/spring-security-jwt/mvnw
@@ -0,0 +1,243 @@
+#!/bin/sh
+# ----------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+# ----------------------------------------------------------------------------
+
+# ----------------------------------------------------------------------------
+# Maven2 Start Up Batch script
+#
+# Required ENV vars:
+# ------------------
+#   JAVA_HOME - location of a JDK home dir
+#
+# Optional ENV vars
+# -----------------
+#   M2_HOME - location of maven2's installed home dir
+#   MAVEN_OPTS - parameters passed to the Java VM when running Maven
+#     e.g. to debug Maven itself, use
+#       set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+#   MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+# ----------------------------------------------------------------------------
+
+if [ -z "$MAVEN_SKIP_RC" ] ; then
+
+  if [ -f /etc/mavenrc ] ; then
+    . /etc/mavenrc
+  fi
+
+  if [ -f "$HOME/.mavenrc" ] ; then
+    . "$HOME/.mavenrc"
+  fi
+
+fi
+
+VERSION=$(awk '/ 0) {$0=$0} 1' `dirname $0`/pom.xml| grep '\(.*\)<.*/\1/')
+if echo $VERSION | egrep -q 'M|RC'; then
+    echo Activating \"milestone\" profile for version=\"$VERSION\"
+    echo $MAVEN_ARGS | grep -q milestone || MAVEN_ARGS="$MAVEN_ARGS -Pmilestone"
+else
+    echo Deactivating \"milestone\" profile for version=\"$VERSION\"
+    echo $MAVEN_ARGS | grep -q milestone && MAVEN_ARGS=$(echo $MAVEN_ARGS | sed -e 's/-Pmilestone//')
+fi
+
+# OS specific support.  $var _must_ be set to either true or false.
+cygwin=false;
+darwin=false;
+mingw=false
+case "`uname`" in
+  CYGWIN*) cygwin=true ;;
+  MINGW*) mingw=true;;
+  Darwin*) darwin=true
+           #
+           # Look for the Apple JDKs first to preserve the existing behaviour, and then look
+           # for the new JDKs provided by Oracle.
+           # 
+           if [ -z "$JAVA_HOME" ] && [ -L /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK ] ; then
+             #
+             # Apple JDKs
+             #
+             export JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home
+           fi
+           
+           if [ -z "$JAVA_HOME" ] && [ -L /System/Library/Java/JavaVirtualMachines/CurrentJDK ] ; then
+             #
+             # Apple JDKs
+             #
+             export JAVA_HOME=/System/Library/Java/JavaVirtualMachines/CurrentJDK/Contents/Home
+           fi
+             
+           if [ -z "$JAVA_HOME" ] && [ -L "/Library/Java/JavaVirtualMachines/CurrentJDK" ] ; then
+             #
+             # Oracle JDKs
+             #
+             export JAVA_HOME=/Library/Java/JavaVirtualMachines/CurrentJDK/Contents/Home
+           fi           
+
+           if [ -z "$JAVA_HOME" ] && [ -x "/usr/libexec/java_home" ]; then
+             #
+             # Apple JDKs
+             #
+             export JAVA_HOME=`/usr/libexec/java_home`
+           fi
+           ;;
+esac
+
+if [ -z "$JAVA_HOME" ] ; then
+  if [ -r /etc/gentoo-release ] ; then
+    JAVA_HOME=`java-config --jre-home`
+  fi
+fi
+
+if [ -z "$M2_HOME" ] ; then
+  ## resolve links - $0 may be a link to maven's home
+  PRG="$0"
+
+  # need this for relative symlinks
+  while [ -h "$PRG" ] ; do
+    ls=`ls -ld "$PRG"`
+    link=`expr "$ls" : '.*-> \(.*\)$'`
+    if expr "$link" : '/.*' > /dev/null; then
+      PRG="$link"
+    else
+      PRG="`dirname "$PRG"`/$link"
+    fi
+  done
+
+  saveddir=`pwd`
+
+  M2_HOME=`dirname "$PRG"`/..
+
+  # make it fully qualified
+  M2_HOME=`cd "$M2_HOME" && pwd`
+
+  cd "$saveddir"
+  # echo Using m2 at $M2_HOME
+fi
+
+# For Cygwin, ensure paths are in UNIX format before anything is touched
+if $cygwin ; then
+  [ -n "$M2_HOME" ] &&
+    M2_HOME=`cygpath --unix "$M2_HOME"`
+  [ -n "$JAVA_HOME" ] &&
+    JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
+  [ -n "$CLASSPATH" ] &&
+    CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
+fi
+
+# For Migwn, ensure paths are in UNIX format before anything is touched
+if $mingw ; then
+  [ -n "$M2_HOME" ] &&
+    M2_HOME="`(cd "$M2_HOME"; pwd)`"
+  [ -n "$JAVA_HOME" ] &&
+    JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`"
+  # TODO classpath?
+fi
+
+if [ -z "$JAVA_HOME" ]; then
+  javaExecutable="`which javac`"
+  if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
+    # readlink(1) is not available as standard on Solaris 10.
+    readLink=`which readlink`
+    if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then
+      if $darwin ; then
+        javaHome="`dirname \"$javaExecutable\"`"
+        javaExecutable="`cd \"$javaHome\" && pwd -P`/javac"
+      else
+        javaExecutable="`readlink -f \"$javaExecutable\"`"
+      fi
+      javaHome="`dirname \"$javaExecutable\"`"
+      javaHome=`expr "$javaHome" : '\(.*\)/bin'`
+      JAVA_HOME="$javaHome"
+      export JAVA_HOME
+    fi
+  fi
+fi
+
+if [ -z "$JAVACMD" ] ; then
+  if [ -n "$JAVA_HOME"  ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+      # IBM's JDK on AIX uses strange locations for the executables
+      JAVACMD="$JAVA_HOME/jre/sh/java"
+    else
+      JAVACMD="$JAVA_HOME/bin/java"
+    fi
+  else
+    JAVACMD="`which java`"
+  fi
+fi
+
+if [ ! -x "$JAVACMD" ] ; then
+  echo "Error: JAVA_HOME is not defined correctly." >&2
+  echo "  We cannot execute $JAVACMD" >&2
+  exit 1
+fi
+
+if [ -z "$JAVA_HOME" ] ; then
+  echo "Warning: JAVA_HOME environment variable is not set."
+fi
+
+CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher
+
+# For Cygwin, switch paths to Windows format before running java
+if $cygwin; then
+  [ -n "$M2_HOME" ] &&
+    M2_HOME=`cygpath --path --windows "$M2_HOME"`
+  [ -n "$JAVA_HOME" ] &&
+    JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
+  [ -n "$CLASSPATH" ] &&
+    CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
+fi
+
+# traverses directory structure from process work directory to filesystem root
+# first directory with .mvn subdirectory is considered project base directory
+find_maven_basedir() {
+  local basedir=$(pwd)
+  local wdir=$(pwd)
+  while [ "$wdir" != '/' ] ; do
+    if [ -d "$wdir"/.mvn ] ; then
+      basedir=$wdir
+      break
+    fi
+    wdir=$(cd "$wdir/.."; pwd)
+  done
+  echo "${basedir}"
+}
+
+# concatenates all lines of a file
+concat_lines() {
+  if [ -f "$1" ]; then
+    echo "$(tr -s '\n' ' ' < "$1")"
+  fi
+}
+
+export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-$(find_maven_basedir)}
+MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
+
+# Provide a "standardized" way to retrieve the CLI args that will 
+# work with both Windows and non-Windows executions.
+MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@"
+export MAVEN_CMD_LINE_ARGS
+
+WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+exec "$JAVACMD" \
+  $MAVEN_OPTS \
+  -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
+  "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
+  ${WRAPPER_LAUNCHER} ${MAVEN_ARGS} "$@"
+
diff --git a/spring-security-jwt/mvnw.cmd b/spring-security-jwt/mvnw.cmd
new file mode 100644
index 000000000..fc8302432
--- /dev/null
+++ b/spring-security-jwt/mvnw.cmd
@@ -0,0 +1,145 @@
+@REM ----------------------------------------------------------------------------
+@REM Licensed to the Apache Software Foundation (ASF) under one
+@REM or more contributor license agreements.  See the NOTICE file
+@REM distributed with this work for additional information
+@REM regarding copyright ownership.  The ASF licenses this file
+@REM to you under the Apache License, Version 2.0 (the
+@REM "License"); you may not use this file except in compliance
+@REM with the License.  You may obtain a copy of the License at
+@REM
+@REM    http://www.apache.org/licenses/LICENSE-2.0
+@REM
+@REM Unless required by applicable law or agreed to in writing,
+@REM software distributed under the License is distributed on an
+@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+@REM KIND, either express or implied.  See the License for the
+@REM specific language governing permissions and limitations
+@REM under the License.
+@REM ----------------------------------------------------------------------------
+
+@REM ----------------------------------------------------------------------------
+@REM Maven2 Start Up Batch script
+@REM
+@REM Required ENV vars:
+@REM JAVA_HOME - location of a JDK home dir
+@REM
+@REM Optional ENV vars
+@REM M2_HOME - location of maven2's installed home dir
+@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
+@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending
+@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
+@REM     e.g. to debug Maven itself, use
+@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+@REM ----------------------------------------------------------------------------
+
+@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
+@echo off
+@REM enable echoing my setting MAVEN_BATCH_ECHO to 'on'
+@if "%MAVEN_BATCH_ECHO%" == "on"  echo %MAVEN_BATCH_ECHO%
+
+@REM set %HOME% to equivalent of $HOME
+if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
+
+@REM Execute a user defined script before this one
+if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
+@REM check for pre script, once with legacy .bat ending and once with .cmd ending
+if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat"
+if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd"
+:skipRcPre
+
+@setlocal
+
+set ERROR_CODE=0
+
+@REM To isolate internal variables from possible post scripts, we use another setlocal
+@setlocal
+
+@REM ==== START VALIDATION ====
+if not "%JAVA_HOME%" == "" goto OkJHome
+
+echo.
+echo Error: JAVA_HOME not found in your environment. >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+:OkJHome
+if exist "%JAVA_HOME%\bin\java.exe" goto init
+
+echo.
+echo Error: JAVA_HOME is set to an invalid directory. >&2
+echo JAVA_HOME = "%JAVA_HOME%" >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+@REM ==== END VALIDATION ====
+
+:init
+
+set MAVEN_CMD_LINE_ARGS=%*
+
+@REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
+@REM Fallback to current working directory if not found.
+
+set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
+IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
+
+set EXEC_DIR=%CD%
+set WDIR=%EXEC_DIR%
+:findBaseDir
+IF EXIST "%WDIR%"\.mvn goto baseDirFound
+cd ..
+IF "%WDIR%"=="%CD%" goto baseDirNotFound
+set WDIR=%CD%
+goto findBaseDir
+
+:baseDirFound
+set MAVEN_PROJECTBASEDIR=%WDIR%
+cd "%EXEC_DIR%"
+goto endDetectBaseDir
+
+:baseDirNotFound
+set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
+cd "%EXEC_DIR%"
+
+:endDetectBaseDir
+
+IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
+
+@setlocal EnableExtensions EnableDelayedExpansion
+for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
+@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
+
+:endReadAdditionalConfig
+
+SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
+
+set WRAPPER_JAR="".\.mvn\wrapper\maven-wrapper.jar""
+set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+%MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CMD_LINE_ARGS%
+if ERRORLEVEL 1 goto error
+goto end
+
+:error
+set ERROR_CODE=1
+
+:end
+@endlocal & set ERROR_CODE=%ERROR_CODE%
+
+if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost
+@REM check for post script, once with legacy .bat ending and once with .cmd ending
+if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat"
+if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd"
+:skipRcPost
+
+@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
+if "%MAVEN_BATCH_PAUSE%" == "on" pause
+
+if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE%
+
+exit /B %ERROR_CODE%

From 51bde976111952cbbe1a3bf51ef9134e58366902 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Fri, 13 May 2016 11:48:05 -0400
Subject: [PATCH 018/345] Enable/Disable port matching in
 DefaultRedirectResolver

Fixes gh-746
---
 .../endpoint/DefaultRedirectResolver.java     | 15 +++++++++++++-
 .../DefaultRedirectResolverTests.java         | 20 ++++++++++++++++---
 2 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolver.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolver.java
index 9a4a64e44..ce9e0fd2f 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolver.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolver.java
@@ -42,6 +42,8 @@ public class DefaultRedirectResolver implements RedirectResolver {
 
 	private boolean matchSubdomains = true;
 
+	private boolean matchPorts = true;
+
 	/**
 	 * Flag to indicate that requested URIs will match if they are a subdomain of the registered value.
 	 * 
@@ -51,6 +53,15 @@ public void setMatchSubdomains(boolean matchSubdomains) {
 		this.matchSubdomains = matchSubdomains;
 	}
 
+	/**
+	 * Flag that enables/disables port matching between the requested redirect URI and the registered redirect URI(s).
+	 *
+	 * @param matchPorts true to enable port matching, false to disable (defaults to true)
+	 */
+	public void setMatchPorts(boolean matchPorts) {
+		this.matchPorts = matchPorts;
+	}
+
 	/**
 	 * Grant types that are permitted to have a redirect uri.
 	 * 
@@ -117,9 +128,11 @@ protected boolean redirectMatches(String requestedRedirect, String redirectUri)
 			int requestedPort = req.getPort() != -1 ? req.getPort() : req.getDefaultPort();
 			int registeredPort = reg.getPort() != -1 ? reg.getPort() : reg.getDefaultPort();
 
+			boolean portsMatch = matchPorts ? (registeredPort == requestedPort) : true;
+
 			if (reg.getProtocol().equals(req.getProtocol()) &&
 					hostMatches(reg.getHost(), req.getHost()) &&
-					(registeredPort == requestedPort)) {
+					portsMatch) {
 				return StringUtils.cleanPath(req.getPath()).startsWith(StringUtils.cleanPath(reg.getPath()));
 			}
 		}
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolverTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolverTests.java
index 919c16577..b01f46c0c 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolverTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolverTests.java
@@ -19,6 +19,7 @@
 import java.util.HashSet;
 import java.util.Set;
 
+import org.junit.Before;
 import org.junit.Test;
 import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
 import org.springframework.security.oauth2.common.exceptions.RedirectMismatchException;
@@ -29,12 +30,15 @@
  */
 public class DefaultRedirectResolverTests {
 
-	private DefaultRedirectResolver resolver = new DefaultRedirectResolver();
+	private DefaultRedirectResolver resolver;
 
-	private BaseClientDetails client = new BaseClientDetails();
+	private BaseClientDetails client;
 
-	{
+	@Before
+	public void setup() {
+		client = new BaseClientDetails();
 		client.setAuthorizedGrantTypes(Collections.singleton("authorization_code"));
+		resolver = new DefaultRedirectResolver();
 	}
 
 	@Test
@@ -157,4 +161,14 @@ public void testRedirectRegisteredPortNotSetRequestedPortSet() throws Exception
 		resolver.resolveRedirect("https://anywhere.com:8443/foo", client);
 	}
 
+	// gh-746
+	@Test
+	public void testRedirectMatchPortsFalse() throws Exception {
+		resolver.setMatchPorts(false);
+		Set redirectUris = new HashSet(Arrays.asList("http://anywhere.com:90/"));
+		client.setRegisteredRedirectUri(redirectUris);
+		String requestedRedirect = "http://anywhere.com:91/foo";
+		assertEquals(requestedRedirect, resolver.resolveRedirect(requestedRedirect, client));
+	}
+
 }

From bbf38c2ac2c11a25fc685c958b45f2c343619d53 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Fri, 13 May 2016 14:57:33 -0400
Subject: [PATCH 019/345] Fix logout link tonr2 sample

Fixes gh-726
---
 samples/oauth2/tonr/src/main/webapp/index.jsp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/samples/oauth2/tonr/src/main/webapp/index.jsp b/samples/oauth2/tonr/src/main/webapp/index.jsp
index ea6e6383a..c683d8a29 100644
--- a/samples/oauth2/tonr/src/main/webapp/index.jsp
+++ b/samples/oauth2/tonr/src/main/webapp/index.jsp
@@ -66,7 +66,13 @@
 					photos
 			

 			

-				">Logout
+				

+					

+						
+						
+					

+				

 			

 		
 

From 3b6a9d00885152ce30d836d6d497a21f6bbc2869 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Fri, 13 May 2016 16:12:27 -0400
Subject: [PATCH 020/345] Fix OAuth2Request.resourceIds constructor assignment

Fixes gh-724
---
 .../security/oauth2/provider/OAuth2Request.java |  1 -
 .../oauth2/provider/OAuth2RequestTests.java     | 17 +++++++++++++++--
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/OAuth2Request.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/OAuth2Request.java
index 2678ce5b9..61dcd5660 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/OAuth2Request.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/OAuth2Request.java
@@ -78,7 +78,6 @@ public OAuth2Request(Map requestParameters, String clientId,
 			this.authorities = new HashSet(authorities);
 		}
 		this.approved = approved;
-		this.resourceIds = resourceIds;
 		if (responseTypes != null) {
 			this.responseTypes = new HashSet(responseTypes);
 		}
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/OAuth2RequestTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/OAuth2RequestTests.java
index 7febc02f7..5fa599fe0 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/OAuth2RequestTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/OAuth2RequestTests.java
@@ -14,12 +14,14 @@
 package org.springframework.security.oauth2.provider;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotSame;
 
-import java.util.HashMap;
-import java.util.Map;
+import java.io.Serializable;
+import java.util.*;
 
 import org.junit.Before;
 import org.junit.Test;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.common.util.OAuth2Utils;
 
 /**
@@ -50,6 +52,17 @@ public void testOtherGrantType() throws Exception {
 		assertEquals("password", authorizationRequest.getGrantType());
 	}
 
+	// gh-724
+	@Test
+	public void testResourceIdsConstructorAssignment() {
+		Set resourceIds = new HashSet(Arrays.asList("resourceId-1", "resourceId-2"));
+		OAuth2Request request = new OAuth2Request(
+				Collections.emptyMap(), "clientId", Collections.emptyList(),
+				false, Collections.emptySet(), resourceIds, "redirectUri", Collections.emptySet(),
+				Collections.emptyMap());
+		assertNotSame("resourceIds are the same", resourceIds, request.getResourceIds());
+	}
+
 	private OAuth2Request createFromParameters(Map parameters) {
 		OAuth2Request request = RequestTokenFactory.createOAuth2Request(parameters,
 				parameters.get(OAuth2Utils.CLIENT_ID), false,

From bf48599637287b82bd3fb21d3b61e79fe2f5baed Mon Sep 17 00:00:00 2001
From: Marco Lenzo 
Date: Sat, 23 Jan 2016 17:01:19 +0100
Subject: [PATCH 021/345] Store enhanced refresh token on refreshAccessToken

Fixes gh-511
---
 .../provider/token/DefaultTokenServices.java  |  2 +-
 .../TokenServicesWithTokenEnhancerTests.java  | 46 +++++++++++++++----
 2 files changed, 38 insertions(+), 10 deletions(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java
index 17da1f8ad..9403616ed 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java
@@ -176,7 +176,7 @@ public OAuth2AccessToken refreshAccessToken(String refreshTokenValue, TokenReque
 		OAuth2AccessToken accessToken = createAccessToken(authentication, refreshToken);
 		tokenStore.storeAccessToken(accessToken, authentication);
 		if (!reuseRefreshToken) {
-			tokenStore.storeRefreshToken(refreshToken, authentication);
+			tokenStore.storeRefreshToken(accessToken.getRefreshToken(), authentication);
 		}
 		return accessToken;
 	}
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/TokenServicesWithTokenEnhancerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/TokenServicesWithTokenEnhancerTests.java
index c1d7cfa05..680653077 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/TokenServicesWithTokenEnhancerTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/TokenServicesWithTokenEnhancerTests.java
@@ -13,12 +13,6 @@
 
 package org.springframework.security.oauth2.provider.token;
 
-import static org.junit.Assert.assertEquals;
-
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.Map;
-
 import org.junit.Before;
 import org.junit.Test;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
@@ -27,20 +21,30 @@
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.security.oauth2.common.OAuth2RefreshToken;
 import org.springframework.security.oauth2.config.annotation.builders.InMemoryClientDetailsServiceBuilder;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.OAuth2Request;
 import org.springframework.security.oauth2.provider.RequestTokenFactory;
+import org.springframework.security.oauth2.provider.TokenRequest;
+import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
 import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
 import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
 
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import static org.junit.Assert.assertEquals;
+
 /**
  * @author Dave Syer
  *
  */
 public class TokenServicesWithTokenEnhancerTests {
 
-	private DefaultTokenServices tokenServices = new DefaultTokenServices();
+	private DefaultTokenServices tokenServices;
 
 	private JwtAccessTokenConverter jwtTokenEnhancer = new JwtAccessTokenConverter();
 
@@ -55,8 +59,10 @@ public class TokenServicesWithTokenEnhancerTests {
 
 	@Before
 	public void init() throws Exception {
+		tokenServices = new DefaultTokenServices();
 		tokenServices.setClientDetailsService(new InMemoryClientDetailsServiceBuilder().withClient("client")
-				.authorizedGrantTypes("authorization_code").scopes("read").secret("secret").and().build());
+				.authorizedGrantTypes(new String[] { "authorization_code", "refresh_token" }).scopes("read")
+				.secret("secret").and().build());
 		enhancer.setTokenEnhancers(Arrays. asList(jwtTokenEnhancer));
 		jwtTokenEnhancer.afterPropertiesSet();
 		tokenServices.setTokenStore(new JwtTokenStore(jwtTokenEnhancer));
@@ -114,7 +120,29 @@ public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentica
 		assertEquals("bar", token.getAdditionalInformation().get("foo"));
 		assertEquals("bar", tokenServices.readAccessToken(token.getValue()).getAdditionalInformation().get("foo"));
 	}
-	
+
+	// gh-511
+	@Test
+	public void storeEnhancedRefreshTokenDuringRefresh() {
+		InMemoryTokenStore tokenStore = new InMemoryTokenStore();
+
+		tokenServices.setSupportRefreshToken(true);
+		tokenServices.setReuseRefreshToken(false);
+		tokenServices.setTokenStore(tokenStore);
+
+		OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication);
+		OAuth2RefreshToken refreshToken = accessToken.getRefreshToken();
+
+		TokenRequest tokenRequest = new TokenRequest(Collections.emptyMap(),
+				request.getClientId(), request.getScope(), "authorization_code");
+
+		accessToken = tokenServices.refreshAccessToken(refreshToken.getValue(), tokenRequest);
+		OAuth2RefreshToken enhancedRefreshToken = accessToken.getRefreshToken();
+		OAuth2RefreshToken storedEnhancedRefreshToken = tokenStore.readRefreshToken(enhancedRefreshToken.getValue());
+
+		assertEquals(enhancedRefreshToken.getValue(), storedEnhancedRefreshToken.getValue());
+	}
+
 	@SuppressWarnings("serial")
 	protected static class FooAuthentication extends AbstractAuthenticationToken {
 

From fcf35c1170aaa24797496878ebc07118aeada660 Mon Sep 17 00:00:00 2001
From: Michael Woodson 
Date: Sun, 27 Mar 2016 12:47:02 -0500
Subject: [PATCH 022/345] Add support for scopes as JSON array

Normally the scope is a space separated list, but at least one endpoint uses
a JSON array instead.  This change adds support for parsing a JSON array in
addition to a space separated list.

Fixes gh-722
---
 .../OAuth2AccessTokenJackson2Deserializer.java | 18 ++++++++++++++++--
 .../BaseOAuth2AccessTokenJacksonTest.java      |  2 ++
 ...h2AccessTokenJackson2DeserializerTests.java |  6 ++++++
 3 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2Deserializer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2Deserializer.java
index 4f1f9660b..608422d1f 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2Deserializer.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2Deserializer.java
@@ -18,6 +18,7 @@
 import java.util.LinkedHashMap;
 import java.util.Map;
 import java.util.Set;
+import java.util.TreeSet;
 
 import org.springframework.security.oauth2.common.util.OAuth2Utils;
 
@@ -81,8 +82,7 @@ else if (OAuth2AccessToken.EXPIRES_IN.equals(name)) {
 				}
 			}
 			else if (OAuth2AccessToken.SCOPE.equals(name)) {
-				String text = jp.getText();
-				scope = OAuth2Utils.parseParameterList(text);
+				scope = parseScope(jp);
 			} else {
 				additionalInformation.put(name, jp.readValueAs(Object.class));
 			}
@@ -103,4 +103,18 @@ else if (OAuth2AccessToken.SCOPE.equals(name)) {
 
 		return accessToken;
 	}
+
+	private Set parseScope(JsonParser jp) throws JsonParseException, IOException {
+		Set scope;
+		if (jp.getCurrentToken() == JsonToken.START_ARRAY) {
+			scope = new TreeSet();
+			while (jp.nextToken() != JsonToken.END_ARRAY) {
+				scope.add(jp.getValueAsString());
+			}
+		} else {
+			String text = jp.getText();
+			scope = OAuth2Utils.parseParameterList(text);
+		}
+		return scope;
+	}
 }
\ No newline at end of file
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/BaseOAuth2AccessTokenJacksonTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/BaseOAuth2AccessTokenJacksonTest.java
index 60fed249d..752a250fb 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/BaseOAuth2AccessTokenJacksonTest.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/BaseOAuth2AccessTokenJacksonTest.java
@@ -45,6 +45,8 @@ abstract class BaseOAuth2AccessTokenJacksonTest {
 
 	protected static final String ACCESS_TOKEN_MULTISCOPE = "{\"access_token\":\"token-value\",\"token_type\":\"bearer\",\"refresh_token\":\"refresh-value\",\"expires_in\":10,\"scope\":\"read write\"}";
 
+	protected static final String ACCESS_TOKEN_ARRAYSCOPE = "{\"access_token\":\"token-value\",\"token_type\":\"bearer\",\"refresh_token\":\"refresh-value\",\"expires_in\":10,\"scope\":[\"read\",\"write\"]}";
+
 	protected static final String ACCESS_TOKEN_NOSCOPE = "{\"access_token\":\"token-value\",\"token_type\":\"bearer\",\"refresh_token\":\"refresh-value\",\"expires_in\":10}";
 
 	protected static final String ACCESS_TOKEN_NOREFRESH = "{\"access_token\":\"token-value\",\"token_type\":\"bearer\",\"expires_in\":10}";
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2DeserializerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2DeserializerTests.java
index 7d435dc08..937d895b3 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2DeserializerTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2DeserializerTests.java
@@ -83,6 +83,12 @@ public void readValueWithMultiScopes() throws Exception {
 		assertTokenEquals(accessToken,actual);
 	}
 
+	@Test
+	public void readValueWithArrayScopes() throws Exception {
+		OAuth2AccessToken actual = mapper.readValue(ACCESS_TOKEN_ARRAYSCOPE, OAuth2AccessToken.class);
+		assertTokenEquals(accessToken, actual);
+	}
+
 	@Test
 	public void readValueWithMac() throws Exception {
 		accessToken.setTokenType("mac");

From 1a10cf28ea05f678029a81ef5fa056eb93f180c8 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Tue, 17 May 2016 17:37:45 -0400
Subject: [PATCH 023/345] Add support for single scope String type

DefaultAccessTokenConverter originally expected a String Collection
for the 'scope' attribute in the raw token while
extracting it into an Authentication or AccessToken.
This commit adds support for a single String value for the 'scope' attribute
as certain Authorization Servers are returning a String type instead of a Collection/Array type.

Fixes gh-745
---
 .../token/DefaultAccessTokenConverter.java    | 24 ++++++---
 .../DefaultAccessTokenConverterTests.java     | 54 ++++++++++++++++---
 2 files changed, 63 insertions(+), 15 deletions(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverter.java
index 36831bc6c..69aae5724 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverter.java
@@ -109,20 +109,14 @@ public OAuth2AccessToken extractAccessToken(String value, Map map) {
 		if (map.containsKey(JTI)) {
 			info.put(JTI, map.get(JTI));
 		}
-		@SuppressWarnings("unchecked")
-		Collection scope = (Collection) map.get(SCOPE);
-		if (scope != null) {
-			token.setScope(new HashSet(scope));
-		}
+		token.setScope(extractScope(map));
 		token.setAdditionalInformation(info);
 		return token;
 	}
 
 	public OAuth2Authentication extractAuthentication(Map map) {
 		Map parameters = new HashMap();
-		@SuppressWarnings("unchecked")
-		Set scope = new LinkedHashSet(map.containsKey(SCOPE) ? (Collection) map.get(SCOPE)
-				: Collections.emptySet());
+		Set scope = extractScope(map);
 		Authentication user = userTokenConverter.extractAuthentication(map);
 		String clientId = (String) map.get(CLIENT_ID);
 		parameters.put(CLIENT_ID, clientId);
@@ -153,4 +147,18 @@ private Collection getAudience(Map map) {
 		return Collections.singleton((String)auds);
 	}
 
+	private Set extractScope(Map map) {
+		Set scope = Collections.emptySet();
+		if (map.containsKey(SCOPE)) {
+			Object scopeObj = map.get(SCOPE);
+			if (String.class.isInstance(scopeObj)) {
+				scope = Collections.singleton(String.class.cast(scopeObj));
+			} else if (Collection.class.isAssignableFrom(scopeObj.getClass())) {
+				Collection scopeColl = Collection.class.cast(scopeObj);
+				scope = new HashSet(scopeColl);
+			}
+		}
+		return scope;
+	}
+
 }
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverterTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverterTests.java
index e082254cd..0c35b4725 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverterTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverterTests.java
@@ -13,13 +13,7 @@
 
 package org.springframework.security.oauth2.provider.token;
 
-import static java.util.Collections.singleton;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-
-import java.util.Collection;
-import java.util.LinkedHashMap;
-import java.util.Map;
+import java.util.*;
 
 import org.junit.Before;
 import org.junit.Test;
@@ -27,10 +21,16 @@
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.OAuth2Request;
 import org.springframework.security.oauth2.provider.RequestTokenFactory;
 
+
+import static java.util.Collections.singleton;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
 /**
  * @author Dave Syer
  *
@@ -98,4 +98,44 @@ public void extractAuthenticationFromClientTokenSingleValuedAudience() {
 		assertEquals("["+aud+"]", extracted.getOAuth2Request().getResourceIds().toString());
 	}
 
+	// gh-745
+	@Test
+	public void extractAuthenticationSingleScopeString() {
+		String scope = "read";
+		Map tokenAttrs = new HashMap();
+		tokenAttrs.put(AccessTokenConverter.SCOPE, scope);
+		OAuth2Authentication authentication = converter.extractAuthentication(tokenAttrs);
+		assertEquals(authentication.getOAuth2Request().getScope(), Collections.singleton(scope));
+	}
+
+	// gh-745
+	@Test
+	public void extractAuthenticationMultiScopeCollection() {
+		Set scopes = new HashSet(Arrays.asList("read", "write", "read-write"));
+		Map tokenAttrs = new HashMap();
+		tokenAttrs.put(AccessTokenConverter.SCOPE, scopes);
+		OAuth2Authentication authentication = converter.extractAuthentication(tokenAttrs);
+		assertEquals(authentication.getOAuth2Request().getScope(), scopes);
+	}
+
+	// gh-745
+	@Test
+	public void extractAccessTokenSingleScopeString() {
+		String scope = "read";
+		Map tokenAttrs = new HashMap();
+		tokenAttrs.put(AccessTokenConverter.SCOPE, scope);
+		OAuth2AccessToken accessToken = converter.extractAccessToken("token-value", tokenAttrs);
+		assertEquals(accessToken.getScope(), Collections.singleton(scope));
+	}
+
+	// gh-745
+	@Test
+	public void extractAccessTokenMultiScopeCollection() {
+		Set scopes = new HashSet(Arrays.asList("read", "write", "read-write"));
+		Map tokenAttrs = new HashMap();
+		tokenAttrs.put(AccessTokenConverter.SCOPE, scopes);
+		OAuth2AccessToken accessToken = converter.extractAccessToken("token-value", tokenAttrs);
+		assertEquals(accessToken.getScope(), scopes);
+	}
+
 }

From b081c601989d65c3c26727bc6d31268815516a21 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Wed, 18 May 2016 09:16:04 -0400
Subject: [PATCH 024/345] Fix broken test for DefaultAccessTokenConverter

The 'scope' ordering needs to be preserved when converting the raw token
into an Authentication or AccessToken or else tests will break.

Fixes gh-745
---
 .../oauth2/provider/token/DefaultAccessTokenConverter.java      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverter.java
index 69aae5724..9a1439077 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverter.java
@@ -155,7 +155,7 @@ private Set extractScope(Map map) {
 				scope = Collections.singleton(String.class.cast(scopeObj));
 			} else if (Collection.class.isAssignableFrom(scopeObj.getClass())) {
 				Collection scopeColl = Collection.class.cast(scopeObj);
-				scope = new HashSet(scopeColl);
+				scope = new LinkedHashSet(scopeColl);	// Preserve ordering
 			}
 		}
 		return scope;

From 877d096c9f325d621fb264d3c0ff04c4d810559e Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Wed, 18 May 2016 12:16:05 -0400
Subject: [PATCH 025/345] Fix NPE in OAuth2ExceptionJackson2Deserializer

Fixes gh-594
---
 .../exceptions/OAuth2ExceptionJackson2Deserializer.java  | 3 +--
 .../OAuth2ExceptionJackson2DeserializerTests.java        | 9 +++++++++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson2Deserializer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson2Deserializer.java
index c9fda44ae..519f10d71 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson2Deserializer.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson2Deserializer.java
@@ -70,8 +70,7 @@ else if (t == JsonToken.START_OBJECT) {
 		}
 
 		Object errorCode = errorParams.get("error");
-		String errorMessage = errorParams.containsKey("error_description") ? errorParams.get("error_description")
-				.toString() : null;
+		String errorMessage = errorParams.get("error_description") != null ? errorParams.get("error_description").toString() : null;
 		if (errorMessage == null) {
 			errorMessage = errorCode == null ? "OAuth Error" : errorCode.toString();
 		}
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionJackson2DeserializerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionJackson2DeserializerTests.java
index 019dcb1ff..2894af826 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionJackson2DeserializerTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionJackson2DeserializerTests.java
@@ -153,6 +153,15 @@ public void readValueWithObjects() throws Exception {
 		assertEquals("{foo=[bar]}",result.getAdditionalInformation().toString());
 	}
 
+	// gh-594
+	@Test
+	public void readValueWithNullErrorDescription() throws Exception {
+		OAuth2Exception ex = new OAuth2Exception(null);
+		OAuth2Exception result = mapper.readValue(mapper.writeValueAsString(ex), OAuth2Exception.class);
+		// Null error description defaults to error code when deserialized
+		assertEquals(ex.getOAuth2ErrorCode(), result.getMessage());
+	}
+
 	private String createResponse(String error, String message) {
 		return "{\"error\":\"" + error + "\",\"error_description\":\""+message+"\"}";
 	}

From e8a8c46a0a25f4dd489dd55568ab4bf50f4f53c4 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Wed, 18 May 2016 14:02:46 -0400
Subject: [PATCH 026/345] Erase credentials for User Authentication

Fixes gh-573
---
 .../security/oauth2/provider/OAuth2Authentication.java   | 9 +++++++++
 .../oauth2/provider/OAuth2AuthenticationTests.java       | 9 +++++++++
 2 files changed, 18 insertions(+)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/OAuth2Authentication.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/OAuth2Authentication.java
index 8717a3af4..d2f3cf045 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/OAuth2Authentication.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/OAuth2Authentication.java
@@ -2,6 +2,7 @@
 
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.CredentialsContainer;
 
 /**
  * An OAuth 2 authentication token can contain two authentications: one for the client and one for the user. Since some
@@ -72,6 +73,14 @@ public boolean isAuthenticated() {
 				&& (this.userAuthentication == null || this.userAuthentication.isAuthenticated());
 	}
 
+	@Override
+	public void eraseCredentials() {
+		super.eraseCredentials();
+		if (this.userAuthentication != null && CredentialsContainer.class.isAssignableFrom(this.userAuthentication.getClass())) {
+			CredentialsContainer.class.cast(this.userAuthentication).eraseCredentials();
+		}
+	}
+
 	@Override
 	public boolean equals(Object o) {
 		if (this == o) {
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/OAuth2AuthenticationTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/OAuth2AuthenticationTests.java
index 0e24a6705..068d68ac3 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/OAuth2AuthenticationTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/OAuth2AuthenticationTests.java
@@ -1,6 +1,7 @@
 package org.springframework.security.oauth2.provider;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 
 import java.util.Arrays;
@@ -76,4 +77,12 @@ public void testSerializationWithDetails() {
 		assertEquals(holder, other);
 	}
 
+	// gh-573
+	@Test
+	public void testEraseCredentialsUserAuthentication() {
+		OAuth2Authentication authentication = new OAuth2Authentication(request, userAuthentication);
+		authentication.eraseCredentials();
+		assertNull(authentication.getUserAuthentication().getCredentials());
+	}
+
 }

From 6f0abcf154fb4938678d2152e8c11b0b87b5baf0 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Thu, 19 May 2016 15:15:43 -0400
Subject: [PATCH 027/345] Set PasswordEncoder to
 ClientDetailsUserDetailsService

Fixes gh-741
---
 .../configurers/AuthorizationServerSecurityConfigurer.java    | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerSecurityConfigurer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerSecurityConfigurer.java
index dd23a5c37..830b3c062 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerSecurityConfigurer.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerSecurityConfigurer.java
@@ -129,8 +129,10 @@ public String getCheckTokenAccess() {
 	public void init(HttpSecurity http) throws Exception {
 		registerDefaultAuthenticationEntryPoint(http);
 		if (passwordEncoder != null) {
+			ClientDetailsUserDetailsService clientDetailsUserDetailsService = new ClientDetailsUserDetailsService(clientDetailsService());
+			clientDetailsUserDetailsService.setPasswordEncoder(passwordEncoder());
 			http.getSharedObject(AuthenticationManagerBuilder.class)
-					.userDetailsService(new ClientDetailsUserDetailsService(clientDetailsService()))
+					.userDetailsService(clientDetailsUserDetailsService)
 					.passwordEncoder(passwordEncoder());
 		}
 		else {

From a0e2591163a9c2991648473b8f503dde11fff18c Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Fri, 20 May 2016 12:42:13 -0400
Subject: [PATCH 028/345] Remove keys in RedisTokenStore on revoke

Fixes gh-572
---
 .../token/store/redis/RedisTokenStore.java    |   2 +
 .../store/redis/RedisTokenStoreMockTests.java | 109 ++++++++++++++++++
 .../store/redis/RedisTokenStoreTests.java     |  38 ++++--
 3 files changed, 137 insertions(+), 12 deletions(-)
 create mode 100644 spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreMockTests.java

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStore.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStore.java
index 38b7dcd66..343326c2b 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStore.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStore.java
@@ -305,12 +305,14 @@ public void removeRefreshToken(OAuth2RefreshToken refreshToken) {
 
 	public void removeRefreshToken(String tokenValue) {
 		byte[] refreshKey = serializeKey(REFRESH + tokenValue);
+		byte[] refreshAuthKey = serializeKey(REFRESH_AUTH + tokenValue);
 		byte[] refresh2AccessKey = serializeKey(REFRESH_TO_ACCESS + tokenValue);
 		byte[] access2RefreshKey = serializeKey(ACCESS_TO_REFRESH + tokenValue);
 		RedisConnection conn = getConnection();
 		try {
 			conn.openPipeline();
 			conn.del(refreshKey);
+			conn.del(refreshAuthKey);
 			conn.del(refresh2AccessKey);
 			conn.del(access2RefreshKey);
 			conn.closePipeline();
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreMockTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreMockTests.java
new file mode 100644
index 000000000..ae249366f
--- /dev/null
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreMockTests.java
@@ -0,0 +1,109 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.provider.token.store.redis;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.ArgumentCaptor;
+import org.springframework.data.redis.connection.jedis.JedisConnection;
+import org.springframework.data.redis.connection.jedis.JedisConnectionFactory;
+import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
+import org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.security.oauth2.common.OAuth2RefreshToken;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
+import org.springframework.security.oauth2.provider.OAuth2Request;
+import org.springframework.security.oauth2.provider.RequestTokenFactory;
+
+import java.util.*;
+
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.*;
+
+/**
+ *
+ * @author Joe Grandja
+ *
+ */
+public class RedisTokenStoreMockTests {
+	private JedisConnectionFactory connectionFactory;
+	private JedisConnection connection;
+	private RedisTokenStore tokenStore;
+	private OAuth2Request request;
+	private TestingAuthenticationToken authentication;
+
+	@Before
+	public void setUp() throws Exception {
+		connectionFactory = mock(JedisConnectionFactory.class);
+		connection = mock(JedisConnection.class);
+		when(connectionFactory.getConnection()).thenReturn(connection);
+		tokenStore = new RedisTokenStore(connectionFactory);
+		Set scope = new LinkedHashSet(Arrays.asList("read", "write", "read-write"));
+		request = RequestTokenFactory.createOAuth2Request("clientId", false, scope);
+		authentication = new TestingAuthenticationToken("user", "password");
+	}
+
+	// gh-572
+	@Test
+	public void storeRefreshTokenRemoveRefreshTokenVerifyKeysRemoved() {
+		OAuth2RefreshToken oauth2RefreshToken = new DefaultOAuth2RefreshToken("refresh-token-" + UUID.randomUUID());
+		OAuth2Authentication oauth2Authentication = new OAuth2Authentication(request, authentication);
+		tokenStore.storeRefreshToken(oauth2RefreshToken, oauth2Authentication);
+
+		ArgumentCaptor keyArgs = ArgumentCaptor.forClass(byte[].class);
+		verify(connection, times(2)).set(keyArgs.capture(), any(byte[].class));
+
+		tokenStore.removeRefreshToken(oauth2RefreshToken);
+
+		for (byte[] key : keyArgs.getAllValues()) {
+			verify(connection).del(key);
+		}
+	}
+
+	// gh-572
+	@Test
+	public void storeAccessTokenWithoutRefreshTokenRemoveAccessTokenVerifyKeysRemoved() {
+		OAuth2AccessToken oauth2AccessToken = new DefaultOAuth2AccessToken("access-token-" + UUID.randomUUID());
+		OAuth2Authentication oauth2Authentication = new OAuth2Authentication(request, authentication);
+
+		List results = Arrays.asList("access-token".getBytes(), "authentication".getBytes());
+		when(connection.closePipeline()).thenReturn(results);
+
+		RedisTokenStoreSerializationStrategy serializationStrategy = new JdkSerializationStrategy();
+		serializationStrategy = spy(serializationStrategy);
+		when(serializationStrategy.deserialize(any(byte[].class), eq(OAuth2Authentication.class))).thenReturn(oauth2Authentication);
+		tokenStore.setSerializationStrategy(serializationStrategy);
+
+		tokenStore.storeAccessToken(oauth2AccessToken, oauth2Authentication);
+
+		ArgumentCaptor setKeyArgs = ArgumentCaptor.forClass(byte[].class);
+		verify(connection, times(3)).set(setKeyArgs.capture(), any(byte[].class));
+
+		ArgumentCaptor rPushKeyArgs = ArgumentCaptor.forClass(byte[].class);
+		verify(connection, times(2)).rPush(rPushKeyArgs.capture(), any(byte[].class));
+
+		tokenStore.removeAccessToken(oauth2AccessToken);
+
+		for (byte[] key : setKeyArgs.getAllValues()) {
+			verify(connection).del(key);
+		}
+		for (byte[] key : rPushKeyArgs.getAllValues()) {
+			verify(connection).lRem(eq(key), eq(1L), any(byte[].class));
+		}
+	}
+
+}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreTests.java
index 8476fb893..5e06e2c92 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreTests.java
@@ -1,25 +1,23 @@
 package org.springframework.security.oauth2.provider.token.store.redis;
 
-import static org.junit.Assert.*;
-
-import java.util.Date;
-import java.util.UUID;
-
 import org.junit.Before;
 import org.junit.Test;
 import org.springframework.data.redis.connection.jedis.JedisConnectionFactory;
-import org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken;
-import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
-import org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken;
-import org.springframework.security.oauth2.common.OAuth2AccessToken;
-import org.springframework.security.oauth2.common.OAuth2RefreshToken;
+import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.oauth2.common.*;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
+import org.springframework.security.oauth2.provider.OAuth2Request;
 import org.springframework.security.oauth2.provider.RequestTokenFactory;
 import org.springframework.security.oauth2.provider.token.TokenStore;
 import org.springframework.security.oauth2.provider.token.store.TokenStoreBaseTests;
-
 import redis.clients.jedis.JedisShardInfo;
 
+import java.util.Collection;
+import java.util.Date;
+import java.util.UUID;
+
+import static org.junit.Assert.*;
+
 /**
  * @author efenderbosch
  */
@@ -80,4 +78,20 @@ public void testExpiringAccessToken() throws InterruptedException {
 		assertNull(getTokenStore().readAuthentication(expectedOAuth2AccessToken));
 	}
 
-}
+	// gh-572
+	@Test
+	public void storeAccessTokenWithoutRefreshTokenRemoveAccessTokenVerifyTokenRemoved() {
+		OAuth2Request request = RequestTokenFactory.createOAuth2Request("clientId", false);
+		TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password");
+
+		OAuth2AccessToken oauth2AccessToken = new DefaultOAuth2AccessToken("access-token-" + UUID.randomUUID());
+		OAuth2Authentication oauth2Authentication = new OAuth2Authentication(request, authentication);
+
+		tokenStore.storeAccessToken(oauth2AccessToken, oauth2Authentication);
+		tokenStore.removeAccessToken(oauth2AccessToken);
+		Collection oauth2AccessTokens = tokenStore.findTokensByClientId(request.getClientId());
+
+		assertTrue(oauth2AccessTokens.isEmpty());
+	}
+
+}
\ No newline at end of file

From 78f633f353f7a50abc9823ef6a39832a33906449 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Tue, 24 May 2016 14:15:45 -0400
Subject: [PATCH 029/345] Update javadoc ClientDetails.getAuthorities()

Fixes gh-680
---
 .../security/oauth2/provider/ClientDetails.java           | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientDetails.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientDetails.java
index e5f345ddc..f9e8d1c2f 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientDetails.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientDetails.java
@@ -73,11 +73,11 @@ public interface ClientDetails extends Serializable {
 	Set getRegisteredRedirectUri();
 
 	/**
-	 * Get the authorities that are granted to the OAuth client. Note that these are NOT the authorities that are
-	 * granted to the user with an authorized access token. Instead, these authorities are inherent to the client
-	 * itself.
+	 * Returns the authorities that are granted to the OAuth client. Cannot return null.
+	 * Note that these are NOT the authorities that are granted to the user with an authorized access token.
+	 * Instead, these authorities are inherent to the client itself.
 	 * 
-	 * @return The authorities.
+	 * @return the authorities (never null)
 	 */
 	Collection getAuthorities();
 

From af6cab557b9c76160ed86428bce09a46f1a81959 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Wed, 25 May 2016 11:57:41 -0400
Subject: [PATCH 030/345] Fix deserialization of UnauthorizedClientException

Fixes gh-720
---
 .../oauth2/common/exceptions/OAuth2Exception.java |  2 +-
 .../OAuth2ExceptionJackson1Deserializer.java      |  2 +-
 .../OAuth2ExceptionJackson2Deserializer.java      |  2 +-
 .../OAuth2ExceptionDeserializerTests.java         | 14 ++------------
 .../OAuth2ExceptionJackson2DeserializerTests.java | 14 ++------------
 .../exception/OAuth2ExceptionSerializerTests.java | 13 ++-----------
 .../JaxbOAuth2ExceptionMessageConverterTests.java | 15 +++------------
 7 files changed, 12 insertions(+), 50 deletions(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2Exception.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2Exception.java
index 3032c2655..b1a59a8fd 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2Exception.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2Exception.java
@@ -99,7 +99,7 @@ public static OAuth2Exception create(String errorCode, String errorMessage) {
 			return new InvalidClientException(errorMessage);
 		}
 		else if (UNAUTHORIZED_CLIENT.equals(errorCode)) {
-			return new UnauthorizedUserException(errorMessage);
+			return new UnauthorizedClientException(errorMessage);
 		}
 		else if (INVALID_GRANT.equals(errorCode)) {
 			return new InvalidGrantException(errorMessage);
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson1Deserializer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson1Deserializer.java
index 31eda2ae2..c9f4b68ab 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson1Deserializer.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson1Deserializer.java
@@ -75,7 +75,7 @@ else if (t == JsonToken.START_OBJECT) {
 			ex = new InvalidClientException(errorMessage);
 		}
 		else if ("unauthorized_client".equals(errorCode)) {
-			ex = new UnauthorizedUserException(errorMessage);
+			ex = new UnauthorizedClientException(errorMessage);
 		}
 		else if ("invalid_grant".equals(errorCode)) {
 			if (errorMessage.toLowerCase().contains("redirect") && errorMessage.toLowerCase().contains("match")) {
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson2Deserializer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson2Deserializer.java
index 519f10d71..92a32aba6 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson2Deserializer.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson2Deserializer.java
@@ -80,7 +80,7 @@ else if (t == JsonToken.START_OBJECT) {
 			ex = new InvalidClientException(errorMessage);
 		}
 		else if ("unauthorized_client".equals(errorCode)) {
-			ex = new UnauthorizedUserException(errorMessage);
+			ex = new UnauthorizedClientException(errorMessage);
 		}
 		else if ("invalid_grant".equals(errorCode)) {
 			if (errorMessage.toLowerCase().contains("redirect") && errorMessage.toLowerCase().contains("match")) {
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionDeserializerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionDeserializerTests.java
index 14de789f4..9e4f4c242 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionDeserializerTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionDeserializerTests.java
@@ -17,17 +17,7 @@
 import org.codehaus.jackson.map.ObjectMapper;
 import org.junit.BeforeClass;
 import org.junit.Test;
-import org.springframework.security.oauth2.common.exceptions.InsufficientScopeException;
-import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
-import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
-import org.springframework.security.oauth2.common.exceptions.InvalidRequestException;
-import org.springframework.security.oauth2.common.exceptions.InvalidScopeException;
-import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
-import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
-import org.springframework.security.oauth2.common.exceptions.RedirectMismatchException;
-import org.springframework.security.oauth2.common.exceptions.UnauthorizedUserException;
-import org.springframework.security.oauth2.common.exceptions.UnsupportedGrantTypeException;
-import org.springframework.security.oauth2.common.exceptions.UserDeniedAuthorizationException;
+import org.springframework.security.oauth2.common.exceptions.*;
 
 /**
  *
@@ -88,7 +78,7 @@ public void readValueUnsupportedGrantType() throws Exception {
 	@Test
 	public void readValueUnauthorizedClient() throws Exception {
 		String accessToken = createResponse(OAuth2Exception.UNAUTHORIZED_CLIENT);
-		UnauthorizedUserException result = (UnauthorizedUserException) mapper.readValue(accessToken,
+		UnauthorizedClientException result = (UnauthorizedClientException) mapper.readValue(accessToken,
 				OAuth2Exception.class);
 		assertEquals(DETAILS,result.getMessage());
 		assertEquals(null,result.getAdditionalInformation());
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionJackson2DeserializerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionJackson2DeserializerTests.java
index 2894af826..bb872494e 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionJackson2DeserializerTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionJackson2DeserializerTests.java
@@ -16,17 +16,7 @@
 
 import org.junit.BeforeClass;
 import org.junit.Test;
-import org.springframework.security.oauth2.common.exceptions.InsufficientScopeException;
-import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
-import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
-import org.springframework.security.oauth2.common.exceptions.InvalidRequestException;
-import org.springframework.security.oauth2.common.exceptions.InvalidScopeException;
-import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
-import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
-import org.springframework.security.oauth2.common.exceptions.RedirectMismatchException;
-import org.springframework.security.oauth2.common.exceptions.UnauthorizedUserException;
-import org.springframework.security.oauth2.common.exceptions.UnsupportedGrantTypeException;
-import org.springframework.security.oauth2.common.exceptions.UserDeniedAuthorizationException;
+import org.springframework.security.oauth2.common.exceptions.*;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 
@@ -89,7 +79,7 @@ public void readValueUnsupportedGrantType() throws Exception {
 	@Test
 	public void readValueUnauthorizedClient() throws Exception {
 		String accessToken = createResponse(OAuth2Exception.UNAUTHORIZED_CLIENT);
-		UnauthorizedUserException result = (UnauthorizedUserException) mapper.readValue(accessToken,
+		UnauthorizedClientException result = (UnauthorizedClientException) mapper.readValue(accessToken,
 				OAuth2Exception.class);
 		assertEquals(DETAILS,result.getMessage());
 		assertEquals(null,result.getAdditionalInformation());
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionSerializerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionSerializerTests.java
index dc4302d05..bae47cba3 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionSerializerTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionSerializerTests.java
@@ -18,16 +18,7 @@
 import org.junit.After;
 import org.junit.BeforeClass;
 import org.junit.Test;
-import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
-import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
-import org.springframework.security.oauth2.common.exceptions.InvalidRequestException;
-import org.springframework.security.oauth2.common.exceptions.InvalidScopeException;
-import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
-import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
-import org.springframework.security.oauth2.common.exceptions.RedirectMismatchException;
-import org.springframework.security.oauth2.common.exceptions.UnauthorizedUserException;
-import org.springframework.security.oauth2.common.exceptions.UnsupportedGrantTypeException;
-import org.springframework.security.oauth2.common.exceptions.UserDeniedAuthorizationException;
+import org.springframework.security.oauth2.common.exceptions.*;
 
 /**
  *
@@ -87,7 +78,7 @@ public void writeValueAsStringUnsupportedGrantType() throws Exception {
 
 	@Test
 	public void writeValueAsStringUnauthorizedClient() throws Exception {
-		oauthException = new UnauthorizedUserException(DETAILS);
+		oauthException = new UnauthorizedClientException(DETAILS);
 		String expected = createResponse(oauthException.getOAuth2ErrorCode());
 		assertEquals(expected,mapper.writeValueAsString(oauthException));
 	}
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2ExceptionMessageConverterTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2ExceptionMessageConverterTests.java
index 3e4cb555b..243cd92d9 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2ExceptionMessageConverterTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2ExceptionMessageConverterTests.java
@@ -24,16 +24,7 @@
 import org.junit.runner.RunWith;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
-import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
-import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
-import org.springframework.security.oauth2.common.exceptions.InvalidRequestException;
-import org.springframework.security.oauth2.common.exceptions.InvalidScopeException;
-import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
-import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
-import org.springframework.security.oauth2.common.exceptions.RedirectMismatchException;
-import org.springframework.security.oauth2.common.exceptions.UnauthorizedUserException;
-import org.springframework.security.oauth2.common.exceptions.UnsupportedGrantTypeException;
-import org.springframework.security.oauth2.common.exceptions.UserDeniedAuthorizationException;
+import org.springframework.security.oauth2.common.exceptions.*;
 
 /**
  *
@@ -94,7 +85,7 @@ public void writeUnsupportedGrantType() throws Exception {
 
 	@Test
 	public void writeUnauthorizedClient() throws Exception {
-		OAuth2Exception oauthException = new UnauthorizedUserException(DETAILS);
+		OAuth2Exception oauthException = new UnauthorizedClientException(DETAILS);
 		String expected = createResponse(oauthException.getOAuth2ErrorCode());
 		converter.write(oauthException, contentType, outputMessage);
 		assertEquals(expected, getOutput());
@@ -182,7 +173,7 @@ public void readUnauthorizedClient() throws Exception {
 		String accessToken = createResponse(OAuth2Exception.UNAUTHORIZED_CLIENT);
 		when(inputMessage.getBody()).thenReturn(createInputStream(accessToken));
 		@SuppressWarnings("unused")
-		UnauthorizedUserException result = (UnauthorizedUserException) converter.read(OAuth2Exception.class,
+		UnauthorizedClientException result = (UnauthorizedClientException) converter.read(OAuth2Exception.class,
 				inputMessage);
 	}
 

From b055772adbb9c10497b1077a0480bf2c2649fb04 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Thu, 26 May 2016 14:21:34 -0400
Subject: [PATCH 031/345] Preserve refresh token on access token refresh

Fixes gh-712
---
 .../token/AccessTokenProviderChain.java       |  7 ++-
 .../token/AccessTokenProviderChainTests.java  | 57 ++++++++++++++++++-
 2 files changed, 61 insertions(+), 3 deletions(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChain.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChain.java
index c41748477..3b4871ade 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChain.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChain.java
@@ -26,6 +26,7 @@
 import org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException;
 import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
 import org.springframework.security.oauth2.client.resource.UserRedirectRequiredException;
+import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.security.oauth2.common.OAuth2RefreshToken;
 import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
@@ -159,7 +160,11 @@ public OAuth2AccessToken refreshAccessToken(OAuth2ProtectedResourceDetails resou
 			OAuth2RefreshToken refreshToken, AccessTokenRequest request) throws UserRedirectRequiredException {
 		for (AccessTokenProvider tokenProvider : chain) {
 			if (tokenProvider.supportsRefresh(resource)) {
-				return tokenProvider.refreshAccessToken(resource, refreshToken, request);
+				DefaultOAuth2AccessToken refreshedAccessToken = new DefaultOAuth2AccessToken(
+						tokenProvider.refreshAccessToken(resource, refreshToken, request));
+				// Fixes gh-712
+				refreshedAccessToken.setRefreshToken(refreshToken);
+				return refreshedAccessToken;
 			}
 		}
 		throw new OAuth2AccessDeniedException("Unable to obtain a new access token for resource '" + resource.getId()
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChainTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChainTests.java
index 5fbc0fcb8..db19e3ac1 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChainTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChainTests.java
@@ -14,8 +14,13 @@
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.when;
 
 import java.util.Arrays;
+import java.util.Calendar;
 import java.util.Collections;
 import java.util.Date;
 
@@ -30,8 +35,11 @@
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.client.resource.BaseOAuth2ProtectedResourceDetails;
 import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
+import org.springframework.security.oauth2.client.resource.UserApprovalRequiredException;
 import org.springframework.security.oauth2.client.resource.UserRedirectRequiredException;
 import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsResourceDetails;
+import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider;
+import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
 import org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken;
 import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
 import org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken;
@@ -79,7 +87,7 @@ public void testSunnyDay() throws Exception {
 	@Test
 	public void testSunnyDayWithTokenServicesGet() throws Exception {
 		AccessTokenProviderChain chain = new AccessTokenProviderChain(Collections. emptyList());
-		Mockito.when(clientTokenServices.getAccessToken(resource, user)).thenReturn(accessToken);
+		when(clientTokenServices.getAccessToken(resource, user)).thenReturn(accessToken);
 		chain.setClientTokenServices(clientTokenServices);
 		AccessTokenRequest request = new DefaultAccessTokenRequest();
 		SecurityContextHolder.getContext().setAuthentication(user);
@@ -127,7 +135,7 @@ public void testSunnyDayWithExpiredTokenAndTokenServices() throws Exception {
 		AccessTokenProviderChain chain = new AccessTokenProviderChain(Arrays.asList(new StubAccessTokenProvider()));
 		chain.setClientTokenServices(clientTokenServices);
 		accessToken.setExpiration(new Date(System.currentTimeMillis() - 1000));
-		Mockito.when(clientTokenServices.getAccessToken(resource, user)).thenReturn(accessToken);
+		when(clientTokenServices.getAccessToken(resource, user)).thenReturn(accessToken);
 		AccessTokenRequest request = new DefaultAccessTokenRequest();
 		SecurityContextHolder.getContext().setAuthentication(user);
 		OAuth2AccessToken token = chain.obtainAccessToken(resource, request);
@@ -195,6 +203,51 @@ public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails detail
 		assertNotNull(token);
 	}
 
+	// gh-712
+	@Test
+	public void testRefreshAccessTokenTwicePreserveRefreshToken() throws Exception {
+		Calendar tokenExpiry = Calendar.getInstance();
+		DefaultOAuth2AccessToken accessToken = new DefaultOAuth2AccessToken("access-token");
+		accessToken.setExpiration(tokenExpiry.getTime());
+		accessToken.setRefreshToken(new DefaultOAuth2RefreshToken("refresh-token"));
+		DefaultOAuth2AccessToken expectedRefreshedAccessToken = new DefaultOAuth2AccessToken("refreshed-access-token");
+		expectedRefreshedAccessToken.setExpiration(tokenExpiry.getTime());
+
+		AccessTokenProvider accessTokenProvider = new AuthorizationCodeAccessTokenProvider();
+		accessTokenProvider = spy(accessTokenProvider);
+		doReturn(accessToken).when(accessTokenProvider).obtainAccessToken(
+				any(OAuth2ProtectedResourceDetails.class), any(AccessTokenRequest.class));
+		doReturn(expectedRefreshedAccessToken).when(accessTokenProvider).refreshAccessToken(
+				any(OAuth2ProtectedResourceDetails.class), any(OAuth2RefreshToken.class), any(AccessTokenRequest.class));
+		AccessTokenProviderChain chain = new AccessTokenProviderChain(Arrays.asList(accessTokenProvider));
+
+		SecurityContextHolder.getContext().setAuthentication(user);
+
+		// Obtain a new Access Token
+		AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
+		AccessTokenRequest request = new DefaultAccessTokenRequest();
+		OAuth2AccessToken tokenResult = chain.obtainAccessToken(resource, request);
+		assertEquals(accessToken, tokenResult);
+
+		// Obtain the 1st Refreshed Access Token
+		tokenExpiry.setTime(tokenResult.getExpiration());
+		tokenExpiry.add(Calendar.MINUTE, -1);
+		DefaultOAuth2AccessToken.class.cast(tokenResult).setExpiration(tokenExpiry.getTime());		// Expire
+		request = new DefaultAccessTokenRequest();
+		request.setExistingToken(tokenResult);
+		tokenResult = chain.obtainAccessToken(resource, request);
+		assertEquals(expectedRefreshedAccessToken, tokenResult);
+
+		// Obtain the 2nd Refreshed Access Token
+		tokenExpiry.setTime(tokenResult.getExpiration());
+		tokenExpiry.add(Calendar.MINUTE, -1);
+		DefaultOAuth2AccessToken.class.cast(tokenResult).setExpiration(tokenExpiry.getTime());		// Expire
+		request = new DefaultAccessTokenRequest();
+		request.setExistingToken(tokenResult);
+		tokenResult = chain.obtainAccessToken(resource, request);
+		assertEquals(expectedRefreshedAccessToken, tokenResult);
+	}
+
 	private class StubAccessTokenProvider implements AccessTokenProvider {
 		public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails details, AccessTokenRequest parameters)
 				throws UserRedirectRequiredException, AccessDeniedException {

From dea14c0dadb493c766711989c2b1859c6cad8126 Mon Sep 17 00:00:00 2001
From: Dave Syer 
Date: Fri, 3 Jun 2016 07:51:33 +0100
Subject: [PATCH 032/345] Fix compiler error in Eclipse

---
 .../oauth2/provider/token/DefaultAccessTokenConverter.java   | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverter.java
index 9a1439077..3b8ac8544 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverter.java
@@ -153,8 +153,9 @@ private Set extractScope(Map map) {
 			Object scopeObj = map.get(SCOPE);
 			if (String.class.isInstance(scopeObj)) {
 				scope = Collections.singleton(String.class.cast(scopeObj));
-			} else if (Collection.class.isAssignableFrom(scopeObj.getClass())) {
-				Collection scopeColl = Collection.class.cast(scopeObj);
+			} else if (Collection.class.isAssignableFrom(scopeObj.getClass())) {
+				@SuppressWarnings("unchecked")
+				Collection scopeColl = (Collection) scopeObj;
 				scope = new LinkedHashSet(scopeColl);	// Preserve ordering
 			}
 		}

From 85108824c074878cc2536accddfa1b6144d4596a Mon Sep 17 00:00:00 2001
From: Dave Syer 
Date: Fri, 3 Jun 2016 07:52:23 +0100
Subject: [PATCH 033/345] Fix compiler warnings

---
 .../oauth2/provider/token/DefaultAccessTokenConverter.java       | 1 -
 1 file changed, 1 deletion(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverter.java
index 3b8ac8544..1d01a4702 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverter.java
@@ -16,7 +16,6 @@
 import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
-import java.util.HashSet;
 import java.util.LinkedHashSet;
 import java.util.Map;
 import java.util.Set;

From 23ffa9856062549b610ef4751da1d332e93a43a7 Mon Sep 17 00:00:00 2001
From: Dave Syer 
Date: Fri, 3 Jun 2016 07:54:41 +0100
Subject: [PATCH 034/345] Fix compiler warnings

---
 .../oauth2/client/token/AccessTokenProviderChainTests.java       | 1 -
 1 file changed, 1 deletion(-)

diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChainTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChainTests.java
index db19e3ac1..31647c27d 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChainTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChainTests.java
@@ -35,7 +35,6 @@
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.client.resource.BaseOAuth2ProtectedResourceDetails;
 import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
-import org.springframework.security.oauth2.client.resource.UserApprovalRequiredException;
 import org.springframework.security.oauth2.client.resource.UserRedirectRequiredException;
 import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsResourceDetails;
 import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider;

From ab9afdccb009726355792cc9a52398fc4bd7cdf4 Mon Sep 17 00:00:00 2001
From: Dave Syer 
Date: Fri, 3 Jun 2016 11:27:23 +0100
Subject: [PATCH 035/345] Match on mapped path instead of raw path

Fixes gh-743
---
 .../web/configuration/ResourceServerConfiguration.java          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfiguration.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfiguration.java
index a88431b84..da4779d1f 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfiguration.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfiguration.java
@@ -94,7 +94,7 @@ public NotOAuthRequestMatcher(FrameworkEndpointHandlerMapping mapping) {
 		public boolean matches(HttpServletRequest request) {
 			String requestPath = getRequestPath(request);
 			for (String path : mapping.getPaths()) {
-				if (requestPath.startsWith(path)) {
+				if (requestPath.startsWith(mapping.getPath(path))) {
 					return false;
 				}
 			}

From 205d0179570c6d74e8295652e4977fda8b665371 Mon Sep 17 00:00:00 2001
From: Dave Syer 
Date: Fri, 3 Jun 2016 11:27:58 +0100
Subject: [PATCH 036/345] Use basic auth entry point as default for token
 endpoint

For some reason it was almost working without this change, but
not with a custom /token endpoint path. It should clearly be
a 401 with Basic challenge so this makes more sense to me.
---
 .../AuthorizationServerSecurityConfigurer.java        | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerSecurityConfigurer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerSecurityConfigurer.java
index 830b3c062..b15057d43 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerSecurityConfigurer.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerSecurityConfigurer.java
@@ -37,6 +37,7 @@
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.DefaultSecurityFilterChain;
 import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 import org.springframework.security.web.context.NullSecurityContextRepository;
 import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
@@ -54,7 +55,7 @@
 public final class AuthorizationServerSecurityConfigurer extends
 		SecurityConfigurerAdapter {
 
-	private AuthenticationEntryPoint authenticationEntryPoint = new OAuth2AuthenticationEntryPoint();
+	private AuthenticationEntryPoint authenticationEntryPoint;
 
 	private AccessDeniedHandler accessDeniedHandler = new OAuth2AccessDeniedHandler();
 
@@ -127,6 +128,7 @@ public String getCheckTokenAccess() {
 
 	@Override
 	public void init(HttpSecurity http) throws Exception {
+
 		registerDefaultAuthenticationEntryPoint(http);
 		if (passwordEncoder != null) {
 			ClientDetailsUserDetailsService clientDetailsUserDetailsService = new ClientDetailsUserDetailsService(clientDetailsService());
@@ -165,6 +167,11 @@ private void registerDefaultAuthenticationEntryPoint(HttpSecurity http) {
 		if (exceptionHandling == null) {
 			return;
 		}
+		if (authenticationEntryPoint==null) {
+			BasicAuthenticationEntryPoint basicEntryPoint = new BasicAuthenticationEntryPoint();
+			basicEntryPoint.setRealmName(realm);
+			authenticationEntryPoint = basicEntryPoint;
+		}
 		ContentNegotiationStrategy contentNegotiationStrategy = http.getSharedObject(ContentNegotiationStrategy.class);
 		if (contentNegotiationStrategy == null) {
 			contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
@@ -179,7 +186,7 @@ private void registerDefaultAuthenticationEntryPoint(HttpSecurity http) {
 
 	@Override
 	public void configure(HttpSecurity http) throws Exception {
-
+		
 		// ensure this is initialized
 		frameworkEndpointHandlerMapping();
 		if (allowFormAuthenticationForClients) {

From 61275f4f175c3c24ef522db8cf6a8240624bb38a Mon Sep 17 00:00:00 2001
From: Dave Syer 
Date: Fri, 3 Jun 2016 11:29:02 +0100
Subject: [PATCH 037/345] Add test for custom mapping of auth server endpoints

(in a resources server)
---
 .../ResourceServerConfigurationTests.java     | 90 +++++++++++++++----
 1 file changed, 74 insertions(+), 16 deletions(-)

diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/ResourceServerConfigurationTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/ResourceServerConfigurationTests.java
index cfad8b586..1ad566c48 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/ResourceServerConfigurationTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/ResourceServerConfigurationTests.java
@@ -12,6 +12,8 @@
  */
 package org.springframework.security.oauth2.config.annotation;
 
+import static org.hamcrest.CoreMatchers.containsString;
+
 import java.util.Collections;
 
 import javax.servlet.Filter;
@@ -29,7 +31,9 @@
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.crypto.codec.Base64;
 import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
@@ -37,6 +41,7 @@
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
 import org.springframework.security.oauth2.provider.ClientDetails;
 import org.springframework.security.oauth2.provider.ClientDetailsService;
@@ -58,6 +63,7 @@
 import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
 import org.springframework.web.filter.DelegatingFilterProxy;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
 /**
  * @author Dave Syer
@@ -90,9 +96,7 @@ public void testDefaults() throws Exception {
 		context.setServletContext(new MockServletContext());
 		context.register(ResourceServerContext.class);
 		context.refresh();
-		MockMvc mvc = MockMvcBuilders.webAppContextSetup(context)
-				.addFilters(new DelegatingFilterProxy(context.getBean("springSecurityFilterChain", Filter.class)))
-				.build();
+		MockMvc mvc = buildMockMvc(context);
 		mvc.perform(MockMvcRequestBuilders.get("/")).andExpect(MockMvcResultMatchers.status().isUnauthorized());
 		mvc.perform(MockMvcRequestBuilders.get("/").header("Authorization", "Bearer FOO"))
 				.andExpect(MockMvcResultMatchers.status().isNotFound());
@@ -105,6 +109,35 @@ public void testWithAuthServer() throws Exception {
 		context.setServletContext(new MockServletContext());
 		context.register(ResourceServerAndAuthorizationServerContext.class);
 		context.refresh();
+		MockMvc mvc = buildMockMvc(context);
+		mvc.perform(MockMvcRequestBuilders.get("/"))
+				.andExpect(MockMvcResultMatchers.header().string("WWW-Authenticate", containsString("Bearer")));
+		mvc.perform(MockMvcRequestBuilders.post("/oauth/token"))
+				.andExpect(MockMvcResultMatchers.header().string("WWW-Authenticate", containsString("Basic")));
+		mvc.perform(MockMvcRequestBuilders.get("/oauth/authorize"))
+				.andExpect(MockMvcResultMatchers.redirectedUrl("http://localhost/login"));
+		mvc.perform(MockMvcRequestBuilders.post("/oauth/token").header("Authorization",
+				"Basic " + new String(Base64.encode("client:secret".getBytes()))))
+				.andExpect(MockMvcResultMatchers.content().string(containsString("Missing grant type")));
+		context.close();
+	}
+
+	@Test
+	public void testWithAuthServerCustomPath() throws Exception {
+		AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
+		context.setServletContext(new MockServletContext());
+		context.register(ResourceServerAndAuthorizationServerCustomPathContext.class);
+		context.refresh();
+		MockMvc mvc = buildMockMvc(context);
+		mvc.perform(MockMvcRequestBuilders.get("/"))
+				.andExpect(MockMvcResultMatchers.header().string("WWW-Authenticate", containsString("Bearer")));
+		mvc.perform(MockMvcRequestBuilders.post("/token"))
+				.andExpect(MockMvcResultMatchers.header().string("WWW-Authenticate", containsString("Basic")));
+		mvc.perform(MockMvcRequestBuilders.get("/authorize"))
+				.andExpect(MockMvcResultMatchers.redirectedUrl("http://localhost/login"));
+		mvc.perform(MockMvcRequestBuilders.post("/token").header("Authorization",
+				"Basic " + new String(Base64.encode("client:secret".getBytes()))))
+				.andExpect(MockMvcResultMatchers.content().string(containsString("Missing grant type")));
 		context.close();
 	}
 
@@ -124,9 +157,7 @@ public void testCustomTokenServices() throws Exception {
 		context.setServletContext(new MockServletContext());
 		context.register(TokenServicesContext.class);
 		context.refresh();
-		MockMvc mvc = MockMvcBuilders.webAppContextSetup(context)
-				.addFilters(new DelegatingFilterProxy(context.getBean("springSecurityFilterChain", Filter.class)))
-				.build();
+		MockMvc mvc = buildMockMvc(context);
 		mvc.perform(MockMvcRequestBuilders.get("/")).andExpect(MockMvcResultMatchers.status().isUnauthorized());
 		mvc.perform(MockMvcRequestBuilders.get("/").header("Authorization", "Bearer FOO"))
 				.andExpect(MockMvcResultMatchers.status().isNotFound());
@@ -140,9 +171,7 @@ public void testCustomTokenExtractor() throws Exception {
 		context.setServletContext(new MockServletContext());
 		context.register(TokenExtractorContext.class);
 		context.refresh();
-		MockMvc mvc = MockMvcBuilders.webAppContextSetup(context)
-				.addFilters(new DelegatingFilterProxy(context.getBean("springSecurityFilterChain", Filter.class)))
-				.build();
+		MockMvc mvc = buildMockMvc(context);
 		mvc.perform(MockMvcRequestBuilders.get("/").header("Authorization", "Bearer BAR"))
 				.andExpect(MockMvcResultMatchers.status().isNotFound());
 		context.close();
@@ -155,9 +184,7 @@ public void testCustomExpressionHandler() throws Exception {
 		context.setServletContext(new MockServletContext());
 		context.register(ExpressionHandlerContext.class);
 		context.refresh();
-		MockMvc mvc = MockMvcBuilders.webAppContextSetup(context)
-				.addFilters(new DelegatingFilterProxy(context.getBean("springSecurityFilterChain", Filter.class)))
-				.build();
+		MockMvc mvc = buildMockMvc(context);
 		expected.expect(IllegalArgumentException.class);
 		expected.expectMessage("#oauth2");
 		mvc.perform(MockMvcRequestBuilders.get("/").header("Authorization", "Bearer FOO"))
@@ -172,14 +199,18 @@ public void testCustomAuthenticationEntryPoint() throws Exception {
 		context.setServletContext(new MockServletContext());
 		context.register(AuthenticationEntryPointContext.class);
 		context.refresh();
-		MockMvc mvc = MockMvcBuilders.webAppContextSetup(context)
-				.addFilters(new DelegatingFilterProxy(context.getBean("springSecurityFilterChain", Filter.class)))
-				.build();
+		MockMvc mvc = buildMockMvc(context);
 		mvc.perform(MockMvcRequestBuilders.get("/").header("Authorization", "Bearer FOO"))
 				.andExpect(MockMvcResultMatchers.status().isFound());
 		context.close();
 	}
 
+	private MockMvc buildMockMvc(AnnotationConfigWebApplicationContext context) {
+		return MockMvcBuilders.webAppContextSetup(context)
+				.addFilters(new DelegatingFilterProxy(context.getBean("springSecurityFilterChain", Filter.class)))
+				.build();
+	}
+
 	@Configuration
 	@EnableResourceServer
 	@EnableWebSecurity
@@ -194,10 +225,37 @@ public TokenStore tokenStore() {
 	@EnableResourceServer
 	@EnableAuthorizationServer
 	@EnableWebSecurity
+	@EnableWebMvc
 	protected static class ResourceServerAndAuthorizationServerContext extends AuthorizationServerConfigurerAdapter {
 		@Override
 		public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
-			clients.inMemory();
+			clients.inMemory().withClient("client").secret("secret").scopes("scope");
+		}
+
+		@Configuration
+		protected static class SecurityConfiguration extends WebSecurityConfigurerAdapter {
+		}
+	}
+
+	@Configuration
+	@EnableResourceServer
+	@EnableAuthorizationServer
+	@EnableWebSecurity
+	@EnableWebMvc
+	protected static class ResourceServerAndAuthorizationServerCustomPathContext
+			extends AuthorizationServerConfigurerAdapter {
+		@Override
+		public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
+			clients.inMemory().withClient("client").secret("secret").scopes("scope");
+		}
+
+		@Override
+		public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
+			endpoints.pathMapping("/oauth/token", "/token");
+			endpoints.pathMapping("/oauth/authorize", "/authorize");
+		}
+		@Configuration
+		protected static class SecurityConfiguration extends WebSecurityConfigurerAdapter {
 		}
 	}
 

From 68e34250c2e3c541849bf8eea0921d4fe4226a2b Mon Sep 17 00:00:00 2001
From: Dave Syer 
Date: Fri, 3 Jun 2016 12:00:36 +0100
Subject: [PATCH 038/345] Upgrade integration tests to latest Boot

---
 tests/annotation/pom.xml | 2 +-
 tests/xml/pom.xml        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml
index 48fcc1aae..0ae1f184c 100644
--- a/tests/annotation/pom.xml
+++ b/tests/annotation/pom.xml
@@ -30,7 +30,7 @@
 	
 		org.springframework.boot
 		spring-boot-starter-parent
-		1.3.2.RELEASE
+		1.3.5.RELEASE
 		
 	
 
diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml
index 42f2d6537..c76bdc498 100644
--- a/tests/xml/pom.xml
+++ b/tests/xml/pom.xml
@@ -24,7 +24,7 @@
 	
 		org.springframework.boot
 		spring-boot-starter-parent
-		1.2.7.RELEASE
+		1.3.5.RELEASE
 		
 	
 

From e91378b57c3e5f36871c22ae4920a7587ae6ee35 Mon Sep 17 00:00:00 2001
From: Dave Syer 
Date: Fri, 3 Jun 2016 12:17:47 +0100
Subject: [PATCH 039/345] Update to 2.0.10

---
 pom.xml                                        | 2 +-
 samples/oauth/sparklr/pom.xml                  | 2 +-
 samples/oauth/tonr/pom.xml                     | 2 +-
 samples/oauth2/sparklr/pom.xml                 | 2 +-
 samples/oauth2/tonr/pom.xml                    | 2 +-
 samples/pom.xml                                | 2 +-
 spring-security-oauth/pom.xml                  | 2 +-
 spring-security-oauth2/pom.xml                 | 2 +-
 tests/annotation/approval/pom.xml              | 2 +-
 tests/annotation/client/pom.xml                | 2 +-
 tests/annotation/common/pom.xml                | 2 +-
 tests/annotation/custom-authentication/pom.xml | 2 +-
 tests/annotation/custom-grant/pom.xml          | 2 +-
 tests/annotation/form/pom.xml                  | 2 +-
 tests/annotation/jaxb/pom.xml                  | 2 +-
 tests/annotation/jdbc/pom.xml                  | 2 +-
 tests/annotation/jpa/pom.xml                   | 2 +-
 tests/annotation/jwt/pom.xml                   | 2 +-
 tests/annotation/mappings/pom.xml              | 2 +-
 tests/annotation/multi/pom.xml                 | 2 +-
 tests/annotation/pom.xml                       | 4 ++--
 tests/annotation/resource/pom.xml              | 2 +-
 tests/annotation/ssl/pom.xml                   | 2 +-
 tests/annotation/vanilla/pom.xml               | 2 +-
 tests/pom.xml                                  | 2 +-
 tests/xml/approval/pom.xml                     | 2 +-
 tests/xml/client/pom.xml                       | 2 +-
 tests/xml/common/pom.xml                       | 2 +-
 tests/xml/form/pom.xml                         | 2 +-
 tests/xml/jdbc/pom.xml                         | 2 +-
 tests/xml/jwt/pom.xml                          | 2 +-
 tests/xml/mappings/pom.xml                     | 2 +-
 tests/xml/pom.xml                              | 4 ++--
 tests/xml/vanilla/pom.xml                      | 2 +-
 34 files changed, 36 insertions(+), 36 deletions(-)

diff --git a/pom.xml b/pom.xml
index ee5ef8f32..3ff088ddb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
   OAuth for Spring Security
   Parent Project for OAuth Support for Spring Security
   pom
-  2.0.10.BUILD-SNAPSHOT
+  2.0.10.RELEASE
   http://static.springframework.org/spring-security/oauth
 
   
diff --git a/samples/oauth/sparklr/pom.xml b/samples/oauth/sparklr/pom.xml
index bd22d6f45..9dfe16069 100644
--- a/samples/oauth/sparklr/pom.xml
+++ b/samples/oauth/sparklr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.10.BUILD-SNAPSHOT
+		2.0.10.RELEASE
 		../../..
 	
 
diff --git a/samples/oauth/tonr/pom.xml b/samples/oauth/tonr/pom.xml
index 07c3b2496..3df90e5ee 100644
--- a/samples/oauth/tonr/pom.xml
+++ b/samples/oauth/tonr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.10.BUILD-SNAPSHOT
+		2.0.10.RELEASE
 		../../..
 	
 
diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml
index abf5d310d..f21aa7240 100644
--- a/samples/oauth2/sparklr/pom.xml
+++ b/samples/oauth2/sparklr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.10.BUILD-SNAPSHOT
+		2.0.10.RELEASE
 		../../..
 	
 
diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml
index 0868fb5df..1f5e76626 100644
--- a/samples/oauth2/tonr/pom.xml
+++ b/samples/oauth2/tonr/pom.xml
@@ -6,7 +6,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.10.BUILD-SNAPSHOT
+		2.0.10.RELEASE
 		../../..
 	
 
diff --git a/samples/pom.xml b/samples/pom.xml
index 9b513c355..e0d35aaae 100755
--- a/samples/pom.xml
+++ b/samples/pom.xml
@@ -4,7 +4,7 @@
   
     org.springframework.security.oauth
     spring-security-oauth-parent
-    2.0.10.BUILD-SNAPSHOT
+    2.0.10.RELEASE
   
 
   spring-security-oauth-samples
diff --git a/spring-security-oauth/pom.xml b/spring-security-oauth/pom.xml
index 1967d10fb..2541fd84b 100644
--- a/spring-security-oauth/pom.xml
+++ b/spring-security-oauth/pom.xml
@@ -4,7 +4,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.10.BUILD-SNAPSHOT
+		2.0.10.RELEASE
 	
 
 	spring-security-oauth
diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml
index ad3d0f269..3643a5b93 100644
--- a/spring-security-oauth2/pom.xml
+++ b/spring-security-oauth2/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.10.BUILD-SNAPSHOT
+		2.0.10.RELEASE
 	
 
 	spring-security-oauth2
diff --git a/tests/annotation/approval/pom.xml b/tests/annotation/approval/pom.xml
index ac3576807..581c04676 100644
--- a/tests/annotation/approval/pom.xml
+++ b/tests/annotation/approval/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.10.BUILD-SNAPSHOT
+		2.0.10.RELEASE
 	
 
 	
diff --git a/tests/annotation/client/pom.xml b/tests/annotation/client/pom.xml
index a8b629ed1..76f64bf50 100644
--- a/tests/annotation/client/pom.xml
+++ b/tests/annotation/client/pom.xml
@@ -11,7 +11,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.10.BUILD-SNAPSHOT
+		2.0.10.RELEASE
 	
 
 	
diff --git a/tests/annotation/common/pom.xml b/tests/annotation/common/pom.xml
index 089c29502..33251cd04 100644
--- a/tests/annotation/common/pom.xml
+++ b/tests/annotation/common/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.10.BUILD-SNAPSHOT
+		2.0.10.RELEASE
 	
 
 	
diff --git a/tests/annotation/custom-authentication/pom.xml b/tests/annotation/custom-authentication/pom.xml
index d85520ca4..9a05c805b 100644
--- a/tests/annotation/custom-authentication/pom.xml
+++ b/tests/annotation/custom-authentication/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.10.BUILD-SNAPSHOT
+		2.0.10.RELEASE
 	
 
 	
diff --git a/tests/annotation/custom-grant/pom.xml b/tests/annotation/custom-grant/pom.xml
index 80a458314..1c1487c9c 100644
--- a/tests/annotation/custom-grant/pom.xml
+++ b/tests/annotation/custom-grant/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.10.BUILD-SNAPSHOT
+		2.0.10.RELEASE
 	
 
 	
diff --git a/tests/annotation/form/pom.xml b/tests/annotation/form/pom.xml
index d2e308e70..816f98443 100644
--- a/tests/annotation/form/pom.xml
+++ b/tests/annotation/form/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.10.BUILD-SNAPSHOT
+		2.0.10.RELEASE
 	
 
 	
diff --git a/tests/annotation/jaxb/pom.xml b/tests/annotation/jaxb/pom.xml
index c7e2d60d6..9c05fdfeb 100644
--- a/tests/annotation/jaxb/pom.xml
+++ b/tests/annotation/jaxb/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.10.BUILD-SNAPSHOT
+		2.0.10.RELEASE
 	
 
 	
diff --git a/tests/annotation/jdbc/pom.xml b/tests/annotation/jdbc/pom.xml
index b8ea52ce8..2a52f4950 100644
--- a/tests/annotation/jdbc/pom.xml
+++ b/tests/annotation/jdbc/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.10.BUILD-SNAPSHOT
+		2.0.10.RELEASE
 	
 
 	
diff --git a/tests/annotation/jpa/pom.xml b/tests/annotation/jpa/pom.xml
index eef5493c1..ebcef83b4 100644
--- a/tests/annotation/jpa/pom.xml
+++ b/tests/annotation/jpa/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.10.BUILD-SNAPSHOT
+		2.0.10.RELEASE
 	
 
 	
diff --git a/tests/annotation/jwt/pom.xml b/tests/annotation/jwt/pom.xml
index 68d81cfd9..b2a8d9612 100644
--- a/tests/annotation/jwt/pom.xml
+++ b/tests/annotation/jwt/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.10.BUILD-SNAPSHOT
+		2.0.10.RELEASE
 	
 
 	
diff --git a/tests/annotation/mappings/pom.xml b/tests/annotation/mappings/pom.xml
index f6650181c..a6fcc82f9 100644
--- a/tests/annotation/mappings/pom.xml
+++ b/tests/annotation/mappings/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.10.BUILD-SNAPSHOT
+		2.0.10.RELEASE
 	
 
 	
diff --git a/tests/annotation/multi/pom.xml b/tests/annotation/multi/pom.xml
index f2ec35f9b..1ae761102 100644
--- a/tests/annotation/multi/pom.xml
+++ b/tests/annotation/multi/pom.xml
@@ -9,7 +9,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.10.BUILD-SNAPSHOT
+		2.0.10.RELEASE
 	
 
 	
diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml
index 0ae1f184c..ec877e44d 100644
--- a/tests/annotation/pom.xml
+++ b/tests/annotation/pom.xml
@@ -4,7 +4,7 @@
 
 	org.demo
 	spring-oauth2-tests-parent
-	2.0.10.BUILD-SNAPSHOT
+	2.0.10.RELEASE
     pom
 
     
@@ -39,7 +39,7 @@
 		
 			org.springframework.security.oauth
 			spring-security-oauth2
-			2.0.10.BUILD-SNAPSHOT
+			2.0.10.RELEASE
 			
 				
 					jackson-mapper-asl
diff --git a/tests/annotation/resource/pom.xml b/tests/annotation/resource/pom.xml
index 6b3ccfcb8..18fe6c1ce 100644
--- a/tests/annotation/resource/pom.xml
+++ b/tests/annotation/resource/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.10.BUILD-SNAPSHOT
+		2.0.10.RELEASE
 	
 
 	
diff --git a/tests/annotation/ssl/pom.xml b/tests/annotation/ssl/pom.xml
index 3e3a6c259..38ced7734 100644
--- a/tests/annotation/ssl/pom.xml
+++ b/tests/annotation/ssl/pom.xml
@@ -11,7 +11,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.10.BUILD-SNAPSHOT
+		2.0.10.RELEASE
 	
 
 	
diff --git a/tests/annotation/vanilla/pom.xml b/tests/annotation/vanilla/pom.xml
index f52f63581..c7426ca78 100644
--- a/tests/annotation/vanilla/pom.xml
+++ b/tests/annotation/vanilla/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.10.BUILD-SNAPSHOT
+		2.0.10.RELEASE
 	
 
 	
diff --git a/tests/pom.xml b/tests/pom.xml
index 509ce2e37..e293c2964 100644
--- a/tests/pom.xml
+++ b/tests/pom.xml
@@ -4,7 +4,7 @@
   
     org.springframework.security.oauth
     spring-security-oauth-parent
-    2.0.10.BUILD-SNAPSHOT
+    2.0.10.RELEASE
   
 
   spring-security-oauth-tests
diff --git a/tests/xml/approval/pom.xml b/tests/xml/approval/pom.xml
index bfef503e6..0290e0045 100644
--- a/tests/xml/approval/pom.xml
+++ b/tests/xml/approval/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.10.BUILD-SNAPSHOT
+		2.0.10.RELEASE
 	
 
 	
diff --git a/tests/xml/client/pom.xml b/tests/xml/client/pom.xml
index ee31d144a..23e0c6a14 100644
--- a/tests/xml/client/pom.xml
+++ b/tests/xml/client/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.10.BUILD-SNAPSHOT
+		2.0.10.RELEASE
 	
 
 	
diff --git a/tests/xml/common/pom.xml b/tests/xml/common/pom.xml
index a5ad72cab..95660af84 100644
--- a/tests/xml/common/pom.xml
+++ b/tests/xml/common/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.10.BUILD-SNAPSHOT
+		2.0.10.RELEASE
 	
 
 	
diff --git a/tests/xml/form/pom.xml b/tests/xml/form/pom.xml
index dc4250ee9..b3f9cdb46 100644
--- a/tests/xml/form/pom.xml
+++ b/tests/xml/form/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.10.BUILD-SNAPSHOT
+		2.0.10.RELEASE
 	
 
 	
diff --git a/tests/xml/jdbc/pom.xml b/tests/xml/jdbc/pom.xml
index f48947852..588cc484a 100644
--- a/tests/xml/jdbc/pom.xml
+++ b/tests/xml/jdbc/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.10.BUILD-SNAPSHOT
+		2.0.10.RELEASE
 	
 
 	
diff --git a/tests/xml/jwt/pom.xml b/tests/xml/jwt/pom.xml
index 83bc98365..ce13125a7 100644
--- a/tests/xml/jwt/pom.xml
+++ b/tests/xml/jwt/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.10.BUILD-SNAPSHOT
+		2.0.10.RELEASE
 	
 
 	
diff --git a/tests/xml/mappings/pom.xml b/tests/xml/mappings/pom.xml
index d8ee92271..2419063c0 100644
--- a/tests/xml/mappings/pom.xml
+++ b/tests/xml/mappings/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.10.BUILD-SNAPSHOT
+		2.0.10.RELEASE
 	
 
 	
diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml
index c76bdc498..a8d4cadc3 100644
--- a/tests/xml/pom.xml
+++ b/tests/xml/pom.xml
@@ -4,7 +4,7 @@
 
 	org.demo
 	spring-oauth2-tests-xml-parent
-	2.0.10.BUILD-SNAPSHOT
+	2.0.10.RELEASE
     pom
 
     
@@ -33,7 +33,7 @@
 		
 			org.springframework.security.oauth
 			spring-security-oauth2
-			2.0.10.BUILD-SNAPSHOT
+			2.0.10.RELEASE
 			
 				
 					jackson-mapper-asl
diff --git a/tests/xml/vanilla/pom.xml b/tests/xml/vanilla/pom.xml
index ff6a24ae6..99ca16806 100644
--- a/tests/xml/vanilla/pom.xml
+++ b/tests/xml/vanilla/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.10.BUILD-SNAPSHOT
+		2.0.10.RELEASE
 	
 
 	

From a0352ca3d6f2c2a336ce5b1c442e812479cda8f3 Mon Sep 17 00:00:00 2001
From: Dave Syer 
Date: Fri, 3 Jun 2016 12:51:11 +0100
Subject: [PATCH 040/345] Revert to snapshots

---
 pom.xml                                        | 2 +-
 samples/oauth/sparklr/pom.xml                  | 2 +-
 samples/oauth/tonr/pom.xml                     | 2 +-
 samples/oauth2/sparklr/pom.xml                 | 2 +-
 samples/oauth2/tonr/pom.xml                    | 2 +-
 samples/pom.xml                                | 2 +-
 spring-security-oauth/pom.xml                  | 2 +-
 spring-security-oauth2/pom.xml                 | 2 +-
 tests/annotation/approval/pom.xml              | 2 +-
 tests/annotation/client/pom.xml                | 2 +-
 tests/annotation/common/pom.xml                | 2 +-
 tests/annotation/custom-authentication/pom.xml | 2 +-
 tests/annotation/custom-grant/pom.xml          | 2 +-
 tests/annotation/form/pom.xml                  | 2 +-
 tests/annotation/jaxb/pom.xml                  | 2 +-
 tests/annotation/jdbc/pom.xml                  | 2 +-
 tests/annotation/jpa/pom.xml                   | 2 +-
 tests/annotation/jwt/pom.xml                   | 2 +-
 tests/annotation/mappings/pom.xml              | 2 +-
 tests/annotation/multi/pom.xml                 | 2 +-
 tests/annotation/pom.xml                       | 4 ++--
 tests/annotation/resource/pom.xml              | 2 +-
 tests/annotation/ssl/pom.xml                   | 2 +-
 tests/annotation/vanilla/pom.xml               | 2 +-
 tests/pom.xml                                  | 2 +-
 tests/xml/approval/pom.xml                     | 2 +-
 tests/xml/client/pom.xml                       | 2 +-
 tests/xml/common/pom.xml                       | 2 +-
 tests/xml/form/pom.xml                         | 2 +-
 tests/xml/jdbc/pom.xml                         | 2 +-
 tests/xml/jwt/pom.xml                          | 2 +-
 tests/xml/mappings/pom.xml                     | 2 +-
 tests/xml/pom.xml                              | 4 ++--
 tests/xml/vanilla/pom.xml                      | 2 +-
 34 files changed, 36 insertions(+), 36 deletions(-)

diff --git a/pom.xml b/pom.xml
index 3ff088ddb..c160d1cfa 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
   OAuth for Spring Security
   Parent Project for OAuth Support for Spring Security
   pom
-  2.0.10.RELEASE
+  2.0.11.BUILD-SNAPSHOT
   http://static.springframework.org/spring-security/oauth
 
   
diff --git a/samples/oauth/sparklr/pom.xml b/samples/oauth/sparklr/pom.xml
index 9dfe16069..987a6ebce 100644
--- a/samples/oauth/sparklr/pom.xml
+++ b/samples/oauth/sparklr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.10.RELEASE
+		2.0.11.BUILD-SNAPSHOT
 		../../..
 	
 
diff --git a/samples/oauth/tonr/pom.xml b/samples/oauth/tonr/pom.xml
index 3df90e5ee..a6eca368b 100644
--- a/samples/oauth/tonr/pom.xml
+++ b/samples/oauth/tonr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.10.RELEASE
+		2.0.11.BUILD-SNAPSHOT
 		../../..
 	
 
diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml
index f21aa7240..59ee49647 100644
--- a/samples/oauth2/sparklr/pom.xml
+++ b/samples/oauth2/sparklr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.10.RELEASE
+		2.0.11.BUILD-SNAPSHOT
 		../../..
 	
 
diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml
index 1f5e76626..9828c4108 100644
--- a/samples/oauth2/tonr/pom.xml
+++ b/samples/oauth2/tonr/pom.xml
@@ -6,7 +6,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.10.RELEASE
+		2.0.11.BUILD-SNAPSHOT
 		../../..
 	
 
diff --git a/samples/pom.xml b/samples/pom.xml
index e0d35aaae..4d1b51c2b 100755
--- a/samples/pom.xml
+++ b/samples/pom.xml
@@ -4,7 +4,7 @@
   
     org.springframework.security.oauth
     spring-security-oauth-parent
-    2.0.10.RELEASE
+    2.0.11.BUILD-SNAPSHOT
   
 
   spring-security-oauth-samples
diff --git a/spring-security-oauth/pom.xml b/spring-security-oauth/pom.xml
index 2541fd84b..946084212 100644
--- a/spring-security-oauth/pom.xml
+++ b/spring-security-oauth/pom.xml
@@ -4,7 +4,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.10.RELEASE
+		2.0.11.BUILD-SNAPSHOT
 	
 
 	spring-security-oauth
diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml
index 3643a5b93..8104b267c 100644
--- a/spring-security-oauth2/pom.xml
+++ b/spring-security-oauth2/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.10.RELEASE
+		2.0.11.BUILD-SNAPSHOT
 	
 
 	spring-security-oauth2
diff --git a/tests/annotation/approval/pom.xml b/tests/annotation/approval/pom.xml
index 581c04676..fe2f32a03 100644
--- a/tests/annotation/approval/pom.xml
+++ b/tests/annotation/approval/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.10.RELEASE
+		2.0.11.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/client/pom.xml b/tests/annotation/client/pom.xml
index 76f64bf50..8f3dbf595 100644
--- a/tests/annotation/client/pom.xml
+++ b/tests/annotation/client/pom.xml
@@ -11,7 +11,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.10.RELEASE
+		2.0.11.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/common/pom.xml b/tests/annotation/common/pom.xml
index 33251cd04..500e6e0ed 100644
--- a/tests/annotation/common/pom.xml
+++ b/tests/annotation/common/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.10.RELEASE
+		2.0.11.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/custom-authentication/pom.xml b/tests/annotation/custom-authentication/pom.xml
index 9a05c805b..7af3e1065 100644
--- a/tests/annotation/custom-authentication/pom.xml
+++ b/tests/annotation/custom-authentication/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.10.RELEASE
+		2.0.11.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/custom-grant/pom.xml b/tests/annotation/custom-grant/pom.xml
index 1c1487c9c..4a0eaa8d4 100644
--- a/tests/annotation/custom-grant/pom.xml
+++ b/tests/annotation/custom-grant/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.10.RELEASE
+		2.0.11.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/form/pom.xml b/tests/annotation/form/pom.xml
index 816f98443..77da0a16b 100644
--- a/tests/annotation/form/pom.xml
+++ b/tests/annotation/form/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.10.RELEASE
+		2.0.11.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/jaxb/pom.xml b/tests/annotation/jaxb/pom.xml
index 9c05fdfeb..a413c865e 100644
--- a/tests/annotation/jaxb/pom.xml
+++ b/tests/annotation/jaxb/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.10.RELEASE
+		2.0.11.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/jdbc/pom.xml b/tests/annotation/jdbc/pom.xml
index 2a52f4950..fca83d1d3 100644
--- a/tests/annotation/jdbc/pom.xml
+++ b/tests/annotation/jdbc/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.10.RELEASE
+		2.0.11.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/jpa/pom.xml b/tests/annotation/jpa/pom.xml
index ebcef83b4..3ed831fad 100644
--- a/tests/annotation/jpa/pom.xml
+++ b/tests/annotation/jpa/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.10.RELEASE
+		2.0.11.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/jwt/pom.xml b/tests/annotation/jwt/pom.xml
index b2a8d9612..573965564 100644
--- a/tests/annotation/jwt/pom.xml
+++ b/tests/annotation/jwt/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.10.RELEASE
+		2.0.11.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/mappings/pom.xml b/tests/annotation/mappings/pom.xml
index a6fcc82f9..6fe214a29 100644
--- a/tests/annotation/mappings/pom.xml
+++ b/tests/annotation/mappings/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.10.RELEASE
+		2.0.11.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/multi/pom.xml b/tests/annotation/multi/pom.xml
index 1ae761102..561f4f36d 100644
--- a/tests/annotation/multi/pom.xml
+++ b/tests/annotation/multi/pom.xml
@@ -9,7 +9,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.10.RELEASE
+		2.0.11.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml
index ec877e44d..36a5bea5c 100644
--- a/tests/annotation/pom.xml
+++ b/tests/annotation/pom.xml
@@ -4,7 +4,7 @@
 
 	org.demo
 	spring-oauth2-tests-parent
-	2.0.10.RELEASE
+	2.0.11.BUILD-SNAPSHOT
     pom
 
     
@@ -39,7 +39,7 @@
 		
 			org.springframework.security.oauth
 			spring-security-oauth2
-			2.0.10.RELEASE
+			2.0.11.BUILD-SNAPSHOT
 			
 				
 					jackson-mapper-asl
diff --git a/tests/annotation/resource/pom.xml b/tests/annotation/resource/pom.xml
index 18fe6c1ce..1fcc54e46 100644
--- a/tests/annotation/resource/pom.xml
+++ b/tests/annotation/resource/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.10.RELEASE
+		2.0.11.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/ssl/pom.xml b/tests/annotation/ssl/pom.xml
index 38ced7734..2ed7ae748 100644
--- a/tests/annotation/ssl/pom.xml
+++ b/tests/annotation/ssl/pom.xml
@@ -11,7 +11,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.10.RELEASE
+		2.0.11.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/vanilla/pom.xml b/tests/annotation/vanilla/pom.xml
index c7426ca78..9abf85618 100644
--- a/tests/annotation/vanilla/pom.xml
+++ b/tests/annotation/vanilla/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.10.RELEASE
+		2.0.11.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/pom.xml b/tests/pom.xml
index e293c2964..9a34a77fa 100644
--- a/tests/pom.xml
+++ b/tests/pom.xml
@@ -4,7 +4,7 @@
   
     org.springframework.security.oauth
     spring-security-oauth-parent
-    2.0.10.RELEASE
+    2.0.11.BUILD-SNAPSHOT
   
 
   spring-security-oauth-tests
diff --git a/tests/xml/approval/pom.xml b/tests/xml/approval/pom.xml
index 0290e0045..f10e1d4ff 100644
--- a/tests/xml/approval/pom.xml
+++ b/tests/xml/approval/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.10.RELEASE
+		2.0.11.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/client/pom.xml b/tests/xml/client/pom.xml
index 23e0c6a14..709ca6cb2 100644
--- a/tests/xml/client/pom.xml
+++ b/tests/xml/client/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.10.RELEASE
+		2.0.11.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/common/pom.xml b/tests/xml/common/pom.xml
index 95660af84..04a64c1d4 100644
--- a/tests/xml/common/pom.xml
+++ b/tests/xml/common/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.10.RELEASE
+		2.0.11.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/form/pom.xml b/tests/xml/form/pom.xml
index b3f9cdb46..5223cb89c 100644
--- a/tests/xml/form/pom.xml
+++ b/tests/xml/form/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.10.RELEASE
+		2.0.11.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/jdbc/pom.xml b/tests/xml/jdbc/pom.xml
index 588cc484a..0e4897723 100644
--- a/tests/xml/jdbc/pom.xml
+++ b/tests/xml/jdbc/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.10.RELEASE
+		2.0.11.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/jwt/pom.xml b/tests/xml/jwt/pom.xml
index ce13125a7..d2a08959c 100644
--- a/tests/xml/jwt/pom.xml
+++ b/tests/xml/jwt/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.10.RELEASE
+		2.0.11.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/mappings/pom.xml b/tests/xml/mappings/pom.xml
index 2419063c0..36e3364ea 100644
--- a/tests/xml/mappings/pom.xml
+++ b/tests/xml/mappings/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.10.RELEASE
+		2.0.11.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml
index a8d4cadc3..297044dfb 100644
--- a/tests/xml/pom.xml
+++ b/tests/xml/pom.xml
@@ -4,7 +4,7 @@
 
 	org.demo
 	spring-oauth2-tests-xml-parent
-	2.0.10.RELEASE
+	2.0.11.BUILD-SNAPSHOT
     pom
 
     
@@ -33,7 +33,7 @@
 		
 			org.springframework.security.oauth
 			spring-security-oauth2
-			2.0.10.RELEASE
+			2.0.11.BUILD-SNAPSHOT
 			
 				
 					jackson-mapper-asl
diff --git a/tests/xml/vanilla/pom.xml b/tests/xml/vanilla/pom.xml
index 99ca16806..af02810e4 100644
--- a/tests/xml/vanilla/pom.xml
+++ b/tests/xml/vanilla/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.10.RELEASE
+		2.0.11.BUILD-SNAPSHOT
 	
 
 	

From 1ed986a8486ab4e84295ee5d0260c790c573e7d7 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Thu, 18 Aug 2016 16:26:43 -0400
Subject: [PATCH 041/345] Prevent user from obtaining token via
 client_credentials or password grant

Fixes gh-808
---
 ...horizationServerSecurityConfiguration.java |  17 +-
 .../Gh808EnableAuthorizationServerTests.java  | 192 ++++++++++++++++++
 ...entCredentialsPasswordInvalidXmlTests.java |  80 ++++++++
 ...lientCredentialsPasswordValidXmlTests.java |  92 +++++++++
 ...er-client-credentials-password-invalid.xml |  49 +++++
 ...rver-client-credentials-password-valid.xml |  43 ++++
 6 files changed, 470 insertions(+), 3 deletions(-)
 create mode 100644 spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/Gh808EnableAuthorizationServerTests.java
 create mode 100644 spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/AuthorizationServerClientCredentialsPasswordInvalidXmlTests.java
 create mode 100644 spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/AuthorizationServerClientCredentialsPasswordValidXmlTests.java
 create mode 100644 spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/config/xml/authorization-server-client-credentials-password-invalid.xml
 create mode 100644 spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/config/xml/authorization-server-client-credentials-password-valid.xml

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerSecurityConfiguration.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerSecurityConfiguration.java
index 02fcedd67..231e1ec8b 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerSecurityConfiguration.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerSecurityConfiguration.java
@@ -15,13 +15,11 @@
  */
 package org.springframework.security.oauth2.config.annotation.web.configuration;
 
-import java.util.Collections;
-import java.util.List;
-
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 import org.springframework.core.annotation.Order;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
@@ -32,6 +30,9 @@
 import org.springframework.security.oauth2.provider.ClientDetailsService;
 import org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping;
 
+import java.util.Collections;
+import java.util.List;
+
 /**
  * @author Rob Winch
  * @author Dave Syer
@@ -58,6 +59,16 @@ public void configure(ClientDetailsServiceConfigurer clientDetails) throws Excep
 		}
 	}
 
+	@Override
+	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+		// Over-riding to make sure this.disableLocalConfigureAuthenticationBldr = false
+		// This will ensure that when this configurer builds the AuthenticationManager it will not attempt
+		// to find another 'Global' AuthenticationManager in the ApplicationContext (if available),
+		// and set that as the parent of this 'Local' AuthenticationManager.
+		// This AuthenticationManager should only be wired up with an AuthenticationProvider
+		// composed of the ClientDetailsService (wired in this configuration) for authenticating 'clients' only.
+	}
+
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		AuthorizationServerSecurityConfigurer configurer = new AuthorizationServerSecurityConfigurer();
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/Gh808EnableAuthorizationServerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/Gh808EnableAuthorizationServerTests.java
new file mode 100644
index 000000000..3e8bc61f8
--- /dev/null
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/Gh808EnableAuthorizationServerTests.java
@@ -0,0 +1,192 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.config.annotation;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.codec.Base64;
+import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
+import org.springframework.security.oauth2.provider.ClientDetails;
+import org.springframework.security.oauth2.provider.ClientDetailsService;
+import org.springframework.security.oauth2.provider.ClientRegistrationException;
+import org.springframework.security.oauth2.provider.client.BaseClientDetails;
+import org.springframework.security.web.FilterChainProxy;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.web.context.WebApplicationContext;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+
+import java.io.UnsupportedEncodingException;
+import java.util.Arrays;
+
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+/**
+ * gh-808
+ * 
+ * @author Joe Grandja
+ */
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration
+@WebAppConfiguration
+public class Gh808EnableAuthorizationServerTests {
+	private static final String CLIENT_ID = "acme";
+	private static final String CLIENT_SECRET = "acmesecret";
+	private static final String USER_ID = CLIENT_ID;
+	private static final String USER_SECRET = CLIENT_SECRET + "2";
+	private static BaseClientDetails client;
+	private static UserDetails user;
+
+	@Autowired
+	WebApplicationContext context;
+
+	@Autowired
+	FilterChainProxy springSecurityFilterChain;
+
+	MockMvc mockMvc;
+
+	static {
+		client = new BaseClientDetails(CLIENT_ID, null, "read,write", "password,client_credentials", "ROLE_ADMIN", "http://example.com/oauth2callback");
+		client.setClientSecret(CLIENT_SECRET);
+		user = new User(USER_ID, USER_SECRET, Arrays.asList(new SimpleGrantedAuthority("ROLE_USER")));
+	}
+
+	@Before
+	public void setup() {
+		mockMvc = MockMvcBuilders.webAppContextSetup(context).addFilters(springSecurityFilterChain).build();
+	}
+
+	@Test
+	public void clientAuthenticationFailsUsingUserCredentialsOnClientCredentialsGrantFlow() throws Exception {
+		mockMvc.perform(post("/oauth/token")
+				.param("grant_type", "client_credentials")
+				.header("Authorization", httpBasicCredentials(USER_ID, USER_SECRET)))
+				.andExpect(status().isUnauthorized());
+	}
+
+	@Test
+	public void clientAuthenticationFailsUsingUserCredentialsOnResourceOwnerPasswordGrantFlow() throws Exception {
+		mockMvc.perform(post("/oauth/token")
+				.param("grant_type", "password")
+				.param("client_id", CLIENT_ID)
+				.param("username", USER_ID)
+				.param("password", USER_SECRET)
+				.header("Authorization", httpBasicCredentials(USER_ID, USER_SECRET)))
+				.andExpect(status().isUnauthorized());
+	}
+
+	private String httpBasicCredentials(String userName, String password) {
+		String headerValue = "Basic ";
+		byte[] toEncode = null;
+		try {
+			toEncode = (userName + ":" + password).getBytes("UTF-8");
+		} catch (UnsupportedEncodingException e) { }
+		headerValue += new String(Base64.encode(toEncode));
+		return headerValue;
+	}
+
+	@Configuration
+	@EnableAuthorizationServer
+	@EnableWebMvc
+	static class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
+
+		@Autowired
+		@Qualifier("authenticationManagerBean")
+		private AuthenticationManager authenticationManager;
+
+		@Autowired
+		private UserDetailsService userDetailsService;
+
+		@Override
+		public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
+			clients.withClientDetails(clientDetailsService());
+		}
+
+		@Override
+		public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
+			endpoints
+				.authenticationManager(this.authenticationManager)
+					.userDetailsService(this.userDetailsService);
+		}
+
+		@Bean
+		public ClientDetailsService clientDetailsService() {
+			return new ClientDetailsService() {
+				@Override
+				public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
+					return client;
+				}
+			};
+		}
+	}
+
+	@Configuration
+	@EnableWebSecurity
+	static class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			http
+					.authorizeRequests()
+					.anyRequest().authenticated();
+		}
+
+		@Override
+		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			auth
+					.userDetailsService(userDetailsService());
+		}
+
+		@Bean
+		@Override
+		public AuthenticationManager authenticationManagerBean() throws Exception {
+			// Expose the Global AuthenticationManager
+			return super.authenticationManagerBean();
+		}
+
+		@Bean
+		public UserDetailsService userDetailsService() {
+			return new UserDetailsService() {
+				@Override
+				public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+					return user;
+				}
+			};
+		}
+	}
+}
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/AuthorizationServerClientCredentialsPasswordInvalidXmlTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/AuthorizationServerClientCredentialsPasswordInvalidXmlTests.java
new file mode 100644
index 000000000..2dd1a329e
--- /dev/null
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/AuthorizationServerClientCredentialsPasswordInvalidXmlTests.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.config.xml;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.web.FilterChainProxy;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.web.context.WebApplicationContext;
+
+import static org.springframework.security.oauth2.config.xml.AuthorizationServerClientCredentialsPasswordValidXmlTests.httpBasicCredentials;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+/**
+ * gh-808
+ *
+ * @author Joe Grandja
+ */
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration(locations = "authorization-server-client-credentials-password-invalid.xml")
+@WebAppConfiguration
+public class AuthorizationServerClientCredentialsPasswordInvalidXmlTests {
+	private static final String CLIENT_ID = "acme";
+	private static final String CLIENT_SECRET = "secret";
+	private static final String USER_ID = "acme";
+	private static final String USER_SECRET = "password";
+
+	@Autowired
+	WebApplicationContext context;
+
+	@Autowired
+	FilterChainProxy springSecurityFilterChain;
+
+	MockMvc mockMvc;
+
+	@Before
+	public void setup() {
+		mockMvc = MockMvcBuilders.webAppContextSetup(context).addFilters(springSecurityFilterChain).build();
+	}
+
+	@Test
+	public void clientAuthenticationPassesUsingUserCredentialsOnClientCredentialsGrantFlow() throws Exception {
+		mockMvc.perform(post("/oauth/token")
+				.param("grant_type", "client_credentials")
+				.header("Authorization", httpBasicCredentials(USER_ID, USER_SECRET)))
+				.andExpect(status().isOk());
+	}
+
+	@Test
+	public void clientAuthenticationPassesUsingUserCredentialsOnResourceOwnerPasswordGrantFlow() throws Exception {
+		mockMvc.perform(post("/oauth/token")
+				.param("grant_type", "password")
+				.param("client_id", CLIENT_ID)
+				.param("username", USER_ID)
+				.param("password", USER_SECRET)
+				.header("Authorization", httpBasicCredentials(USER_ID, USER_SECRET)))
+				.andExpect(status().isOk());
+	}
+
+}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/AuthorizationServerClientCredentialsPasswordValidXmlTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/AuthorizationServerClientCredentialsPasswordValidXmlTests.java
new file mode 100644
index 000000000..fba5fa40c
--- /dev/null
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/AuthorizationServerClientCredentialsPasswordValidXmlTests.java
@@ -0,0 +1,92 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.config.xml;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.crypto.codec.Base64;
+import org.springframework.security.web.FilterChainProxy;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.web.context.WebApplicationContext;
+
+import java.io.UnsupportedEncodingException;
+
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+/**
+ * gh-808
+ *
+ * @author Joe Grandja
+ */
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration(locations = "authorization-server-client-credentials-password-valid.xml")
+@WebAppConfiguration
+public class AuthorizationServerClientCredentialsPasswordValidXmlTests {
+	private static final String CLIENT_ID = "acme";
+	private static final String CLIENT_SECRET = "secret";
+	private static final String USER_ID = "acme";
+	private static final String USER_SECRET = "password";
+
+	@Autowired
+	WebApplicationContext context;
+
+	@Autowired
+	FilterChainProxy springSecurityFilterChain;
+
+	MockMvc mockMvc;
+
+	@Before
+	public void setup() {
+		mockMvc = MockMvcBuilders.webAppContextSetup(context).addFilters(springSecurityFilterChain).build();
+	}
+
+	@Test
+	public void clientAuthenticationFailsUsingUserCredentialsOnClientCredentialsGrantFlow() throws Exception {
+		mockMvc.perform(post("/oauth/token")
+				.param("grant_type", "client_credentials")
+				.header("Authorization", httpBasicCredentials(USER_ID, USER_SECRET)))
+				.andExpect(status().isUnauthorized());
+	}
+
+	@Test
+	public void clientAuthenticationFailsUsingUserCredentialsOnResourceOwnerPasswordGrantFlow() throws Exception {
+		mockMvc.perform(post("/oauth/token")
+				.param("grant_type", "password")
+				.param("client_id", CLIENT_ID)
+				.param("username", USER_ID)
+				.param("password", USER_SECRET)
+				.header("Authorization", httpBasicCredentials(USER_ID, USER_SECRET)))
+				.andExpect(status().isUnauthorized());
+	}
+
+	static String httpBasicCredentials(String userName, String password) {
+		String headerValue = "Basic ";
+		byte[] toEncode = null;
+		try {
+			toEncode = (userName + ":" + password).getBytes("UTF-8");
+		} catch (UnsupportedEncodingException e) { }
+		headerValue += new String(Base64.encode(toEncode));
+		return headerValue;
+	}
+
+}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/config/xml/authorization-server-client-credentials-password-invalid.xml b/spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/config/xml/authorization-server-client-credentials-password-invalid.xml
new file mode 100644
index 000000000..1ec6e2d06
--- /dev/null
+++ b/spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/config/xml/authorization-server-client-credentials-password-invalid.xml
@@ -0,0 +1,49 @@
+
+
+
+	
+	
+		
+	
+
+	
+		
+	
+
+	
+		
+	
+
+	
+		
+	
+
+	
+		
+			
+				
+			
+		
+	
+
+	
+
+	
+		
+		
+	
+
+
\ No newline at end of file
diff --git a/spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/config/xml/authorization-server-client-credentials-password-valid.xml b/spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/config/xml/authorization-server-client-credentials-password-valid.xml
new file mode 100644
index 000000000..1622316b3
--- /dev/null
+++ b/spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/config/xml/authorization-server-client-credentials-password-valid.xml
@@ -0,0 +1,43 @@
+
+
+
+	
+		
+	
+
+	
+		
+	
+
+	
+		
+	
+
+	
+		
+	
+
+	
+		
+			
+				
+			
+		
+	
+
+	
+
+	
+		
+		
+	
+
+
\ No newline at end of file

From 7b4a5a4b8e65a3969bc4356f95e631c4abedc214 Mon Sep 17 00:00:00 2001
From: Dave Syer 
Date: Thu, 25 Aug 2016 16:33:10 +0100
Subject: [PATCH 042/345] Release 2.0.11

---
 pom.xml                                        | 2 +-
 samples/oauth/sparklr/pom.xml                  | 2 +-
 samples/oauth/tonr/pom.xml                     | 2 +-
 samples/oauth2/sparklr/pom.xml                 | 2 +-
 samples/oauth2/tonr/pom.xml                    | 2 +-
 samples/pom.xml                                | 2 +-
 spring-security-oauth/pom.xml                  | 2 +-
 spring-security-oauth2/pom.xml                 | 2 +-
 tests/annotation/approval/pom.xml              | 2 +-
 tests/annotation/client/pom.xml                | 2 +-
 tests/annotation/common/pom.xml                | 2 +-
 tests/annotation/custom-authentication/pom.xml | 2 +-
 tests/annotation/custom-grant/pom.xml          | 2 +-
 tests/annotation/form/pom.xml                  | 2 +-
 tests/annotation/jaxb/pom.xml                  | 2 +-
 tests/annotation/jdbc/pom.xml                  | 2 +-
 tests/annotation/jpa/pom.xml                   | 2 +-
 tests/annotation/jwt/pom.xml                   | 2 +-
 tests/annotation/mappings/pom.xml              | 2 +-
 tests/annotation/multi/pom.xml                 | 2 +-
 tests/annotation/pom.xml                       | 4 ++--
 tests/annotation/resource/pom.xml              | 2 +-
 tests/annotation/ssl/pom.xml                   | 2 +-
 tests/annotation/vanilla/pom.xml               | 2 +-
 tests/pom.xml                                  | 2 +-
 tests/xml/approval/pom.xml                     | 2 +-
 tests/xml/client/pom.xml                       | 2 +-
 tests/xml/common/pom.xml                       | 2 +-
 tests/xml/form/pom.xml                         | 2 +-
 tests/xml/jdbc/pom.xml                         | 2 +-
 tests/xml/jwt/pom.xml                          | 2 +-
 tests/xml/mappings/pom.xml                     | 2 +-
 tests/xml/pom.xml                              | 4 ++--
 tests/xml/vanilla/pom.xml                      | 2 +-
 34 files changed, 36 insertions(+), 36 deletions(-)

diff --git a/pom.xml b/pom.xml
index c160d1cfa..b5bc775d9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
   OAuth for Spring Security
   Parent Project for OAuth Support for Spring Security
   pom
-  2.0.11.BUILD-SNAPSHOT
+  2.0.11.RELEASE
   http://static.springframework.org/spring-security/oauth
 
   
diff --git a/samples/oauth/sparklr/pom.xml b/samples/oauth/sparklr/pom.xml
index 987a6ebce..15e3ed59a 100644
--- a/samples/oauth/sparklr/pom.xml
+++ b/samples/oauth/sparklr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.11.BUILD-SNAPSHOT
+		2.0.11.RELEASE
 		../../..
 	
 
diff --git a/samples/oauth/tonr/pom.xml b/samples/oauth/tonr/pom.xml
index a6eca368b..a067f1c2c 100644
--- a/samples/oauth/tonr/pom.xml
+++ b/samples/oauth/tonr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.11.BUILD-SNAPSHOT
+		2.0.11.RELEASE
 		../../..
 	
 
diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml
index 59ee49647..7b89d6c83 100644
--- a/samples/oauth2/sparklr/pom.xml
+++ b/samples/oauth2/sparklr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.11.BUILD-SNAPSHOT
+		2.0.11.RELEASE
 		../../..
 	
 
diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml
index 9828c4108..a542d55c8 100644
--- a/samples/oauth2/tonr/pom.xml
+++ b/samples/oauth2/tonr/pom.xml
@@ -6,7 +6,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.11.BUILD-SNAPSHOT
+		2.0.11.RELEASE
 		../../..
 	
 
diff --git a/samples/pom.xml b/samples/pom.xml
index 4d1b51c2b..b4c9dddfd 100755
--- a/samples/pom.xml
+++ b/samples/pom.xml
@@ -4,7 +4,7 @@
   
     org.springframework.security.oauth
     spring-security-oauth-parent
-    2.0.11.BUILD-SNAPSHOT
+    2.0.11.RELEASE
   
 
   spring-security-oauth-samples
diff --git a/spring-security-oauth/pom.xml b/spring-security-oauth/pom.xml
index 946084212..ca8e17d14 100644
--- a/spring-security-oauth/pom.xml
+++ b/spring-security-oauth/pom.xml
@@ -4,7 +4,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.11.BUILD-SNAPSHOT
+		2.0.11.RELEASE
 	
 
 	spring-security-oauth
diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml
index 8104b267c..a3f62b7c5 100644
--- a/spring-security-oauth2/pom.xml
+++ b/spring-security-oauth2/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.11.BUILD-SNAPSHOT
+		2.0.11.RELEASE
 	
 
 	spring-security-oauth2
diff --git a/tests/annotation/approval/pom.xml b/tests/annotation/approval/pom.xml
index fe2f32a03..7883242c9 100644
--- a/tests/annotation/approval/pom.xml
+++ b/tests/annotation/approval/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.11.BUILD-SNAPSHOT
+		2.0.11.RELEASE
 	
 
 	
diff --git a/tests/annotation/client/pom.xml b/tests/annotation/client/pom.xml
index 8f3dbf595..04cec13f0 100644
--- a/tests/annotation/client/pom.xml
+++ b/tests/annotation/client/pom.xml
@@ -11,7 +11,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.11.BUILD-SNAPSHOT
+		2.0.11.RELEASE
 	
 
 	
diff --git a/tests/annotation/common/pom.xml b/tests/annotation/common/pom.xml
index 500e6e0ed..500487ba8 100644
--- a/tests/annotation/common/pom.xml
+++ b/tests/annotation/common/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.11.BUILD-SNAPSHOT
+		2.0.11.RELEASE
 	
 
 	
diff --git a/tests/annotation/custom-authentication/pom.xml b/tests/annotation/custom-authentication/pom.xml
index 7af3e1065..b3d1bd2f7 100644
--- a/tests/annotation/custom-authentication/pom.xml
+++ b/tests/annotation/custom-authentication/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.11.BUILD-SNAPSHOT
+		2.0.11.RELEASE
 	
 
 	
diff --git a/tests/annotation/custom-grant/pom.xml b/tests/annotation/custom-grant/pom.xml
index 4a0eaa8d4..3a1a286b8 100644
--- a/tests/annotation/custom-grant/pom.xml
+++ b/tests/annotation/custom-grant/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.11.BUILD-SNAPSHOT
+		2.0.11.RELEASE
 	
 
 	
diff --git a/tests/annotation/form/pom.xml b/tests/annotation/form/pom.xml
index 77da0a16b..27c956572 100644
--- a/tests/annotation/form/pom.xml
+++ b/tests/annotation/form/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.11.BUILD-SNAPSHOT
+		2.0.11.RELEASE
 	
 
 	
diff --git a/tests/annotation/jaxb/pom.xml b/tests/annotation/jaxb/pom.xml
index a413c865e..6cd6feff9 100644
--- a/tests/annotation/jaxb/pom.xml
+++ b/tests/annotation/jaxb/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.11.BUILD-SNAPSHOT
+		2.0.11.RELEASE
 	
 
 	
diff --git a/tests/annotation/jdbc/pom.xml b/tests/annotation/jdbc/pom.xml
index fca83d1d3..975726b27 100644
--- a/tests/annotation/jdbc/pom.xml
+++ b/tests/annotation/jdbc/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.11.BUILD-SNAPSHOT
+		2.0.11.RELEASE
 	
 
 	
diff --git a/tests/annotation/jpa/pom.xml b/tests/annotation/jpa/pom.xml
index 3ed831fad..31090eb45 100644
--- a/tests/annotation/jpa/pom.xml
+++ b/tests/annotation/jpa/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.11.BUILD-SNAPSHOT
+		2.0.11.RELEASE
 	
 
 	
diff --git a/tests/annotation/jwt/pom.xml b/tests/annotation/jwt/pom.xml
index 573965564..6e86d3f82 100644
--- a/tests/annotation/jwt/pom.xml
+++ b/tests/annotation/jwt/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.11.BUILD-SNAPSHOT
+		2.0.11.RELEASE
 	
 
 	
diff --git a/tests/annotation/mappings/pom.xml b/tests/annotation/mappings/pom.xml
index 6fe214a29..c5948ae2e 100644
--- a/tests/annotation/mappings/pom.xml
+++ b/tests/annotation/mappings/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.11.BUILD-SNAPSHOT
+		2.0.11.RELEASE
 	
 
 	
diff --git a/tests/annotation/multi/pom.xml b/tests/annotation/multi/pom.xml
index 561f4f36d..45ca8fbfd 100644
--- a/tests/annotation/multi/pom.xml
+++ b/tests/annotation/multi/pom.xml
@@ -9,7 +9,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.11.BUILD-SNAPSHOT
+		2.0.11.RELEASE
 	
 
 	
diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml
index 36a5bea5c..fe01677b2 100644
--- a/tests/annotation/pom.xml
+++ b/tests/annotation/pom.xml
@@ -4,7 +4,7 @@
 
 	org.demo
 	spring-oauth2-tests-parent
-	2.0.11.BUILD-SNAPSHOT
+	2.0.11.RELEASE
     pom
 
     
@@ -39,7 +39,7 @@
 		
 			org.springframework.security.oauth
 			spring-security-oauth2
-			2.0.11.BUILD-SNAPSHOT
+			2.0.11.RELEASE
 			
 				
 					jackson-mapper-asl
diff --git a/tests/annotation/resource/pom.xml b/tests/annotation/resource/pom.xml
index 1fcc54e46..caa4fdae1 100644
--- a/tests/annotation/resource/pom.xml
+++ b/tests/annotation/resource/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.11.BUILD-SNAPSHOT
+		2.0.11.RELEASE
 	
 
 	
diff --git a/tests/annotation/ssl/pom.xml b/tests/annotation/ssl/pom.xml
index 2ed7ae748..91c4211b6 100644
--- a/tests/annotation/ssl/pom.xml
+++ b/tests/annotation/ssl/pom.xml
@@ -11,7 +11,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.11.BUILD-SNAPSHOT
+		2.0.11.RELEASE
 	
 
 	
diff --git a/tests/annotation/vanilla/pom.xml b/tests/annotation/vanilla/pom.xml
index 9abf85618..1e05f0ba7 100644
--- a/tests/annotation/vanilla/pom.xml
+++ b/tests/annotation/vanilla/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.11.BUILD-SNAPSHOT
+		2.0.11.RELEASE
 	
 
 	
diff --git a/tests/pom.xml b/tests/pom.xml
index 9a34a77fa..e62c27980 100644
--- a/tests/pom.xml
+++ b/tests/pom.xml
@@ -4,7 +4,7 @@
   
     org.springframework.security.oauth
     spring-security-oauth-parent
-    2.0.11.BUILD-SNAPSHOT
+    2.0.11.RELEASE
   
 
   spring-security-oauth-tests
diff --git a/tests/xml/approval/pom.xml b/tests/xml/approval/pom.xml
index f10e1d4ff..03b778505 100644
--- a/tests/xml/approval/pom.xml
+++ b/tests/xml/approval/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.11.BUILD-SNAPSHOT
+		2.0.11.RELEASE
 	
 
 	
diff --git a/tests/xml/client/pom.xml b/tests/xml/client/pom.xml
index 709ca6cb2..515f5a364 100644
--- a/tests/xml/client/pom.xml
+++ b/tests/xml/client/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.11.BUILD-SNAPSHOT
+		2.0.11.RELEASE
 	
 
 	
diff --git a/tests/xml/common/pom.xml b/tests/xml/common/pom.xml
index 04a64c1d4..bb6fccd21 100644
--- a/tests/xml/common/pom.xml
+++ b/tests/xml/common/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.11.BUILD-SNAPSHOT
+		2.0.11.RELEASE
 	
 
 	
diff --git a/tests/xml/form/pom.xml b/tests/xml/form/pom.xml
index 5223cb89c..9e35fc57d 100644
--- a/tests/xml/form/pom.xml
+++ b/tests/xml/form/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.11.BUILD-SNAPSHOT
+		2.0.11.RELEASE
 	
 
 	
diff --git a/tests/xml/jdbc/pom.xml b/tests/xml/jdbc/pom.xml
index 0e4897723..389f30919 100644
--- a/tests/xml/jdbc/pom.xml
+++ b/tests/xml/jdbc/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.11.BUILD-SNAPSHOT
+		2.0.11.RELEASE
 	
 
 	
diff --git a/tests/xml/jwt/pom.xml b/tests/xml/jwt/pom.xml
index d2a08959c..a28da5ff6 100644
--- a/tests/xml/jwt/pom.xml
+++ b/tests/xml/jwt/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.11.BUILD-SNAPSHOT
+		2.0.11.RELEASE
 	
 
 	
diff --git a/tests/xml/mappings/pom.xml b/tests/xml/mappings/pom.xml
index 36e3364ea..8e701d537 100644
--- a/tests/xml/mappings/pom.xml
+++ b/tests/xml/mappings/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.11.BUILD-SNAPSHOT
+		2.0.11.RELEASE
 	
 
 	
diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml
index 297044dfb..a485df7f2 100644
--- a/tests/xml/pom.xml
+++ b/tests/xml/pom.xml
@@ -4,7 +4,7 @@
 
 	org.demo
 	spring-oauth2-tests-xml-parent
-	2.0.11.BUILD-SNAPSHOT
+	2.0.11.RELEASE
     pom
 
     
@@ -33,7 +33,7 @@
 		
 			org.springframework.security.oauth
 			spring-security-oauth2
-			2.0.11.BUILD-SNAPSHOT
+			2.0.11.RELEASE
 			
 				
 					jackson-mapper-asl
diff --git a/tests/xml/vanilla/pom.xml b/tests/xml/vanilla/pom.xml
index af02810e4..d6ca2ad0b 100644
--- a/tests/xml/vanilla/pom.xml
+++ b/tests/xml/vanilla/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.11.BUILD-SNAPSHOT
+		2.0.11.RELEASE
 	
 
 	

From e860129cccc0c92cbc1e2883095ddfa563122973 Mon Sep 17 00:00:00 2001
From: Dave Syer 
Date: Thu, 25 Aug 2016 16:45:05 +0100
Subject: [PATCH 043/345] Revert to snapshots

---
 pom.xml                                        | 2 +-
 samples/oauth/sparklr/pom.xml                  | 2 +-
 samples/oauth/tonr/pom.xml                     | 2 +-
 samples/oauth2/sparklr/pom.xml                 | 2 +-
 samples/oauth2/tonr/pom.xml                    | 2 +-
 samples/pom.xml                                | 2 +-
 spring-security-oauth/pom.xml                  | 2 +-
 spring-security-oauth2/pom.xml                 | 2 +-
 tests/annotation/approval/pom.xml              | 2 +-
 tests/annotation/client/pom.xml                | 2 +-
 tests/annotation/common/pom.xml                | 2 +-
 tests/annotation/custom-authentication/pom.xml | 2 +-
 tests/annotation/custom-grant/pom.xml          | 2 +-
 tests/annotation/form/pom.xml                  | 2 +-
 tests/annotation/jaxb/pom.xml                  | 2 +-
 tests/annotation/jdbc/pom.xml                  | 2 +-
 tests/annotation/jpa/pom.xml                   | 2 +-
 tests/annotation/jwt/pom.xml                   | 2 +-
 tests/annotation/mappings/pom.xml              | 2 +-
 tests/annotation/multi/pom.xml                 | 2 +-
 tests/annotation/pom.xml                       | 4 ++--
 tests/annotation/resource/pom.xml              | 2 +-
 tests/annotation/ssl/pom.xml                   | 2 +-
 tests/annotation/vanilla/pom.xml               | 2 +-
 tests/pom.xml                                  | 2 +-
 tests/xml/approval/pom.xml                     | 2 +-
 tests/xml/client/pom.xml                       | 2 +-
 tests/xml/common/pom.xml                       | 2 +-
 tests/xml/form/pom.xml                         | 2 +-
 tests/xml/jdbc/pom.xml                         | 2 +-
 tests/xml/jwt/pom.xml                          | 2 +-
 tests/xml/mappings/pom.xml                     | 2 +-
 tests/xml/pom.xml                              | 4 ++--
 tests/xml/vanilla/pom.xml                      | 2 +-
 34 files changed, 36 insertions(+), 36 deletions(-)

diff --git a/pom.xml b/pom.xml
index b5bc775d9..171a202e7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
   OAuth for Spring Security
   Parent Project for OAuth Support for Spring Security
   pom
-  2.0.11.RELEASE
+  2.0.12.BUILD-SNAPSHOT
   http://static.springframework.org/spring-security/oauth
 
   
diff --git a/samples/oauth/sparklr/pom.xml b/samples/oauth/sparklr/pom.xml
index 15e3ed59a..22324b9a3 100644
--- a/samples/oauth/sparklr/pom.xml
+++ b/samples/oauth/sparklr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.11.RELEASE
+		2.0.12.BUILD-SNAPSHOT
 		../../..
 	
 
diff --git a/samples/oauth/tonr/pom.xml b/samples/oauth/tonr/pom.xml
index a067f1c2c..0c8263482 100644
--- a/samples/oauth/tonr/pom.xml
+++ b/samples/oauth/tonr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.11.RELEASE
+		2.0.12.BUILD-SNAPSHOT
 		../../..
 	
 
diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml
index 7b89d6c83..e8f6576b1 100644
--- a/samples/oauth2/sparklr/pom.xml
+++ b/samples/oauth2/sparklr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.11.RELEASE
+		2.0.12.BUILD-SNAPSHOT
 		../../..
 	
 
diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml
index a542d55c8..b4cff298e 100644
--- a/samples/oauth2/tonr/pom.xml
+++ b/samples/oauth2/tonr/pom.xml
@@ -6,7 +6,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.11.RELEASE
+		2.0.12.BUILD-SNAPSHOT
 		../../..
 	
 
diff --git a/samples/pom.xml b/samples/pom.xml
index b4c9dddfd..3bd2bc2bb 100755
--- a/samples/pom.xml
+++ b/samples/pom.xml
@@ -4,7 +4,7 @@
   
     org.springframework.security.oauth
     spring-security-oauth-parent
-    2.0.11.RELEASE
+    2.0.12.BUILD-SNAPSHOT
   
 
   spring-security-oauth-samples
diff --git a/spring-security-oauth/pom.xml b/spring-security-oauth/pom.xml
index ca8e17d14..90da95d41 100644
--- a/spring-security-oauth/pom.xml
+++ b/spring-security-oauth/pom.xml
@@ -4,7 +4,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.11.RELEASE
+		2.0.12.BUILD-SNAPSHOT
 	
 
 	spring-security-oauth
diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml
index a3f62b7c5..9ce7ae128 100644
--- a/spring-security-oauth2/pom.xml
+++ b/spring-security-oauth2/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.11.RELEASE
+		2.0.12.BUILD-SNAPSHOT
 	
 
 	spring-security-oauth2
diff --git a/tests/annotation/approval/pom.xml b/tests/annotation/approval/pom.xml
index 7883242c9..b2e2d4039 100644
--- a/tests/annotation/approval/pom.xml
+++ b/tests/annotation/approval/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.11.RELEASE
+		2.0.12.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/client/pom.xml b/tests/annotation/client/pom.xml
index 04cec13f0..86d42ead7 100644
--- a/tests/annotation/client/pom.xml
+++ b/tests/annotation/client/pom.xml
@@ -11,7 +11,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.11.RELEASE
+		2.0.12.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/common/pom.xml b/tests/annotation/common/pom.xml
index 500487ba8..f006f8905 100644
--- a/tests/annotation/common/pom.xml
+++ b/tests/annotation/common/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.11.RELEASE
+		2.0.12.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/custom-authentication/pom.xml b/tests/annotation/custom-authentication/pom.xml
index b3d1bd2f7..11faee8d8 100644
--- a/tests/annotation/custom-authentication/pom.xml
+++ b/tests/annotation/custom-authentication/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.11.RELEASE
+		2.0.12.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/custom-grant/pom.xml b/tests/annotation/custom-grant/pom.xml
index 3a1a286b8..f6bc0d545 100644
--- a/tests/annotation/custom-grant/pom.xml
+++ b/tests/annotation/custom-grant/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.11.RELEASE
+		2.0.12.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/form/pom.xml b/tests/annotation/form/pom.xml
index 27c956572..d25092d1e 100644
--- a/tests/annotation/form/pom.xml
+++ b/tests/annotation/form/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.11.RELEASE
+		2.0.12.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/jaxb/pom.xml b/tests/annotation/jaxb/pom.xml
index 6cd6feff9..0d417fc34 100644
--- a/tests/annotation/jaxb/pom.xml
+++ b/tests/annotation/jaxb/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.11.RELEASE
+		2.0.12.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/jdbc/pom.xml b/tests/annotation/jdbc/pom.xml
index 975726b27..77ce0e2c6 100644
--- a/tests/annotation/jdbc/pom.xml
+++ b/tests/annotation/jdbc/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.11.RELEASE
+		2.0.12.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/jpa/pom.xml b/tests/annotation/jpa/pom.xml
index 31090eb45..0da9fa1c3 100644
--- a/tests/annotation/jpa/pom.xml
+++ b/tests/annotation/jpa/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.11.RELEASE
+		2.0.12.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/jwt/pom.xml b/tests/annotation/jwt/pom.xml
index 6e86d3f82..090a1e52e 100644
--- a/tests/annotation/jwt/pom.xml
+++ b/tests/annotation/jwt/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.11.RELEASE
+		2.0.12.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/mappings/pom.xml b/tests/annotation/mappings/pom.xml
index c5948ae2e..ac2fdadef 100644
--- a/tests/annotation/mappings/pom.xml
+++ b/tests/annotation/mappings/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.11.RELEASE
+		2.0.12.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/multi/pom.xml b/tests/annotation/multi/pom.xml
index 45ca8fbfd..10274b55e 100644
--- a/tests/annotation/multi/pom.xml
+++ b/tests/annotation/multi/pom.xml
@@ -9,7 +9,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.11.RELEASE
+		2.0.12.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml
index fe01677b2..956d06772 100644
--- a/tests/annotation/pom.xml
+++ b/tests/annotation/pom.xml
@@ -4,7 +4,7 @@
 
 	org.demo
 	spring-oauth2-tests-parent
-	2.0.11.RELEASE
+	2.0.12.BUILD-SNAPSHOT
     pom
 
     
@@ -39,7 +39,7 @@
 		
 			org.springframework.security.oauth
 			spring-security-oauth2
-			2.0.11.RELEASE
+			2.0.12.BUILD-SNAPSHOT
 			
 				
 					jackson-mapper-asl
diff --git a/tests/annotation/resource/pom.xml b/tests/annotation/resource/pom.xml
index caa4fdae1..16399f4c2 100644
--- a/tests/annotation/resource/pom.xml
+++ b/tests/annotation/resource/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.11.RELEASE
+		2.0.12.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/ssl/pom.xml b/tests/annotation/ssl/pom.xml
index 91c4211b6..529cf27eb 100644
--- a/tests/annotation/ssl/pom.xml
+++ b/tests/annotation/ssl/pom.xml
@@ -11,7 +11,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.11.RELEASE
+		2.0.12.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/vanilla/pom.xml b/tests/annotation/vanilla/pom.xml
index 1e05f0ba7..14cee7765 100644
--- a/tests/annotation/vanilla/pom.xml
+++ b/tests/annotation/vanilla/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.11.RELEASE
+		2.0.12.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/pom.xml b/tests/pom.xml
index e62c27980..f29c8f733 100644
--- a/tests/pom.xml
+++ b/tests/pom.xml
@@ -4,7 +4,7 @@
   
     org.springframework.security.oauth
     spring-security-oauth-parent
-    2.0.11.RELEASE
+    2.0.12.BUILD-SNAPSHOT
   
 
   spring-security-oauth-tests
diff --git a/tests/xml/approval/pom.xml b/tests/xml/approval/pom.xml
index 03b778505..183509f4f 100644
--- a/tests/xml/approval/pom.xml
+++ b/tests/xml/approval/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.11.RELEASE
+		2.0.12.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/client/pom.xml b/tests/xml/client/pom.xml
index 515f5a364..568c4d49d 100644
--- a/tests/xml/client/pom.xml
+++ b/tests/xml/client/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.11.RELEASE
+		2.0.12.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/common/pom.xml b/tests/xml/common/pom.xml
index bb6fccd21..d815de8e7 100644
--- a/tests/xml/common/pom.xml
+++ b/tests/xml/common/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.11.RELEASE
+		2.0.12.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/form/pom.xml b/tests/xml/form/pom.xml
index 9e35fc57d..685f58ecb 100644
--- a/tests/xml/form/pom.xml
+++ b/tests/xml/form/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.11.RELEASE
+		2.0.12.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/jdbc/pom.xml b/tests/xml/jdbc/pom.xml
index 389f30919..d1e50d94b 100644
--- a/tests/xml/jdbc/pom.xml
+++ b/tests/xml/jdbc/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.11.RELEASE
+		2.0.12.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/jwt/pom.xml b/tests/xml/jwt/pom.xml
index a28da5ff6..600d8a782 100644
--- a/tests/xml/jwt/pom.xml
+++ b/tests/xml/jwt/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.11.RELEASE
+		2.0.12.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/mappings/pom.xml b/tests/xml/mappings/pom.xml
index 8e701d537..d4d0bf86d 100644
--- a/tests/xml/mappings/pom.xml
+++ b/tests/xml/mappings/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.11.RELEASE
+		2.0.12.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml
index a485df7f2..fddcd6de1 100644
--- a/tests/xml/pom.xml
+++ b/tests/xml/pom.xml
@@ -4,7 +4,7 @@
 
 	org.demo
 	spring-oauth2-tests-xml-parent
-	2.0.11.RELEASE
+	2.0.12.BUILD-SNAPSHOT
     pom
 
     
@@ -33,7 +33,7 @@
 		
 			org.springframework.security.oauth
 			spring-security-oauth2
-			2.0.11.RELEASE
+			2.0.12.BUILD-SNAPSHOT
 			
 				
 					jackson-mapper-asl
diff --git a/tests/xml/vanilla/pom.xml b/tests/xml/vanilla/pom.xml
index d6ca2ad0b..e9e1ef6f0 100644
--- a/tests/xml/vanilla/pom.xml
+++ b/tests/xml/vanilla/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.11.RELEASE
+		2.0.12.BUILD-SNAPSHOT
 	
 
 	

From ec215f79f4f73f8bb5d4b8a3ff9abe15b3335866 Mon Sep 17 00:00:00 2001
From: Chris Cooney 
Date: Wed, 24 Aug 2016 08:38:18 +0100
Subject: [PATCH 044/345] Added warning message to the RemoteTokenServices

When attempting to use a null client ID or client secret
we now send a warning log message

Fixes gh-829
---
 .../oauth2/provider/token/RemoteTokenServices.java  | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/RemoteTokenServices.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/RemoteTokenServices.java
index b2b059fdf..e0ba9c525 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/RemoteTokenServices.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/RemoteTokenServices.java
@@ -1,5 +1,5 @@
 /*******************************************************************************
- *     Cloud Foundry 
+ *     Cloud Foundry
  *     Copyright (c) [2009-2014] Pivotal Software, Inc. All Rights Reserved.
  *
  *     This product is licensed to you under the Apache License, Version 2.0 (the "License").
@@ -37,12 +37,12 @@
 
 /**
  * Queries the /check_token endpoint to obtain the contents of an access token.
- * 
+ *
  * If the endpoint returns a 400 response, this indicates that the token is invalid.
- * 
+ *
  * @author Dave Syer
  * @author Luke Taylor
- * 
+ *
  */
 public class RemoteTokenServices implements ResourceServerTokenServices {
 
@@ -121,6 +121,11 @@ public OAuth2AccessToken readAccessToken(String accessToken) {
 	}
 
 	private String getAuthorizationHeader(String clientId, String clientSecret) {
+
+		if(clientId == null || clientSecret == null) {
+			logger.warn("Null Client ID or Client Secret detected. Endpoint that requires authentication will reject request with 401 error.");
+		}
+
 		String creds = String.format("%s:%s", clientId, clientSecret);
 		try {
 			return "Basic " + new String(Base64.encode(creds.getBytes("UTF-8")));

From 37f1420e0c9a69979daba7b3e456b7812882254c Mon Sep 17 00:00:00 2001
From: Dave Syer 
Date: Thu, 22 Sep 2016 13:08:28 +0100
Subject: [PATCH 045/345] Switch @Configuration to @Component

Prevents WARN log from Spring on startup, but otherwise has no
functional impact.

Fixes gh-809
---
 .../AuthorizationServerEndpointsConfiguration.java             | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerEndpointsConfiguration.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerEndpointsConfiguration.java
index ff5aff874..2fc3e63c2 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerEndpointsConfiguration.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerEndpointsConfiguration.java
@@ -49,6 +49,7 @@
 import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
 import org.springframework.security.oauth2.provider.token.ConsumerTokenServices;
 import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
+import org.springframework.stereotype.Component;
 
 /**
  * @author Dave Syer
@@ -192,7 +193,7 @@ private String extractPath(FrameworkEndpointHandlerMapping mapping, String page)
 		return "forward:" + path;
 	}
 
-	@Configuration
+	@Component
 	protected static class TokenKeyEndpointRegistrar implements BeanDefinitionRegistryPostProcessor {
 
 		private BeanDefinitionRegistry registry;

From 3861cb54ff6fad6e91d361c7ebf8cd2e2275aa36 Mon Sep 17 00:00:00 2001
From: Dave Syer 
Date: Thu, 22 Sep 2016 13:51:42 +0100
Subject: [PATCH 046/345] Add docker-compose.yml for redis tests

---
 docker-compose.yml | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 docker-compose.yml

diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 000000000..e5a62d0ef
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,4 @@
+redis:
+  image: redis
+  ports:
+    - "6379:6379"

From fdb83727f28c59664b2b05aa7d90f9c6f1fc6d17 Mon Sep 17 00:00:00 2001
From: Dave Syer 
Date: Thu, 22 Sep 2016 13:51:49 +0100
Subject: [PATCH 047/345] Use incoming refresh token if it exists, otherwise
 revert to old one

Before this change the old refresh token was always retained after using
it, discarding a new value that might be coming in from the auth server.
Mostly clients that use Spring Security auth servers wouldn't notice
because the reuseRefreshTokens flag is true by default in the server.

Fixes gh-816
---
 .../token/AccessTokenProviderChain.java       | 51 +++++++----
 .../token/AccessTokenProviderChainTests.java  | 88 ++++++++++++++-----
 2 files changed, 100 insertions(+), 39 deletions(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChain.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChain.java
index 3b4871ade..c020badbf 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChain.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChain.java
@@ -32,22 +32,23 @@
 import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
 
 /**
- * A chain of OAuth2 access token providers. This implementation will iterate through its chain to find the first
- * provider that supports the resource and use it to obtain the access token. Note that the order of the chain is
- * relevant.
+ * A chain of OAuth2 access token providers. This implementation will iterate through its
+ * chain to find the first provider that supports the resource and use it to obtain the
+ * access token. Note that the order of the chain is relevant.
  * 
  * @author Ryan Heaton
  * @author Dave Syer
  */
-public class AccessTokenProviderChain extends OAuth2AccessTokenSupport implements AccessTokenProvider {
+public class AccessTokenProviderChain extends OAuth2AccessTokenSupport
+		implements AccessTokenProvider {
 
 	private final List chain;
 
 	private ClientTokenServices clientTokenServices;
 
 	public AccessTokenProviderChain(List chain) {
-		this.chain = chain == null ? Collections. emptyList() : Collections
-				.unmodifiableList(chain);
+		this.chain = chain == null ? Collections. emptyList()
+				: Collections.unmodifiableList(chain);
 	}
 
 	/**
@@ -77,7 +78,8 @@ public boolean supportsRefresh(OAuth2ProtectedResourceDetails resource) {
 		return false;
 	}
 
-	public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails resource, AccessTokenRequest request)
+	public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails resource,
+			AccessTokenRequest request)
 			throws UserRedirectRequiredException, AccessDeniedException {
 
 		OAuth2AccessToken accessToken = null;
@@ -119,19 +121,22 @@ public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails resour
 			accessToken = obtainNewAccessTokenInternal(resource, request);
 
 			if (accessToken == null) {
-				throw new IllegalStateException("An OAuth 2 access token must be obtained or an exception thrown.");
+				throw new IllegalStateException(
+						"An OAuth 2 access token must be obtained or an exception thrown.");
 			}
 		}
 
-		if (clientTokenServices != null && (resource.isClientOnly() || auth != null && auth.isAuthenticated())) {
+		if (clientTokenServices != null
+				&& (resource.isClientOnly() || auth != null && auth.isAuthenticated())) {
 			clientTokenServices.saveAccessToken(resource, auth, accessToken);
 		}
 
 		return accessToken;
 	}
 
-	protected OAuth2AccessToken obtainNewAccessTokenInternal(OAuth2ProtectedResourceDetails details,
-			AccessTokenRequest request) throws UserRedirectRequiredException, AccessDeniedException {
+	protected OAuth2AccessToken obtainNewAccessTokenInternal(
+			OAuth2ProtectedResourceDetails details, AccessTokenRequest request)
+			throws UserRedirectRequiredException, AccessDeniedException {
 
 		if (request.isError()) {
 			// there was an oauth error...
@@ -144,8 +149,10 @@ protected OAuth2AccessToken obtainNewAccessTokenInternal(OAuth2ProtectedResource
 			}
 		}
 
-		throw new OAuth2AccessDeniedException("Unable to obtain a new access token for resource '" + details.getId()
-				+ "'. The provider manager is not configured to support it.", details);
+		throw new OAuth2AccessDeniedException(
+				"Unable to obtain a new access token for resource '" + details.getId()
+						+ "'. The provider manager is not configured to support it.",
+				details);
 	}
 
 	/**
@@ -157,18 +164,24 @@ protected OAuth2AccessToken obtainNewAccessTokenInternal(OAuth2ProtectedResource
 	 * @throws UserRedirectRequiredException
 	 */
 	public OAuth2AccessToken refreshAccessToken(OAuth2ProtectedResourceDetails resource,
-			OAuth2RefreshToken refreshToken, AccessTokenRequest request) throws UserRedirectRequiredException {
+			OAuth2RefreshToken refreshToken, AccessTokenRequest request)
+			throws UserRedirectRequiredException {
 		for (AccessTokenProvider tokenProvider : chain) {
 			if (tokenProvider.supportsRefresh(resource)) {
 				DefaultOAuth2AccessToken refreshedAccessToken = new DefaultOAuth2AccessToken(
-						tokenProvider.refreshAccessToken(resource, refreshToken, request));
-				// Fixes gh-712
-				refreshedAccessToken.setRefreshToken(refreshToken);
+						tokenProvider.refreshAccessToken(resource, refreshToken,
+								request));
+				if (refreshedAccessToken.getRefreshToken() == null) {
+					// Fixes gh-712
+					refreshedAccessToken.setRefreshToken(refreshToken);
+				}
 				return refreshedAccessToken;
 			}
 		}
-		throw new OAuth2AccessDeniedException("Unable to obtain a new access token for resource '" + resource.getId()
-				+ "'. The provider manager is not configured to support it.", resource);
+		throw new OAuth2AccessDeniedException(
+				"Unable to obtain a new access token for resource '" + resource.getId()
+						+ "'. The provider manager is not configured to support it.",
+				resource);
 	}
 
 }
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChainTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChainTests.java
index 31647c27d..a3b04a25d 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChainTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChainTests.java
@@ -159,8 +159,8 @@ public void testSunnyDayWIthExpiredTokenAndValidRefreshToken() throws Exception
 	public void testSunnyDayWIthExpiredTokenAndExpiredRefreshToken() throws Exception {
 		AccessTokenProviderChain chain = new AccessTokenProviderChain(Arrays.asList(new StubAccessTokenProvider()));
 		accessToken.setExpiration(new Date(System.currentTimeMillis() - 1000));
-		DefaultOAuth2RefreshToken refreshToken = new DefaultExpiringOAuth2RefreshToken("EXP", new Date(
-				System.currentTimeMillis() - 1000));
+		DefaultOAuth2RefreshToken refreshToken = new DefaultExpiringOAuth2RefreshToken("EXP",
+				new Date(System.currentTimeMillis() - 1000));
 		accessToken.setRefreshToken(refreshToken);
 		AccessTokenRequest request = new DefaultAccessTokenRequest();
 		request.setExistingToken(accessToken);
@@ -175,14 +175,15 @@ public void testMissingSecurityContext() throws Exception {
 		AccessTokenRequest request = new DefaultAccessTokenRequest();
 		OAuth2AccessToken token = chain.obtainAccessToken(resource, request);
 		assertNotNull(token);
-		// If there is no authentication to store it with a token is still acquired if possible
+		// If there is no authentication to store it with a token is still acquired if
+		// possible
 	}
 
 	@Test(expected = InsufficientAuthenticationException.class)
 	public void testAnonymousUser() throws Exception {
 		AccessTokenProviderChain chain = new AccessTokenProviderChain(Arrays.asList(new StubAccessTokenProvider()));
-		SecurityContextHolder.getContext().setAuthentication(
-				new AnonymousAuthenticationToken("foo", "bar", user.getAuthorities()));
+		SecurityContextHolder.getContext()
+				.setAuthentication(new AnonymousAuthenticationToken("foo", "bar", user.getAuthorities()));
 		AccessTokenRequest request = new DefaultAccessTokenRequest();
 		OAuth2AccessToken token = chain.obtainAccessToken(resource, request);
 		assertNotNull(token);
@@ -202,23 +203,55 @@ public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails detail
 		assertNotNull(token);
 	}
 
-	// gh-712
 	@Test
-	public void testRefreshAccessTokenTwicePreserveRefreshToken() throws Exception {
+	public void testRefreshAccessTokenReplacingNullValue() throws Exception {
+		DefaultOAuth2AccessToken accessToken = getExpiredToken();
+		DefaultOAuth2AccessToken refreshedAccessToken = new DefaultOAuth2AccessToken("refreshed-access-token");
+		AccessTokenProviderChain chain = getTokenProvider(accessToken, refreshedAccessToken);
+
+		SecurityContextHolder.getContext().setAuthentication(user);
+
+		// Obtain a new Access Token
+		AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
+		AccessTokenRequest request = new DefaultAccessTokenRequest();
+		OAuth2AccessToken newAccessToken = chain.refreshAccessToken(resource, accessToken.getRefreshToken(), request);
+		// gh-712
+		assertEquals(newAccessToken.getRefreshToken(), accessToken.getRefreshToken());
+	}
+
+	@Test
+	public void testRefreshAccessTokenKeepingOldValue() throws Exception {
+		DefaultOAuth2AccessToken accessToken = getExpiredToken();
+		DefaultOAuth2AccessToken refreshedAccessToken = new DefaultOAuth2AccessToken("refreshed-access-token");
+		refreshedAccessToken.setRefreshToken(new DefaultOAuth2RefreshToken("other-refresh-token"));
+		AccessTokenProviderChain chain = getTokenProvider(accessToken, refreshedAccessToken);
+
+		SecurityContextHolder.getContext().setAuthentication(user);
+
+		// Obtain a new Access Token
+		AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
+		AccessTokenRequest request = new DefaultAccessTokenRequest();
+		OAuth2AccessToken newAccessToken = chain.refreshAccessToken(resource, accessToken.getRefreshToken(), request);
+		// gh-816
+		assertEquals(newAccessToken.getRefreshToken(), refreshedAccessToken.getRefreshToken());
+	}
+
+	private DefaultOAuth2AccessToken getExpiredToken() {
 		Calendar tokenExpiry = Calendar.getInstance();
 		DefaultOAuth2AccessToken accessToken = new DefaultOAuth2AccessToken("access-token");
 		accessToken.setExpiration(tokenExpiry.getTime());
 		accessToken.setRefreshToken(new DefaultOAuth2RefreshToken("refresh-token"));
+		return accessToken;
+	}
+
+	// gh-712
+	@Test
+	public void testRefreshAccessTokenTwicePreserveRefreshToken() throws Exception {
+		DefaultOAuth2AccessToken accessToken = getExpiredToken();
 		DefaultOAuth2AccessToken expectedRefreshedAccessToken = new DefaultOAuth2AccessToken("refreshed-access-token");
-		expectedRefreshedAccessToken.setExpiration(tokenExpiry.getTime());
+		expectedRefreshedAccessToken.setExpiration(accessToken.getExpiration());
 
-		AccessTokenProvider accessTokenProvider = new AuthorizationCodeAccessTokenProvider();
-		accessTokenProvider = spy(accessTokenProvider);
-		doReturn(accessToken).when(accessTokenProvider).obtainAccessToken(
-				any(OAuth2ProtectedResourceDetails.class), any(AccessTokenRequest.class));
-		doReturn(expectedRefreshedAccessToken).when(accessTokenProvider).refreshAccessToken(
-				any(OAuth2ProtectedResourceDetails.class), any(OAuth2RefreshToken.class), any(AccessTokenRequest.class));
-		AccessTokenProviderChain chain = new AccessTokenProviderChain(Arrays.asList(accessTokenProvider));
+		AccessTokenProviderChain chain = getTokenProvider(accessToken, expectedRefreshedAccessToken);
 
 		SecurityContextHolder.getContext().setAuthentication(user);
 
@@ -229,9 +262,10 @@ public void testRefreshAccessTokenTwicePreserveRefreshToken() throws Exception {
 		assertEquals(accessToken, tokenResult);
 
 		// Obtain the 1st Refreshed Access Token
+		Calendar tokenExpiry = Calendar.getInstance();
 		tokenExpiry.setTime(tokenResult.getExpiration());
 		tokenExpiry.add(Calendar.MINUTE, -1);
-		DefaultOAuth2AccessToken.class.cast(tokenResult).setExpiration(tokenExpiry.getTime());		// Expire
+		DefaultOAuth2AccessToken.class.cast(tokenResult).setExpiration(tokenExpiry.getTime()); // Expire
 		request = new DefaultAccessTokenRequest();
 		request.setExistingToken(tokenResult);
 		tokenResult = chain.obtainAccessToken(resource, request);
@@ -240,16 +274,29 @@ public void testRefreshAccessTokenTwicePreserveRefreshToken() throws Exception {
 		// Obtain the 2nd Refreshed Access Token
 		tokenExpiry.setTime(tokenResult.getExpiration());
 		tokenExpiry.add(Calendar.MINUTE, -1);
-		DefaultOAuth2AccessToken.class.cast(tokenResult).setExpiration(tokenExpiry.getTime());		// Expire
+		DefaultOAuth2AccessToken.class.cast(tokenResult).setExpiration(tokenExpiry.getTime()); // Expire
 		request = new DefaultAccessTokenRequest();
 		request.setExistingToken(tokenResult);
 		tokenResult = chain.obtainAccessToken(resource, request);
 		assertEquals(expectedRefreshedAccessToken, tokenResult);
 	}
 
+	private AccessTokenProviderChain getTokenProvider(DefaultOAuth2AccessToken accessToken,
+			DefaultOAuth2AccessToken refreshedAccessToken) {
+		AccessTokenProvider accessTokenProvider = new AuthorizationCodeAccessTokenProvider();
+		accessTokenProvider = spy(accessTokenProvider);
+		doReturn(accessToken).when(accessTokenProvider).obtainAccessToken(any(OAuth2ProtectedResourceDetails.class),
+				any(AccessTokenRequest.class));
+		doReturn(refreshedAccessToken).when(accessTokenProvider).refreshAccessToken(
+				any(OAuth2ProtectedResourceDetails.class), any(OAuth2RefreshToken.class),
+				any(AccessTokenRequest.class));
+		AccessTokenProviderChain chain = new AccessTokenProviderChain(Arrays.asList(accessTokenProvider));
+		return chain;
+	}
+
 	private class StubAccessTokenProvider implements AccessTokenProvider {
-		public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails details, AccessTokenRequest parameters)
-				throws UserRedirectRequiredException, AccessDeniedException {
+		public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails details,
+				AccessTokenRequest parameters) throws UserRedirectRequiredException, AccessDeniedException {
 			return accessToken;
 		}
 
@@ -260,7 +307,8 @@ public boolean supportsRefresh(OAuth2ProtectedResourceDetails resource) {
 		public OAuth2AccessToken refreshAccessToken(OAuth2ProtectedResourceDetails resource,
 				OAuth2RefreshToken refreshToken, AccessTokenRequest request) throws UserRedirectRequiredException {
 			if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
-				if (((ExpiringOAuth2RefreshToken) refreshToken).getExpiration().getTime() < System.currentTimeMillis()) {
+				if (((ExpiringOAuth2RefreshToken) refreshToken).getExpiration().getTime() < System
+						.currentTimeMillis()) {
 					// this is what a real provider would do (re-throw a remote exception)
 					throw new InvalidTokenException("Expired refresh token");
 				}

From f165cc6f93af697d773d4bbf3023aec671b3e95d Mon Sep 17 00:00:00 2001
From: Dave Syer 
Date: Fri, 23 Sep 2016 11:02:22 +0100
Subject: [PATCH 048/345] Fix repositories in samples

---
 samples/oauth/sparklr/pom.xml  | 11 +++--------
 samples/oauth/tonr/pom.xml     | 11 +++--------
 samples/oauth2/sparklr/pom.xml | 15 +++------------
 samples/oauth2/tonr/pom.xml    | 11 +++--------
 4 files changed, 12 insertions(+), 36 deletions(-)

diff --git a/samples/oauth/sparklr/pom.xml b/samples/oauth/sparklr/pom.xml
index 22324b9a3..843696d4d 100644
--- a/samples/oauth/sparklr/pom.xml
+++ b/samples/oauth/sparklr/pom.xml
@@ -45,14 +45,9 @@
 
 	
 		
-			spring-milestone
-			Spring Framework Milestone Repository
-			http://maven.springframework.org/milestone
-		
-		
-			spring-release
-			Spring Framework Release Repository
-			http://maven.springframework.org/release
+			spring
+			Spring Framework Repository
+			http://repo.spring.io/libs-snapshot
 		
 	
 
diff --git a/samples/oauth/tonr/pom.xml b/samples/oauth/tonr/pom.xml
index 0c8263482..699248961 100644
--- a/samples/oauth/tonr/pom.xml
+++ b/samples/oauth/tonr/pom.xml
@@ -49,14 +49,9 @@
 
 	
 		
-			spring-milestone
-			Spring Framework Milestone Repository
-			http://maven.springframework.org/milestone
-		
-		
-			spring-release
-			Spring Framework Release Repository
-			http://maven.springframework.org/release
+			spring
+			Spring Framework Repository
+			http://repo.spring.io/libs-snapshot
 		
 	
 
diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml
index e8f6576b1..c82e4cba3 100644
--- a/samples/oauth2/sparklr/pom.xml
+++ b/samples/oauth2/sparklr/pom.xml
@@ -97,18 +97,9 @@
 
 	
 		
-			spring-milestone
-			Spring Framework Milestone Repository
-			http://maven.springframework.org/milestone
-		
-		
-			spring-release
-			Spring Framework Release Repository
-			http://maven.springframework.org/release
-		
-		
-			java.net
-			http://download.java.net/maven/2
+			spring
+			Spring Framework Repository
+			http://repo.spring.io/libs-snapshot
 		
 	
 
diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml
index b4cff298e..bb4333cf2 100644
--- a/samples/oauth2/tonr/pom.xml
+++ b/samples/oauth2/tonr/pom.xml
@@ -108,14 +108,9 @@
 
 	
 		
-			spring-milestone
-			Spring Framework Milestone Repository
-			http://maven.springframework.org/milestone
-		
-		
-			spring-release
-			Spring Framework Release Repository
-			http://maven.springframework.org/release
+			spring
+			Spring Framework Repository
+			http://repo.spring.io/libs-snapshot
 		
 	
 

From c4c2a80bde3c9591b1a9810ce393171f468ff579 Mon Sep 17 00:00:00 2001
From: RobertRad 
Date: Sun, 25 Sep 2016 22:31:42 +0200
Subject: [PATCH 049/345] Parameter 'scopePrefix' is used in all methods.
 (#540)

---
 .../provider/approval/ApprovalStoreUserApprovalHandler.java   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/ApprovalStoreUserApprovalHandler.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/ApprovalStoreUserApprovalHandler.java
index 0a4a6b888..cc29844d2 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/ApprovalStoreUserApprovalHandler.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/ApprovalStoreUserApprovalHandler.java
@@ -232,12 +232,12 @@ public Map getUserApprovalRequest(AuthorizationRequest authoriza
 		model.putAll(authorizationRequest.getRequestParameters());
 		Map scopes = new LinkedHashMap();
 		for (String scope : authorizationRequest.getScope()) {
-			scopes.put(OAuth2Utils.SCOPE_PREFIX + scope, "false");
+			scopes.put(scopePrefix + scope, "false");
 		}
 		for (Approval approval : approvalStore.getApprovals(userAuthentication.getName(),
 				authorizationRequest.getClientId())) {
 			if (authorizationRequest.getScope().contains(approval.getScope())) {
-				scopes.put(OAuth2Utils.SCOPE_PREFIX + approval.getScope(),
+				scopes.put(scopePrefix + approval.getScope(),
 						approval.getStatus() == ApprovalStatus.APPROVED ? "true" : "false");
 			}
 		}

From f7cef65e03033297672936e4f5f4ce2dbb230819 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Mon, 10 Oct 2016 14:25:28 -0400
Subject: [PATCH 050/345] OAuth2ErrorHandler correctly handles 'access_denied'

Fixes gh-875
---
 .../client/http/OAuth2ErrorHandler.java       | 33 ++++++++--------
 .../client/http/OAuth2ErrorHandlerTests.java  | 38 ++++++++++++++++---
 2 files changed, 50 insertions(+), 21 deletions(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorHandler.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorHandler.java
index eb7907682..288b1aadf 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorHandler.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorHandler.java
@@ -15,26 +15,24 @@
  */
 package org.springframework.security.oauth2.client.http;
 
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.List;
-import java.util.Map;
-
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.client.ClientHttpResponse;
 import org.springframework.http.converter.HttpMessageConverter;
+import org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException;
 import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
 import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
+import org.springframework.security.oauth2.common.exceptions.UserDeniedAuthorizationException;
 import org.springframework.util.FileCopyUtils;
-import org.springframework.web.client.DefaultResponseErrorHandler;
-import org.springframework.web.client.HttpMessageConverterExtractor;
-import org.springframework.web.client.ResponseErrorHandler;
-import org.springframework.web.client.RestClientException;
-import org.springframework.web.client.RestTemplate;
+import org.springframework.web.client.*;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.List;
+import java.util.Map;
 
 /**
  * Error handler specifically for an oauth 2 response.
@@ -127,11 +125,16 @@ public int getRawStatusCode() throws IOException {
 				HttpMessageConverterExtractor extractor = new HttpMessageConverterExtractor(
 						OAuth2Exception.class, messageConverters);
 				try {
-					OAuth2Exception body = extractor.extractData(bufferedResponse);
-					if (body != null) {
-						// If we can get an OAuth2Exception already from the body, it is likely to have more information
+					OAuth2Exception oauth2Exception = extractor.extractData(bufferedResponse);
+					if (oauth2Exception != null) {
+						// gh-875
+						if (oauth2Exception.getClass() == UserDeniedAuthorizationException.class &&
+								bufferedResponse.getStatusCode().equals(HttpStatus.FORBIDDEN)) {
+							oauth2Exception = new OAuth2AccessDeniedException(oauth2Exception.getMessage());
+						}
+						// If we can get an OAuth2Exception, it is likely to have more information
 						// than the header does, so just re-throw it here.
-						throw body;
+						throw oauth2Exception;
 					}
 				}
 				catch (RestClientException e) {
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorHandlerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorHandlerTests.java
index 891bad74c..b5a6ded5b 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorHandlerTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorHandlerTests.java
@@ -16,12 +16,6 @@
 
 package org.springframework.security.oauth2.client.http;
 
-import static org.mockito.Mockito.when;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-
 import org.junit.Assert;
 import org.junit.Rule;
 import org.junit.Test;
@@ -34,11 +28,19 @@
 import org.springframework.http.MediaType;
 import org.springframework.http.client.ClientHttpResponse;
 import org.springframework.security.oauth2.client.resource.BaseOAuth2ProtectedResourceDetails;
+import org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException;
+import org.springframework.security.oauth2.common.exceptions.UserDeniedAuthorizationException;
 import org.springframework.web.client.DefaultResponseErrorHandler;
 import org.springframework.web.client.HttpClientErrorException;
 import org.springframework.web.client.HttpServerErrorException;
 import org.springframework.web.client.ResponseErrorHandler;
 
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+import static org.mockito.Mockito.when;
+
 /**
  * @author Dave Syer
  * @author Rob Winch
@@ -229,4 +231,28 @@ public void testHandleErrorWithMissingHeader() throws IOException {
 		expected.expect(HttpClientErrorException.class);
 		handler.handleError(response);
 	}
+
+	// gh-875
+	@Test
+	public void testHandleErrorWhenAccessDeniedMessageAndStatus400ThenThrowsUserDeniedAuthorizationException() throws Exception {
+		String accessDeniedMessage = "{\"error\":\"access_denied\", \"error_description\":\"some error message\"}";
+		ByteArrayInputStream messageBody = new ByteArrayInputStream(accessDeniedMessage.getBytes());
+		HttpHeaders headers = new HttpHeaders();
+		headers.setContentType(MediaType.APPLICATION_JSON);
+		ClientHttpResponse response = new TestClientHttpResponse(headers, 400, messageBody);
+		expected.expect(UserDeniedAuthorizationException.class);
+		handler.handleError(response);
+	}
+
+	// gh-875
+	@Test
+	public void testHandleErrorWhenAccessDeniedMessageAndStatus403ThenThrowsOAuth2AccessDeniedException() throws Exception {
+		String accessDeniedMessage = "{\"error\":\"access_denied\", \"error_description\":\"some error message\"}";
+		ByteArrayInputStream messageBody = new ByteArrayInputStream(accessDeniedMessage.getBytes());
+		HttpHeaders headers = new HttpHeaders();
+		headers.setContentType(MediaType.APPLICATION_JSON);
+		ClientHttpResponse response = new TestClientHttpResponse(headers, 403, messageBody);
+		expected.expect(OAuth2AccessDeniedException.class);
+		handler.handleError(response);
+	}
 }

From fb1686e1fff7e57e07e966a27da0a3926136bf64 Mon Sep 17 00:00:00 2001
From: Dave Syer 
Date: Tue, 11 Oct 2016 16:19:20 +0100
Subject: [PATCH 051/345] Verify that public methods can be called

---
 .../provider/test/OAuth2RequestTests.java     | 87 +++++++++++++++++++
 1 file changed, 87 insertions(+)
 create mode 100644 spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/test/OAuth2RequestTests.java

diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/test/OAuth2RequestTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/test/OAuth2RequestTests.java
new file mode 100644
index 000000000..886efe82d
--- /dev/null
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/test/OAuth2RequestTests.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 20013-2014 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package org.springframework.security.oauth2.provider.test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotSame;
+
+import java.io.Serializable;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.oauth2.common.util.OAuth2Utils;
+import org.springframework.security.oauth2.provider.OAuth2Request;
+import org.springframework.security.oauth2.provider.RequestTokenFactory;
+
+/**
+ * @author Dave Syer
+ *
+ */
+public class OAuth2RequestTests {
+
+	private Map parameters;
+
+	@Before
+	public void prepare() {
+		parameters = new HashMap();
+		parameters.put("client_id", "theClient");
+	}
+
+	@Test
+	public void testBaseMethods() throws Exception {
+		parameters.put("response_type", "token");
+		OAuth2Request authorizationRequest = createFromParameters(parameters);
+		assertEquals("theClient", authorizationRequest.getClientId());
+	}
+
+	@Test
+	public void testImplicitGrantType() throws Exception {
+		parameters.put("response_type", "token");
+		OAuth2Request authorizationRequest = createFromParameters(parameters);
+		assertEquals("implicit", authorizationRequest.getGrantType());
+	}
+
+	@Test
+	public void testOtherGrantType() throws Exception {
+		parameters.put("grant_type", "password");
+		OAuth2Request authorizationRequest = createFromParameters(parameters);
+		assertEquals("password", authorizationRequest.getGrantType());
+	}
+
+	// gh-724
+	@Test
+	public void testResourceIdsConstructorAssignment() {
+		Set resourceIds = new HashSet(Arrays.asList("resourceId-1", "resourceId-2"));
+		OAuth2Request request = new OAuth2Request(
+				Collections.emptyMap(), "clientId", Collections.emptyList(),
+				false, Collections.emptySet(), resourceIds, "redirectUri", Collections.emptySet(),
+				Collections.emptyMap());
+		assertNotSame("resourceIds are the same", resourceIds, request.getResourceIds());
+	}
+
+	private OAuth2Request createFromParameters(Map parameters) {
+		OAuth2Request request = RequestTokenFactory.createOAuth2Request(parameters,
+				parameters.get(OAuth2Utils.CLIENT_ID), false,
+				OAuth2Utils.parseParameterList(parameters.get(OAuth2Utils.SCOPE)));
+		return request;
+	}
+
+}

From 12b8c1c6f8339dffdfb5e73a8236e71524d5351b Mon Sep 17 00:00:00 2001
From: Dave Syer 
Date: Tue, 11 Oct 2016 16:19:27 +0100
Subject: [PATCH 052/345] Add setters for signer and verifier in
 JwtAccessTokenConverter

This is an escape hatch for users that need to set up specialized
signer and verifier, e.g. with RSA and a non-default algorithm.

Fixes gh-870
---
 .../token/store/JwtAccessTokenConverter.java  | 66 +++++++++++--------
 ...AuthorizationServerConfigurationTests.java | 35 ++++++++++
 2 files changed, 73 insertions(+), 28 deletions(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtAccessTokenConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtAccessTokenConverter.java
index 91867d15f..fe0c5cf0a 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtAccessTokenConverter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtAccessTokenConverter.java
@@ -59,8 +59,7 @@
  * @author Dave Syer
  * @author Luke Taylor
  */
-public class JwtAccessTokenConverter implements TokenEnhancer, AccessTokenConverter,
-		InitializingBean {
+public class JwtAccessTokenConverter implements TokenEnhancer, AccessTokenConverter, InitializingBean {
 
 	/**
 	 * Field name for token id.
@@ -101,8 +100,7 @@ public AccessTokenConverter getAccessTokenConverter() {
 	}
 
 	@Override
-	public Map convertAccessToken(OAuth2AccessToken token,
-			OAuth2Authentication authentication) {
+	public Map convertAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) {
 		return tokenConverter.convertAccessToken(token, authentication);
 	}
 
@@ -116,6 +114,24 @@ public OAuth2Authentication extractAuthentication(Map map) {
 		return tokenConverter.extractAuthentication(map);
 	}
 
+	/**
+	 * Unconditionally set the verifier (the verifer key is then ignored).
+	 * 
+	 * @param verifier the value to use
+	 */
+	public void setVerifier(SignatureVerifier verifier) {
+		this.verifier = verifier;
+	}
+
+	/**
+	 * Unconditionally set the signer to use (if needed). The signer key is then ignored.
+	 * 
+	 * @param signer the value to use
+	 */
+	public void setSigner(Signer signer) {
+		this.signer = signer;
+	}
+
 	/**
 	 * Get the verification key for the token signatures.
 	 * 
@@ -134,8 +150,7 @@ public void setKeyPair(KeyPair keyPair) {
 		signer = new RsaSigner((RSAPrivateKey) privateKey);
 		RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
 		verifier = new RsaVerifier(publicKey);
-		verifierKey = "-----BEGIN PUBLIC KEY-----\n"
-				+ new String(Base64.encode(publicKey.getEncoded()))
+		verifierKey = "-----BEGIN PUBLIC KEY-----\n" + new String(Base64.encode(publicKey.getEncoded()))
 				+ "\n-----END PUBLIC KEY-----";
 	}
 
@@ -190,19 +205,16 @@ public void setVerifierKey(String key) {
 		this.verifierKey = key;
 		try {
 			new RsaSigner(verifierKey);
-			throw new IllegalArgumentException(
-					"Private key cannot be set as verifierKey property");
+			throw new IllegalArgumentException("Private key cannot be set as verifierKey property");
 		}
 		catch (Exception expected) {
 			// Expected
 		}
 	}
 
-	public OAuth2AccessToken enhance(OAuth2AccessToken accessToken,
-			OAuth2Authentication authentication) {
+	public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
 		DefaultOAuth2AccessToken result = new DefaultOAuth2AccessToken(accessToken);
-		Map info = new LinkedHashMap(
-				accessToken.getAdditionalInformation());
+		Map info = new LinkedHashMap(accessToken.getAdditionalInformation());
 		String tokenId = result.getValue();
 		if (!info.containsKey(TOKEN_ID)) {
 			info.put(TOKEN_ID, tokenId);
@@ -214,14 +226,13 @@ public OAuth2AccessToken enhance(OAuth2AccessToken accessToken,
 		result.setValue(encode(result, authentication));
 		OAuth2RefreshToken refreshToken = result.getRefreshToken();
 		if (refreshToken != null) {
-			DefaultOAuth2AccessToken encodedRefreshToken = new DefaultOAuth2AccessToken(
-					accessToken);
+			DefaultOAuth2AccessToken encodedRefreshToken = new DefaultOAuth2AccessToken(accessToken);
 			encodedRefreshToken.setValue(refreshToken.getValue());
 			// Refresh tokens do not expire unless explicitly of the right type
 			encodedRefreshToken.setExpiration(null);
 			try {
-				Map claims = objectMapper.parseMap(JwtHelper.decode(
-						refreshToken.getValue()).getClaims());
+				Map claims = objectMapper
+						.parseMap(JwtHelper.decode(refreshToken.getValue()).getClaims());
 				if (claims.containsKey(TOKEN_ID)) {
 					encodedRefreshToken.setValue(claims.get(TOKEN_ID).toString());
 				}
@@ -233,14 +244,12 @@ public OAuth2AccessToken enhance(OAuth2AccessToken accessToken,
 			refreshTokenInfo.put(TOKEN_ID, encodedRefreshToken.getValue());
 			refreshTokenInfo.put(ACCESS_TOKEN_ID, tokenId);
 			encodedRefreshToken.setAdditionalInformation(refreshTokenInfo);
-			DefaultOAuth2RefreshToken token = new DefaultOAuth2RefreshToken(encode(
-					encodedRefreshToken, authentication));
+			DefaultOAuth2RefreshToken token = new DefaultOAuth2RefreshToken(
+					encode(encodedRefreshToken, authentication));
 			if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
-				Date expiration = ((ExpiringOAuth2RefreshToken) refreshToken)
-						.getExpiration();
+				Date expiration = ((ExpiringOAuth2RefreshToken) refreshToken).getExpiration();
 				encodedRefreshToken.setExpiration(expiration);
-				token = new DefaultExpiringOAuth2RefreshToken(encode(encodedRefreshToken,
-						authentication), expiration);
+				token = new DefaultExpiringOAuth2RefreshToken(encode(encodedRefreshToken, authentication), expiration);
 			}
 			result.setRefreshToken(token);
 		}
@@ -251,12 +260,10 @@ public boolean isRefreshToken(OAuth2AccessToken token) {
 		return token.getAdditionalInformation().containsKey(ACCESS_TOKEN_ID);
 	}
 
-	protected String encode(OAuth2AccessToken accessToken,
-			OAuth2Authentication authentication) {
+	protected String encode(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
 		String content;
 		try {
-			content = objectMapper.formatMap(tokenConverter.convertAccessToken(
-					accessToken, authentication));
+			content = objectMapper.formatMap(tokenConverter.convertAccessToken(accessToken, authentication));
 		}
 		catch (Exception e) {
 			throw new IllegalStateException("Cannot convert access token to JSON", e);
@@ -282,6 +289,10 @@ protected Map decode(String token) {
 	}
 
 	public void afterPropertiesSet() throws Exception {
+		if (verifier != null) {
+			// Assume signer also set independently if needed
+			return;
+		}
 		SignatureVerifier verifier = new MacSigner(verifierKey);
 		try {
 			verifier = new RsaVerifier(verifierKey);
@@ -303,8 +314,7 @@ public void afterPropertiesSet() throws Exception {
 		else if (verifier instanceof MacSigner) {
 			// Avoid a race condition where setters are called in the wrong order. Use of
 			// == is intentional.
-			Assert.state(
-					this.signingKey == this.verifierKey,
+			Assert.state(this.signingKey == this.verifierKey,
 					"For MAC signing you do not need to specify the verifier key separately, and if you do it must match the signing key");
 		}
 		this.verifier = verifier;
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/AuthorizationServerConfigurationTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/AuthorizationServerConfigurationTests.java
index d11dffbca..8e510ade0 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/AuthorizationServerConfigurationTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/AuthorizationServerConfigurationTests.java
@@ -47,6 +47,7 @@
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.jwt.crypto.sign.MacSigner;
 import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
@@ -100,6 +101,7 @@ public static List parameters() {
 				new Object[] { null, new Class[] { AuthorizationServerJdbc.class } },
 				new Object[] { null, new Class[] { AuthorizationServerEncoder.class } },
 				new Object[] { null, new Class[] { AuthorizationServerJwt.class } },
+				new Object[] { null, new Class[] { AuthorizationServerJwtCustomSigner.class } },
 				new Object[] { null, new Class[] { AuthorizationServerWithTokenServices.class } },
 				new Object[] { null, new Class[] { AuthorizationServerApproval.class } },
 				new Object[] { null, new Class[] { AuthorizationServerExceptionTranslator.class } },
@@ -435,6 +437,39 @@ public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
 
 	}
 
+	@Configuration
+	@EnableWebMvcSecurity
+	@EnableAuthorizationServer
+	protected static class AuthorizationServerJwtCustomSigner extends AuthorizationServerConfigurerAdapter {
+
+		@Override
+		public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
+			endpoints.tokenStore(tokenStore()).tokenEnhancer(jwtTokenEnhancer());
+		}
+
+		@Bean
+		public TokenStore tokenStore() {
+			return new JwtTokenStore(jwtTokenEnhancer());
+		}
+
+		@Bean
+		protected JwtAccessTokenConverter jwtTokenEnhancer() {
+			JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
+			MacSigner verifier = new MacSigner("foobar");
+			converter.setSigner(verifier);
+			converter.setVerifier(verifier);
+			return converter;
+		}
+
+		@Override
+		public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
+			// @formatter:off
+			clients.inMemory().withClient("my-trusted-client").authorizedGrantTypes("password");
+			// @formatter:on
+		}
+
+	}
+
 	@Configuration
 	@EnableWebMvcSecurity
 	@EnableAuthorizationServer

From 7177f64a06081e0515500d10eb153a484ae75a8b Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Tue, 11 Oct 2016 15:39:27 -0400
Subject: [PATCH 053/345] Removing AccessToken should not remove Approvals

Fixes gh-807
---
 .../provider/token/store/JwtTokenStore.java   | 23 ++++---------------
 .../token/store/JwtTokenStoreTests.java       |  4 ++--
 2 files changed, 6 insertions(+), 21 deletions(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtTokenStore.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtTokenStore.java
index 9e62294b5..489df3f24 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtTokenStore.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtTokenStore.java
@@ -13,12 +13,6 @@
 
 package org.springframework.security.oauth2.provider.token.store;
 
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Date;
-import java.util.HashSet;
-
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken;
 import org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken;
@@ -31,6 +25,8 @@
 import org.springframework.security.oauth2.provider.approval.ApprovalStore;
 import org.springframework.security.oauth2.provider.token.TokenStore;
 
+import java.util.*;
+
 /**
  * A {@link TokenStore} implementation that just reads data from the tokens themselves. Not really a store since it
  * never persists anything, and methods like {@link #getAccessToken(OAuth2Authentication)} always return null. But
@@ -94,18 +90,7 @@ private OAuth2AccessToken convertAccessToken(String tokenValue) {
 
 	@Override
 	public void removeAccessToken(OAuth2AccessToken token) {
-		if (approvalStore != null) {
-			OAuth2Authentication auth = readAuthentication(token);
-			String clientId = auth.getOAuth2Request().getClientId();
-			Authentication user = auth.getUserAuthentication();
-			if (user != null) {
-				Collection approvals = new ArrayList();
-				for (String scope : auth.getOAuth2Request().getScope()) {
-					approvals.add(new Approval(user.getName(), clientId, scope, new Date(), ApprovalStatus.APPROVED));
-				}
-				approvalStore.revokeApprovals(approvals);
-			}
-		}
+		// gh-807 Approvals (if any) should only be removed when Refresh Tokens are removed (or expired)
 	}
 
 	@Override
@@ -159,7 +144,7 @@ public void removeRefreshToken(OAuth2RefreshToken token) {
 
 	@Override
 	public void removeAccessTokenUsingRefreshToken(OAuth2RefreshToken refreshToken) {
-		removeRefreshToken(refreshToken);
+		// gh-807 Approvals (if any) should only be removed when Refresh Tokens are removed (or expired)
 	}
 
 	@Override
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/JwtTokenStoreTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/JwtTokenStoreTests.java
index 228986496..ef38e9558 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/JwtTokenStoreTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/JwtTokenStoreTests.java
@@ -169,7 +169,7 @@ public void removeAccessToken() throws Exception {
 				ApprovalStatus.APPROVED)));
 		assertEquals(1, approvalStore.getApprovals("test", "id").size());
 		tokenStore.removeAccessToken(expectedOAuth2AccessToken);
-		assertEquals(0, approvalStore.getApprovals("test", "id").size());
+		assertEquals(1, approvalStore.getApprovals("test", "id").size());
 	}
 
 	@Test
@@ -190,7 +190,7 @@ public void removeAccessTokenFromRefreshToken() throws Exception {
 		assertEquals(1, approvalStore.getApprovals("test", "id").size());
 		tokenStore.removeAccessTokenUsingRefreshToken(new DefaultOAuth2RefreshToken(expectedOAuth2AccessToken
 				.getValue()));
-		assertEquals(0, approvalStore.getApprovals("test", "id").size());
+		assertEquals(1, approvalStore.getApprovals("test", "id").size());
 	}
 
 	@Test

From 165600b2f27360707569158f1f9873190386e817 Mon Sep 17 00:00:00 2001
From: Will Faithfull 
Date: Wed, 12 Oct 2016 10:26:28 +0100
Subject: [PATCH 054/345] Fix autoapprovals not being added to approval store

Fixes gh-877
---
 .../ApprovalStoreUserApprovalHandler.java        |  9 +++++++++
 .../ApprovalStoreUserApprovalHandlerTests.java   | 16 ++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/ApprovalStoreUserApprovalHandler.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/ApprovalStoreUserApprovalHandler.java
index cc29844d2..a250c3283 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/ApprovalStoreUserApprovalHandler.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/ApprovalStoreUserApprovalHandler.java
@@ -117,6 +117,15 @@ public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizati
 					}
 				}
 				if (approvedScopes.containsAll(requestedScopes)) {
+					// gh-877 - if all scopes are auto approved, approvals still need to be added to the approval store.
+					Set approvals = new HashSet();
+					Date expiry = computeExpiry();
+					for (String approvedScope : approvedScopes) {
+						approvals.add(new Approval(userAuthentication.getName(), authorizationRequest.getClientId(),
+								approvedScope, expiry, ApprovalStatus.APPROVED));
+					}
+					approvalStore.addApprovals(approvals);
+
 					authorizationRequest.setApproved(true);
 					return authorizationRequest;
 				}
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/approval/ApprovalStoreUserApprovalHandlerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/approval/ApprovalStoreUserApprovalHandlerTests.java
index b27cab8cb..cc1d6c0b4 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/approval/ApprovalStoreUserApprovalHandlerTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/approval/ApprovalStoreUserApprovalHandlerTests.java
@@ -116,6 +116,22 @@ public void testAutoapprovedWildcardScopes() {
 		assertTrue(result.isApproved());
 	}
 
+	@Test
+	public void testApprovalsAddedForAutoapprovedScopes() {
+		handler.setClientDetailsService(clientDetailsService);
+		BaseClientDetails client = new BaseClientDetails("client", null, "read", "authorization_code", null);
+		client.setAutoApproveScopes(new HashSet(Arrays.asList("read")));
+		clientDetailsService.setClientDetailsStore(Collections.singletonMap("client", client));
+		AuthorizationRequest authorizationRequest = new AuthorizationRequest("client", Arrays.asList("read"));
+		AuthorizationRequest result = handler.checkForPreApproval(authorizationRequest, userAuthentication);
+
+		Collection approvals = store.getApprovals(userAuthentication.getName(), "client");
+		assertEquals(1, approvals.size());
+
+		Approval approval = approvals.iterator().next();
+		assertEquals("read", approval.getScope());
+	}
+
 	@Test
 	public void testAutoapprovedAllScopes() {
 		handler.setClientDetailsService(clientDetailsService);

From de5f717e158e3f32e0a584b233e0fbc48c37e21e Mon Sep 17 00:00:00 2001
From: Michael Kangas 
Date: Fri, 2 Sep 2016 10:04:38 -0500
Subject: [PATCH 055/345] Add support for parsing space-delimited scopes

Fixes DefaultAccessTokenConverter to properly handle a set of scopes
expressed as a space-delimited string.

Fixes gh-836
---
 .../token/DefaultAccessTokenConverter.java    |  3 ++-
 .../DefaultAccessTokenConverterTests.java     | 27 ++++++++++++++++---
 2 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverter.java
index 1d01a4702..e162ec102 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverter.java
@@ -12,6 +12,7 @@
  */
 package org.springframework.security.oauth2.provider.token;
 
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Date;
@@ -151,7 +152,7 @@ private Set extractScope(Map map) {
 		if (map.containsKey(SCOPE)) {
 			Object scopeObj = map.get(SCOPE);
 			if (String.class.isInstance(scopeObj)) {
-				scope = Collections.singleton(String.class.cast(scopeObj));
+				scope = new LinkedHashSet(Arrays.asList(String.class.cast(scopeObj).split(" ")));
 			} else if (Collection.class.isAssignableFrom(scopeObj.getClass())) {
 				@SuppressWarnings("unchecked")
 				Collection scopeColl = (Collection) scopeObj;
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverterTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverterTests.java
index 0c35b4725..a66d68659 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverterTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverterTests.java
@@ -28,6 +28,7 @@
 
 
 import static java.util.Collections.singleton;
+import static java.util.Collections.singletonMap;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 
@@ -105,7 +106,7 @@ public void extractAuthenticationSingleScopeString() {
 		Map tokenAttrs = new HashMap();
 		tokenAttrs.put(AccessTokenConverter.SCOPE, scope);
 		OAuth2Authentication authentication = converter.extractAuthentication(tokenAttrs);
-		assertEquals(authentication.getOAuth2Request().getScope(), Collections.singleton(scope));
+		assertEquals(Collections.singleton(scope), authentication.getOAuth2Request().getScope());
 	}
 
 	// gh-745
@@ -115,7 +116,16 @@ public void extractAuthenticationMultiScopeCollection() {
 		Map tokenAttrs = new HashMap();
 		tokenAttrs.put(AccessTokenConverter.SCOPE, scopes);
 		OAuth2Authentication authentication = converter.extractAuthentication(tokenAttrs);
-		assertEquals(authentication.getOAuth2Request().getScope(), scopes);
+		assertEquals(scopes, authentication.getOAuth2Request().getScope());
+	}
+
+	// gh-836 (passes incidentally per gh-745)
+	@Test
+	public void extractAuthenticationMultiScopeString() {
+		String scopes = "read write read-write";
+		assertEquals(new HashSet(Arrays.asList(scopes.split(" "))),
+						converter.extractAuthentication(singletonMap(AccessTokenConverter.SCOPE,
+										scopes)).getOAuth2Request().getScope());
 	}
 
 	// gh-745
@@ -125,7 +135,7 @@ public void extractAccessTokenSingleScopeString() {
 		Map tokenAttrs = new HashMap();
 		tokenAttrs.put(AccessTokenConverter.SCOPE, scope);
 		OAuth2AccessToken accessToken = converter.extractAccessToken("token-value", tokenAttrs);
-		assertEquals(accessToken.getScope(), Collections.singleton(scope));
+		assertEquals(Collections.singleton(scope), accessToken.getScope());
 	}
 
 	// gh-745
@@ -135,7 +145,16 @@ public void extractAccessTokenMultiScopeCollection() {
 		Map tokenAttrs = new HashMap();
 		tokenAttrs.put(AccessTokenConverter.SCOPE, scopes);
 		OAuth2AccessToken accessToken = converter.extractAccessToken("token-value", tokenAttrs);
-		assertEquals(accessToken.getScope(), scopes);
+		assertEquals(scopes, accessToken.getScope());
+	}
+
+	// gh-836
+	@Test
+	public void extractAccessTokenMultiScopeString() {
+		String scopes = "read write read-write";
+		assertEquals(new HashSet(Arrays.asList(scopes.split(" "))),
+						converter.extractAccessToken("token-value",
+										singletonMap(AccessTokenConverter.SCOPE, scopes)).getScope());
 	}
 
 }

From 165fc6a6495b0ca1acda481cd125f551ffbae0d0 Mon Sep 17 00:00:00 2001
From: Joe McCall 
Date: Fri, 5 Aug 2016 18:54:47 -0400
Subject: [PATCH 056/345] BaseRequest.setRequestParameters ensures defensive
 copy

Fixes gh-812
---
 .../security/oauth2/provider/BaseRequest.java |  2 +-
 .../oauth2/provider/OAuth2RequestTests.java   | 25 +++++++++++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/BaseRequest.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/BaseRequest.java
index 52e38cf6b..7fd7f28d5 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/BaseRequest.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/BaseRequest.java
@@ -151,7 +151,7 @@ protected void setScope(Collection scope) {
 	protected void setRequestParameters(Map requestParameters) {
 		if (requestParameters != null) {
 			this.requestParameters = Collections
-					.unmodifiableMap(requestParameters);
+					.unmodifiableMap(new HashMap(requestParameters));
 		}
 	}
 
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/OAuth2RequestTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/OAuth2RequestTests.java
index 5fa599fe0..63b09d34e 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/OAuth2RequestTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/OAuth2RequestTests.java
@@ -23,6 +23,7 @@
 import org.junit.Test;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.common.util.OAuth2Utils;
+import org.springframework.security.oauth2.common.util.SerializationUtils;
 
 /**
  * @author Dave Syer
@@ -70,4 +71,28 @@ private OAuth2Request createFromParameters(Map parameters) {
 		return request;
 	}
 
+	// gh-812
+	@Test
+	public void testRequestParametersReAssignmentWithSerialization() {
+		Map requestParameters = new HashMap();
+		requestParameters.put("key", "value");
+
+		OAuth2Request request = new OAuth2Request(
+				requestParameters, "clientId", Collections.emptyList(),
+				false, Collections.emptySet(), Collections.emptySet(), "redirectUri",
+				Collections.emptySet(), Collections.emptyMap());
+
+		OAuth2Request request2 = new OAuth2Request(
+				Collections.emptyMap(), "clientId", Collections.emptyList(),
+				false, Collections.emptySet(), Collections.emptySet(), "redirectUri",
+				Collections.emptySet(), Collections.emptyMap());
+		request2.setRequestParameters(request.getRequestParameters());
+
+		byte[] serializedRequest = SerializationUtils.serialize(request);
+		byte[] serializedRequest2 = SerializationUtils.serialize(request2);
+
+		assertEquals(serializedRequest.length, serializedRequest2.length);
+	}
+
+
 }

From dd369f2b48fe46a6ac32e57abffa2cdbfa75b392 Mon Sep 17 00:00:00 2001
From: Dan Dudley 
Date: Fri, 7 Oct 2016 14:47:49 -0500
Subject: [PATCH 057/345] Sort scopes before generating key

Updated to always sort the scopes set before generating the checksum
to ensure regardless where we got the scope set from the checksum
outcome will remain the same

Fixes gh-874
---
 .../oauth2/common/util/MapDigester.java       |  27 +++++
 .../DefaultAuthenticationKeyGenerator.java    |  32 ++---
 ...DefaultAuthenticationKeyGeneratorTest.java | 111 ++++++++++++++++++
 3 files changed, 147 insertions(+), 23 deletions(-)
 create mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/MapDigester.java
 create mode 100644 spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultAuthenticationKeyGeneratorTest.java

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/MapDigester.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/MapDigester.java
new file mode 100644
index 000000000..2b102712b
--- /dev/null
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/MapDigester.java
@@ -0,0 +1,27 @@
+package org.springframework.security.oauth2.common.util;
+
+import java.io.UnsupportedEncodingException;
+import java.math.BigInteger;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Map;
+
+public class MapDigester {
+    public String digest(Map values) {
+        MessageDigest digest;
+        try {
+            digest = MessageDigest.getInstance("MD5");
+        }
+        catch (NoSuchAlgorithmException e) {
+            throw new IllegalStateException("MD5 algorithm not available.  Fatal (should be in the JDK).");
+        }
+
+        try {
+            byte[] bytes = digest.digest(values.toString().getBytes("UTF-8"));
+            return String.format("%032x", new BigInteger(1, bytes));
+        }
+        catch (UnsupportedEncodingException e) {
+            throw new IllegalStateException("UTF-8 encoding not available.  Fatal (should be in the JDK).");
+        }
+    }
+}
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAuthenticationKeyGenerator.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAuthenticationKeyGenerator.java
index af26e51bb..bcb01e781 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAuthenticationKeyGenerator.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAuthenticationKeyGenerator.java
@@ -12,17 +12,15 @@
  */
 package org.springframework.security.oauth2.provider.token;
 
-import java.io.UnsupportedEncodingException;
-import java.math.BigInteger;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.util.LinkedHashMap;
-import java.util.Map;
-
+import org.springframework.security.oauth2.common.util.MapDigester;
 import org.springframework.security.oauth2.common.util.OAuth2Utils;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.OAuth2Request;
 
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.TreeSet;
+
 /**
  * Basic key generator taking into account the client id, scope, resource ids and username (principal name) if they
  * exist.
@@ -38,6 +36,8 @@ public class DefaultAuthenticationKeyGenerator implements AuthenticationKeyGener
 
 	private static final String USERNAME = "username";
 
+	private MapDigester mapDigester = new MapDigester();
+
 	public String extractKey(OAuth2Authentication authentication) {
 		Map values = new LinkedHashMap();
 		OAuth2Request authorizationRequest = authentication.getOAuth2Request();
@@ -46,23 +46,9 @@ public String extractKey(OAuth2Authentication authentication) {
 		}
 		values.put(CLIENT_ID, authorizationRequest.getClientId());
 		if (authorizationRequest.getScope() != null) {
-			values.put(SCOPE, OAuth2Utils.formatParameterList(authorizationRequest.getScope()));
-		}
-		MessageDigest digest;
-		try {
-			digest = MessageDigest.getInstance("MD5");
-		}
-		catch (NoSuchAlgorithmException e) {
-			throw new IllegalStateException("MD5 algorithm not available.  Fatal (should be in the JDK).");
-		}
-
-		try {
-			byte[] bytes = digest.digest(values.toString().getBytes("UTF-8"));
-			return String.format("%032x", new BigInteger(1, bytes));
-		}
-		catch (UnsupportedEncodingException e) {
-			throw new IllegalStateException("UTF-8 encoding not available.  Fatal (should be in the JDK).");
+			values.put(SCOPE, OAuth2Utils.formatParameterList(new TreeSet(authorizationRequest.getScope())));
 		}
+		return mapDigester.digest(values);
 	}
 
 }
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultAuthenticationKeyGeneratorTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultAuthenticationKeyGeneratorTest.java
new file mode 100644
index 000000000..f5f74f20a
--- /dev/null
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultAuthenticationKeyGeneratorTest.java
@@ -0,0 +1,111 @@
+package org.springframework.security.oauth2.provider.token;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.runners.MockitoJUnitRunner;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.oauth2.common.util.MapDigester;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
+import org.springframework.security.oauth2.provider.OAuth2Request;
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.LinkedHashMap;
+import java.util.LinkedHashSet;
+import java.util.Set;
+
+import static org.junit.Assert.assertEquals;
+import static org.mockito.Matchers.anyMap;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+@RunWith(MockitoJUnitRunner.class)
+public class DefaultAuthenticationKeyGeneratorTest {
+    private static final String USERNAME = "name";
+    private static final String CLIENT_ID = "client-id";
+    private static final String CHECKSUM = "checksum";
+    @Mock
+    private OAuth2Authentication auth;
+    @Mock
+    private MapDigester mapDigester;
+    @InjectMocks
+    private DefaultAuthenticationKeyGenerator generator;
+
+    @Before
+    public void setUp() throws Exception {
+        when(auth.getName()).thenReturn(USERNAME);
+        when(mapDigester.digest(anyMap())).thenReturn(CHECKSUM);
+    }
+
+    @Test
+    public void shouldUseTheChecksumGeneratedByTheDigest() {
+        when(auth.getOAuth2Request()).thenReturn(newOauthRequest(CLIENT_ID));
+        when(mapDigester.digest(anyMap())).thenReturn(CHECKSUM);
+
+        assertEquals(CHECKSUM, generator.extractKey(auth));
+    }
+
+    @Test
+    public void shouldOnlyUseTheUsernameAsPartOfTheDigestIfTheAuthIsClientOnly() {
+        when(auth.isClientOnly()).thenReturn(true);
+        when(auth.getOAuth2Request()).thenReturn(newOauthRequest(CLIENT_ID));
+
+        generator.extractKey(auth);
+
+        LinkedHashMap expectedValues = new LinkedHashMap();
+        expectedValues.put("client_id", CLIENT_ID);
+        expectedValues.put("scope", "");
+        verify(mapDigester).digest(expectedValues);
+    }
+
+    @Test
+    public void shouldNotUseScopesIfNoneAreProvided() {
+        when(auth.getOAuth2Request()).thenReturn(newOauthRequest(CLIENT_ID));
+
+        generator.extractKey(auth);
+
+        LinkedHashMap expectedValues = new LinkedHashMap();
+        expectedValues.put("username", USERNAME);
+        expectedValues.put("client_id", CLIENT_ID);
+        expectedValues.put("scope", "");
+        verify(mapDigester).digest(expectedValues);
+    }
+
+    @Test
+    public void shouldSortTheScopesBeforeDigesting() {
+        when(auth.getOAuth2Request()).thenReturn(newOauthRequest(CLIENT_ID, "3", "1", "2"));
+
+        generator.extractKey(auth);
+
+        LinkedHashMap expectedValues = new LinkedHashMap();
+        expectedValues.put("username", USERNAME);
+        expectedValues.put("client_id", CLIENT_ID);
+        expectedValues.put("scope", "1 2 3");
+        verify(mapDigester).digest(expectedValues);
+    }
+
+    private OAuth2Request newOauthRequest(String clientId, String... scopes) {
+        Set scopeSet = new LinkedHashSet(Arrays.asList(scopes));
+        if (scopes.length == 0) {
+            scopeSet = null;
+        }
+
+        return new OAuth2Request(
+                new HashMap(),
+                clientId,
+                new ArrayList(),
+                true,
+                scopeSet,
+                new HashSet(),
+                "redirect-uri",
+                new HashSet(),
+                new HashMap()
+        );
+    }
+}
\ No newline at end of file

From 8330bda726e621ce239288d3be526e28d2254ea3 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Thu, 20 Oct 2016 15:22:12 -0400
Subject: [PATCH 058/345] Polish key generation and test gh-874

---
 .../oauth2/common/util/MapDigester.java       | 27 --------
 .../DefaultAuthenticationKeyGenerator.java    | 29 +++++---
 ...DefaultAuthenticationKeyGeneratorTest.java | 67 ++++++++++---------
 3 files changed, 57 insertions(+), 66 deletions(-)
 delete mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/MapDigester.java

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/MapDigester.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/MapDigester.java
deleted file mode 100644
index 2b102712b..000000000
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/MapDigester.java
+++ /dev/null
@@ -1,27 +0,0 @@
-package org.springframework.security.oauth2.common.util;
-
-import java.io.UnsupportedEncodingException;
-import java.math.BigInteger;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.util.Map;
-
-public class MapDigester {
-    public String digest(Map values) {
-        MessageDigest digest;
-        try {
-            digest = MessageDigest.getInstance("MD5");
-        }
-        catch (NoSuchAlgorithmException e) {
-            throw new IllegalStateException("MD5 algorithm not available.  Fatal (should be in the JDK).");
-        }
-
-        try {
-            byte[] bytes = digest.digest(values.toString().getBytes("UTF-8"));
-            return String.format("%032x", new BigInteger(1, bytes));
-        }
-        catch (UnsupportedEncodingException e) {
-            throw new IllegalStateException("UTF-8 encoding not available.  Fatal (should be in the JDK).");
-        }
-    }
-}
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAuthenticationKeyGenerator.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAuthenticationKeyGenerator.java
index bcb01e781..ebc766846 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAuthenticationKeyGenerator.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAuthenticationKeyGenerator.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2011 the original author or authors.
+ * Copyright 2006-2016 the original author or authors.
  * 
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
@@ -12,11 +12,14 @@
  */
 package org.springframework.security.oauth2.provider.token;
 
-import org.springframework.security.oauth2.common.util.MapDigester;
 import org.springframework.security.oauth2.common.util.OAuth2Utils;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.OAuth2Request;
 
+import java.io.UnsupportedEncodingException;
+import java.math.BigInteger;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
 import java.util.LinkedHashMap;
 import java.util.Map;
 import java.util.TreeSet;
@@ -24,9 +27,9 @@
 /**
  * Basic key generator taking into account the client id, scope, resource ids and username (principal name) if they
  * exist.
- * 
+ *
  * @author Dave Syer
- * 
+ *
  */
 public class DefaultAuthenticationKeyGenerator implements AuthenticationKeyGenerator {
 
@@ -36,8 +39,6 @@ public class DefaultAuthenticationKeyGenerator implements AuthenticationKeyGener
 
 	private static final String USERNAME = "username";
 
-	private MapDigester mapDigester = new MapDigester();
-
 	public String extractKey(OAuth2Authentication authentication) {
 		Map values = new LinkedHashMap();
 		OAuth2Request authorizationRequest = authentication.getOAuth2Request();
@@ -48,7 +49,19 @@ public String extractKey(OAuth2Authentication authentication) {
 		if (authorizationRequest.getScope() != null) {
 			values.put(SCOPE, OAuth2Utils.formatParameterList(new TreeSet(authorizationRequest.getScope())));
 		}
-		return mapDigester.digest(values);
+		return generateKey(values);
 	}
 
-}
+	protected String generateKey(Map values) {
+		MessageDigest digest;
+		try {
+			digest = MessageDigest.getInstance("MD5");
+			byte[] bytes = digest.digest(values.toString().getBytes("UTF-8"));
+			return String.format("%032x", new BigInteger(1, bytes));
+		} catch (NoSuchAlgorithmException nsae) {
+			throw new IllegalStateException("MD5 algorithm not available.  Fatal (should be in the JDK).", nsae);
+		} catch (UnsupportedEncodingException uee) {
+			throw new IllegalStateException("UTF-8 encoding not available.  Fatal (should be in the JDK).", uee);
+		}
+	}
+}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultAuthenticationKeyGeneratorTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultAuthenticationKeyGeneratorTest.java
index f5f74f20a..09ffcfbbc 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultAuthenticationKeyGeneratorTest.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultAuthenticationKeyGeneratorTest.java
@@ -1,24 +1,32 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package org.springframework.security.oauth2.provider.token;
 
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.mockito.InjectMocks;
 import org.mockito.Mock;
+import org.mockito.Spy;
 import org.mockito.runners.MockitoJUnitRunner;
 import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.oauth2.common.util.MapDigester;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.OAuth2Request;
 
 import java.io.Serializable;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.LinkedHashMap;
-import java.util.LinkedHashSet;
-import java.util.Set;
+import java.util.*;
 
 import static org.junit.Assert.assertEquals;
 import static org.mockito.Matchers.anyMap;
@@ -32,41 +40,38 @@ public class DefaultAuthenticationKeyGeneratorTest {
     private static final String CHECKSUM = "checksum";
     @Mock
     private OAuth2Authentication auth;
-    @Mock
-    private MapDigester mapDigester;
-    @InjectMocks
+    @Spy
     private DefaultAuthenticationKeyGenerator generator;
 
     @Before
     public void setUp() throws Exception {
         when(auth.getName()).thenReturn(USERNAME);
-        when(mapDigester.digest(anyMap())).thenReturn(CHECKSUM);
     }
 
     @Test
     public void shouldUseTheChecksumGeneratedByTheDigest() {
-        when(auth.getOAuth2Request()).thenReturn(newOauthRequest(CLIENT_ID));
-        when(mapDigester.digest(anyMap())).thenReturn(CHECKSUM);
+        when(auth.getOAuth2Request()).thenReturn(createRequest(CLIENT_ID));
+        when(generator.generateKey(anyMap())).thenReturn(CHECKSUM);
 
         assertEquals(CHECKSUM, generator.extractKey(auth));
     }
 
     @Test
-    public void shouldOnlyUseTheUsernameAsPartOfTheDigestIfTheAuthIsClientOnly() {
+    public void shouldOnlyUseTheClientIdAsPartOfTheDigestIfTheAuthIsClientOnly() {
         when(auth.isClientOnly()).thenReturn(true);
-        when(auth.getOAuth2Request()).thenReturn(newOauthRequest(CLIENT_ID));
+        when(auth.getOAuth2Request()).thenReturn(createRequest(CLIENT_ID));
 
         generator.extractKey(auth);
 
         LinkedHashMap expectedValues = new LinkedHashMap();
         expectedValues.put("client_id", CLIENT_ID);
         expectedValues.put("scope", "");
-        verify(mapDigester).digest(expectedValues);
+        verify(generator).generateKey(expectedValues);
     }
 
     @Test
     public void shouldNotUseScopesIfNoneAreProvided() {
-        when(auth.getOAuth2Request()).thenReturn(newOauthRequest(CLIENT_ID));
+        when(auth.getOAuth2Request()).thenReturn(createRequest(CLIENT_ID));
 
         generator.extractKey(auth);
 
@@ -74,12 +79,12 @@ public void shouldNotUseScopesIfNoneAreProvided() {
         expectedValues.put("username", USERNAME);
         expectedValues.put("client_id", CLIENT_ID);
         expectedValues.put("scope", "");
-        verify(mapDigester).digest(expectedValues);
+        verify(generator).generateKey(expectedValues);
     }
 
     @Test
     public void shouldSortTheScopesBeforeDigesting() {
-        when(auth.getOAuth2Request()).thenReturn(newOauthRequest(CLIENT_ID, "3", "1", "2"));
+        when(auth.getOAuth2Request()).thenReturn(createRequest(CLIENT_ID, "3", "1", "2"));
 
         generator.extractKey(auth);
 
@@ -87,25 +92,25 @@ public void shouldSortTheScopesBeforeDigesting() {
         expectedValues.put("username", USERNAME);
         expectedValues.put("client_id", CLIENT_ID);
         expectedValues.put("scope", "1 2 3");
-        verify(mapDigester).digest(expectedValues);
+        verify(generator).generateKey(expectedValues);
     }
 
-    private OAuth2Request newOauthRequest(String clientId, String... scopes) {
-        Set scopeSet = new LinkedHashSet(Arrays.asList(scopes));
-        if (scopes.length == 0) {
-            scopeSet = null;
+    private OAuth2Request createRequest(String clientId, String... scopes) {
+        Set scopeSet = null;
+        if (scopes.length > 0) {
+            scopeSet = new LinkedHashSet(Arrays.asList(scopes));
         }
 
         return new OAuth2Request(
-                new HashMap(),
+                Collections.emptyMap(),
                 clientId,
-                new ArrayList(),
+                Collections.emptyList(),
                 true,
                 scopeSet,
-                new HashSet(),
+                Collections.emptySet(),
                 "redirect-uri",
-                new HashSet(),
-                new HashMap()
+                Collections.emptySet(),
+                Collections.emptyMap()
         );
     }
 }
\ No newline at end of file

From 0f43bb8c0de8be261479dc5d88926821f55468ca Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Fri, 21 Oct 2016 09:39:24 -0400
Subject: [PATCH 059/345] Html escape error response

Fixes gh-889
---
 .../exceptions/OAuth2ExceptionJackson1Serializer.java      | 7 ++++++-
 .../exceptions/OAuth2ExceptionJackson2Serializer.java      | 7 ++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson1Serializer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson1Serializer.java
index bfc33157f..091068177 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson1Serializer.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson1Serializer.java
@@ -19,6 +19,7 @@
 import org.codehaus.jackson.JsonProcessingException;
 import org.codehaus.jackson.map.JsonSerializer;
 import org.codehaus.jackson.map.SerializerProvider;
+import org.springframework.web.util.HtmlUtils;
 
 /**
  * @author Dave Syer
@@ -31,7 +32,11 @@ public void serialize(OAuth2Exception value, JsonGenerator jgen, SerializerProvi
 			JsonProcessingException {
         jgen.writeStartObject();
 		jgen.writeStringField("error", value.getOAuth2ErrorCode());
-		jgen.writeStringField("error_description", value.getMessage());
+		String errorMessage = value.getMessage();
+		if (errorMessage != null) {
+			errorMessage = HtmlUtils.htmlEscape(errorMessage);
+		}
+		jgen.writeStringField("error_description", errorMessage);
 		if (value.getAdditionalInformation()!=null) {
 			for (Entry entry : value.getAdditionalInformation().entrySet()) {
 				String key = entry.getKey();
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson2Serializer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson2Serializer.java
index 89005154a..cacc95408 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson2Serializer.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson2Serializer.java
@@ -19,6 +19,7 @@
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.SerializerProvider;
 import com.fasterxml.jackson.databind.ser.std.StdSerializer;
+import org.springframework.web.util.HtmlUtils;
 
 /**
  * @author Brian Clozel
@@ -35,7 +36,11 @@ public void serialize(OAuth2Exception value, JsonGenerator jgen, SerializerProvi
 			JsonProcessingException {
         jgen.writeStartObject();
 		jgen.writeStringField("error", value.getOAuth2ErrorCode());
-		jgen.writeStringField("error_description", value.getMessage());
+		String errorMessage = value.getMessage();
+		if (errorMessage != null) {
+			errorMessage = HtmlUtils.htmlEscape(errorMessage);
+		}
+		jgen.writeStringField("error_description", errorMessage);
 		if (value.getAdditionalInformation()!=null) {
 			for (Entry entry : value.getAdditionalInformation().entrySet()) {
 				String key = entry.getKey();

From 6b0a15e140a61f27344e9dd03db77dcc7d6ce53c Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Mon, 7 Nov 2016 13:15:45 -0500
Subject: [PATCH 060/345] Update to 2.0.12 for release

---
 pom.xml                                        | 8 +-------
 samples/oauth/sparklr/pom.xml                  | 2 +-
 samples/oauth/tonr/pom.xml                     | 2 +-
 samples/oauth2/sparklr/pom.xml                 | 2 +-
 samples/oauth2/tonr/pom.xml                    | 2 +-
 samples/pom.xml                                | 2 +-
 spring-security-oauth/pom.xml                  | 2 +-
 spring-security-oauth2/pom.xml                 | 2 +-
 tests/annotation/approval/pom.xml              | 2 +-
 tests/annotation/client/pom.xml                | 2 +-
 tests/annotation/common/pom.xml                | 2 +-
 tests/annotation/custom-authentication/pom.xml | 2 +-
 tests/annotation/custom-grant/pom.xml          | 2 +-
 tests/annotation/form/pom.xml                  | 2 +-
 tests/annotation/jaxb/pom.xml                  | 2 +-
 tests/annotation/jdbc/pom.xml                  | 2 +-
 tests/annotation/jpa/pom.xml                   | 2 +-
 tests/annotation/jwt/pom.xml                   | 2 +-
 tests/annotation/mappings/pom.xml              | 2 +-
 tests/annotation/multi/pom.xml                 | 2 +-
 tests/annotation/pom.xml                       | 4 ++--
 tests/annotation/resource/pom.xml              | 2 +-
 tests/annotation/ssl/pom.xml                   | 2 +-
 tests/annotation/vanilla/pom.xml               | 2 +-
 tests/pom.xml                                  | 2 +-
 tests/xml/approval/pom.xml                     | 2 +-
 tests/xml/client/pom.xml                       | 2 +-
 tests/xml/common/pom.xml                       | 2 +-
 tests/xml/form/pom.xml                         | 2 +-
 tests/xml/jdbc/pom.xml                         | 2 +-
 tests/xml/jwt/pom.xml                          | 2 +-
 tests/xml/mappings/pom.xml                     | 2 +-
 tests/xml/pom.xml                              | 4 ++--
 tests/xml/vanilla/pom.xml                      | 2 +-
 34 files changed, 36 insertions(+), 42 deletions(-)

diff --git a/pom.xml b/pom.xml
index 171a202e7..bca831cec 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
   OAuth for Spring Security
   Parent Project for OAuth Support for Spring Security
   pom
-  2.0.12.BUILD-SNAPSHOT
+  2.0.12.RELEASE
   http://static.springframework.org/spring-security/oauth
 
   
@@ -66,12 +66,6 @@
   
 
   
-    
-      springNext
-      
-        4.3.0.BUILD-SNAPSHOT
-      
-    
     
       staging
       
diff --git a/samples/oauth/sparklr/pom.xml b/samples/oauth/sparklr/pom.xml
index 843696d4d..9d2a82488 100644
--- a/samples/oauth/sparklr/pom.xml
+++ b/samples/oauth/sparklr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.12.BUILD-SNAPSHOT
+		2.0.12.RELEASE
 		../../..
 	
 
diff --git a/samples/oauth/tonr/pom.xml b/samples/oauth/tonr/pom.xml
index 699248961..f921ec9dd 100644
--- a/samples/oauth/tonr/pom.xml
+++ b/samples/oauth/tonr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.12.BUILD-SNAPSHOT
+		2.0.12.RELEASE
 		../../..
 	
 
diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml
index c82e4cba3..6d2ab3fd9 100644
--- a/samples/oauth2/sparklr/pom.xml
+++ b/samples/oauth2/sparklr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.12.BUILD-SNAPSHOT
+		2.0.12.RELEASE
 		../../..
 	
 
diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml
index bb4333cf2..7bf1a6e6c 100644
--- a/samples/oauth2/tonr/pom.xml
+++ b/samples/oauth2/tonr/pom.xml
@@ -6,7 +6,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.12.BUILD-SNAPSHOT
+		2.0.12.RELEASE
 		../../..
 	
 
diff --git a/samples/pom.xml b/samples/pom.xml
index 3bd2bc2bb..2e625c13d 100755
--- a/samples/pom.xml
+++ b/samples/pom.xml
@@ -4,7 +4,7 @@
   
     org.springframework.security.oauth
     spring-security-oauth-parent
-    2.0.12.BUILD-SNAPSHOT
+    2.0.12.RELEASE
   
 
   spring-security-oauth-samples
diff --git a/spring-security-oauth/pom.xml b/spring-security-oauth/pom.xml
index 90da95d41..7404397bc 100644
--- a/spring-security-oauth/pom.xml
+++ b/spring-security-oauth/pom.xml
@@ -4,7 +4,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.12.BUILD-SNAPSHOT
+		2.0.12.RELEASE
 	
 
 	spring-security-oauth
diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml
index 9ce7ae128..baa77dc44 100644
--- a/spring-security-oauth2/pom.xml
+++ b/spring-security-oauth2/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.12.BUILD-SNAPSHOT
+		2.0.12.RELEASE
 	
 
 	spring-security-oauth2
diff --git a/tests/annotation/approval/pom.xml b/tests/annotation/approval/pom.xml
index b2e2d4039..143598aff 100644
--- a/tests/annotation/approval/pom.xml
+++ b/tests/annotation/approval/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.12.BUILD-SNAPSHOT
+		2.0.12.RELEASE
 	
 
 	
diff --git a/tests/annotation/client/pom.xml b/tests/annotation/client/pom.xml
index 86d42ead7..76dcdfeaf 100644
--- a/tests/annotation/client/pom.xml
+++ b/tests/annotation/client/pom.xml
@@ -11,7 +11,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.12.BUILD-SNAPSHOT
+		2.0.12.RELEASE
 	
 
 	
diff --git a/tests/annotation/common/pom.xml b/tests/annotation/common/pom.xml
index f006f8905..ff4ddcded 100644
--- a/tests/annotation/common/pom.xml
+++ b/tests/annotation/common/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.12.BUILD-SNAPSHOT
+		2.0.12.RELEASE
 	
 
 	
diff --git a/tests/annotation/custom-authentication/pom.xml b/tests/annotation/custom-authentication/pom.xml
index 11faee8d8..097b3804d 100644
--- a/tests/annotation/custom-authentication/pom.xml
+++ b/tests/annotation/custom-authentication/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.12.BUILD-SNAPSHOT
+		2.0.12.RELEASE
 	
 
 	
diff --git a/tests/annotation/custom-grant/pom.xml b/tests/annotation/custom-grant/pom.xml
index f6bc0d545..95ad44061 100644
--- a/tests/annotation/custom-grant/pom.xml
+++ b/tests/annotation/custom-grant/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.12.BUILD-SNAPSHOT
+		2.0.12.RELEASE
 	
 
 	
diff --git a/tests/annotation/form/pom.xml b/tests/annotation/form/pom.xml
index d25092d1e..d86d2a06a 100644
--- a/tests/annotation/form/pom.xml
+++ b/tests/annotation/form/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.12.BUILD-SNAPSHOT
+		2.0.12.RELEASE
 	
 
 	
diff --git a/tests/annotation/jaxb/pom.xml b/tests/annotation/jaxb/pom.xml
index 0d417fc34..397fccf6a 100644
--- a/tests/annotation/jaxb/pom.xml
+++ b/tests/annotation/jaxb/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.12.BUILD-SNAPSHOT
+		2.0.12.RELEASE
 	
 
 	
diff --git a/tests/annotation/jdbc/pom.xml b/tests/annotation/jdbc/pom.xml
index 77ce0e2c6..57b8f250b 100644
--- a/tests/annotation/jdbc/pom.xml
+++ b/tests/annotation/jdbc/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.12.BUILD-SNAPSHOT
+		2.0.12.RELEASE
 	
 
 	
diff --git a/tests/annotation/jpa/pom.xml b/tests/annotation/jpa/pom.xml
index 0da9fa1c3..ea8366077 100644
--- a/tests/annotation/jpa/pom.xml
+++ b/tests/annotation/jpa/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.12.BUILD-SNAPSHOT
+		2.0.12.RELEASE
 	
 
 	
diff --git a/tests/annotation/jwt/pom.xml b/tests/annotation/jwt/pom.xml
index 090a1e52e..294e4775a 100644
--- a/tests/annotation/jwt/pom.xml
+++ b/tests/annotation/jwt/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.12.BUILD-SNAPSHOT
+		2.0.12.RELEASE
 	
 
 	
diff --git a/tests/annotation/mappings/pom.xml b/tests/annotation/mappings/pom.xml
index ac2fdadef..7a03d5234 100644
--- a/tests/annotation/mappings/pom.xml
+++ b/tests/annotation/mappings/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.12.BUILD-SNAPSHOT
+		2.0.12.RELEASE
 	
 
 	
diff --git a/tests/annotation/multi/pom.xml b/tests/annotation/multi/pom.xml
index 10274b55e..aaffd69c8 100644
--- a/tests/annotation/multi/pom.xml
+++ b/tests/annotation/multi/pom.xml
@@ -9,7 +9,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.12.BUILD-SNAPSHOT
+		2.0.12.RELEASE
 	
 
 	
diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml
index 956d06772..175d1ae39 100644
--- a/tests/annotation/pom.xml
+++ b/tests/annotation/pom.xml
@@ -4,7 +4,7 @@
 
 	org.demo
 	spring-oauth2-tests-parent
-	2.0.12.BUILD-SNAPSHOT
+	2.0.12.RELEASE
     pom
 
     
@@ -39,7 +39,7 @@
 		
 			org.springframework.security.oauth
 			spring-security-oauth2
-			2.0.12.BUILD-SNAPSHOT
+			2.0.12.RELEASE
 			
 				
 					jackson-mapper-asl
diff --git a/tests/annotation/resource/pom.xml b/tests/annotation/resource/pom.xml
index 16399f4c2..52e379bcc 100644
--- a/tests/annotation/resource/pom.xml
+++ b/tests/annotation/resource/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.12.BUILD-SNAPSHOT
+		2.0.12.RELEASE
 	
 
 	
diff --git a/tests/annotation/ssl/pom.xml b/tests/annotation/ssl/pom.xml
index 529cf27eb..986d23fa7 100644
--- a/tests/annotation/ssl/pom.xml
+++ b/tests/annotation/ssl/pom.xml
@@ -11,7 +11,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.12.BUILD-SNAPSHOT
+		2.0.12.RELEASE
 	
 
 	
diff --git a/tests/annotation/vanilla/pom.xml b/tests/annotation/vanilla/pom.xml
index 14cee7765..c76d37711 100644
--- a/tests/annotation/vanilla/pom.xml
+++ b/tests/annotation/vanilla/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.12.BUILD-SNAPSHOT
+		2.0.12.RELEASE
 	
 
 	
diff --git a/tests/pom.xml b/tests/pom.xml
index f29c8f733..bfaabd6eb 100644
--- a/tests/pom.xml
+++ b/tests/pom.xml
@@ -4,7 +4,7 @@
   
     org.springframework.security.oauth
     spring-security-oauth-parent
-    2.0.12.BUILD-SNAPSHOT
+    2.0.12.RELEASE
   
 
   spring-security-oauth-tests
diff --git a/tests/xml/approval/pom.xml b/tests/xml/approval/pom.xml
index 183509f4f..9149e0f5b 100644
--- a/tests/xml/approval/pom.xml
+++ b/tests/xml/approval/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.12.BUILD-SNAPSHOT
+		2.0.12.RELEASE
 	
 
 	
diff --git a/tests/xml/client/pom.xml b/tests/xml/client/pom.xml
index 568c4d49d..17984fdb0 100644
--- a/tests/xml/client/pom.xml
+++ b/tests/xml/client/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.12.BUILD-SNAPSHOT
+		2.0.12.RELEASE
 	
 
 	
diff --git a/tests/xml/common/pom.xml b/tests/xml/common/pom.xml
index d815de8e7..b589479e8 100644
--- a/tests/xml/common/pom.xml
+++ b/tests/xml/common/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.12.BUILD-SNAPSHOT
+		2.0.12.RELEASE
 	
 
 	
diff --git a/tests/xml/form/pom.xml b/tests/xml/form/pom.xml
index 685f58ecb..d6cc41599 100644
--- a/tests/xml/form/pom.xml
+++ b/tests/xml/form/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.12.BUILD-SNAPSHOT
+		2.0.12.RELEASE
 	
 
 	
diff --git a/tests/xml/jdbc/pom.xml b/tests/xml/jdbc/pom.xml
index d1e50d94b..cd29a8049 100644
--- a/tests/xml/jdbc/pom.xml
+++ b/tests/xml/jdbc/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.12.BUILD-SNAPSHOT
+		2.0.12.RELEASE
 	
 
 	
diff --git a/tests/xml/jwt/pom.xml b/tests/xml/jwt/pom.xml
index 600d8a782..20f323292 100644
--- a/tests/xml/jwt/pom.xml
+++ b/tests/xml/jwt/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.12.BUILD-SNAPSHOT
+		2.0.12.RELEASE
 	
 
 	
diff --git a/tests/xml/mappings/pom.xml b/tests/xml/mappings/pom.xml
index d4d0bf86d..2d20f55e6 100644
--- a/tests/xml/mappings/pom.xml
+++ b/tests/xml/mappings/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.12.BUILD-SNAPSHOT
+		2.0.12.RELEASE
 	
 
 	
diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml
index fddcd6de1..401c0000a 100644
--- a/tests/xml/pom.xml
+++ b/tests/xml/pom.xml
@@ -4,7 +4,7 @@
 
 	org.demo
 	spring-oauth2-tests-xml-parent
-	2.0.12.BUILD-SNAPSHOT
+	2.0.12.RELEASE
     pom
 
     
@@ -33,7 +33,7 @@
 		
 			org.springframework.security.oauth
 			spring-security-oauth2
-			2.0.12.BUILD-SNAPSHOT
+			2.0.12.RELEASE
 			
 				
 					jackson-mapper-asl
diff --git a/tests/xml/vanilla/pom.xml b/tests/xml/vanilla/pom.xml
index e9e1ef6f0..9b591f470 100644
--- a/tests/xml/vanilla/pom.xml
+++ b/tests/xml/vanilla/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.12.BUILD-SNAPSHOT
+		2.0.12.RELEASE
 	
 
 	

From 55e33eb1accc806cd7c0a15565cf89ea0cbfa325 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Mon, 7 Nov 2016 15:32:31 -0500
Subject: [PATCH 061/345] Revert to snapshot for 2.0.13

---
 pom.xml                                        | 2 +-
 samples/oauth/sparklr/pom.xml                  | 2 +-
 samples/oauth/tonr/pom.xml                     | 2 +-
 samples/oauth2/sparklr/pom.xml                 | 2 +-
 samples/oauth2/tonr/pom.xml                    | 2 +-
 samples/pom.xml                                | 2 +-
 spring-security-oauth/pom.xml                  | 2 +-
 spring-security-oauth2/pom.xml                 | 2 +-
 tests/annotation/approval/pom.xml              | 2 +-
 tests/annotation/client/pom.xml                | 2 +-
 tests/annotation/common/pom.xml                | 2 +-
 tests/annotation/custom-authentication/pom.xml | 2 +-
 tests/annotation/custom-grant/pom.xml          | 2 +-
 tests/annotation/form/pom.xml                  | 2 +-
 tests/annotation/jaxb/pom.xml                  | 2 +-
 tests/annotation/jdbc/pom.xml                  | 2 +-
 tests/annotation/jpa/pom.xml                   | 2 +-
 tests/annotation/jwt/pom.xml                   | 2 +-
 tests/annotation/mappings/pom.xml              | 2 +-
 tests/annotation/multi/pom.xml                 | 2 +-
 tests/annotation/pom.xml                       | 4 ++--
 tests/annotation/resource/pom.xml              | 2 +-
 tests/annotation/ssl/pom.xml                   | 2 +-
 tests/annotation/vanilla/pom.xml               | 2 +-
 tests/pom.xml                                  | 2 +-
 tests/xml/approval/pom.xml                     | 2 +-
 tests/xml/client/pom.xml                       | 2 +-
 tests/xml/common/pom.xml                       | 2 +-
 tests/xml/form/pom.xml                         | 2 +-
 tests/xml/jdbc/pom.xml                         | 2 +-
 tests/xml/jwt/pom.xml                          | 2 +-
 tests/xml/mappings/pom.xml                     | 2 +-
 tests/xml/pom.xml                              | 4 ++--
 tests/xml/vanilla/pom.xml                      | 2 +-
 34 files changed, 36 insertions(+), 36 deletions(-)

diff --git a/pom.xml b/pom.xml
index bca831cec..7788c1181 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
   OAuth for Spring Security
   Parent Project for OAuth Support for Spring Security
   pom
-  2.0.12.RELEASE
+  2.0.13.BUILD-SNAPSHOT
   http://static.springframework.org/spring-security/oauth
 
   
diff --git a/samples/oauth/sparklr/pom.xml b/samples/oauth/sparklr/pom.xml
index 9d2a82488..4cc3debd2 100644
--- a/samples/oauth/sparklr/pom.xml
+++ b/samples/oauth/sparklr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.12.RELEASE
+		2.0.13.BUILD-SNAPSHOT
 		../../..
 	
 
diff --git a/samples/oauth/tonr/pom.xml b/samples/oauth/tonr/pom.xml
index f921ec9dd..570abf329 100644
--- a/samples/oauth/tonr/pom.xml
+++ b/samples/oauth/tonr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.12.RELEASE
+		2.0.13.BUILD-SNAPSHOT
 		../../..
 	
 
diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml
index 6d2ab3fd9..fa285f8af 100644
--- a/samples/oauth2/sparklr/pom.xml
+++ b/samples/oauth2/sparklr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.12.RELEASE
+		2.0.13.BUILD-SNAPSHOT
 		../../..
 	
 
diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml
index 7bf1a6e6c..1131e00b1 100644
--- a/samples/oauth2/tonr/pom.xml
+++ b/samples/oauth2/tonr/pom.xml
@@ -6,7 +6,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.12.RELEASE
+		2.0.13.BUILD-SNAPSHOT
 		../../..
 	
 
diff --git a/samples/pom.xml b/samples/pom.xml
index 2e625c13d..2c56b940a 100755
--- a/samples/pom.xml
+++ b/samples/pom.xml
@@ -4,7 +4,7 @@
   
     org.springframework.security.oauth
     spring-security-oauth-parent
-    2.0.12.RELEASE
+    2.0.13.BUILD-SNAPSHOT
   
 
   spring-security-oauth-samples
diff --git a/spring-security-oauth/pom.xml b/spring-security-oauth/pom.xml
index 7404397bc..7dd4a4c1d 100644
--- a/spring-security-oauth/pom.xml
+++ b/spring-security-oauth/pom.xml
@@ -4,7 +4,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.12.RELEASE
+		2.0.13.BUILD-SNAPSHOT
 	
 
 	spring-security-oauth
diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml
index baa77dc44..4949b5ba2 100644
--- a/spring-security-oauth2/pom.xml
+++ b/spring-security-oauth2/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.12.RELEASE
+		2.0.13.BUILD-SNAPSHOT
 	
 
 	spring-security-oauth2
diff --git a/tests/annotation/approval/pom.xml b/tests/annotation/approval/pom.xml
index 143598aff..2dc67ad4d 100644
--- a/tests/annotation/approval/pom.xml
+++ b/tests/annotation/approval/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.12.RELEASE
+		2.0.13.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/client/pom.xml b/tests/annotation/client/pom.xml
index 76dcdfeaf..555854c6d 100644
--- a/tests/annotation/client/pom.xml
+++ b/tests/annotation/client/pom.xml
@@ -11,7 +11,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.12.RELEASE
+		2.0.13.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/common/pom.xml b/tests/annotation/common/pom.xml
index ff4ddcded..6491f1938 100644
--- a/tests/annotation/common/pom.xml
+++ b/tests/annotation/common/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.12.RELEASE
+		2.0.13.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/custom-authentication/pom.xml b/tests/annotation/custom-authentication/pom.xml
index 097b3804d..f2f8cb481 100644
--- a/tests/annotation/custom-authentication/pom.xml
+++ b/tests/annotation/custom-authentication/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.12.RELEASE
+		2.0.13.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/custom-grant/pom.xml b/tests/annotation/custom-grant/pom.xml
index 95ad44061..3ef3ac2de 100644
--- a/tests/annotation/custom-grant/pom.xml
+++ b/tests/annotation/custom-grant/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.12.RELEASE
+		2.0.13.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/form/pom.xml b/tests/annotation/form/pom.xml
index d86d2a06a..311156648 100644
--- a/tests/annotation/form/pom.xml
+++ b/tests/annotation/form/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.12.RELEASE
+		2.0.13.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/jaxb/pom.xml b/tests/annotation/jaxb/pom.xml
index 397fccf6a..05fc8f4cd 100644
--- a/tests/annotation/jaxb/pom.xml
+++ b/tests/annotation/jaxb/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.12.RELEASE
+		2.0.13.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/jdbc/pom.xml b/tests/annotation/jdbc/pom.xml
index 57b8f250b..b38274a78 100644
--- a/tests/annotation/jdbc/pom.xml
+++ b/tests/annotation/jdbc/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.12.RELEASE
+		2.0.13.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/jpa/pom.xml b/tests/annotation/jpa/pom.xml
index ea8366077..b82319fc0 100644
--- a/tests/annotation/jpa/pom.xml
+++ b/tests/annotation/jpa/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.12.RELEASE
+		2.0.13.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/jwt/pom.xml b/tests/annotation/jwt/pom.xml
index 294e4775a..6d92b9026 100644
--- a/tests/annotation/jwt/pom.xml
+++ b/tests/annotation/jwt/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.12.RELEASE
+		2.0.13.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/mappings/pom.xml b/tests/annotation/mappings/pom.xml
index 7a03d5234..8346ed914 100644
--- a/tests/annotation/mappings/pom.xml
+++ b/tests/annotation/mappings/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.12.RELEASE
+		2.0.13.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/multi/pom.xml b/tests/annotation/multi/pom.xml
index aaffd69c8..e2634b7c1 100644
--- a/tests/annotation/multi/pom.xml
+++ b/tests/annotation/multi/pom.xml
@@ -9,7 +9,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.12.RELEASE
+		2.0.13.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml
index 175d1ae39..411d5a2bf 100644
--- a/tests/annotation/pom.xml
+++ b/tests/annotation/pom.xml
@@ -4,7 +4,7 @@
 
 	org.demo
 	spring-oauth2-tests-parent
-	2.0.12.RELEASE
+	2.0.13.BUILD-SNAPSHOT
     pom
 
     
@@ -39,7 +39,7 @@
 		
 			org.springframework.security.oauth
 			spring-security-oauth2
-			2.0.12.RELEASE
+			2.0.13.BUILD-SNAPSHOT
 			
 				
 					jackson-mapper-asl
diff --git a/tests/annotation/resource/pom.xml b/tests/annotation/resource/pom.xml
index 52e379bcc..6d3b500f1 100644
--- a/tests/annotation/resource/pom.xml
+++ b/tests/annotation/resource/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.12.RELEASE
+		2.0.13.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/ssl/pom.xml b/tests/annotation/ssl/pom.xml
index 986d23fa7..13dbe9cd3 100644
--- a/tests/annotation/ssl/pom.xml
+++ b/tests/annotation/ssl/pom.xml
@@ -11,7 +11,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.12.RELEASE
+		2.0.13.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/vanilla/pom.xml b/tests/annotation/vanilla/pom.xml
index c76d37711..590597180 100644
--- a/tests/annotation/vanilla/pom.xml
+++ b/tests/annotation/vanilla/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.12.RELEASE
+		2.0.13.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/pom.xml b/tests/pom.xml
index bfaabd6eb..4d58bbcb0 100644
--- a/tests/pom.xml
+++ b/tests/pom.xml
@@ -4,7 +4,7 @@
   
     org.springframework.security.oauth
     spring-security-oauth-parent
-    2.0.12.RELEASE
+    2.0.13.BUILD-SNAPSHOT
   
 
   spring-security-oauth-tests
diff --git a/tests/xml/approval/pom.xml b/tests/xml/approval/pom.xml
index 9149e0f5b..f66b6a0f6 100644
--- a/tests/xml/approval/pom.xml
+++ b/tests/xml/approval/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.12.RELEASE
+		2.0.13.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/client/pom.xml b/tests/xml/client/pom.xml
index 17984fdb0..349d602a2 100644
--- a/tests/xml/client/pom.xml
+++ b/tests/xml/client/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.12.RELEASE
+		2.0.13.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/common/pom.xml b/tests/xml/common/pom.xml
index b589479e8..654689b20 100644
--- a/tests/xml/common/pom.xml
+++ b/tests/xml/common/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.12.RELEASE
+		2.0.13.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/form/pom.xml b/tests/xml/form/pom.xml
index d6cc41599..e6302c055 100644
--- a/tests/xml/form/pom.xml
+++ b/tests/xml/form/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.12.RELEASE
+		2.0.13.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/jdbc/pom.xml b/tests/xml/jdbc/pom.xml
index cd29a8049..e777afb3d 100644
--- a/tests/xml/jdbc/pom.xml
+++ b/tests/xml/jdbc/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.12.RELEASE
+		2.0.13.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/jwt/pom.xml b/tests/xml/jwt/pom.xml
index 20f323292..965689999 100644
--- a/tests/xml/jwt/pom.xml
+++ b/tests/xml/jwt/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.12.RELEASE
+		2.0.13.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/mappings/pom.xml b/tests/xml/mappings/pom.xml
index 2d20f55e6..84d9a32d9 100644
--- a/tests/xml/mappings/pom.xml
+++ b/tests/xml/mappings/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.12.RELEASE
+		2.0.13.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml
index 401c0000a..421c0c48a 100644
--- a/tests/xml/pom.xml
+++ b/tests/xml/pom.xml
@@ -4,7 +4,7 @@
 
 	org.demo
 	spring-oauth2-tests-xml-parent
-	2.0.12.RELEASE
+	2.0.13.BUILD-SNAPSHOT
     pom
 
     
@@ -33,7 +33,7 @@
 		
 			org.springframework.security.oauth
 			spring-security-oauth2
-			2.0.12.RELEASE
+			2.0.13.BUILD-SNAPSHOT
 			
 				
 					jackson-mapper-asl
diff --git a/tests/xml/vanilla/pom.xml b/tests/xml/vanilla/pom.xml
index 9b591f470..f64a2d1f2 100644
--- a/tests/xml/vanilla/pom.xml
+++ b/tests/xml/vanilla/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.12.RELEASE
+		2.0.13.BUILD-SNAPSHOT
 	
 
 	

From 225cb264f3fc1d364ceaf48ff71db62f72627cad Mon Sep 17 00:00:00 2001
From: Benjamin Ihrig 
Date: Mon, 14 Nov 2016 13:57:21 +0100
Subject: [PATCH 062/345] Remove unnessesary try-catch block.

---
 .../token/store/JwtAccessTokenConverter.java  | 23 +++++++------------
 1 file changed, 8 insertions(+), 15 deletions(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtAccessTokenConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtAccessTokenConverter.java
index fe0c5cf0a..0754d0970 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtAccessTokenConverter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtAccessTokenConverter.java
@@ -52,10 +52,10 @@
  * Helper that translates between JWT encoded token values and OAuth authentication
  * information (in both directions). Also acts as a {@link TokenEnhancer} when tokens are
  * granted.
- * 
+ *
  * @see TokenEnhancer
  * @see AccessTokenConverter
- * 
+ *
  * @author Dave Syer
  * @author Luke Taylor
  */
@@ -116,7 +116,7 @@ public OAuth2Authentication extractAuthentication(Map map) {
 
 	/**
 	 * Unconditionally set the verifier (the verifer key is then ignored).
-	 * 
+	 *
 	 * @param verifier the value to use
 	 */
 	public void setVerifier(SignatureVerifier verifier) {
@@ -125,7 +125,7 @@ public void setVerifier(SignatureVerifier verifier) {
 
 	/**
 	 * Unconditionally set the signer to use (if needed). The signer key is then ignored.
-	 * 
+	 *
 	 * @param signer the value to use
 	 */
 	public void setSigner(Signer signer) {
@@ -134,7 +134,7 @@ public void setSigner(Signer signer) {
 
 	/**
 	 * Get the verification key for the token signatures.
-	 * 
+	 *
 	 * @return the key used to verify tokens
 	 */
 	public Map getKey() {
@@ -157,7 +157,7 @@ public void setKeyPair(KeyPair keyPair) {
 	/**
 	 * Sets the JWT signing key. It can be either a simple MAC key or an RSA key. RSA keys
 	 * should be in OpenSSH format, as produced by ssh-keygen.
-	 * 
+	 *
 	 * @param key the key to be used for signing JWTs.
 	 */
 	public void setSigningKey(String key) {
@@ -194,22 +194,15 @@ public boolean isPublic() {
 	/**
 	 * The key used for verifying signatures produced by this class. This is not used but
 	 * is returned from the endpoint to allow resource servers to obtain the key.
-	 * 
+	 *
 	 * For an HMAC key it will be the same value as the signing key and does not need to
 	 * be set. For and RSA key, it should be set to the String representation of the
 	 * public key, in a standard format (e.g. OpenSSH keys)
-	 * 
+	 *
 	 * @param key the signature verification key (typically an RSA public key)
 	 */
 	public void setVerifierKey(String key) {
 		this.verifierKey = key;
-		try {
-			new RsaSigner(verifierKey);
-			throw new IllegalArgumentException("Private key cannot be set as verifierKey property");
-		}
-		catch (Exception expected) {
-			// Expected
-		}
 	}
 
 	public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {

From a22757450edb64b92358f3009e6c3684d36ebb02 Mon Sep 17 00:00:00 2001
From: Dave Syer 
Date: Wed, 16 Nov 2016 16:14:22 +0000
Subject: [PATCH 063/345] Update bouncy castle to 1.55 for 1.0.6

---
 spring-security-jwt/pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/spring-security-jwt/pom.xml b/spring-security-jwt/pom.xml
index 4d8535614..4b9f6d747 100755
--- a/spring-security-jwt/pom.xml
+++ b/spring-security-jwt/pom.xml
@@ -5,7 +5,7 @@
 
 	org.springframework.security
 	spring-security-jwt
-	1.0.6.BUILD-SNAPSHOT
+	1.0.6.RELEASE
 	jar
 	Spring Security JWT Library
 
@@ -29,7 +29,7 @@
 		
 			org.bouncycastle
 			bcpkix-jdk15on
-			1.47
+			1.55
 		
 
 		

From 8f037a291d548229d558c9aeca506810948e2910 Mon Sep 17 00:00:00 2001
From: Dave Syer 
Date: Wed, 16 Nov 2016 16:16:01 +0000
Subject: [PATCH 064/345] Revert to snapshots

---
 spring-security-jwt/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spring-security-jwt/pom.xml b/spring-security-jwt/pom.xml
index 4b9f6d747..7b3ecbb6f 100755
--- a/spring-security-jwt/pom.xml
+++ b/spring-security-jwt/pom.xml
@@ -5,7 +5,7 @@
 
 	org.springframework.security
 	spring-security-jwt
-	1.0.6.RELEASE
+	1.0.7.BUILD-SNAPSHOT
 	jar
 	Spring Security JWT Library
 

From 552bac06cba2b191baeb45ef0dcb4158b40b6460 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Thu, 17 Nov 2016 09:45:59 -0500
Subject: [PATCH 065/345] Allow independent configuration of
 check-token-endpoint-url

Fixes gh-897
---
 ...thorizationServerBeanDefinitionParser.java | 33 +++++++++----------
 ...zationServerBeanDefinitionParserTests.java | 30 +++++++++++++----
 ...ion-server-check-token-custom-endpoint.xml | 16 +++++++++
 3 files changed, 55 insertions(+), 24 deletions(-)
 create mode 100644 spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/config/xml/authorization-server-check-token-custom-endpoint.xml

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/AuthorizationServerBeanDefinitionParser.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/AuthorizationServerBeanDefinitionParser.java
index 6cd39dc75..391d74a8c 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/AuthorizationServerBeanDefinitionParser.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/AuthorizationServerBeanDefinitionParser.java
@@ -13,8 +13,6 @@
 
 package org.springframework.security.oauth2.config.xml;
 
-import java.util.List;
-
 import org.springframework.beans.BeanMetadataElement;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
 import org.springframework.beans.factory.config.TypedStringValue;
@@ -29,11 +27,7 @@
 import org.springframework.security.oauth2.provider.client.ClientCredentialsTokenGranter;
 import org.springframework.security.oauth2.provider.code.AuthorizationCodeTokenGranter;
 import org.springframework.security.oauth2.provider.code.InMemoryAuthorizationCodeServices;
-import org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint;
-import org.springframework.security.oauth2.provider.endpoint.CheckTokenEndpoint;
-import org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping;
-import org.springframework.security.oauth2.provider.endpoint.TokenEndpoint;
-import org.springframework.security.oauth2.provider.endpoint.WhitelabelApprovalEndpoint;
+import org.springframework.security.oauth2.provider.endpoint.*;
 import org.springframework.security.oauth2.provider.implicit.ImplicitTokenGranter;
 import org.springframework.security.oauth2.provider.password.ResourceOwnerPasswordTokenGranter;
 import org.springframework.security.oauth2.provider.refresh.RefreshTokenGranter;
@@ -43,6 +37,8 @@
 import org.springframework.util.xml.DomUtils;
 import org.w3c.dom.Element;
 
+import java.util.List;
+
 /**
  * Parser for the OAuth "provider" element.
  * 
@@ -299,21 +295,12 @@ protected AbstractBeanDefinition parseEndpointAndReturnFilter(Element element,
 					oAuth2RequestValidatorRef);
 		}
 
-		if (StringUtils.hasText(enableCheckToken) && enableCheckToken.equals("true")) {
-			// configure the check token endpoint
-			BeanDefinitionBuilder checkTokenEndpointBean = BeanDefinitionBuilder
-					.rootBeanDefinition(CheckTokenEndpoint.class);
-			checkTokenEndpointBean.addConstructorArgReference(tokenServicesRef);
-			parserContext.getRegistry().registerBeanDefinition("oauth2CheckTokenEndpoint",
-					checkTokenEndpointBean.getBeanDefinition());
-		}
-
 		// Register a handler mapping that can detect the auth server endpoints
 		BeanDefinitionBuilder handlerMappingBean = BeanDefinitionBuilder
 				.rootBeanDefinition(FrameworkEndpointHandlerMapping.class);
+		ManagedMap mappings = new ManagedMap();
 		if (StringUtils.hasText(tokenEndpointUrl)
 				|| StringUtils.hasText(authorizationEndpointUrl)) {
-			ManagedMap mappings = new ManagedMap();
 			if (StringUtils.hasText(tokenEndpointUrl)) {
 				mappings.put("/oauth/token",
 						new TypedStringValue(tokenEndpointUrl, String.class));
@@ -326,12 +313,24 @@ protected AbstractBeanDefinition parseEndpointAndReturnFilter(Element element,
 				mappings.put("/oauth/confirm_access",
 						new TypedStringValue(approvalPage, String.class));
 			}
+		}
+		if (StringUtils.hasText(enableCheckToken) && enableCheckToken.equals("true")) {
+			// configure the check token endpoint
+			BeanDefinitionBuilder checkTokenEndpointBean = BeanDefinitionBuilder
+					.rootBeanDefinition(CheckTokenEndpoint.class);
+			checkTokenEndpointBean.addConstructorArgReference(tokenServicesRef);
+			parserContext.getRegistry().registerBeanDefinition("oauth2CheckTokenEndpoint",
+					checkTokenEndpointBean.getBeanDefinition());
+
 			if (StringUtils.hasText(checkTokenUrl)) {
 				mappings.put("/oauth/check_token",
 						new TypedStringValue(checkTokenUrl, String.class));
 			}
+		}
+		if (!mappings.isEmpty()) {
 			handlerMappingBean.addPropertyValue("mappings", mappings);
 		}
+
 		if (StringUtils.hasText(approvalParameter) && registerAuthorizationEndpoint) {
 			if (!StringUtils.hasText(userApprovalHandlerRef)) {
 				BeanDefinitionBuilder userApprovalHandler = BeanDefinitionBuilder
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/AuthorizationServerBeanDefinitionParserTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/AuthorizationServerBeanDefinitionParserTests.java
index aee1985ee..25431ad8d 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/AuthorizationServerBeanDefinitionParserTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/AuthorizationServerBeanDefinitionParserTests.java
@@ -12,11 +12,6 @@
  */
 package org.springframework.security.oauth2.config.xml;
 
-import static org.junit.Assert.assertTrue;
-
-import java.util.Arrays;
-import java.util.List;
-
 import org.junit.After;
 import org.junit.Rule;
 import org.junit.Test;
@@ -26,6 +21,12 @@
 import org.junit.runners.Parameterized.Parameters;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.context.support.GenericXmlApplicationContext;
+import org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping;
+
+import java.util.Arrays;
+import java.util.List;
+
+import static org.junit.Assert.*;
 
 /**
  * @author Dave Syer
@@ -34,8 +35,12 @@
 @RunWith(Parameterized.class)
 public class AuthorizationServerBeanDefinitionParserTests {
 
+	private static final String CHECK_TOKEN_CUSTOM_ENDPOINT_RESOURCE = "authorization-server-check-token-custom-endpoint";
+
 	private ConfigurableApplicationContext context;
 
+	private String resource;
+
 	@Rule
 	public ExpectedException expected = ExpectedException.none();
 
@@ -45,11 +50,13 @@ public static List parameters() {
 				new Object[] { "authorization-server-extras" },
 				new Object[] { "authorization-server-types" },
 				new Object[] { "authorization-server-check-token" },
-				new Object[] { "authorization-server-disable" });
+				new Object[] { "authorization-server-disable" },
+				new Object[] { CHECK_TOKEN_CUSTOM_ENDPOINT_RESOURCE });
 	}
 
 	public AuthorizationServerBeanDefinitionParserTests(String resource) {
-		context = new GenericXmlApplicationContext(getClass(), resource + ".xml");
+		this.resource = resource;
+		this.context = new GenericXmlApplicationContext(getClass(), resource + ".xml");
 	}
 
 	@After
@@ -64,4 +71,13 @@ public void testDefaults() {
 		assertTrue(context.containsBeanDefinition("oauth2AuthorizationEndpoint"));
 	}
 
+	@Test
+	public void testCheckTokenCustomEndpoint() {
+		if (!CHECK_TOKEN_CUSTOM_ENDPOINT_RESOURCE.equals(this.resource)) {
+			return;
+		}
+		FrameworkEndpointHandlerMapping frameworkEndpointHandlerMapping = context.getBean(FrameworkEndpointHandlerMapping.class);
+		assertNotNull(frameworkEndpointHandlerMapping);
+		assertEquals("/custom_check_token", frameworkEndpointHandlerMapping.getPath("/oauth/check_token"));
+	}
 }
diff --git a/spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/config/xml/authorization-server-check-token-custom-endpoint.xml b/spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/config/xml/authorization-server-check-token-custom-endpoint.xml
new file mode 100644
index 000000000..7b1eb7af4
--- /dev/null
+++ b/spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/config/xml/authorization-server-check-token-custom-endpoint.xml
@@ -0,0 +1,16 @@
+
+
+
+
+	
+		
+	
+	
+	
+		
+	
+
+

From 0c52e75bee9ff4fe97cca29cd94cefc1027ac435 Mon Sep 17 00:00:00 2001
From: Dave Syer 
Date: Mon, 28 Nov 2016 05:48:20 +0000
Subject: [PATCH 066/345] Add JwtHelper.header() convenience method to access
 headers

Exposes the headers as a map to facilitate key rotation (you look
in the header for a "kid" before you call decodeAndVerify()).
---
 spring-security-jwt/pom.xml                   |  2 +-
 .../security/jwt/JwtHelper.java               | 16 ++++++-
 .../security/jwt/JwtTests.java                | 44 ++++++++++++-------
 3 files changed, 43 insertions(+), 19 deletions(-)

diff --git a/spring-security-jwt/pom.xml b/spring-security-jwt/pom.xml
index 7b3ecbb6f..0a198b880 100755
--- a/spring-security-jwt/pom.xml
+++ b/spring-security-jwt/pom.xml
@@ -5,7 +5,7 @@
 
 	org.springframework.security
 	spring-security-jwt
-	1.0.7.BUILD-SNAPSHOT
+	1.0.7.RELEASE
 	jar
 	Spring Security JWT Library
 
diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/JwtHelper.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/JwtHelper.java
index b22cc14d9..b239a68e8 100644
--- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/JwtHelper.java
+++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/JwtHelper.java
@@ -78,6 +78,16 @@ public static Jwt decodeAndVerify(String token, SignatureVerifier verifier) {
 
 		return jwt;
 	}
+	
+	public static Map headers(String token) {
+		JwtImpl jwt = (JwtImpl) decode(token);
+		Map map = new LinkedHashMap(jwt.header.parameters.map);
+		map.put("alg", jwt.header.parameters.alg);
+		if (jwt.header.parameters.typ!=null) {
+			map.put("typ", jwt.header.parameters.typ);
+		}
+		return map;
+	}
 
 	public static Jwt encode(CharSequence content, Signer signer) {
 		return encode(content, signer, Collections.emptyMap());
@@ -246,7 +256,7 @@ class HeaderParameters {
 }
 
 class JwtImpl implements Jwt {
-	private final JwtHeader header;
+	final JwtHeader header;
 
 	private final byte[] content;
 
@@ -303,6 +313,10 @@ public String getClaims() {
 	public String getEncoded() {
 		return utf8Decode(bytes());
 	}
+	
+	public JwtHeader header() {
+		return this.header;
+	}
 
 	@Override
 	public String toString() {
diff --git a/spring-security-jwt/src/test/java/org/springframework/security/jwt/JwtTests.java b/spring-security-jwt/src/test/java/org/springframework/security/jwt/JwtTests.java
index 0e727fd74..1cdc5793e 100644
--- a/spring-security-jwt/src/test/java/org/springframework/security/jwt/JwtTests.java
+++ b/spring-security-jwt/src/test/java/org/springframework/security/jwt/JwtTests.java
@@ -19,6 +19,7 @@
 import static org.springframework.security.jwt.JwtSpecData.N;
 
 import java.util.Collections;
+import java.util.Map;
 
 import org.junit.Test;
 import org.springframework.security.jwt.crypto.sign.InvalidSignatureException;
@@ -33,8 +34,8 @@ public class JwtTests {
 	/**
 	 * Sample from the JWT spec.
 	 */
-	static final String JOE_CLAIM_SEGMENT = "{\"iss\":\"joe\",\r\n"
-			+ " \"exp\":1300819380,\r\n" + " \"http://example.com/is_root/":true}";
+	static final String JOE_CLAIM_SEGMENT = "{\"iss\":\"joe\",\r\n" + " \"exp\":1300819380,\r\n"
+			+ " \"http://example.com/is_root/":true}";
 	static final String JOE_HEADER_HMAC = "{\"typ\":\"JWT\",\r\n" + " \"alg\":\"HS256\"}";
 	static final String JOE_HMAC_TOKEN = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9."
 			+ "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ."
@@ -54,25 +55,36 @@ public class JwtTests {
 	@Test
 	public void defaultTokenContainsType() throws Exception {
 		Jwt token = JwtHelper.encode(JOE_CLAIM_SEGMENT, hmac);
-		assertTrue("Wrong header: " + token,
-				token.toString().contains("\"alg\":\"HS256\",\"typ\":\"JWT\""));
+		assertTrue("Wrong header: " + token, token.toString().contains("\"alg\":\"HS256\",\"typ\":\"JWT\""));
+	}
+
+	@Test
+	public void inspectCustomHeaders() throws Exception {
+		Map headers = JwtHelper.headers(
+				JwtHelper.encode(JOE_CLAIM_SEGMENT, hmac, Collections.singletonMap("foo", "bar")).getEncoded());
+		assertEquals("Wrong header: " + headers, "bar", headers.get("foo"));
+		assertEquals("Wrong header: " + headers, "HS256", headers.get("alg"));
+		assertEquals("Wrong header: " + headers, "JWT", headers.get("typ"));
+	}
+
+	@Test
+	public void inspectHeaders() throws Exception {
+		Map headers = JwtHelper.headers(JOE_RSA_TOKEN);
+		assertEquals("Wrong header: " + headers, "RS256", headers.get("alg"));
+		assertEquals("Wrong header: " + headers, "JWT", headers.get("typ"));
 	}
 
 	@Test
 	public void roundTripCustomHeaders() throws Exception {
-		Jwt token = JwtHelper.decode(JwtHelper
-				.encode(JOE_CLAIM_SEGMENT, hmac, Collections.singletonMap("foo", "bar"))
-				.getEncoded());
-		assertTrue("Wrong header: " + token,
-				token.toString().contains("\"foo\":\"bar\""));
+		Jwt token = JwtHelper
+				.decode(JwtHelper.encode(JOE_CLAIM_SEGMENT, hmac, Collections.singletonMap("foo", "bar")).getEncoded());
+		assertTrue("Wrong header: " + token, token.toString().contains("\"foo\":\"bar\""));
 	}
 
 	@Test
 	public void roundTripClaims() throws Exception {
-		Jwt token = JwtHelper
-				.decode(JwtHelper.encode(JOE_CLAIM_SEGMENT, hmac).getEncoded());
-		assertTrue("Wrong header: " + token,
-				token.toString().contains("\"alg\":\"HS256\",\"typ\":\"JWT\""));
+		Jwt token = JwtHelper.decode(JwtHelper.encode(JOE_CLAIM_SEGMENT, hmac).getEncoded());
+		assertTrue("Wrong header: " + token, token.toString().contains("\"alg\":\"HS256\",\"typ\":\"JWT\""));
 	}
 
 	@Test
@@ -100,14 +112,12 @@ public void hmacSignedTokenParsesAndVerifies() {
 
 	@Test(expected = InvalidSignatureException.class)
 	public void invalidHmacSignatureRaisesException() {
-		JwtHelper.decode(JOE_HMAC_TOKEN)
-				.verifySignature(new MacSigner("differentkey".getBytes()));
+		JwtHelper.decode(JOE_HMAC_TOKEN).verifySignature(new MacSigner("differentkey".getBytes()));
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void tokenMissingSignatureIsRejected() {
-		JwtHelper
-				.decode(JOE_HMAC_TOKEN.substring(0, JOE_HMAC_TOKEN.lastIndexOf('.') + 1));
+		JwtHelper.decode(JOE_HMAC_TOKEN.substring(0, JOE_HMAC_TOKEN.lastIndexOf('.') + 1));
 	}
 
 	@Test

From a8780322eeabb8184cdde12d49f87e6deefc90dd Mon Sep 17 00:00:00 2001
From: Dave Syer 
Date: Mon, 28 Nov 2016 05:53:06 +0000
Subject: [PATCH 067/345] Revert to snapshots in JWT

---
 spring-security-jwt/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spring-security-jwt/pom.xml b/spring-security-jwt/pom.xml
index 0a198b880..12aaf8300 100755
--- a/spring-security-jwt/pom.xml
+++ b/spring-security-jwt/pom.xml
@@ -5,7 +5,7 @@
 
 	org.springframework.security
 	spring-security-jwt
-	1.0.7.RELEASE
+	1.0.8.RELEASE
 	jar
 	Spring Security JWT Library
 

From 8d59682335c3feab85fb8ce05e0b6c93c49f9b87 Mon Sep 17 00:00:00 2001
From: "Fitzgerald, Andrew" 
Date: Sat, 19 Mar 2016 23:17:29 -0400
Subject: [PATCH 068/345] Allow default handling when
 HttpMessageConversionException occurs.

Currently in the OAuth2ErrorHandler if the extractor encounters an HttpMessageConversionException, that HttpMessageConversionException is thrown and no status code is propogated to the user.  This update catches and ignores HttpMessageConversionExceptions and proceeds with error handling, resulting in the user obtaining a more useful exception.

Fixes gh-719
---
 .../client/http/OAuth2ErrorHandler.java       |  4 ++
 .../client/http/OAuth2ErrorHandlerTests.java  | 59 ++++++++++++++++++-
 2 files changed, 62 insertions(+), 1 deletion(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorHandler.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorHandler.java
index 288b1aadf..715a32bf0 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorHandler.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorHandler.java
@@ -18,6 +18,7 @@
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.client.ClientHttpResponse;
+import org.springframework.http.converter.HttpMessageConversionException;
 import org.springframework.http.converter.HttpMessageConverter;
 import org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException;
 import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
@@ -140,6 +141,9 @@ public int getRawStatusCode() throws IOException {
 				catch (RestClientException e) {
 					// ignore
 				}
+				catch (HttpMessageConversionException e){
+					// ignore
+				}
 
 				// first try: www-authenticate error
 				List authenticateHeaders = bufferedResponse.getHeaders().get("WWW-Authenticate");
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorHandlerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorHandlerTests.java
index b5a6ded5b..4cd63d393 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorHandlerTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorHandlerTests.java
@@ -17,6 +17,7 @@
 package org.springframework.security.oauth2.client.http;
 
 import org.junit.Assert;
+import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
@@ -24,9 +25,15 @@
 import org.mockito.Mock;
 import org.mockito.runners.MockitoJUnitRunner;
 import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpInputMessage;
+import org.springframework.http.HttpOutputMessage;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.client.ClientHttpResponse;
+import org.springframework.http.converter.HttpMessageConversionException;
+import org.springframework.http.converter.HttpMessageConverter;
+import org.springframework.http.converter.HttpMessageNotReadableException;
+import org.springframework.http.converter.HttpMessageNotWritableException;
 import org.springframework.security.oauth2.client.resource.BaseOAuth2ProtectedResourceDetails;
 import org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException;
 import org.springframework.security.oauth2.common.exceptions.UserDeniedAuthorizationException;
@@ -38,6 +45,8 @@
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
 
 import static org.mockito.Mockito.when;
 
@@ -99,7 +108,13 @@ public void close() {
 		}
 	}
 
-	private OAuth2ErrorHandler handler = new OAuth2ErrorHandler(resource);
+	private OAuth2ErrorHandler handler;
+
+	@Before
+	public void setUp() throws Exception {
+		handler = new OAuth2ErrorHandler(resource);
+
+	}
 
 	/**
 	 * test response with www-authenticate header
@@ -255,4 +270,46 @@ public void testHandleErrorWhenAccessDeniedMessageAndStatus403ThenThrowsOAuth2Ac
 		expected.expect(OAuth2AccessDeniedException.class);
 		handler.handleError(response);
 	}
+
+	@Test
+	public void testHandleMessageConversionExceptions() throws Exception {
+		HttpMessageConverter extractor = new HttpMessageConverter() {
+			@Override
+			public boolean canRead(Class clazz, MediaType mediaType) {
+				return true;
+			}
+
+			@Override
+			public boolean canWrite(Class clazz, MediaType mediaType) {
+				return false;
+			}
+
+			@Override
+			public List getSupportedMediaTypes() {
+				return null;
+			}
+
+			@Override
+			public Object read(Class clazz, HttpInputMessage inputMessage) throws IOException, HttpMessageNotReadableException {
+				throw new HttpMessageConversionException("error");
+			}
+
+			@Override
+			public void write(Object o, MediaType contentType, HttpOutputMessage outputMessage) throws IOException, HttpMessageNotWritableException {
+
+			}
+		};
+
+		ArrayList> messageConverters = new ArrayList>();
+		messageConverters.add(extractor);
+		handler.setMessageConverters(messageConverters);
+
+		HttpHeaders headers = new HttpHeaders();
+		final String appSpecificBodyContent = "This user is not authorized";
+		InputStream appSpecificErrorBody = new ByteArrayInputStream(appSpecificBodyContent.getBytes("UTF-8"));
+		ClientHttpResponse response = new TestClientHttpResponse(headers, 401, appSpecificErrorBody);
+
+		expected.expect(HttpClientErrorException.class);
+		handler.handleError(response);
+	}
 }

From 49bdbab0ff3a582d88bc0779ac73d0a814939f6c Mon Sep 17 00:00:00 2001
From: Dave Syer 
Date: Wed, 21 Dec 2016 09:28:34 +0000
Subject: [PATCH 069/345] Add explicit media type to request attributes

As a workaround for gh-427
---
 .../oauth/examples/tonr/mvc/SparklrController.java         | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/samples/oauth2/tonr/src/main/java/org/springframework/security/oauth/examples/tonr/mvc/SparklrController.java b/samples/oauth2/tonr/src/main/java/org/springframework/security/oauth/examples/tonr/mvc/SparklrController.java
index eac4a2147..05e0290e1 100644
--- a/samples/oauth2/tonr/src/main/java/org/springframework/security/oauth/examples/tonr/mvc/SparklrController.java
+++ b/samples/oauth2/tonr/src/main/java/org/springframework/security/oauth/examples/tonr/mvc/SparklrController.java
@@ -2,6 +2,7 @@
 
 import java.awt.image.BufferedImage;
 import java.io.InputStream;
+import java.util.Collections;
 import java.util.Iterator;
 
 import javax.imageio.ImageIO;
@@ -9,6 +10,7 @@
 import javax.imageio.ImageReader;
 import javax.imageio.stream.MemoryCacheImageInputStream;
 import javax.servlet.UnavailableException;
+import javax.servlet.http.HttpServletRequest;
 
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
@@ -20,6 +22,7 @@
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.servlet.HandlerMapping;
 
 /**
  * @author Ryan Heaton
@@ -37,7 +40,7 @@ public String photos(Model model) throws Exception {
 	}
 
 	@RequestMapping("/sparklr/photos/{id}")
-	public ResponseEntity photo(@PathVariable String id) throws Exception {
+	public ResponseEntity photo(@PathVariable String id, HttpServletRequest request) throws Exception {
 		InputStream photo = sparklrService.loadSparklrPhoto(id);
 		if (photo == null) {
 			throw new UnavailableException("The requested photo does not exist");
@@ -56,6 +59,8 @@ public ResponseEntity photo(@PathVariable String id) throws Excep
 		}
 		HttpHeaders headers = new HttpHeaders();
 		headers.setContentType(MediaType.IMAGE_JPEG);
+		request.setAttribute(HandlerMapping.PRODUCIBLE_MEDIA_TYPES_ATTRIBUTE,
+				Collections.singleton(MediaType.IMAGE_JPEG));
 		return new ResponseEntity(body, headers, HttpStatus.OK);
 	}
 

From d57ba27792da8b3915956db53cb85af7f3d05ba3 Mon Sep 17 00:00:00 2001
From: Dave Syer 
Date: Wed, 21 Dec 2016 10:09:03 +0000
Subject: [PATCH 070/345] Remove jsonp response from sparklr2

It's not big and it's not clever, but we can use JQuery promises
to do pretty much the same thing without the XSS vulnerability
that we get by using jsonp.
---
 .../examples/sparklr/mvc/PhotoController.java | 11 +------
 .../oauth2/sparklr/src/main/webapp/index.jsp  | 30 ++++++++++---------
 2 files changed, 17 insertions(+), 24 deletions(-)

diff --git a/samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/mvc/PhotoController.java b/samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/mvc/PhotoController.java
index dbf46e35f..2e467e5fa 100644
--- a/samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/mvc/PhotoController.java
+++ b/samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/mvc/PhotoController.java
@@ -16,7 +16,6 @@
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
 
 /**
@@ -49,13 +48,9 @@ public ResponseEntity getPhoto(@PathVariable("photoId") String id) throw
 	}
 
 	@RequestMapping(value = "/photos", params = "format=json")
-	public ResponseEntity getJsonPhotos(@RequestParam(value = "callback", required = false) String callback,
-			Principal principal) {
+	public ResponseEntity getJsonPhotos(Principal principal) {
 		Collection photos = getPhotoService().getPhotosForCurrentUser(principal.getName());
 		StringBuilder out = new StringBuilder();
-		if (callback != null) {
-			out.append(callback).append("( ");
-		}
 		out.append("{ \"photos\" : [ ");
 		Iterator photosIt = photos.iterator();
 		while (photosIt.hasNext()) {
@@ -66,10 +61,6 @@ public ResponseEntity getJsonPhotos(@RequestParam(value = "callback", re
 			}
 		}
 		out.append("] }");
-		if (callback != null) {
-			out.append(" )");
-		}
-
 		HttpHeaders headers = new HttpHeaders();
 		headers.set("Content-Type", "application/javascript");
 		return new ResponseEntity(out.toString(), headers, HttpStatus.OK);
diff --git a/samples/oauth2/sparklr/src/main/webapp/index.jsp b/samples/oauth2/sparklr/src/main/webapp/index.jsp
index 3e96a2a2e..3ba0caa50 100644
--- a/samples/oauth2/sparklr/src/main/webapp/index.jsp
+++ b/samples/oauth2/sparklr/src/main/webapp/index.jsp
@@ -13,17 +13,6 @@
 
 
-
-	
-
 
 
 
@@ -48,9 +37,22 @@
 
 			
Your Photos

 
-			

-				
+			

+				
 			

 		
 

From a06049ed41a2cac993aa068c899cf03ff2d03910 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Mon, 16 Jan 2017 12:26:43 -0500
Subject: [PATCH 071/345] Provide default impl
 ResourceServerConfigurerAdapter.configure(http)

Fixes gh-948
---
 .../web/configuration/ResourceServerConfigurerAdapter.java       | 1 +
 1 file changed, 1 insertion(+)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfigurerAdapter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfigurerAdapter.java
index 6de516caa..1ab229281 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfigurerAdapter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfigurerAdapter.java
@@ -27,6 +27,7 @@ public void configure(ResourceServerSecurityConfigurer resources) throws Excepti
 
 	@Override
 	public void configure(HttpSecurity http) throws Exception {
+		http.authorizeRequests().anyRequest().authenticated();
 	}
 
 }

From 6abfce20a70969873333ecde27684aab3afca64d Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Mon, 16 Jan 2017 15:13:07 -0500
Subject: [PATCH 072/345] Bump spring-security 3.2.8.RELEASE -> 3.2.10.RELEASE

Fixes gh-945
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 7788c1181..3d5e79f56 100644
--- a/pom.xml
+++ b/pom.xml
@@ -20,7 +20,7 @@
     UTF-8
     1.9
     4.0.9.RELEASE
-    3.2.8.RELEASE
+    3.2.10.RELEASE
     1.6
   
 

From f66a16581f860354cb5323cc4af4eaf781edf3ba Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Mon, 13 Feb 2017 15:16:13 -0500
Subject: [PATCH 073/345] Add TokenStore supporting Jwk verification

Fixes gh-271
---
 .../token/store/jwk/JwkAttributes.java        |  35 ++++
 .../token/store/jwk/JwkDefinition.java        | 168 ++++++++++++++++++
 .../token/store/jwk/JwkDefinitionSource.java  | 117 ++++++++++++
 .../token/store/jwk/JwkException.java         |  42 +++++
 .../token/store/jwk/JwkSetConverter.java      | 144 +++++++++++++++
 .../token/store/jwk/JwkTokenStore.java        | 109 ++++++++++++
 .../JwkVerifyingJwtAccessTokenConverter.java  |  91 ++++++++++
 .../token/store/jwk/JwtHeaderConverter.java   |  68 +++++++
 .../token/store/jwk/RSAJwkDefinition.java     |  43 +++++
 9 files changed, 817 insertions(+)
 create mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkAttributes.java
 create mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinition.java
 create mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java
 create mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkException.java
 create mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java
 create mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java
 create mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java
 create mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverter.java
 create mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/RSAJwkDefinition.java

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkAttributes.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkAttributes.java
new file mode 100644
index 000000000..72769bbc0
--- /dev/null
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkAttributes.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.provider.token.store.jwk;
+
+/**
+ * @author Joe Grandja
+ */
+final class JwkAttributes {
+	static final String KEY_ID = "kid";
+
+	static final String KEY_TYPE = "kty";
+
+	static final String ALGORITHM = "alg";
+
+	static final String PUBLIC_KEY_USE = "use";
+
+	static final String RSA_PUBLIC_KEY_MODULUS = "n";
+
+	static final String RSA_PUBLIC_KEY_EXPONENT = "e";
+
+	static final String KEYS = "keys";
+}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinition.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinition.java
new file mode 100644
index 000000000..93caa5a5c
--- /dev/null
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinition.java
@@ -0,0 +1,168 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.provider.token.store.jwk;
+
+/**
+ * @author Joe Grandja
+ */
+abstract class JwkDefinition {
+	private final String keyId;
+	private final KeyType keyType;
+	private final PublicKeyUse publicKeyUse;
+	private final CryptoAlgorithm algorithm;
+
+	protected JwkDefinition(String keyId,
+							KeyType keyType,
+							PublicKeyUse publicKeyUse,
+							CryptoAlgorithm algorithm) {
+		this.keyId = keyId;
+		this.keyType = keyType;
+		this.publicKeyUse = publicKeyUse;
+		this.algorithm = algorithm;
+	}
+
+	String getKeyId() {
+		return this.keyId;
+	}
+
+	KeyType getKeyType() {
+		return this.keyType;
+	}
+
+	PublicKeyUse getPublicKeyUse() {
+		return this.publicKeyUse;
+	}
+
+	CryptoAlgorithm getAlgorithm() {
+		return this.algorithm;
+	}
+
+	@Override
+	public boolean equals(Object obj) {
+		if (this == obj) {
+			return true;
+		}
+		if (obj == null || this.getClass() != obj.getClass()) {
+			return false;
+		}
+
+		JwkDefinition that = (JwkDefinition) obj;
+		if (!this.getKeyId().equals(that.getKeyId())) {
+			return false;
+		}
+
+		return this.getKeyType().equals(that.getKeyType());
+	}
+
+	@Override
+	public int hashCode() {
+		int result = this.getKeyId().hashCode();
+		result = 31 * result + this.getKeyType().hashCode();
+		return result;
+	}
+
+	enum KeyType {
+		RSA("RSA"),
+		EC("EC"),
+		OCT("oct");
+
+		private final String value;
+
+		KeyType(String value) {
+			this.value = value;
+		}
+
+		String value() {
+			return this.value;
+		}
+
+		static KeyType fromValue(String value) {
+			KeyType result = null;
+			for (KeyType keyType : values()) {
+				if (keyType.value().equals(value)) {
+					result = keyType;
+					break;
+				}
+			}
+			return result;
+		}
+	}
+
+	enum PublicKeyUse {
+		SIG("sig"),
+		ENC("enc");
+
+		private final String value;
+
+		PublicKeyUse(String value) {
+			this.value = value;
+		}
+
+		String value() {
+			return this.value;
+		}
+
+		static PublicKeyUse fromValue(String value) {
+			PublicKeyUse result = null;
+			for (PublicKeyUse publicKeyUse : values()) {
+				if (publicKeyUse.value().equals(value)) {
+					result = publicKeyUse;
+					break;
+				}
+			}
+			return result;
+		}
+	}
+
+	enum CryptoAlgorithm {
+		RS256("SHA256withRSA", "RS256", "RSASSA-PKCS1-v1_5 using SHA-256"),
+		RS384("SHA384withRSA", "RS384", "RSASSA-PKCS1-v1_5 using SHA-384"),
+		RS512("SHA512withRSA", "RS512", "RSASSA-PKCS1-v1_5 using SHA-512");
+
+		private final String standardName;		// JCA Standard Name
+		private final String headerParamValue;
+		private final String description;
+
+		CryptoAlgorithm(String standardName, String headerParamValue, String description) {
+			this.standardName = standardName;
+			this.headerParamValue = headerParamValue;
+			this.description = description;
+		}
+
+		String standardName() {
+			return this.standardName;
+		}
+
+		String headerParamValue() {
+			return this.headerParamValue;
+		}
+
+		String description() {
+			return this.description;
+		}
+
+		static CryptoAlgorithm fromStandardName(String standardName) {
+			CryptoAlgorithm result = null;
+			for (CryptoAlgorithm algorithm : values()) {
+				if (algorithm.standardName().equals(standardName)) {
+					result = algorithm;
+					break;
+				}
+			}
+			return result;
+		}
+	}
+}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java
new file mode 100644
index 000000000..a9f241f92
--- /dev/null
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java
@@ -0,0 +1,117 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.provider.token.store.jwk;
+
+import org.springframework.security.jwt.codec.Codecs;
+import org.springframework.security.jwt.crypto.sign.RsaVerifier;
+import org.springframework.security.jwt.crypto.sign.SignatureVerifier;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.KeyFactory;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.RSAPublicKeySpec;
+import java.util.HashMap;
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.atomic.AtomicReference;
+
+/**
+ * @author Joe Grandja
+ */
+class JwkDefinitionSource {
+	private final URL jwkSetUrl;
+	private final JwkSetConverter jwkSetConverter = new JwkSetConverter();
+	private final AtomicReference> jwkDefinitions =
+			new AtomicReference>(new HashMap());
+
+	JwkDefinitionSource(String jwkSetUrl) {
+		try {
+			this.jwkSetUrl = new URL(jwkSetUrl);
+		} catch (MalformedURLException ex) {
+			throw new IllegalArgumentException("Invalid JWK Set URL: " + ex.getMessage(), ex);
+		}
+	}
+
+	JwkDefinition getDefinition(String keyId) {
+		JwkDefinition result = null;
+		for (JwkDefinition jwkDefinition : this.jwkDefinitions.get().keySet()) {
+			if (jwkDefinition.getKeyId().equals(keyId)) {
+				result = jwkDefinition;
+				break;
+			}
+		}
+		return result;
+	}
+
+	JwkDefinition getDefinitionRefreshIfNecessary(String keyId) {
+		JwkDefinition result = this.getDefinition(keyId);
+		if (result != null) {
+			return result;
+		}
+		this.refreshJwkDefinitions();
+		return this.getDefinition(keyId);
+	}
+
+	SignatureVerifier getVerifier(String keyId) {
+		SignatureVerifier result = null;
+		JwkDefinition jwkDefinition = this.getDefinitionRefreshIfNecessary(keyId);
+		if (jwkDefinition != null) {
+			result = this.jwkDefinitions.get().get(jwkDefinition);
+		}
+		return result;
+	}
+
+	private void refreshJwkDefinitions() {
+		Set jwkDefinitionSet;
+		try {
+			jwkDefinitionSet = this.jwkSetConverter.convert(this.jwkSetUrl.openStream());
+		} catch (IOException ex) {
+			throw new JwkException("An I/O error occurred while refreshing the JWK Set: " + ex.getMessage(), ex);
+		}
+
+		Map refreshedJwkDefinitions = new LinkedHashMap();
+
+		for (JwkDefinition jwkDefinition : jwkDefinitionSet) {
+			if (JwkDefinition.KeyType.RSA.equals(jwkDefinition.getKeyType())) {
+				refreshedJwkDefinitions.put(jwkDefinition, this.createRSAVerifier((RSAJwkDefinition)jwkDefinition));
+			}
+		}
+
+		this.jwkDefinitions.set(refreshedJwkDefinitions);
+	}
+
+	private RsaVerifier createRSAVerifier(RSAJwkDefinition rsaDefinition) {
+		RsaVerifier result;
+		try {
+			BigInteger modulus = new BigInteger(Codecs.b64UrlDecode(rsaDefinition.getModulus()));
+			BigInteger exponent = new BigInteger(Codecs.b64UrlDecode(rsaDefinition.getExponent()));
+
+			RSAPublicKey rsaPublicKey = (RSAPublicKey) KeyFactory.getInstance("RSA")
+					.generatePublic(new RSAPublicKeySpec(modulus, exponent));
+
+			result = new RsaVerifier(rsaPublicKey, rsaDefinition.getAlgorithm().standardName());
+
+		} catch (Exception ex) {
+			throw new JwkException("An error occurred while creating a RSA Public Key Verifier for \"" +
+					rsaDefinition.getKeyId() + "\" : " + ex.getMessage(), ex);
+		}
+		return result;
+	}
+}
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkException.java
new file mode 100644
index 000000000..f9a5e0032
--- /dev/null
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkException.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.provider.token.store.jwk;
+
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
+
+/**
+ * @author Joe Grandja
+ */
+public class JwkException extends OAuth2Exception {
+
+	public JwkException(String message) {
+		super(message);
+	}
+
+	public JwkException(String message, Throwable cause) {
+		super(message, cause);
+	}
+
+	@Override
+	public String getOAuth2ErrorCode() {
+		return "server_error";
+	}
+
+	@Override
+	public int getHttpErrorCode() {
+		return 500;
+	}
+}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java
new file mode 100644
index 000000000..1b6964adb
--- /dev/null
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java
@@ -0,0 +1,144 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.provider.token.store.jwk;
+
+import com.fasterxml.jackson.core.JsonFactory;
+import com.fasterxml.jackson.core.JsonParser;
+import com.fasterxml.jackson.core.JsonToken;
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.util.StringUtils;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.HashMap;
+import java.util.LinkedHashSet;
+import java.util.Map;
+import java.util.Set;
+
+import static org.springframework.security.oauth2.provider.token.store.jwk.JwkAttributes.*;
+
+
+/**
+ * @author Joe Grandja
+ */
+class JwkSetConverter implements Converter> {
+	private final JsonFactory factory = new JsonFactory();
+
+	@Override
+	public Set convert(InputStream jwkSetSource) {
+		Set jwkDefinitions;
+		JsonParser parser = null;
+
+		try {
+			parser = this.factory.createParser(jwkSetSource);
+
+			if (parser.nextToken() != JsonToken.START_OBJECT) {
+				throw new JwkException("Invalid JWK Set Object.");
+			}
+			if (parser.nextToken() != JsonToken.FIELD_NAME) {
+				throw new JwkException("Invalid JWK Set Object.");
+			}
+			if (!parser.getCurrentName().equals(KEYS)) {
+				throw new JwkException("Invalid JWK Set Object. The JWK Set MUST have a \"" + KEYS + "\" attribute.");
+			}
+			if (parser.nextToken() != JsonToken.START_ARRAY) {
+				throw new JwkException("Invalid JWK Set Object. The JWK Set MUST have an array of JWK(s).");
+			}
+
+			jwkDefinitions = new LinkedHashSet();
+			Map attributes = new HashMap();
+
+			while (parser.nextToken() == JsonToken.START_OBJECT) {
+				while (parser.nextToken() == JsonToken.FIELD_NAME) {
+					String attributeName = parser.getCurrentName();
+					parser.nextToken();
+					String attributeValue = parser.getValueAsString();
+					attributes.put(attributeName, attributeValue);
+				}
+				JwkDefinition jwkDefinition = this.createJwkDefinition(attributes);
+				if (!jwkDefinitions.add(jwkDefinition)) {
+					throw new JwkException("Duplicate JWK found in Set: " +
+							jwkDefinition.getKeyId() + " (" + KEY_ID + ")");
+				}
+				attributes.clear();
+			}
+
+		} catch (IOException ex) {
+			throw new JwkException("An I/O error occurred while reading the JWK Set: " + ex.getMessage(), ex);
+		} finally {
+			try {
+				if (parser != null) parser.close();
+			} catch (IOException ex) { }
+		}
+
+		return jwkDefinitions;
+	}
+
+	private JwkDefinition createJwkDefinition(Map attributes) {
+		JwkDefinition.KeyType keyType =
+				JwkDefinition.KeyType.fromValue(attributes.get(KEY_TYPE));
+
+		if (!JwkDefinition.KeyType.RSA.equals(keyType)) {
+			throw new JwkException((keyType != null ? keyType.value() : "unknown") +
+					" (" + KEY_TYPE + ") is currently not supported.");
+		}
+
+		return this.createRSAJwkDefinition(attributes);
+	}
+
+	private JwkDefinition createRSAJwkDefinition(Map attributes) {
+		// kid
+		String keyId = attributes.get(KEY_ID);
+		if (!StringUtils.hasText(keyId)) {
+			throw new JwkException("\"" + KEY_ID + "\" is a required attribute for a JWK.");
+		}
+
+		// use
+		JwkDefinition.PublicKeyUse publicKeyUse =
+				JwkDefinition.PublicKeyUse.fromValue(attributes.get(PUBLIC_KEY_USE));
+		if (!JwkDefinition.PublicKeyUse.SIG.equals(publicKeyUse)) {
+			throw new JwkException((publicKeyUse != null ? publicKeyUse.value() : "unknown") +
+					" (" + PUBLIC_KEY_USE + ") is currently not supported.");
+		}
+
+		// alg
+		JwkDefinition.CryptoAlgorithm algorithm =
+				JwkDefinition.CryptoAlgorithm.fromStandardName(attributes.get(ALGORITHM));
+		if (!JwkDefinition.CryptoAlgorithm.RS256.equals(algorithm) &&
+				!JwkDefinition.CryptoAlgorithm.RS384.equals(algorithm) &&
+				!JwkDefinition.CryptoAlgorithm.RS512.equals(algorithm)) {
+			throw new JwkException((algorithm != null ? algorithm.standardName() : "unknown") +
+					" (" + ALGORITHM + ") is currently not supported.");
+		}
+
+		// n
+		String modulus = attributes.get(RSA_PUBLIC_KEY_MODULUS);
+		if (!StringUtils.hasText(modulus)) {
+			throw new JwkException("\"" + RSA_PUBLIC_KEY_MODULUS + "\" is a required attribute for a RSA JWK.");
+		}
+
+		// e
+		String exponent = attributes.get(RSA_PUBLIC_KEY_EXPONENT);
+		if (!StringUtils.hasText(exponent)) {
+			throw new JwkException("\"" + RSA_PUBLIC_KEY_EXPONENT + "\" is a required attribute for a RSA JWK.");
+		}
+
+		RSAJwkDefinition jwkDefinition = new RSAJwkDefinition(
+				keyId, publicKeyUse, algorithm, modulus, exponent);
+
+		return jwkDefinition;
+	}
+}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java
new file mode 100644
index 000000000..cbfd1696f
--- /dev/null
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java
@@ -0,0 +1,109 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.provider.token.store.jwk;
+
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.security.oauth2.common.OAuth2RefreshToken;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
+import org.springframework.security.oauth2.provider.token.TokenStore;
+import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
+import org.springframework.util.Assert;
+
+import java.util.Collection;
+
+/**
+ * @author Joe Grandja
+ */
+public class JwkTokenStore implements TokenStore {
+	private final JwtTokenStore delegate;
+
+	public JwkTokenStore(String jwkSetUrl) {
+		Assert.hasText(jwkSetUrl, "jwkSetUrl cannot be empty");
+		JwkDefinitionSource jwkDefinitionSource = new JwkDefinitionSource(jwkSetUrl);
+		JwkVerifyingJwtAccessTokenConverter accessTokenConverter =
+				new JwkVerifyingJwtAccessTokenConverter(jwkDefinitionSource);
+		this.delegate = new JwtTokenStore(accessTokenConverter);
+	}
+
+	@Override
+	public OAuth2Authentication readAuthentication(OAuth2AccessToken token) {
+		return this.delegate.readAuthentication(token);
+	}
+
+	@Override
+	public OAuth2Authentication readAuthentication(String token) {
+		return this.delegate.readAuthentication(token);
+	}
+
+	@Override
+	public void storeAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) {
+		throw this.operationNotSupported();
+	}
+
+	@Override
+	public OAuth2AccessToken readAccessToken(String tokenValue) {
+		return this.delegate.readAccessToken(tokenValue);
+	}
+
+	@Override
+	public void removeAccessToken(OAuth2AccessToken token) {
+		throw this.operationNotSupported();
+	}
+
+	@Override
+	public void storeRefreshToken(OAuth2RefreshToken refreshToken, OAuth2Authentication authentication) {
+		throw this.operationNotSupported();
+	}
+
+	@Override
+	public OAuth2RefreshToken readRefreshToken(String tokenValue) {
+		throw this.operationNotSupported();
+	}
+
+	@Override
+	public OAuth2Authentication readAuthenticationForRefreshToken(OAuth2RefreshToken token) {
+		throw this.operationNotSupported();
+	}
+
+	@Override
+	public void removeRefreshToken(OAuth2RefreshToken token) {
+		throw this.operationNotSupported();
+	}
+
+	@Override
+	public void removeAccessTokenUsingRefreshToken(OAuth2RefreshToken refreshToken) {
+		throw this.operationNotSupported();
+	}
+
+	@Override
+	public OAuth2AccessToken getAccessToken(OAuth2Authentication authentication) {
+		throw this.operationNotSupported();
+	}
+
+	@Override
+	public Collection findTokensByClientIdAndUserName(String clientId, String userName) {
+		throw this.operationNotSupported();
+	}
+
+	@Override
+	public Collection findTokensByClientId(String clientId) {
+		throw this.operationNotSupported();
+	}
+
+	private JwkException operationNotSupported() {
+		return new JwkException("This operation is currently not supported.");
+	}
+}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java
new file mode 100644
index 000000000..dc7ea2606
--- /dev/null
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.provider.token.store.jwk;
+
+import org.springframework.security.jwt.Jwt;
+import org.springframework.security.jwt.JwtHelper;
+import org.springframework.security.jwt.crypto.sign.SignatureVerifier;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.security.oauth2.common.util.JsonParser;
+import org.springframework.security.oauth2.common.util.JsonParserFactory;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
+import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
+
+import java.util.Map;
+
+import static org.springframework.security.oauth2.provider.token.store.jwk.JwkAttributes.ALGORITHM;
+import static org.springframework.security.oauth2.provider.token.store.jwk.JwkAttributes.KEY_ID;
+
+/**
+ * @author Joe Grandja
+ */
+class JwkVerifyingJwtAccessTokenConverter extends JwtAccessTokenConverter {
+	private final JwkDefinitionSource jwkDefinitionSource;
+	private final JwtHeaderConverter jwtHeaderConverter = new JwtHeaderConverter();
+	private final JsonParser jsonParser = JsonParserFactory.create();
+
+	JwkVerifyingJwtAccessTokenConverter(JwkDefinitionSource jwkDefinitionSource) {
+		this.jwkDefinitionSource = jwkDefinitionSource;
+	}
+
+	@Override
+	protected Map decode(String token) {
+		try {
+			Map headers = this.jwtHeaderConverter.convert(token);
+
+			// Validate "kid" header
+			String keyIdHeader = headers.get(KEY_ID);
+			if (keyIdHeader == null) {
+				throw new JwkException("Invalid JWT/JWS: \"" + KEY_ID + "\" is a required JOSE Header.");
+			}
+			JwkDefinition jwkDefinition = this.jwkDefinitionSource.getDefinitionRefreshIfNecessary(keyIdHeader);
+			if (jwkDefinition == null) {
+				throw new JwkException("Invalid JOSE Header \"" + KEY_ID + "\" (" + keyIdHeader + ")");
+			}
+
+			// Validate "alg" header
+			String algorithmHeader = headers.get(ALGORITHM);
+			if (algorithmHeader == null) {
+				throw new JwkException("Invalid JWT/JWS: \"" + ALGORITHM + "\" is a required JOSE Header.");
+			}
+			if (!algorithmHeader.equals(jwkDefinition.getAlgorithm().headerParamValue())) {
+				throw new JwkException("Invalid JOSE Header \"" + ALGORITHM + "\" (" + algorithmHeader + ")" +
+						" does not match algorithm associated with \"" + KEY_ID + "\" (" + keyIdHeader + ")");
+			}
+
+			// Verify signature
+			SignatureVerifier verifier = this.jwkDefinitionSource.getVerifier(keyIdHeader);
+			Jwt jwt = JwtHelper.decode(token);
+			jwt.verifySignature(verifier);
+
+			Map claims = this.jsonParser.parseMap(jwt.getClaims());
+			if (claims.containsKey(EXP) && claims.get(EXP) instanceof Integer) {
+				Integer expiryInt = (Integer) claims.get(EXP);
+				claims.put(EXP, new Long(expiryInt));
+			}
+
+			return claims;
+
+		} catch (Exception ex) {
+			throw new JwkException("Failed to decode/verify the JWT/JWS: " + ex.getMessage(), ex);
+		}
+	}
+
+	@Override
+	protected String encode(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
+		throw new JwkException("JWT/JWS (signing) is currently not supported.");
+	}
+}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverter.java
new file mode 100644
index 000000000..2afa65a8d
--- /dev/null
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverter.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.provider.token.store.jwk;
+
+import com.fasterxml.jackson.core.JsonFactory;
+import com.fasterxml.jackson.core.JsonParser;
+import com.fasterxml.jackson.core.JsonToken;
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.security.jwt.codec.Codecs;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * @author Joe Grandja
+ */
+class JwtHeaderConverter implements Converter> {
+	private final JsonFactory factory = new JsonFactory();
+
+	@Override
+	public Map convert(String token) {
+		Map headers;
+
+		int headerEndIndex = token.indexOf('.');
+		if (headerEndIndex == -1) {
+			throw new JwkException("Invalid JWT. Missing JOSE Header.");
+		}
+		byte[] decodedHeader = Codecs.b64UrlDecode(token.substring(0, headerEndIndex));
+
+		JsonParser parser = null;
+
+		try {
+			parser = this.factory.createParser(decodedHeader);
+			headers = new HashMap();
+			if (parser.nextToken() == JsonToken.START_OBJECT) {
+				while (parser.nextToken() == JsonToken.FIELD_NAME) {
+					String headerName = parser.getCurrentName();
+					parser.nextToken();
+					String headerValue = parser.getValueAsString();
+					headers.put(headerName, headerValue);
+				}
+			}
+
+		} catch (IOException ex) {
+			throw new JwkException("An I/O error occurred while reading the JWT: " + ex.getMessage(), ex);
+		} finally {
+			try {
+				if (parser != null) parser.close();
+			} catch (IOException ex) { }
+		}
+
+		return headers;
+	}
+}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/RSAJwkDefinition.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/RSAJwkDefinition.java
new file mode 100644
index 000000000..ef8d1d06e
--- /dev/null
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/RSAJwkDefinition.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.provider.token.store.jwk;
+
+/**
+ * @author Joe Grandja
+ */
+final class RSAJwkDefinition extends JwkDefinition {
+	private final String modulus;
+	private final String exponent;
+
+	RSAJwkDefinition(String keyId,
+					 JwkDefinition.PublicKeyUse publicKeyUse,
+					 JwkDefinition.CryptoAlgorithm algorithm,
+					 String modulus,
+					 String exponent) {
+
+		super(keyId, JwkDefinition.KeyType.RSA, publicKeyUse, algorithm);
+		this.modulus = modulus;
+		this.exponent = exponent;
+	}
+
+	String getModulus() {
+		return this.modulus;
+	}
+
+	String getExponent() {
+		return this.exponent;
+	}
+}
\ No newline at end of file

From 4f65bf48091cebca4a4d3a7f222f7d89a86bbd55 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Mon, 13 Feb 2017 16:08:22 -0500
Subject: [PATCH 074/345] Revert "Add TokenStore supporting Jwk verification"

This reverts commit f66a16581f860354cb5323cc4af4eaf781edf3ba.
---
 .../token/store/jwk/JwkAttributes.java        |  35 ----
 .../token/store/jwk/JwkDefinition.java        | 168 ------------------
 .../token/store/jwk/JwkDefinitionSource.java  | 117 ------------
 .../token/store/jwk/JwkException.java         |  42 -----
 .../token/store/jwk/JwkSetConverter.java      | 144 ---------------
 .../token/store/jwk/JwkTokenStore.java        | 109 ------------
 .../JwkVerifyingJwtAccessTokenConverter.java  |  91 ----------
 .../token/store/jwk/JwtHeaderConverter.java   |  68 -------
 .../token/store/jwk/RSAJwkDefinition.java     |  43 -----
 9 files changed, 817 deletions(-)
 delete mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkAttributes.java
 delete mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinition.java
 delete mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java
 delete mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkException.java
 delete mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java
 delete mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java
 delete mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java
 delete mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverter.java
 delete mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/RSAJwkDefinition.java

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkAttributes.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkAttributes.java
deleted file mode 100644
index 72769bbc0..000000000
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkAttributes.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * Copyright 2012-2016 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.provider.token.store.jwk;
-
-/**
- * @author Joe Grandja
- */
-final class JwkAttributes {
-	static final String KEY_ID = "kid";
-
-	static final String KEY_TYPE = "kty";
-
-	static final String ALGORITHM = "alg";
-
-	static final String PUBLIC_KEY_USE = "use";
-
-	static final String RSA_PUBLIC_KEY_MODULUS = "n";
-
-	static final String RSA_PUBLIC_KEY_EXPONENT = "e";
-
-	static final String KEYS = "keys";
-}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinition.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinition.java
deleted file mode 100644
index 93caa5a5c..000000000
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinition.java
+++ /dev/null
@@ -1,168 +0,0 @@
-/*
- * Copyright 2012-2016 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.provider.token.store.jwk;
-
-/**
- * @author Joe Grandja
- */
-abstract class JwkDefinition {
-	private final String keyId;
-	private final KeyType keyType;
-	private final PublicKeyUse publicKeyUse;
-	private final CryptoAlgorithm algorithm;
-
-	protected JwkDefinition(String keyId,
-							KeyType keyType,
-							PublicKeyUse publicKeyUse,
-							CryptoAlgorithm algorithm) {
-		this.keyId = keyId;
-		this.keyType = keyType;
-		this.publicKeyUse = publicKeyUse;
-		this.algorithm = algorithm;
-	}
-
-	String getKeyId() {
-		return this.keyId;
-	}
-
-	KeyType getKeyType() {
-		return this.keyType;
-	}
-
-	PublicKeyUse getPublicKeyUse() {
-		return this.publicKeyUse;
-	}
-
-	CryptoAlgorithm getAlgorithm() {
-		return this.algorithm;
-	}
-
-	@Override
-	public boolean equals(Object obj) {
-		if (this == obj) {
-			return true;
-		}
-		if (obj == null || this.getClass() != obj.getClass()) {
-			return false;
-		}
-
-		JwkDefinition that = (JwkDefinition) obj;
-		if (!this.getKeyId().equals(that.getKeyId())) {
-			return false;
-		}
-
-		return this.getKeyType().equals(that.getKeyType());
-	}
-
-	@Override
-	public int hashCode() {
-		int result = this.getKeyId().hashCode();
-		result = 31 * result + this.getKeyType().hashCode();
-		return result;
-	}
-
-	enum KeyType {
-		RSA("RSA"),
-		EC("EC"),
-		OCT("oct");
-
-		private final String value;
-
-		KeyType(String value) {
-			this.value = value;
-		}
-
-		String value() {
-			return this.value;
-		}
-
-		static KeyType fromValue(String value) {
-			KeyType result = null;
-			for (KeyType keyType : values()) {
-				if (keyType.value().equals(value)) {
-					result = keyType;
-					break;
-				}
-			}
-			return result;
-		}
-	}
-
-	enum PublicKeyUse {
-		SIG("sig"),
-		ENC("enc");
-
-		private final String value;
-
-		PublicKeyUse(String value) {
-			this.value = value;
-		}
-
-		String value() {
-			return this.value;
-		}
-
-		static PublicKeyUse fromValue(String value) {
-			PublicKeyUse result = null;
-			for (PublicKeyUse publicKeyUse : values()) {
-				if (publicKeyUse.value().equals(value)) {
-					result = publicKeyUse;
-					break;
-				}
-			}
-			return result;
-		}
-	}
-
-	enum CryptoAlgorithm {
-		RS256("SHA256withRSA", "RS256", "RSASSA-PKCS1-v1_5 using SHA-256"),
-		RS384("SHA384withRSA", "RS384", "RSASSA-PKCS1-v1_5 using SHA-384"),
-		RS512("SHA512withRSA", "RS512", "RSASSA-PKCS1-v1_5 using SHA-512");
-
-		private final String standardName;		// JCA Standard Name
-		private final String headerParamValue;
-		private final String description;
-
-		CryptoAlgorithm(String standardName, String headerParamValue, String description) {
-			this.standardName = standardName;
-			this.headerParamValue = headerParamValue;
-			this.description = description;
-		}
-
-		String standardName() {
-			return this.standardName;
-		}
-
-		String headerParamValue() {
-			return this.headerParamValue;
-		}
-
-		String description() {
-			return this.description;
-		}
-
-		static CryptoAlgorithm fromStandardName(String standardName) {
-			CryptoAlgorithm result = null;
-			for (CryptoAlgorithm algorithm : values()) {
-				if (algorithm.standardName().equals(standardName)) {
-					result = algorithm;
-					break;
-				}
-			}
-			return result;
-		}
-	}
-}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java
deleted file mode 100644
index a9f241f92..000000000
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
- * Copyright 2012-2016 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.provider.token.store.jwk;
-
-import org.springframework.security.jwt.codec.Codecs;
-import org.springframework.security.jwt.crypto.sign.RsaVerifier;
-import org.springframework.security.jwt.crypto.sign.SignatureVerifier;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.security.KeyFactory;
-import java.security.interfaces.RSAPublicKey;
-import java.security.spec.RSAPublicKeySpec;
-import java.util.HashMap;
-import java.util.LinkedHashMap;
-import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.atomic.AtomicReference;
-
-/**
- * @author Joe Grandja
- */
-class JwkDefinitionSource {
-	private final URL jwkSetUrl;
-	private final JwkSetConverter jwkSetConverter = new JwkSetConverter();
-	private final AtomicReference> jwkDefinitions =
-			new AtomicReference>(new HashMap());
-
-	JwkDefinitionSource(String jwkSetUrl) {
-		try {
-			this.jwkSetUrl = new URL(jwkSetUrl);
-		} catch (MalformedURLException ex) {
-			throw new IllegalArgumentException("Invalid JWK Set URL: " + ex.getMessage(), ex);
-		}
-	}
-
-	JwkDefinition getDefinition(String keyId) {
-		JwkDefinition result = null;
-		for (JwkDefinition jwkDefinition : this.jwkDefinitions.get().keySet()) {
-			if (jwkDefinition.getKeyId().equals(keyId)) {
-				result = jwkDefinition;
-				break;
-			}
-		}
-		return result;
-	}
-
-	JwkDefinition getDefinitionRefreshIfNecessary(String keyId) {
-		JwkDefinition result = this.getDefinition(keyId);
-		if (result != null) {
-			return result;
-		}
-		this.refreshJwkDefinitions();
-		return this.getDefinition(keyId);
-	}
-
-	SignatureVerifier getVerifier(String keyId) {
-		SignatureVerifier result = null;
-		JwkDefinition jwkDefinition = this.getDefinitionRefreshIfNecessary(keyId);
-		if (jwkDefinition != null) {
-			result = this.jwkDefinitions.get().get(jwkDefinition);
-		}
-		return result;
-	}
-
-	private void refreshJwkDefinitions() {
-		Set jwkDefinitionSet;
-		try {
-			jwkDefinitionSet = this.jwkSetConverter.convert(this.jwkSetUrl.openStream());
-		} catch (IOException ex) {
-			throw new JwkException("An I/O error occurred while refreshing the JWK Set: " + ex.getMessage(), ex);
-		}
-
-		Map refreshedJwkDefinitions = new LinkedHashMap();
-
-		for (JwkDefinition jwkDefinition : jwkDefinitionSet) {
-			if (JwkDefinition.KeyType.RSA.equals(jwkDefinition.getKeyType())) {
-				refreshedJwkDefinitions.put(jwkDefinition, this.createRSAVerifier((RSAJwkDefinition)jwkDefinition));
-			}
-		}
-
-		this.jwkDefinitions.set(refreshedJwkDefinitions);
-	}
-
-	private RsaVerifier createRSAVerifier(RSAJwkDefinition rsaDefinition) {
-		RsaVerifier result;
-		try {
-			BigInteger modulus = new BigInteger(Codecs.b64UrlDecode(rsaDefinition.getModulus()));
-			BigInteger exponent = new BigInteger(Codecs.b64UrlDecode(rsaDefinition.getExponent()));
-
-			RSAPublicKey rsaPublicKey = (RSAPublicKey) KeyFactory.getInstance("RSA")
-					.generatePublic(new RSAPublicKeySpec(modulus, exponent));
-
-			result = new RsaVerifier(rsaPublicKey, rsaDefinition.getAlgorithm().standardName());
-
-		} catch (Exception ex) {
-			throw new JwkException("An error occurred while creating a RSA Public Key Verifier for \"" +
-					rsaDefinition.getKeyId() + "\" : " + ex.getMessage(), ex);
-		}
-		return result;
-	}
-}
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkException.java
deleted file mode 100644
index f9a5e0032..000000000
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkException.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright 2012-2016 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.provider.token.store.jwk;
-
-import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
-
-/**
- * @author Joe Grandja
- */
-public class JwkException extends OAuth2Exception {
-
-	public JwkException(String message) {
-		super(message);
-	}
-
-	public JwkException(String message, Throwable cause) {
-		super(message, cause);
-	}
-
-	@Override
-	public String getOAuth2ErrorCode() {
-		return "server_error";
-	}
-
-	@Override
-	public int getHttpErrorCode() {
-		return 500;
-	}
-}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java
deleted file mode 100644
index 1b6964adb..000000000
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java
+++ /dev/null
@@ -1,144 +0,0 @@
-/*
- * Copyright 2012-2016 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.provider.token.store.jwk;
-
-import com.fasterxml.jackson.core.JsonFactory;
-import com.fasterxml.jackson.core.JsonParser;
-import com.fasterxml.jackson.core.JsonToken;
-import org.springframework.core.convert.converter.Converter;
-import org.springframework.util.StringUtils;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.HashMap;
-import java.util.LinkedHashSet;
-import java.util.Map;
-import java.util.Set;
-
-import static org.springframework.security.oauth2.provider.token.store.jwk.JwkAttributes.*;
-
-
-/**
- * @author Joe Grandja
- */
-class JwkSetConverter implements Converter> {
-	private final JsonFactory factory = new JsonFactory();
-
-	@Override
-	public Set convert(InputStream jwkSetSource) {
-		Set jwkDefinitions;
-		JsonParser parser = null;
-
-		try {
-			parser = this.factory.createParser(jwkSetSource);
-
-			if (parser.nextToken() != JsonToken.START_OBJECT) {
-				throw new JwkException("Invalid JWK Set Object.");
-			}
-			if (parser.nextToken() != JsonToken.FIELD_NAME) {
-				throw new JwkException("Invalid JWK Set Object.");
-			}
-			if (!parser.getCurrentName().equals(KEYS)) {
-				throw new JwkException("Invalid JWK Set Object. The JWK Set MUST have a \"" + KEYS + "\" attribute.");
-			}
-			if (parser.nextToken() != JsonToken.START_ARRAY) {
-				throw new JwkException("Invalid JWK Set Object. The JWK Set MUST have an array of JWK(s).");
-			}
-
-			jwkDefinitions = new LinkedHashSet();
-			Map attributes = new HashMap();
-
-			while (parser.nextToken() == JsonToken.START_OBJECT) {
-				while (parser.nextToken() == JsonToken.FIELD_NAME) {
-					String attributeName = parser.getCurrentName();
-					parser.nextToken();
-					String attributeValue = parser.getValueAsString();
-					attributes.put(attributeName, attributeValue);
-				}
-				JwkDefinition jwkDefinition = this.createJwkDefinition(attributes);
-				if (!jwkDefinitions.add(jwkDefinition)) {
-					throw new JwkException("Duplicate JWK found in Set: " +
-							jwkDefinition.getKeyId() + " (" + KEY_ID + ")");
-				}
-				attributes.clear();
-			}
-
-		} catch (IOException ex) {
-			throw new JwkException("An I/O error occurred while reading the JWK Set: " + ex.getMessage(), ex);
-		} finally {
-			try {
-				if (parser != null) parser.close();
-			} catch (IOException ex) { }
-		}
-
-		return jwkDefinitions;
-	}
-
-	private JwkDefinition createJwkDefinition(Map attributes) {
-		JwkDefinition.KeyType keyType =
-				JwkDefinition.KeyType.fromValue(attributes.get(KEY_TYPE));
-
-		if (!JwkDefinition.KeyType.RSA.equals(keyType)) {
-			throw new JwkException((keyType != null ? keyType.value() : "unknown") +
-					" (" + KEY_TYPE + ") is currently not supported.");
-		}
-
-		return this.createRSAJwkDefinition(attributes);
-	}
-
-	private JwkDefinition createRSAJwkDefinition(Map attributes) {
-		// kid
-		String keyId = attributes.get(KEY_ID);
-		if (!StringUtils.hasText(keyId)) {
-			throw new JwkException("\"" + KEY_ID + "\" is a required attribute for a JWK.");
-		}
-
-		// use
-		JwkDefinition.PublicKeyUse publicKeyUse =
-				JwkDefinition.PublicKeyUse.fromValue(attributes.get(PUBLIC_KEY_USE));
-		if (!JwkDefinition.PublicKeyUse.SIG.equals(publicKeyUse)) {
-			throw new JwkException((publicKeyUse != null ? publicKeyUse.value() : "unknown") +
-					" (" + PUBLIC_KEY_USE + ") is currently not supported.");
-		}
-
-		// alg
-		JwkDefinition.CryptoAlgorithm algorithm =
-				JwkDefinition.CryptoAlgorithm.fromStandardName(attributes.get(ALGORITHM));
-		if (!JwkDefinition.CryptoAlgorithm.RS256.equals(algorithm) &&
-				!JwkDefinition.CryptoAlgorithm.RS384.equals(algorithm) &&
-				!JwkDefinition.CryptoAlgorithm.RS512.equals(algorithm)) {
-			throw new JwkException((algorithm != null ? algorithm.standardName() : "unknown") +
-					" (" + ALGORITHM + ") is currently not supported.");
-		}
-
-		// n
-		String modulus = attributes.get(RSA_PUBLIC_KEY_MODULUS);
-		if (!StringUtils.hasText(modulus)) {
-			throw new JwkException("\"" + RSA_PUBLIC_KEY_MODULUS + "\" is a required attribute for a RSA JWK.");
-		}
-
-		// e
-		String exponent = attributes.get(RSA_PUBLIC_KEY_EXPONENT);
-		if (!StringUtils.hasText(exponent)) {
-			throw new JwkException("\"" + RSA_PUBLIC_KEY_EXPONENT + "\" is a required attribute for a RSA JWK.");
-		}
-
-		RSAJwkDefinition jwkDefinition = new RSAJwkDefinition(
-				keyId, publicKeyUse, algorithm, modulus, exponent);
-
-		return jwkDefinition;
-	}
-}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java
deleted file mode 100644
index cbfd1696f..000000000
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
- * Copyright 2012-2016 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.provider.token.store.jwk;
-
-import org.springframework.security.oauth2.common.OAuth2AccessToken;
-import org.springframework.security.oauth2.common.OAuth2RefreshToken;
-import org.springframework.security.oauth2.provider.OAuth2Authentication;
-import org.springframework.security.oauth2.provider.token.TokenStore;
-import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
-import org.springframework.util.Assert;
-
-import java.util.Collection;
-
-/**
- * @author Joe Grandja
- */
-public class JwkTokenStore implements TokenStore {
-	private final JwtTokenStore delegate;
-
-	public JwkTokenStore(String jwkSetUrl) {
-		Assert.hasText(jwkSetUrl, "jwkSetUrl cannot be empty");
-		JwkDefinitionSource jwkDefinitionSource = new JwkDefinitionSource(jwkSetUrl);
-		JwkVerifyingJwtAccessTokenConverter accessTokenConverter =
-				new JwkVerifyingJwtAccessTokenConverter(jwkDefinitionSource);
-		this.delegate = new JwtTokenStore(accessTokenConverter);
-	}
-
-	@Override
-	public OAuth2Authentication readAuthentication(OAuth2AccessToken token) {
-		return this.delegate.readAuthentication(token);
-	}
-
-	@Override
-	public OAuth2Authentication readAuthentication(String token) {
-		return this.delegate.readAuthentication(token);
-	}
-
-	@Override
-	public void storeAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) {
-		throw this.operationNotSupported();
-	}
-
-	@Override
-	public OAuth2AccessToken readAccessToken(String tokenValue) {
-		return this.delegate.readAccessToken(tokenValue);
-	}
-
-	@Override
-	public void removeAccessToken(OAuth2AccessToken token) {
-		throw this.operationNotSupported();
-	}
-
-	@Override
-	public void storeRefreshToken(OAuth2RefreshToken refreshToken, OAuth2Authentication authentication) {
-		throw this.operationNotSupported();
-	}
-
-	@Override
-	public OAuth2RefreshToken readRefreshToken(String tokenValue) {
-		throw this.operationNotSupported();
-	}
-
-	@Override
-	public OAuth2Authentication readAuthenticationForRefreshToken(OAuth2RefreshToken token) {
-		throw this.operationNotSupported();
-	}
-
-	@Override
-	public void removeRefreshToken(OAuth2RefreshToken token) {
-		throw this.operationNotSupported();
-	}
-
-	@Override
-	public void removeAccessTokenUsingRefreshToken(OAuth2RefreshToken refreshToken) {
-		throw this.operationNotSupported();
-	}
-
-	@Override
-	public OAuth2AccessToken getAccessToken(OAuth2Authentication authentication) {
-		throw this.operationNotSupported();
-	}
-
-	@Override
-	public Collection findTokensByClientIdAndUserName(String clientId, String userName) {
-		throw this.operationNotSupported();
-	}
-
-	@Override
-	public Collection findTokensByClientId(String clientId) {
-		throw this.operationNotSupported();
-	}
-
-	private JwkException operationNotSupported() {
-		return new JwkException("This operation is currently not supported.");
-	}
-}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java
deleted file mode 100644
index dc7ea2606..000000000
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright 2012-2016 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.provider.token.store.jwk;
-
-import org.springframework.security.jwt.Jwt;
-import org.springframework.security.jwt.JwtHelper;
-import org.springframework.security.jwt.crypto.sign.SignatureVerifier;
-import org.springframework.security.oauth2.common.OAuth2AccessToken;
-import org.springframework.security.oauth2.common.util.JsonParser;
-import org.springframework.security.oauth2.common.util.JsonParserFactory;
-import org.springframework.security.oauth2.provider.OAuth2Authentication;
-import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
-
-import java.util.Map;
-
-import static org.springframework.security.oauth2.provider.token.store.jwk.JwkAttributes.ALGORITHM;
-import static org.springframework.security.oauth2.provider.token.store.jwk.JwkAttributes.KEY_ID;
-
-/**
- * @author Joe Grandja
- */
-class JwkVerifyingJwtAccessTokenConverter extends JwtAccessTokenConverter {
-	private final JwkDefinitionSource jwkDefinitionSource;
-	private final JwtHeaderConverter jwtHeaderConverter = new JwtHeaderConverter();
-	private final JsonParser jsonParser = JsonParserFactory.create();
-
-	JwkVerifyingJwtAccessTokenConverter(JwkDefinitionSource jwkDefinitionSource) {
-		this.jwkDefinitionSource = jwkDefinitionSource;
-	}
-
-	@Override
-	protected Map decode(String token) {
-		try {
-			Map headers = this.jwtHeaderConverter.convert(token);
-
-			// Validate "kid" header
-			String keyIdHeader = headers.get(KEY_ID);
-			if (keyIdHeader == null) {
-				throw new JwkException("Invalid JWT/JWS: \"" + KEY_ID + "\" is a required JOSE Header.");
-			}
-			JwkDefinition jwkDefinition = this.jwkDefinitionSource.getDefinitionRefreshIfNecessary(keyIdHeader);
-			if (jwkDefinition == null) {
-				throw new JwkException("Invalid JOSE Header \"" + KEY_ID + "\" (" + keyIdHeader + ")");
-			}
-
-			// Validate "alg" header
-			String algorithmHeader = headers.get(ALGORITHM);
-			if (algorithmHeader == null) {
-				throw new JwkException("Invalid JWT/JWS: \"" + ALGORITHM + "\" is a required JOSE Header.");
-			}
-			if (!algorithmHeader.equals(jwkDefinition.getAlgorithm().headerParamValue())) {
-				throw new JwkException("Invalid JOSE Header \"" + ALGORITHM + "\" (" + algorithmHeader + ")" +
-						" does not match algorithm associated with \"" + KEY_ID + "\" (" + keyIdHeader + ")");
-			}
-
-			// Verify signature
-			SignatureVerifier verifier = this.jwkDefinitionSource.getVerifier(keyIdHeader);
-			Jwt jwt = JwtHelper.decode(token);
-			jwt.verifySignature(verifier);
-
-			Map claims = this.jsonParser.parseMap(jwt.getClaims());
-			if (claims.containsKey(EXP) && claims.get(EXP) instanceof Integer) {
-				Integer expiryInt = (Integer) claims.get(EXP);
-				claims.put(EXP, new Long(expiryInt));
-			}
-
-			return claims;
-
-		} catch (Exception ex) {
-			throw new JwkException("Failed to decode/verify the JWT/JWS: " + ex.getMessage(), ex);
-		}
-	}
-
-	@Override
-	protected String encode(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
-		throw new JwkException("JWT/JWS (signing) is currently not supported.");
-	}
-}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverter.java
deleted file mode 100644
index 2afa65a8d..000000000
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverter.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright 2012-2016 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.provider.token.store.jwk;
-
-import com.fasterxml.jackson.core.JsonFactory;
-import com.fasterxml.jackson.core.JsonParser;
-import com.fasterxml.jackson.core.JsonToken;
-import org.springframework.core.convert.converter.Converter;
-import org.springframework.security.jwt.codec.Codecs;
-
-import java.io.IOException;
-import java.util.HashMap;
-import java.util.Map;
-
-/**
- * @author Joe Grandja
- */
-class JwtHeaderConverter implements Converter> {
-	private final JsonFactory factory = new JsonFactory();
-
-	@Override
-	public Map convert(String token) {
-		Map headers;
-
-		int headerEndIndex = token.indexOf('.');
-		if (headerEndIndex == -1) {
-			throw new JwkException("Invalid JWT. Missing JOSE Header.");
-		}
-		byte[] decodedHeader = Codecs.b64UrlDecode(token.substring(0, headerEndIndex));
-
-		JsonParser parser = null;
-
-		try {
-			parser = this.factory.createParser(decodedHeader);
-			headers = new HashMap();
-			if (parser.nextToken() == JsonToken.START_OBJECT) {
-				while (parser.nextToken() == JsonToken.FIELD_NAME) {
-					String headerName = parser.getCurrentName();
-					parser.nextToken();
-					String headerValue = parser.getValueAsString();
-					headers.put(headerName, headerValue);
-				}
-			}
-
-		} catch (IOException ex) {
-			throw new JwkException("An I/O error occurred while reading the JWT: " + ex.getMessage(), ex);
-		} finally {
-			try {
-				if (parser != null) parser.close();
-			} catch (IOException ex) { }
-		}
-
-		return headers;
-	}
-}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/RSAJwkDefinition.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/RSAJwkDefinition.java
deleted file mode 100644
index ef8d1d06e..000000000
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/RSAJwkDefinition.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright 2012-2016 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.provider.token.store.jwk;
-
-/**
- * @author Joe Grandja
- */
-final class RSAJwkDefinition extends JwkDefinition {
-	private final String modulus;
-	private final String exponent;
-
-	RSAJwkDefinition(String keyId,
-					 JwkDefinition.PublicKeyUse publicKeyUse,
-					 JwkDefinition.CryptoAlgorithm algorithm,
-					 String modulus,
-					 String exponent) {
-
-		super(keyId, JwkDefinition.KeyType.RSA, publicKeyUse, algorithm);
-		this.modulus = modulus;
-		this.exponent = exponent;
-	}
-
-	String getModulus() {
-		return this.modulus;
-	}
-
-	String getExponent() {
-		return this.exponent;
-	}
-}
\ No newline at end of file

From d15f6f6e6608601231786bf31f1823a4fc6aac86 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Mon, 13 Feb 2017 16:09:22 -0500
Subject: [PATCH 075/345] Add TokenStore supporting Jwk verification

Fixes gh-977
---
 .../token/store/jwk/JwkAttributes.java        |  35 ++++
 .../token/store/jwk/JwkDefinition.java        | 168 ++++++++++++++++++
 .../token/store/jwk/JwkDefinitionSource.java  | 117 ++++++++++++
 .../token/store/jwk/JwkException.java         |  42 +++++
 .../token/store/jwk/JwkSetConverter.java      | 144 +++++++++++++++
 .../token/store/jwk/JwkTokenStore.java        | 109 ++++++++++++
 .../JwkVerifyingJwtAccessTokenConverter.java  |  91 ++++++++++
 .../token/store/jwk/JwtHeaderConverter.java   |  68 +++++++
 .../token/store/jwk/RSAJwkDefinition.java     |  43 +++++
 9 files changed, 817 insertions(+)
 create mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkAttributes.java
 create mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinition.java
 create mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java
 create mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkException.java
 create mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java
 create mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java
 create mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java
 create mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverter.java
 create mode 100644 spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/RSAJwkDefinition.java

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkAttributes.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkAttributes.java
new file mode 100644
index 000000000..72769bbc0
--- /dev/null
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkAttributes.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.provider.token.store.jwk;
+
+/**
+ * @author Joe Grandja
+ */
+final class JwkAttributes {
+	static final String KEY_ID = "kid";
+
+	static final String KEY_TYPE = "kty";
+
+	static final String ALGORITHM = "alg";
+
+	static final String PUBLIC_KEY_USE = "use";
+
+	static final String RSA_PUBLIC_KEY_MODULUS = "n";
+
+	static final String RSA_PUBLIC_KEY_EXPONENT = "e";
+
+	static final String KEYS = "keys";
+}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinition.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinition.java
new file mode 100644
index 000000000..93caa5a5c
--- /dev/null
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinition.java
@@ -0,0 +1,168 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.provider.token.store.jwk;
+
+/**
+ * @author Joe Grandja
+ */
+abstract class JwkDefinition {
+	private final String keyId;
+	private final KeyType keyType;
+	private final PublicKeyUse publicKeyUse;
+	private final CryptoAlgorithm algorithm;
+
+	protected JwkDefinition(String keyId,
+							KeyType keyType,
+							PublicKeyUse publicKeyUse,
+							CryptoAlgorithm algorithm) {
+		this.keyId = keyId;
+		this.keyType = keyType;
+		this.publicKeyUse = publicKeyUse;
+		this.algorithm = algorithm;
+	}
+
+	String getKeyId() {
+		return this.keyId;
+	}
+
+	KeyType getKeyType() {
+		return this.keyType;
+	}
+
+	PublicKeyUse getPublicKeyUse() {
+		return this.publicKeyUse;
+	}
+
+	CryptoAlgorithm getAlgorithm() {
+		return this.algorithm;
+	}
+
+	@Override
+	public boolean equals(Object obj) {
+		if (this == obj) {
+			return true;
+		}
+		if (obj == null || this.getClass() != obj.getClass()) {
+			return false;
+		}
+
+		JwkDefinition that = (JwkDefinition) obj;
+		if (!this.getKeyId().equals(that.getKeyId())) {
+			return false;
+		}
+
+		return this.getKeyType().equals(that.getKeyType());
+	}
+
+	@Override
+	public int hashCode() {
+		int result = this.getKeyId().hashCode();
+		result = 31 * result + this.getKeyType().hashCode();
+		return result;
+	}
+
+	enum KeyType {
+		RSA("RSA"),
+		EC("EC"),
+		OCT("oct");
+
+		private final String value;
+
+		KeyType(String value) {
+			this.value = value;
+		}
+
+		String value() {
+			return this.value;
+		}
+
+		static KeyType fromValue(String value) {
+			KeyType result = null;
+			for (KeyType keyType : values()) {
+				if (keyType.value().equals(value)) {
+					result = keyType;
+					break;
+				}
+			}
+			return result;
+		}
+	}
+
+	enum PublicKeyUse {
+		SIG("sig"),
+		ENC("enc");
+
+		private final String value;
+
+		PublicKeyUse(String value) {
+			this.value = value;
+		}
+
+		String value() {
+			return this.value;
+		}
+
+		static PublicKeyUse fromValue(String value) {
+			PublicKeyUse result = null;
+			for (PublicKeyUse publicKeyUse : values()) {
+				if (publicKeyUse.value().equals(value)) {
+					result = publicKeyUse;
+					break;
+				}
+			}
+			return result;
+		}
+	}
+
+	enum CryptoAlgorithm {
+		RS256("SHA256withRSA", "RS256", "RSASSA-PKCS1-v1_5 using SHA-256"),
+		RS384("SHA384withRSA", "RS384", "RSASSA-PKCS1-v1_5 using SHA-384"),
+		RS512("SHA512withRSA", "RS512", "RSASSA-PKCS1-v1_5 using SHA-512");
+
+		private final String standardName;		// JCA Standard Name
+		private final String headerParamValue;
+		private final String description;
+
+		CryptoAlgorithm(String standardName, String headerParamValue, String description) {
+			this.standardName = standardName;
+			this.headerParamValue = headerParamValue;
+			this.description = description;
+		}
+
+		String standardName() {
+			return this.standardName;
+		}
+
+		String headerParamValue() {
+			return this.headerParamValue;
+		}
+
+		String description() {
+			return this.description;
+		}
+
+		static CryptoAlgorithm fromStandardName(String standardName) {
+			CryptoAlgorithm result = null;
+			for (CryptoAlgorithm algorithm : values()) {
+				if (algorithm.standardName().equals(standardName)) {
+					result = algorithm;
+					break;
+				}
+			}
+			return result;
+		}
+	}
+}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java
new file mode 100644
index 000000000..a9f241f92
--- /dev/null
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java
@@ -0,0 +1,117 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.provider.token.store.jwk;
+
+import org.springframework.security.jwt.codec.Codecs;
+import org.springframework.security.jwt.crypto.sign.RsaVerifier;
+import org.springframework.security.jwt.crypto.sign.SignatureVerifier;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.KeyFactory;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.RSAPublicKeySpec;
+import java.util.HashMap;
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.atomic.AtomicReference;
+
+/**
+ * @author Joe Grandja
+ */
+class JwkDefinitionSource {
+	private final URL jwkSetUrl;
+	private final JwkSetConverter jwkSetConverter = new JwkSetConverter();
+	private final AtomicReference> jwkDefinitions =
+			new AtomicReference>(new HashMap());
+
+	JwkDefinitionSource(String jwkSetUrl) {
+		try {
+			this.jwkSetUrl = new URL(jwkSetUrl);
+		} catch (MalformedURLException ex) {
+			throw new IllegalArgumentException("Invalid JWK Set URL: " + ex.getMessage(), ex);
+		}
+	}
+
+	JwkDefinition getDefinition(String keyId) {
+		JwkDefinition result = null;
+		for (JwkDefinition jwkDefinition : this.jwkDefinitions.get().keySet()) {
+			if (jwkDefinition.getKeyId().equals(keyId)) {
+				result = jwkDefinition;
+				break;
+			}
+		}
+		return result;
+	}
+
+	JwkDefinition getDefinitionRefreshIfNecessary(String keyId) {
+		JwkDefinition result = this.getDefinition(keyId);
+		if (result != null) {
+			return result;
+		}
+		this.refreshJwkDefinitions();
+		return this.getDefinition(keyId);
+	}
+
+	SignatureVerifier getVerifier(String keyId) {
+		SignatureVerifier result = null;
+		JwkDefinition jwkDefinition = this.getDefinitionRefreshIfNecessary(keyId);
+		if (jwkDefinition != null) {
+			result = this.jwkDefinitions.get().get(jwkDefinition);
+		}
+		return result;
+	}
+
+	private void refreshJwkDefinitions() {
+		Set jwkDefinitionSet;
+		try {
+			jwkDefinitionSet = this.jwkSetConverter.convert(this.jwkSetUrl.openStream());
+		} catch (IOException ex) {
+			throw new JwkException("An I/O error occurred while refreshing the JWK Set: " + ex.getMessage(), ex);
+		}
+
+		Map refreshedJwkDefinitions = new LinkedHashMap();
+
+		for (JwkDefinition jwkDefinition : jwkDefinitionSet) {
+			if (JwkDefinition.KeyType.RSA.equals(jwkDefinition.getKeyType())) {
+				refreshedJwkDefinitions.put(jwkDefinition, this.createRSAVerifier((RSAJwkDefinition)jwkDefinition));
+			}
+		}
+
+		this.jwkDefinitions.set(refreshedJwkDefinitions);
+	}
+
+	private RsaVerifier createRSAVerifier(RSAJwkDefinition rsaDefinition) {
+		RsaVerifier result;
+		try {
+			BigInteger modulus = new BigInteger(Codecs.b64UrlDecode(rsaDefinition.getModulus()));
+			BigInteger exponent = new BigInteger(Codecs.b64UrlDecode(rsaDefinition.getExponent()));
+
+			RSAPublicKey rsaPublicKey = (RSAPublicKey) KeyFactory.getInstance("RSA")
+					.generatePublic(new RSAPublicKeySpec(modulus, exponent));
+
+			result = new RsaVerifier(rsaPublicKey, rsaDefinition.getAlgorithm().standardName());
+
+		} catch (Exception ex) {
+			throw new JwkException("An error occurred while creating a RSA Public Key Verifier for \"" +
+					rsaDefinition.getKeyId() + "\" : " + ex.getMessage(), ex);
+		}
+		return result;
+	}
+}
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkException.java
new file mode 100644
index 000000000..f9a5e0032
--- /dev/null
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkException.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.provider.token.store.jwk;
+
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
+
+/**
+ * @author Joe Grandja
+ */
+public class JwkException extends OAuth2Exception {
+
+	public JwkException(String message) {
+		super(message);
+	}
+
+	public JwkException(String message, Throwable cause) {
+		super(message, cause);
+	}
+
+	@Override
+	public String getOAuth2ErrorCode() {
+		return "server_error";
+	}
+
+	@Override
+	public int getHttpErrorCode() {
+		return 500;
+	}
+}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java
new file mode 100644
index 000000000..1b6964adb
--- /dev/null
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java
@@ -0,0 +1,144 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.provider.token.store.jwk;
+
+import com.fasterxml.jackson.core.JsonFactory;
+import com.fasterxml.jackson.core.JsonParser;
+import com.fasterxml.jackson.core.JsonToken;
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.util.StringUtils;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.HashMap;
+import java.util.LinkedHashSet;
+import java.util.Map;
+import java.util.Set;
+
+import static org.springframework.security.oauth2.provider.token.store.jwk.JwkAttributes.*;
+
+
+/**
+ * @author Joe Grandja
+ */
+class JwkSetConverter implements Converter> {
+	private final JsonFactory factory = new JsonFactory();
+
+	@Override
+	public Set convert(InputStream jwkSetSource) {
+		Set jwkDefinitions;
+		JsonParser parser = null;
+
+		try {
+			parser = this.factory.createParser(jwkSetSource);
+
+			if (parser.nextToken() != JsonToken.START_OBJECT) {
+				throw new JwkException("Invalid JWK Set Object.");
+			}
+			if (parser.nextToken() != JsonToken.FIELD_NAME) {
+				throw new JwkException("Invalid JWK Set Object.");
+			}
+			if (!parser.getCurrentName().equals(KEYS)) {
+				throw new JwkException("Invalid JWK Set Object. The JWK Set MUST have a \"" + KEYS + "\" attribute.");
+			}
+			if (parser.nextToken() != JsonToken.START_ARRAY) {
+				throw new JwkException("Invalid JWK Set Object. The JWK Set MUST have an array of JWK(s).");
+			}
+
+			jwkDefinitions = new LinkedHashSet();
+			Map attributes = new HashMap();
+
+			while (parser.nextToken() == JsonToken.START_OBJECT) {
+				while (parser.nextToken() == JsonToken.FIELD_NAME) {
+					String attributeName = parser.getCurrentName();
+					parser.nextToken();
+					String attributeValue = parser.getValueAsString();
+					attributes.put(attributeName, attributeValue);
+				}
+				JwkDefinition jwkDefinition = this.createJwkDefinition(attributes);
+				if (!jwkDefinitions.add(jwkDefinition)) {
+					throw new JwkException("Duplicate JWK found in Set: " +
+							jwkDefinition.getKeyId() + " (" + KEY_ID + ")");
+				}
+				attributes.clear();
+			}
+
+		} catch (IOException ex) {
+			throw new JwkException("An I/O error occurred while reading the JWK Set: " + ex.getMessage(), ex);
+		} finally {
+			try {
+				if (parser != null) parser.close();
+			} catch (IOException ex) { }
+		}
+
+		return jwkDefinitions;
+	}
+
+	private JwkDefinition createJwkDefinition(Map attributes) {
+		JwkDefinition.KeyType keyType =
+				JwkDefinition.KeyType.fromValue(attributes.get(KEY_TYPE));
+
+		if (!JwkDefinition.KeyType.RSA.equals(keyType)) {
+			throw new JwkException((keyType != null ? keyType.value() : "unknown") +
+					" (" + KEY_TYPE + ") is currently not supported.");
+		}
+
+		return this.createRSAJwkDefinition(attributes);
+	}
+
+	private JwkDefinition createRSAJwkDefinition(Map attributes) {
+		// kid
+		String keyId = attributes.get(KEY_ID);
+		if (!StringUtils.hasText(keyId)) {
+			throw new JwkException("\"" + KEY_ID + "\" is a required attribute for a JWK.");
+		}
+
+		// use
+		JwkDefinition.PublicKeyUse publicKeyUse =
+				JwkDefinition.PublicKeyUse.fromValue(attributes.get(PUBLIC_KEY_USE));
+		if (!JwkDefinition.PublicKeyUse.SIG.equals(publicKeyUse)) {
+			throw new JwkException((publicKeyUse != null ? publicKeyUse.value() : "unknown") +
+					" (" + PUBLIC_KEY_USE + ") is currently not supported.");
+		}
+
+		// alg
+		JwkDefinition.CryptoAlgorithm algorithm =
+				JwkDefinition.CryptoAlgorithm.fromStandardName(attributes.get(ALGORITHM));
+		if (!JwkDefinition.CryptoAlgorithm.RS256.equals(algorithm) &&
+				!JwkDefinition.CryptoAlgorithm.RS384.equals(algorithm) &&
+				!JwkDefinition.CryptoAlgorithm.RS512.equals(algorithm)) {
+			throw new JwkException((algorithm != null ? algorithm.standardName() : "unknown") +
+					" (" + ALGORITHM + ") is currently not supported.");
+		}
+
+		// n
+		String modulus = attributes.get(RSA_PUBLIC_KEY_MODULUS);
+		if (!StringUtils.hasText(modulus)) {
+			throw new JwkException("\"" + RSA_PUBLIC_KEY_MODULUS + "\" is a required attribute for a RSA JWK.");
+		}
+
+		// e
+		String exponent = attributes.get(RSA_PUBLIC_KEY_EXPONENT);
+		if (!StringUtils.hasText(exponent)) {
+			throw new JwkException("\"" + RSA_PUBLIC_KEY_EXPONENT + "\" is a required attribute for a RSA JWK.");
+		}
+
+		RSAJwkDefinition jwkDefinition = new RSAJwkDefinition(
+				keyId, publicKeyUse, algorithm, modulus, exponent);
+
+		return jwkDefinition;
+	}
+}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java
new file mode 100644
index 000000000..cbfd1696f
--- /dev/null
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java
@@ -0,0 +1,109 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.provider.token.store.jwk;
+
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.security.oauth2.common.OAuth2RefreshToken;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
+import org.springframework.security.oauth2.provider.token.TokenStore;
+import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
+import org.springframework.util.Assert;
+
+import java.util.Collection;
+
+/**
+ * @author Joe Grandja
+ */
+public class JwkTokenStore implements TokenStore {
+	private final JwtTokenStore delegate;
+
+	public JwkTokenStore(String jwkSetUrl) {
+		Assert.hasText(jwkSetUrl, "jwkSetUrl cannot be empty");
+		JwkDefinitionSource jwkDefinitionSource = new JwkDefinitionSource(jwkSetUrl);
+		JwkVerifyingJwtAccessTokenConverter accessTokenConverter =
+				new JwkVerifyingJwtAccessTokenConverter(jwkDefinitionSource);
+		this.delegate = new JwtTokenStore(accessTokenConverter);
+	}
+
+	@Override
+	public OAuth2Authentication readAuthentication(OAuth2AccessToken token) {
+		return this.delegate.readAuthentication(token);
+	}
+
+	@Override
+	public OAuth2Authentication readAuthentication(String token) {
+		return this.delegate.readAuthentication(token);
+	}
+
+	@Override
+	public void storeAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) {
+		throw this.operationNotSupported();
+	}
+
+	@Override
+	public OAuth2AccessToken readAccessToken(String tokenValue) {
+		return this.delegate.readAccessToken(tokenValue);
+	}
+
+	@Override
+	public void removeAccessToken(OAuth2AccessToken token) {
+		throw this.operationNotSupported();
+	}
+
+	@Override
+	public void storeRefreshToken(OAuth2RefreshToken refreshToken, OAuth2Authentication authentication) {
+		throw this.operationNotSupported();
+	}
+
+	@Override
+	public OAuth2RefreshToken readRefreshToken(String tokenValue) {
+		throw this.operationNotSupported();
+	}
+
+	@Override
+	public OAuth2Authentication readAuthenticationForRefreshToken(OAuth2RefreshToken token) {
+		throw this.operationNotSupported();
+	}
+
+	@Override
+	public void removeRefreshToken(OAuth2RefreshToken token) {
+		throw this.operationNotSupported();
+	}
+
+	@Override
+	public void removeAccessTokenUsingRefreshToken(OAuth2RefreshToken refreshToken) {
+		throw this.operationNotSupported();
+	}
+
+	@Override
+	public OAuth2AccessToken getAccessToken(OAuth2Authentication authentication) {
+		throw this.operationNotSupported();
+	}
+
+	@Override
+	public Collection findTokensByClientIdAndUserName(String clientId, String userName) {
+		throw this.operationNotSupported();
+	}
+
+	@Override
+	public Collection findTokensByClientId(String clientId) {
+		throw this.operationNotSupported();
+	}
+
+	private JwkException operationNotSupported() {
+		return new JwkException("This operation is currently not supported.");
+	}
+}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java
new file mode 100644
index 000000000..dc7ea2606
--- /dev/null
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.provider.token.store.jwk;
+
+import org.springframework.security.jwt.Jwt;
+import org.springframework.security.jwt.JwtHelper;
+import org.springframework.security.jwt.crypto.sign.SignatureVerifier;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.security.oauth2.common.util.JsonParser;
+import org.springframework.security.oauth2.common.util.JsonParserFactory;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
+import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
+
+import java.util.Map;
+
+import static org.springframework.security.oauth2.provider.token.store.jwk.JwkAttributes.ALGORITHM;
+import static org.springframework.security.oauth2.provider.token.store.jwk.JwkAttributes.KEY_ID;
+
+/**
+ * @author Joe Grandja
+ */
+class JwkVerifyingJwtAccessTokenConverter extends JwtAccessTokenConverter {
+	private final JwkDefinitionSource jwkDefinitionSource;
+	private final JwtHeaderConverter jwtHeaderConverter = new JwtHeaderConverter();
+	private final JsonParser jsonParser = JsonParserFactory.create();
+
+	JwkVerifyingJwtAccessTokenConverter(JwkDefinitionSource jwkDefinitionSource) {
+		this.jwkDefinitionSource = jwkDefinitionSource;
+	}
+
+	@Override
+	protected Map decode(String token) {
+		try {
+			Map headers = this.jwtHeaderConverter.convert(token);
+
+			// Validate "kid" header
+			String keyIdHeader = headers.get(KEY_ID);
+			if (keyIdHeader == null) {
+				throw new JwkException("Invalid JWT/JWS: \"" + KEY_ID + "\" is a required JOSE Header.");
+			}
+			JwkDefinition jwkDefinition = this.jwkDefinitionSource.getDefinitionRefreshIfNecessary(keyIdHeader);
+			if (jwkDefinition == null) {
+				throw new JwkException("Invalid JOSE Header \"" + KEY_ID + "\" (" + keyIdHeader + ")");
+			}
+
+			// Validate "alg" header
+			String algorithmHeader = headers.get(ALGORITHM);
+			if (algorithmHeader == null) {
+				throw new JwkException("Invalid JWT/JWS: \"" + ALGORITHM + "\" is a required JOSE Header.");
+			}
+			if (!algorithmHeader.equals(jwkDefinition.getAlgorithm().headerParamValue())) {
+				throw new JwkException("Invalid JOSE Header \"" + ALGORITHM + "\" (" + algorithmHeader + ")" +
+						" does not match algorithm associated with \"" + KEY_ID + "\" (" + keyIdHeader + ")");
+			}
+
+			// Verify signature
+			SignatureVerifier verifier = this.jwkDefinitionSource.getVerifier(keyIdHeader);
+			Jwt jwt = JwtHelper.decode(token);
+			jwt.verifySignature(verifier);
+
+			Map claims = this.jsonParser.parseMap(jwt.getClaims());
+			if (claims.containsKey(EXP) && claims.get(EXP) instanceof Integer) {
+				Integer expiryInt = (Integer) claims.get(EXP);
+				claims.put(EXP, new Long(expiryInt));
+			}
+
+			return claims;
+
+		} catch (Exception ex) {
+			throw new JwkException("Failed to decode/verify the JWT/JWS: " + ex.getMessage(), ex);
+		}
+	}
+
+	@Override
+	protected String encode(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
+		throw new JwkException("JWT/JWS (signing) is currently not supported.");
+	}
+}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverter.java
new file mode 100644
index 000000000..2afa65a8d
--- /dev/null
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverter.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.provider.token.store.jwk;
+
+import com.fasterxml.jackson.core.JsonFactory;
+import com.fasterxml.jackson.core.JsonParser;
+import com.fasterxml.jackson.core.JsonToken;
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.security.jwt.codec.Codecs;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * @author Joe Grandja
+ */
+class JwtHeaderConverter implements Converter> {
+	private final JsonFactory factory = new JsonFactory();
+
+	@Override
+	public Map convert(String token) {
+		Map headers;
+
+		int headerEndIndex = token.indexOf('.');
+		if (headerEndIndex == -1) {
+			throw new JwkException("Invalid JWT. Missing JOSE Header.");
+		}
+		byte[] decodedHeader = Codecs.b64UrlDecode(token.substring(0, headerEndIndex));
+
+		JsonParser parser = null;
+
+		try {
+			parser = this.factory.createParser(decodedHeader);
+			headers = new HashMap();
+			if (parser.nextToken() == JsonToken.START_OBJECT) {
+				while (parser.nextToken() == JsonToken.FIELD_NAME) {
+					String headerName = parser.getCurrentName();
+					parser.nextToken();
+					String headerValue = parser.getValueAsString();
+					headers.put(headerName, headerValue);
+				}
+			}
+
+		} catch (IOException ex) {
+			throw new JwkException("An I/O error occurred while reading the JWT: " + ex.getMessage(), ex);
+		} finally {
+			try {
+				if (parser != null) parser.close();
+			} catch (IOException ex) { }
+		}
+
+		return headers;
+	}
+}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/RSAJwkDefinition.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/RSAJwkDefinition.java
new file mode 100644
index 000000000..6361784af
--- /dev/null
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/RSAJwkDefinition.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.provider.token.store.jwk;
+
+/**
+ * @author Joe Grandja
+ */
+final class RSAJwkDefinition extends JwkDefinition {
+	private final String modulus;
+	private final String exponent;
+
+	RSAJwkDefinition(String keyId,
+					 PublicKeyUse publicKeyUse,
+					 CryptoAlgorithm algorithm,
+					 String modulus,
+					 String exponent) {
+
+		super(keyId, KeyType.RSA, publicKeyUse, algorithm);
+		this.modulus = modulus;
+		this.exponent = exponent;
+	}
+
+	String getModulus() {
+		return this.modulus;
+	}
+
+	String getExponent() {
+		return this.exponent;
+	}
+}
\ No newline at end of file

From 5ad171060b8018ffaf80233106c494b258578238 Mon Sep 17 00:00:00 2001
From: Dave Syer 
Date: Mon, 20 Feb 2017 16:30:22 +0000
Subject: [PATCH 076/345] Add test for ambiguous token services

---
 .../TokenServicesMultipleBeansTests.java      | 56 +++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/TokenServicesMultipleBeansTests.java

diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/TokenServicesMultipleBeansTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/TokenServicesMultipleBeansTests.java
new file mode 100644
index 000000000..a993afbf9
--- /dev/null
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/TokenServicesMultipleBeansTests.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2015-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.oauth2.config.annotation;
+
+import static org.junit.Assert.assertNotNull;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.oauth2.config.annotation.TokenServicesMultipleBeansTests.BrokenOAuthApplication;
+import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.web.WebAppConfiguration;
+
+/**
+ * @author Dave Syer
+ *
+ */
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration(classes=BrokenOAuthApplication.class)
+@WebAppConfiguration
+public class TokenServicesMultipleBeansTests {
+	
+	@Autowired
+	private ResourceServerTokenServices tokenServices;
+
+	@Test
+	public void test() {
+		assertNotNull(tokenServices);
+	}
+
+	@Configuration
+	@EnableAuthorizationServer
+	@EnableWebSecurity
+	protected static class BrokenOAuthApplication extends AuthorizationServerConfigurerAdapter {
+	}
+}

From df2466a9b78b5c6e9ab4cbe3ab97643c5cb6a244 Mon Sep 17 00:00:00 2001
From: Dave Syer 
Date: Tue, 21 Feb 2017 15:17:31 +0000
Subject: [PATCH 077/345] Use FactoryBean to expose @Beans of different
 TokenServices flavours

There is one for ConsumerTokenServices and one for
AuthorizationServerTokenServices.

Fixes gh-984
---
 ...orizationServerEndpointsConfiguration.java | 53 +++++++++++++++++--
 .../TokenServicesMultipleBeansTests.java      | 17 +++++-
 .../src/test/java/demo/ApplicationTests.java  |  6 +--
 .../java/demo/RefreshTokenSupportTests.java   |  6 +--
 4 files changed, 67 insertions(+), 15 deletions(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerEndpointsConfiguration.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerEndpointsConfiguration.java
index 2fc3e63c2..160f7eb07 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerEndpointsConfiguration.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerEndpointsConfiguration.java
@@ -20,8 +20,11 @@
 import javax.annotation.PostConstruct;
 
 import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.BeanCreationException;
 import org.springframework.beans.factory.BeanFactoryUtils;
+import org.springframework.beans.factory.FactoryBean;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.config.AbstractFactoryBean;
 import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.support.BeanDefinitionRegistry;
@@ -131,8 +134,19 @@ public FrameworkEndpointHandlerMapping oauth2EndpointHandlerMapping() throws Exc
 	}
 
 	@Bean
-	public ConsumerTokenServices consumerTokenServices() throws Exception {
-		return getEndpointsConfigurer().getConsumerTokenServices();
+	public FactoryBean consumerTokenServices() throws Exception {
+		return new AbstractFactoryBean() {
+
+			@Override
+			public Class getObjectType() {
+				return ConsumerTokenServices.class;
+			}
+
+			@Override
+			protected ConsumerTokenServices createInstance() throws Exception {
+				return getEndpointsConfigurer().getConsumerTokenServices();
+			}
+		};
 	}
 
 	/**
@@ -146,13 +160,18 @@ public ConsumerTokenServices consumerTokenServices() throws Exception {
 	 * @return an AuthorizationServerTokenServices
 	 */
 	@Bean
-	public AuthorizationServerTokenServices defaultAuthorizationServerTokenServices() {
-		return endpoints.getDefaultAuthorizationServerTokenServices();
+	public FactoryBean defaultAuthorizationServerTokenServices() {
+		return new AuthorizationServerTokenServicesFactoryBean(endpoints);
 	}
 
 	public AuthorizationServerEndpointsConfigurer getEndpointsConfigurer() {
 		if (!endpoints.isTokenServicesOverride()) {
-			endpoints.tokenServices(defaultAuthorizationServerTokenServices());
+			try {
+				endpoints.tokenServices(endpoints.getDefaultAuthorizationServerTokenServices());
+			}
+			catch (Exception e) {
+				throw new BeanCreationException("Cannot create token services", e);
+			}
 		}
 		return endpoints;
 	}
@@ -193,6 +212,30 @@ private String extractPath(FrameworkEndpointHandlerMapping mapping, String page)
 		return "forward:" + path;
 	}
 
+	protected static class AuthorizationServerTokenServicesFactoryBean
+			extends AbstractFactoryBean {
+
+		private AuthorizationServerEndpointsConfigurer endpoints;
+		
+		protected AuthorizationServerTokenServicesFactoryBean() {
+		}
+
+		public AuthorizationServerTokenServicesFactoryBean(
+				AuthorizationServerEndpointsConfigurer endpoints) {
+					this.endpoints = endpoints;
+		}
+
+		@Override
+		public Class getObjectType() {
+			return AuthorizationServerTokenServices.class;
+		}
+
+		@Override
+		protected AuthorizationServerTokenServices createInstance() throws Exception {
+			return endpoints.getDefaultAuthorizationServerTokenServices();
+		}
+	}
+
 	@Component
 	protected static class TokenKeyEndpointRegistrar implements BeanDefinitionRegistryPostProcessor {
 
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/TokenServicesMultipleBeansTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/TokenServicesMultipleBeansTests.java
index a993afbf9..d38593d54 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/TokenServicesMultipleBeansTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/TokenServicesMultipleBeansTests.java
@@ -17,6 +17,7 @@
 package org.springframework.security.oauth2.config.annotation;
 
 import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -26,6 +27,9 @@
 import org.springframework.security.oauth2.config.annotation.TokenServicesMultipleBeansTests.BrokenOAuthApplication;
 import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
+import org.springframework.security.oauth2.provider.token.ConsumerTokenServices;
 import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
@@ -40,16 +44,25 @@
 @WebAppConfiguration
 public class TokenServicesMultipleBeansTests {
 	
-	@Autowired
+	@Autowired(required=false)
 	private ResourceServerTokenServices tokenServices;
 
+	@Autowired
+	private AuthorizationServerTokenServices authServerTokenServices;
+
+	@Autowired
+	private ConsumerTokenServices consumerTokenServices;
+
 	@Test
 	public void test() {
-		assertNotNull(tokenServices);
+		assertNull(tokenServices);
+		assertNotNull(authServerTokenServices);
+		assertNotNull(consumerTokenServices);
 	}
 
 	@Configuration
 	@EnableAuthorizationServer
+	@EnableResourceServer
 	@EnableWebSecurity
 	protected static class BrokenOAuthApplication extends AuthorizationServerConfigurerAdapter {
 	}
diff --git a/tests/annotation/jwt/src/test/java/demo/ApplicationTests.java b/tests/annotation/jwt/src/test/java/demo/ApplicationTests.java
index 82a5ffee6..13b37ed7a 100644
--- a/tests/annotation/jwt/src/test/java/demo/ApplicationTests.java
+++ b/tests/annotation/jwt/src/test/java/demo/ApplicationTests.java
@@ -6,13 +6,12 @@
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.test.IntegrationTest;
 import org.springframework.boot.test.SpringApplicationConfiguration;
 import org.springframework.boot.test.TestRestTemplate;
 import org.springframework.http.HttpStatus;
-import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
+import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
 import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.test.context.web.WebAppConfiguration;
@@ -28,8 +27,7 @@ public class ApplicationTests {
 	private int port;
 
 	@Autowired
-	@Qualifier("defaultAuthorizationServerTokenServices")
-	private DefaultTokenServices tokenServices;
+	private AuthorizationServerTokenServices tokenServices;
 
 	@Test
 	public void tokenStoreIsJwt() {
diff --git a/tests/annotation/jwt/src/test/java/demo/RefreshTokenSupportTests.java b/tests/annotation/jwt/src/test/java/demo/RefreshTokenSupportTests.java
index 295fbdabf..141d73969 100644
--- a/tests/annotation/jwt/src/test/java/demo/RefreshTokenSupportTests.java
+++ b/tests/annotation/jwt/src/test/java/demo/RefreshTokenSupportTests.java
@@ -3,11 +3,10 @@
 import static org.junit.Assert.assertEquals;
 
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.boot.test.SpringApplicationConfiguration;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
-import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
+import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
 import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
 import org.springframework.test.util.ReflectionTestUtils;
 
@@ -21,8 +20,7 @@
 public class RefreshTokenSupportTests extends AbstractRefreshTokenSupportTests {
 	
 	@Autowired
-	@Qualifier("defaultAuthorizationServerTokenServices")
-	private DefaultTokenServices services;
+	private AuthorizationServerTokenServices services;
 
 	protected void verifyAccessTokens(OAuth2AccessToken oldAccessToken, OAuth2AccessToken newAccessToken) {
 		// make sure the new access token can be used.

From c9b2bbab23a4676cf909e76674b401b6d867e40c Mon Sep 17 00:00:00 2001
From: Dave Syer 
Date: Tue, 21 Feb 2017 17:28:37 +0000
Subject: [PATCH 078/345] Update to Spring Boot 1.5.1

---
 .../src/main/java/demo/Application.java       |  7 ++-----
 .../src/main/resources/application.yml        |  3 +++
 .../src/test/java/demo/ApplicationTests.java  | 13 +++++--------
 .../demo/AuthorizationCodeProviderTests.java  |  3 ---
 .../demo/ClientCredentialsProviderTests.java  |  3 ---
 .../test/java/demo/ImplicitProviderTests.java |  3 ---
 .../java/demo/ProtectedResourceTests.java     |  3 ---
 .../java/demo/RefreshTokenSupportTests.java   |  3 ---
 .../ResourceOwnerPasswordProviderTests.java   |  3 ---
 .../client/src/main/resources/application.yml |  3 +++
 .../test/java/client/ApplicationTests.java    | 13 +++++--------
 .../client/ClientServerInteractionTests.java  |  8 +++++---
 tests/annotation/common/pom.xml               |  9 ---------
 .../common/AbstractIntegrationTests.java      | 14 +++++++-------
 .../java/sparklr/common/HttpTestUtils.java    |  4 ++--
 .../src/main/java/demo/Application.java       |  5 ++---
 .../src/main/resources/application.yml        |  3 +++
 .../src/test/java/demo/ApplicationTests.java  | 12 ++++--------
 .../demo/ClientCredentialsProviderTests.java  |  2 --
 .../src/main/java/demo/Application.java       |  5 ++---
 .../src/main/resources/application.yml        |  3 +++
 .../src/test/java/demo/ApplicationTests.java  | 12 ++++--------
 .../demo/AuthorizationCodeProviderTests.java  |  2 --
 .../demo/ClientCredentialsProviderTests.java  |  3 ---
 .../test/java/demo/CustomProviderTests.java   |  4 +---
 .../test/java/demo/ImplicitProviderTests.java |  4 +---
 .../java/demo/ProtectedResourceTests.java     |  3 ---
 .../java/demo/RefreshTokenSupportTests.java   |  3 ---
 .../ResourceOwnerPasswordProviderTests.java   |  3 ---
 .../form/src/main/java/demo/Application.java  |  7 ++-----
 .../form/src/main/resources/application.yml   |  3 +++
 .../src/test/java/demo/ApplicationTests.java  | 12 ++++--------
 .../demo/AuthorizationCodeProviderTests.java  |  3 ---
 .../demo/ClientCredentialsProviderTests.java  |  2 --
 .../test/java/demo/ImplicitProviderTests.java |  3 ---
 .../java/demo/ProtectedResourceTests.java     |  3 ---
 .../java/demo/RefreshTokenSupportTests.java   |  3 ---
 .../ResourceOwnerPasswordProviderTests.java   |  2 --
 .../jaxb/src/main/java/demo/Application.java  |  7 ++-----
 .../jaxb/src/main/resources/application.yml   |  3 +++
 .../src/test/java/demo/ApplicationTests.java  | 12 ++++--------
 .../demo/AuthorizationCodeProviderTests.java  |  2 --
 .../demo/ClientCredentialsProviderTests.java  |  2 --
 .../test/java/demo/ImplicitProviderTests.java |  4 +---
 .../java/demo/ProtectedResourceTests.java     |  2 --
 .../java/demo/RefreshTokenSupportTests.java   |  2 --
 .../ResourceOwnerPasswordProviderTests.java   |  2 --
 .../jdbc/src/main/java/demo/Application.java  |  2 +-
 .../jdbc/src/main/resources/application.yml   |  4 ++++
 .../src/test/java/demo/ApplicationTests.java  | 15 +++++----------
 .../demo/AuthorizationCodeProviderTests.java  |  4 ++--
 .../demo/ClientCredentialsProviderTests.java  |  4 ++--
 .../test/java/demo/ImplicitProviderTests.java |  4 ++--
 .../java/demo/ProtectedResourceTests.java     |  4 ++--
 .../java/demo/RefreshTokenSupportTests.java   |  4 ++--
 .../ResourceOwnerPasswordProviderTests.java   |  4 ++--
 .../jpa/src/main/java/demo/Application.java   |  2 +-
 .../jpa/src/main/resources/application.yml    |  3 +++
 .../src/test/java/demo/ApplicationTests.java  | 12 ++++--------
 .../AuthorizationCodeProviderCookieTests.java |  2 --
 .../demo/AuthorizationCodeProviderTests.java  |  2 --
 .../demo/ClientCredentialsProviderTests.java  |  3 ---
 .../test/java/demo/ImplicitProviderTests.java |  4 +---
 .../java/demo/ProtectedResourceTests.java     |  3 ---
 .../java/demo/RefreshTokenSupportTests.java   |  3 ---
 .../ResourceOwnerPasswordProviderTests.java   |  4 +---
 .../jwt/src/main/java/demo/Application.java   |  7 ++-----
 .../jwt/src/main/resources/application.yml    |  3 +++
 .../src/test/java/demo/ApplicationTests.java  | 19 ++++++++-----------
 .../demo/AuthorizationCodeProviderTests.java  |  3 ---
 .../demo/ClientCredentialsProviderTests.java  |  4 +---
 .../test/java/demo/ImplicitProviderTests.java |  3 ---
 .../java/demo/ProtectedResourceTests.java     |  3 ---
 .../java/demo/RefreshTokenSupportTests.java   |  2 --
 .../ResourceOwnerPasswordProviderTests.java   |  4 +---
 .../src/main/resources/application.yml        |  3 +++
 .../src/test/java/demo/ApplicationTests.java  | 12 ++++--------
 .../demo/AuthorizationCodeProviderTests.java  |  2 --
 .../demo/ClientCredentialsProviderTests.java  |  4 +---
 .../test/java/demo/ImplicitProviderTests.java |  3 ---
 .../java/demo/ProtectedResourceTests.java     |  2 --
 .../java/demo/RefreshTokenSupportTests.java   |  3 ---
 .../ResourceOwnerPasswordProviderTests.java   |  3 ---
 ...letPathClientCredentialsProviderTests.java | 11 ++++-------
 .../multi/src/main/java/demo/Application.java |  4 +++-
 .../src/test/java/demo/ApplicationTests.java  | 12 ++++--------
 .../demo/AuthorizationCodeProviderTests.java  |  3 ---
 .../demo/ClientCredentialsProviderTests.java  |  3 ---
 .../test/java/demo/ImplicitProviderTests.java |  3 ---
 .../java/demo/ProtectedResourceTests.java     |  2 --
 .../java/demo/RefreshTokenSupportTests.java   |  3 ---
 .../ResourceOwnerPasswordProviderTests.java   |  2 --
 tests/annotation/pom.xml                      |  4 ++--
 .../src/main/java/demo/Application.java       |  8 ++------
 .../src/main/resources/application.yml        |  3 +++
 .../src/test/java/demo/ApplicationTests.java  | 12 ++++--------
 .../java/demo/ProtectedResourceTests.java     |  3 ---
 .../src/main/resources/application.yml        |  3 +++
 .../src/test/java/demo/ApplicationTests.java  |  9 +++------
 .../AuthorizationCodeProviderCookieTests.java |  2 --
 .../demo/AuthorizationCodeProviderTests.java  |  2 --
 .../demo/ClientCredentialsProviderTests.java  |  3 ---
 .../java/demo/GlobalMethodSecurityTests.java  | 12 ++++++------
 .../test/java/demo/ImplicitProviderTests.java |  4 +---
 .../java/demo/ProtectedResourceTests.java     |  3 ---
 .../java/demo/RefreshTokenSupportTests.java   |  3 ---
 .../ResourceOwnerPasswordProviderTests.java   |  4 +---
 107 files changed, 162 insertions(+), 349 deletions(-)

diff --git a/tests/annotation/approval/src/main/java/demo/Application.java b/tests/annotation/approval/src/main/java/demo/Application.java
index 101b9bfb8..82281f84a 100644
--- a/tests/annotation/approval/src/main/java/demo/Application.java
+++ b/tests/annotation/approval/src/main/java/demo/Application.java
@@ -2,9 +2,8 @@
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
@@ -19,9 +18,7 @@
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-@Configuration
-@ComponentScan
-@EnableAutoConfiguration
+@SpringBootApplication
 @EnableResourceServer
 @RestController
 public class Application {
diff --git a/tests/annotation/approval/src/main/resources/application.yml b/tests/annotation/approval/src/main/resources/application.yml
index e52b05d1f..99c539833 100644
--- a/tests/annotation/approval/src/main/resources/application.yml
+++ b/tests/annotation/approval/src/main/resources/application.yml
@@ -6,3 +6,6 @@ management:
 security:
   user:
     password: password
+  oauth2:
+    resource:
+      filter-order: 3
diff --git a/tests/annotation/approval/src/test/java/demo/ApplicationTests.java b/tests/annotation/approval/src/test/java/demo/ApplicationTests.java
index 15eca8da6..39d23f056 100644
--- a/tests/annotation/approval/src/test/java/demo/ApplicationTests.java
+++ b/tests/annotation/approval/src/test/java/demo/ApplicationTests.java
@@ -2,15 +2,12 @@
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.springframework.boot.test.IntegrationTest;
-import org.springframework.boot.test.SpringApplicationConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.test.context.junit4.SpringRunner;
 
-@RunWith(SpringJUnit4ClassRunner.class)
-@SpringApplicationConfiguration(classes = Application.class)
-@WebAppConfiguration
-@IntegrationTest("server.port=0")
+@RunWith(SpringRunner.class)
+@SpringBootTest(webEnvironment=WebEnvironment.RANDOM_PORT)
 public class ApplicationTests {
 
 	@Test
diff --git a/tests/annotation/approval/src/test/java/demo/AuthorizationCodeProviderTests.java b/tests/annotation/approval/src/test/java/demo/AuthorizationCodeProviderTests.java
index 3bc5e7dac..7b60325b0 100755
--- a/tests/annotation/approval/src/test/java/demo/AuthorizationCodeProviderTests.java
+++ b/tests/annotation/approval/src/test/java/demo/AuthorizationCodeProviderTests.java
@@ -14,14 +14,11 @@
 
 import static org.junit.Assert.assertTrue;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractAuthorizationCodeProviderTests;
 
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes = Application.class)
 public class AuthorizationCodeProviderTests extends AbstractAuthorizationCodeProviderTests {
 
 	protected void verifyAuthorizationPage(String page) {
diff --git a/tests/annotation/approval/src/test/java/demo/ClientCredentialsProviderTests.java b/tests/annotation/approval/src/test/java/demo/ClientCredentialsProviderTests.java
index af8190074..857ff7fa0 100644
--- a/tests/annotation/approval/src/test/java/demo/ClientCredentialsProviderTests.java
+++ b/tests/annotation/approval/src/test/java/demo/ClientCredentialsProviderTests.java
@@ -1,13 +1,10 @@
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractClientCredentialsProviderTests;
 
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
 public class ClientCredentialsProviderTests extends AbstractClientCredentialsProviderTests {
 
 
diff --git a/tests/annotation/approval/src/test/java/demo/ImplicitProviderTests.java b/tests/annotation/approval/src/test/java/demo/ImplicitProviderTests.java
index 7a8958187..0e34ccc7d 100644
--- a/tests/annotation/approval/src/test/java/demo/ImplicitProviderTests.java
+++ b/tests/annotation/approval/src/test/java/demo/ImplicitProviderTests.java
@@ -1,13 +1,10 @@
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractImplicitProviderTests;
 
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
 public class ImplicitProviderTests extends AbstractImplicitProviderTests {
 
 }
diff --git a/tests/annotation/approval/src/test/java/demo/ProtectedResourceTests.java b/tests/annotation/approval/src/test/java/demo/ProtectedResourceTests.java
index c752cbe12..302b30f96 100644
--- a/tests/annotation/approval/src/test/java/demo/ProtectedResourceTests.java
+++ b/tests/annotation/approval/src/test/java/demo/ProtectedResourceTests.java
@@ -13,15 +13,12 @@
 
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractProtectedResourceTests;
 
 /**
  * @author Dave Syer
  *
  */
-@SpringApplicationConfiguration(classes = Application.class)
 public class ProtectedResourceTests extends AbstractProtectedResourceTests {
 
 }
diff --git a/tests/annotation/approval/src/test/java/demo/RefreshTokenSupportTests.java b/tests/annotation/approval/src/test/java/demo/RefreshTokenSupportTests.java
index 4ed370eea..417bac867 100644
--- a/tests/annotation/approval/src/test/java/demo/RefreshTokenSupportTests.java
+++ b/tests/annotation/approval/src/test/java/demo/RefreshTokenSupportTests.java
@@ -1,13 +1,10 @@
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractRefreshTokenSupportTests;
 
 /**
  * @author Ryan Heaton
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
 public class RefreshTokenSupportTests extends AbstractRefreshTokenSupportTests {
 }
diff --git a/tests/annotation/approval/src/test/java/demo/ResourceOwnerPasswordProviderTests.java b/tests/annotation/approval/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
index aa5786098..5682e05a6 100644
--- a/tests/annotation/approval/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
+++ b/tests/annotation/approval/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
@@ -1,13 +1,10 @@
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractResourceOwnerPasswordProviderTests;
 
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
 public class ResourceOwnerPasswordProviderTests extends AbstractResourceOwnerPasswordProviderTests {
 
 }
diff --git a/tests/annotation/client/src/main/resources/application.yml b/tests/annotation/client/src/main/resources/application.yml
index 72f3eb459..e223ea3ad 100644
--- a/tests/annotation/client/src/main/resources/application.yml
+++ b/tests/annotation/client/src/main/resources/application.yml
@@ -8,3 +8,6 @@ server:
 security:
   basic:
     enabled: false
+  oauth2:
+    resource:
+      filter-order: 3
diff --git a/tests/annotation/client/src/test/java/client/ApplicationTests.java b/tests/annotation/client/src/test/java/client/ApplicationTests.java
index 8c5aef34a..971e2b4a0 100644
--- a/tests/annotation/client/src/test/java/client/ApplicationTests.java
+++ b/tests/annotation/client/src/test/java/client/ApplicationTests.java
@@ -2,15 +2,12 @@
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.springframework.boot.test.IntegrationTest;
-import org.springframework.boot.test.SpringApplicationConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.test.context.junit4.SpringRunner;
 
-@RunWith(SpringJUnit4ClassRunner.class)
-@SpringApplicationConfiguration(classes = ClientApplication.class)
-@WebAppConfiguration
-@IntegrationTest("server.port=0")
+@RunWith(SpringRunner.class)
+@SpringBootTest(webEnvironment=WebEnvironment.RANDOM_PORT, classes=ClientApplication.class)
 public class ApplicationTests {
 
 	@Test
diff --git a/tests/annotation/client/src/test/java/client/ClientServerInteractionTests.java b/tests/annotation/client/src/test/java/client/ClientServerInteractionTests.java
index 64db5054c..f078ff6e3 100644
--- a/tests/annotation/client/src/test/java/client/ClientServerInteractionTests.java
+++ b/tests/annotation/client/src/test/java/client/ClientServerInteractionTests.java
@@ -6,7 +6,8 @@
 import org.junit.Before;
 import org.junit.Test;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.SpringApplicationConfiguration;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
 import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;
 import org.springframework.security.oauth2.client.OAuth2RestOperations;
 import org.springframework.security.oauth2.client.OAuth2RestTemplate;
@@ -19,7 +20,8 @@
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes = { ClientApplication.class, CombinedApplication.class })
+@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT, classes = {
+		ClientApplication.class, CombinedApplication.class })
 @ActiveProfiles("combined")
 public class ClientServerInteractionTests extends AbstractIntegrationTests {
 
@@ -27,7 +29,7 @@ public class ClientServerInteractionTests extends AbstractIntegrationTests {
 	private AuthorizationCodeResourceDetails resource;
 
 	private OAuth2RestOperations template;
-	
+
 	@Before
 	public void init() {
 		template = new OAuth2RestTemplate(resource, new DefaultOAuth2ClientContext());
diff --git a/tests/annotation/common/pom.xml b/tests/annotation/common/pom.xml
index 6491f1938..ec1d24e93 100644
--- a/tests/annotation/common/pom.xml
+++ b/tests/annotation/common/pom.xml
@@ -53,15 +53,6 @@
 		demo.Application
 	
 
-	
-		
-			
-				org.springframework.boot
-				spring-boot-maven-plugin
-			
-		
-	
-
 	
 		
 			spring-snapshots
diff --git a/tests/annotation/common/src/main/java/sparklr/common/AbstractIntegrationTests.java b/tests/annotation/common/src/main/java/sparklr/common/AbstractIntegrationTests.java
index b35341615..023566427 100644
--- a/tests/annotation/common/src/main/java/sparklr/common/AbstractIntegrationTests.java
+++ b/tests/annotation/common/src/main/java/sparklr/common/AbstractIntegrationTests.java
@@ -31,7 +31,9 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.security.SecurityProperties;
 import org.springframework.boot.autoconfigure.web.ServerProperties;
-import org.springframework.boot.test.IntegrationTest;
+import org.springframework.boot.context.embedded.LocalServerPort;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.http.client.ClientHttpRequestInterceptor;
 import org.springframework.http.converter.HttpMessageConverter;
@@ -53,12 +55,10 @@
 import org.springframework.security.oauth2.provider.token.TokenStore;
 import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
 import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.test.context.junit4.SpringRunner;
 
-@RunWith(SpringJUnit4ClassRunner.class)
-@WebAppConfiguration
-@IntegrationTest("server.port=0")
+@RunWith(SpringRunner.class)
+@SpringBootTest(webEnvironment=WebEnvironment.RANDOM_PORT)
 public abstract class AbstractIntegrationTests {
 
 	public static final String JAVAX_NET_SSL_TRUST_STORE_PASSWORD = "javax.net.ssl.trustStorePassword";
@@ -84,7 +84,7 @@ public abstract class AbstractIntegrationTests {
 		}
 	}
 
-	@Value("${local.server.port}")
+	@LocalServerPort
 	private int port;
 
 	@Rule
diff --git a/tests/annotation/common/src/main/java/sparklr/common/HttpTestUtils.java b/tests/annotation/common/src/main/java/sparklr/common/HttpTestUtils.java
index 8e765c04c..1a0456552 100644
--- a/tests/annotation/common/src/main/java/sparklr/common/HttpTestUtils.java
+++ b/tests/annotation/common/src/main/java/sparklr/common/HttpTestUtils.java
@@ -9,7 +9,7 @@
 import org.junit.rules.MethodRule;
 import org.junit.runners.model.FrameworkMethod;
 import org.junit.runners.model.Statement;
-import org.springframework.boot.test.TestRestTemplate;
+import org.springframework.boot.test.web.client.TestRestTemplate;
 import org.springframework.http.HttpEntity;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
@@ -234,7 +234,7 @@ public RestOperations getRestTemplate() {
 	}
 
 	public RestOperations createRestTemplate() {
-		RestTemplate client = new TestRestTemplate();
+		RestTemplate client = new TestRestTemplate().getRestTemplate();
 		return client;
 	}
 
diff --git a/tests/annotation/custom-authentication/src/main/java/demo/Application.java b/tests/annotation/custom-authentication/src/main/java/demo/Application.java
index 8566b7eb1..b45985dc4 100644
--- a/tests/annotation/custom-authentication/src/main/java/demo/Application.java
+++ b/tests/annotation/custom-authentication/src/main/java/demo/Application.java
@@ -2,7 +2,7 @@
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -19,8 +19,7 @@
 import org.springframework.web.bind.annotation.ResponseStatus;
 import org.springframework.web.bind.annotation.RestController;
 
-@Configuration
-@EnableAutoConfiguration
+@SpringBootApplication
 @EnableResourceServer
 @RestController
 public class Application {
diff --git a/tests/annotation/custom-authentication/src/main/resources/application.yml b/tests/annotation/custom-authentication/src/main/resources/application.yml
index ccf06f8ba..8f7a77341 100644
--- a/tests/annotation/custom-authentication/src/main/resources/application.yml
+++ b/tests/annotation/custom-authentication/src/main/resources/application.yml
@@ -6,6 +6,9 @@ management:
 security:
   user:
     password: password
+  oauth2:
+    resource:
+      filter-order: 3
 logging:
   level:
     # org.springframework.security: DEBUG
\ No newline at end of file
diff --git a/tests/annotation/custom-authentication/src/test/java/demo/ApplicationTests.java b/tests/annotation/custom-authentication/src/test/java/demo/ApplicationTests.java
index 15eca8da6..1f2353d99 100644
--- a/tests/annotation/custom-authentication/src/test/java/demo/ApplicationTests.java
+++ b/tests/annotation/custom-authentication/src/test/java/demo/ApplicationTests.java
@@ -2,15 +2,11 @@
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.springframework.boot.test.IntegrationTest;
-import org.springframework.boot.test.SpringApplicationConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.junit4.SpringRunner;
 
-@RunWith(SpringJUnit4ClassRunner.class)
-@SpringApplicationConfiguration(classes = Application.class)
-@WebAppConfiguration
-@IntegrationTest("server.port=0")
+@RunWith(SpringRunner.class)
+@SpringBootTest	
 public class ApplicationTests {
 
 	@Test
diff --git a/tests/annotation/custom-authentication/src/test/java/demo/ClientCredentialsProviderTests.java b/tests/annotation/custom-authentication/src/test/java/demo/ClientCredentialsProviderTests.java
index f4dd6da46..f0734bc81 100644
--- a/tests/annotation/custom-authentication/src/test/java/demo/ClientCredentialsProviderTests.java
+++ b/tests/annotation/custom-authentication/src/test/java/demo/ClientCredentialsProviderTests.java
@@ -9,7 +9,6 @@
 
 import org.junit.Before;
 import org.junit.Test;
-import org.springframework.boot.test.SpringApplicationConfiguration;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
@@ -30,7 +29,6 @@
  * 
  * @author michaeltecourt
  */
-@SpringApplicationConfiguration(classes = Application.class)
 public class ClientCredentialsProviderTests extends AbstractClientCredentialsProviderTests {
 
 	protected URI tokenUri;
diff --git a/tests/annotation/custom-grant/src/main/java/demo/Application.java b/tests/annotation/custom-grant/src/main/java/demo/Application.java
index 7dd777944..df08bbfe9 100644
--- a/tests/annotation/custom-grant/src/main/java/demo/Application.java
+++ b/tests/annotation/custom-grant/src/main/java/demo/Application.java
@@ -6,7 +6,7 @@
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -24,8 +24,7 @@
 import org.springframework.web.bind.annotation.ResponseStatus;
 import org.springframework.web.bind.annotation.RestController;
 
-@Configuration
-@EnableAutoConfiguration
+@SpringBootApplication
 @EnableResourceServer
 @RestController
 public class Application {
diff --git a/tests/annotation/custom-grant/src/main/resources/application.yml b/tests/annotation/custom-grant/src/main/resources/application.yml
index ccf06f8ba..8f7a77341 100644
--- a/tests/annotation/custom-grant/src/main/resources/application.yml
+++ b/tests/annotation/custom-grant/src/main/resources/application.yml
@@ -6,6 +6,9 @@ management:
 security:
   user:
     password: password
+  oauth2:
+    resource:
+      filter-order: 3
 logging:
   level:
     # org.springframework.security: DEBUG
\ No newline at end of file
diff --git a/tests/annotation/custom-grant/src/test/java/demo/ApplicationTests.java b/tests/annotation/custom-grant/src/test/java/demo/ApplicationTests.java
index 15eca8da6..34f49b849 100644
--- a/tests/annotation/custom-grant/src/test/java/demo/ApplicationTests.java
+++ b/tests/annotation/custom-grant/src/test/java/demo/ApplicationTests.java
@@ -2,15 +2,11 @@
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.springframework.boot.test.IntegrationTest;
-import org.springframework.boot.test.SpringApplicationConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.junit4.SpringRunner;
 
-@RunWith(SpringJUnit4ClassRunner.class)
-@SpringApplicationConfiguration(classes = Application.class)
-@WebAppConfiguration
-@IntegrationTest("server.port=0")
+@RunWith(SpringRunner.class)
+@SpringBootTest
 public class ApplicationTests {
 
 	@Test
diff --git a/tests/annotation/custom-grant/src/test/java/demo/AuthorizationCodeProviderTests.java b/tests/annotation/custom-grant/src/test/java/demo/AuthorizationCodeProviderTests.java
index 49a38d4ab..34cdef81b 100755
--- a/tests/annotation/custom-grant/src/test/java/demo/AuthorizationCodeProviderTests.java
+++ b/tests/annotation/custom-grant/src/test/java/demo/AuthorizationCodeProviderTests.java
@@ -17,7 +17,6 @@
 import static org.junit.Assert.assertTrue;
 
 import org.junit.Test;
-import org.springframework.boot.test.SpringApplicationConfiguration;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration;
@@ -28,7 +27,6 @@
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes = Application.class)
 public class AuthorizationCodeProviderTests extends AbstractAuthorizationCodeProviderTests {
 	
 	@Test
diff --git a/tests/annotation/custom-grant/src/test/java/demo/ClientCredentialsProviderTests.java b/tests/annotation/custom-grant/src/test/java/demo/ClientCredentialsProviderTests.java
index af8190074..857ff7fa0 100644
--- a/tests/annotation/custom-grant/src/test/java/demo/ClientCredentialsProviderTests.java
+++ b/tests/annotation/custom-grant/src/test/java/demo/ClientCredentialsProviderTests.java
@@ -1,13 +1,10 @@
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractClientCredentialsProviderTests;
 
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
 public class ClientCredentialsProviderTests extends AbstractClientCredentialsProviderTests {
 
 
diff --git a/tests/annotation/custom-grant/src/test/java/demo/CustomProviderTests.java b/tests/annotation/custom-grant/src/test/java/demo/CustomProviderTests.java
index 219553795..bd6897227 100644
--- a/tests/annotation/custom-grant/src/test/java/demo/CustomProviderTests.java
+++ b/tests/annotation/custom-grant/src/test/java/demo/CustomProviderTests.java
@@ -1,11 +1,10 @@
 package demo;
 
-import static org.junit.Assert.*;
+import static org.junit.Assert.assertEquals;
 
 import java.util.Map;
 
 import org.junit.Test;
-import org.springframework.boot.test.SpringApplicationConfiguration;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -17,7 +16,6 @@
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes = Application.class)
 public class CustomProviderTests extends AbstractIntegrationTests {
 
 	@Test
diff --git a/tests/annotation/custom-grant/src/test/java/demo/ImplicitProviderTests.java b/tests/annotation/custom-grant/src/test/java/demo/ImplicitProviderTests.java
index 92379335a..0945dffce 100644
--- a/tests/annotation/custom-grant/src/test/java/demo/ImplicitProviderTests.java
+++ b/tests/annotation/custom-grant/src/test/java/demo/ImplicitProviderTests.java
@@ -13,8 +13,7 @@
 import java.util.concurrent.Future;
 
 import org.junit.Test;
-import org.springframework.boot.test.SpringApplicationConfiguration;
-import org.springframework.boot.test.TestRestTemplate;
+import org.springframework.boot.test.web.client.TestRestTemplate;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration;
@@ -25,7 +24,6 @@
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes = Application.class)
 public class ImplicitProviderTests extends AbstractImplicitProviderTests {
 
 	@Test
diff --git a/tests/annotation/custom-grant/src/test/java/demo/ProtectedResourceTests.java b/tests/annotation/custom-grant/src/test/java/demo/ProtectedResourceTests.java
index c752cbe12..302b30f96 100644
--- a/tests/annotation/custom-grant/src/test/java/demo/ProtectedResourceTests.java
+++ b/tests/annotation/custom-grant/src/test/java/demo/ProtectedResourceTests.java
@@ -13,15 +13,12 @@
 
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractProtectedResourceTests;
 
 /**
  * @author Dave Syer
  *
  */
-@SpringApplicationConfiguration(classes = Application.class)
 public class ProtectedResourceTests extends AbstractProtectedResourceTests {
 
 }
diff --git a/tests/annotation/custom-grant/src/test/java/demo/RefreshTokenSupportTests.java b/tests/annotation/custom-grant/src/test/java/demo/RefreshTokenSupportTests.java
index 4ed370eea..417bac867 100644
--- a/tests/annotation/custom-grant/src/test/java/demo/RefreshTokenSupportTests.java
+++ b/tests/annotation/custom-grant/src/test/java/demo/RefreshTokenSupportTests.java
@@ -1,13 +1,10 @@
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractRefreshTokenSupportTests;
 
 /**
  * @author Ryan Heaton
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
 public class RefreshTokenSupportTests extends AbstractRefreshTokenSupportTests {
 }
diff --git a/tests/annotation/custom-grant/src/test/java/demo/ResourceOwnerPasswordProviderTests.java b/tests/annotation/custom-grant/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
index aa5786098..5682e05a6 100644
--- a/tests/annotation/custom-grant/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
+++ b/tests/annotation/custom-grant/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
@@ -1,13 +1,10 @@
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractResourceOwnerPasswordProviderTests;
 
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
 public class ResourceOwnerPasswordProviderTests extends AbstractResourceOwnerPasswordProviderTests {
 
 }
diff --git a/tests/annotation/form/src/main/java/demo/Application.java b/tests/annotation/form/src/main/java/demo/Application.java
index 696029d71..cba6c9f6f 100644
--- a/tests/annotation/form/src/main/java/demo/Application.java
+++ b/tests/annotation/form/src/main/java/demo/Application.java
@@ -2,8 +2,7 @@
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
-import org.springframework.context.annotation.ComponentScan;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
@@ -15,9 +14,7 @@
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-@Configuration
-@ComponentScan
-@EnableAutoConfiguration
+@SpringBootApplication
 @EnableResourceServer
 @RestController
 public class Application {
diff --git a/tests/annotation/form/src/main/resources/application.yml b/tests/annotation/form/src/main/resources/application.yml
index dbb4d4d3e..57c6bd9cc 100644
--- a/tests/annotation/form/src/main/resources/application.yml
+++ b/tests/annotation/form/src/main/resources/application.yml
@@ -6,6 +6,9 @@ management:
 security:
   user:
     password: password
+  oauth2:
+    resource:
+      filter-order: 3
 logging:
   level:
     org.springframework.security: WARN
diff --git a/tests/annotation/form/src/test/java/demo/ApplicationTests.java b/tests/annotation/form/src/test/java/demo/ApplicationTests.java
index 15eca8da6..34f49b849 100644
--- a/tests/annotation/form/src/test/java/demo/ApplicationTests.java
+++ b/tests/annotation/form/src/test/java/demo/ApplicationTests.java
@@ -2,15 +2,11 @@
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.springframework.boot.test.IntegrationTest;
-import org.springframework.boot.test.SpringApplicationConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.junit4.SpringRunner;
 
-@RunWith(SpringJUnit4ClassRunner.class)
-@SpringApplicationConfiguration(classes = Application.class)
-@WebAppConfiguration
-@IntegrationTest("server.port=0")
+@RunWith(SpringRunner.class)
+@SpringBootTest
 public class ApplicationTests {
 
 	@Test
diff --git a/tests/annotation/form/src/test/java/demo/AuthorizationCodeProviderTests.java b/tests/annotation/form/src/test/java/demo/AuthorizationCodeProviderTests.java
index 632098bf1..2ef50fde6 100755
--- a/tests/annotation/form/src/test/java/demo/AuthorizationCodeProviderTests.java
+++ b/tests/annotation/form/src/test/java/demo/AuthorizationCodeProviderTests.java
@@ -12,14 +12,11 @@
  */
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractAuthorizationCodeProviderTests;
 
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes = Application.class)
 public class AuthorizationCodeProviderTests extends AbstractAuthorizationCodeProviderTests {
 
 }
diff --git a/tests/annotation/form/src/test/java/demo/ClientCredentialsProviderTests.java b/tests/annotation/form/src/test/java/demo/ClientCredentialsProviderTests.java
index 3d9ccf4f6..d70b43c90 100644
--- a/tests/annotation/form/src/test/java/demo/ClientCredentialsProviderTests.java
+++ b/tests/annotation/form/src/test/java/demo/ClientCredentialsProviderTests.java
@@ -8,7 +8,6 @@
 import java.io.IOException;
 
 import org.junit.Test;
-import org.springframework.boot.test.SpringApplicationConfiguration;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.client.ClientHttpResponse;
@@ -24,7 +23,6 @@
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
 public class ClientCredentialsProviderTests extends AbstractClientCredentialsProviderTests {
 
 	private HttpHeaders responseHeaders;
diff --git a/tests/annotation/form/src/test/java/demo/ImplicitProviderTests.java b/tests/annotation/form/src/test/java/demo/ImplicitProviderTests.java
index 7a8958187..0e34ccc7d 100644
--- a/tests/annotation/form/src/test/java/demo/ImplicitProviderTests.java
+++ b/tests/annotation/form/src/test/java/demo/ImplicitProviderTests.java
@@ -1,13 +1,10 @@
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractImplicitProviderTests;
 
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
 public class ImplicitProviderTests extends AbstractImplicitProviderTests {
 
 }
diff --git a/tests/annotation/form/src/test/java/demo/ProtectedResourceTests.java b/tests/annotation/form/src/test/java/demo/ProtectedResourceTests.java
index c752cbe12..302b30f96 100644
--- a/tests/annotation/form/src/test/java/demo/ProtectedResourceTests.java
+++ b/tests/annotation/form/src/test/java/demo/ProtectedResourceTests.java
@@ -13,15 +13,12 @@
 
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractProtectedResourceTests;
 
 /**
  * @author Dave Syer
  *
  */
-@SpringApplicationConfiguration(classes = Application.class)
 public class ProtectedResourceTests extends AbstractProtectedResourceTests {
 
 }
diff --git a/tests/annotation/form/src/test/java/demo/RefreshTokenSupportTests.java b/tests/annotation/form/src/test/java/demo/RefreshTokenSupportTests.java
index 4ed370eea..417bac867 100644
--- a/tests/annotation/form/src/test/java/demo/RefreshTokenSupportTests.java
+++ b/tests/annotation/form/src/test/java/demo/RefreshTokenSupportTests.java
@@ -1,13 +1,10 @@
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractRefreshTokenSupportTests;
 
 /**
  * @author Ryan Heaton
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
 public class RefreshTokenSupportTests extends AbstractRefreshTokenSupportTests {
 }
diff --git a/tests/annotation/form/src/test/java/demo/ResourceOwnerPasswordProviderTests.java b/tests/annotation/form/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
index 6eaa554eb..7fe135878 100644
--- a/tests/annotation/form/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
+++ b/tests/annotation/form/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
@@ -1,6 +1,5 @@
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
 import org.springframework.security.oauth2.client.resource.BaseOAuth2ProtectedResourceDetails;
 import org.springframework.security.oauth2.client.test.BeforeOAuth2Context;
 import org.springframework.security.oauth2.common.AuthenticationScheme;
@@ -10,7 +9,6 @@
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes = Application.class)
 public class ResourceOwnerPasswordProviderTests extends
 		AbstractResourceOwnerPasswordProviderTests {
 
diff --git a/tests/annotation/jaxb/src/main/java/demo/Application.java b/tests/annotation/jaxb/src/main/java/demo/Application.java
index 956c80ffd..a9ec20e09 100644
--- a/tests/annotation/jaxb/src/main/java/demo/Application.java
+++ b/tests/annotation/jaxb/src/main/java/demo/Application.java
@@ -5,8 +5,7 @@
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
-import org.springframework.context.annotation.ComponentScan;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.converter.HttpMessageConverter;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -28,9 +27,7 @@
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
 
-@Configuration
-@ComponentScan
-@EnableAutoConfiguration
+@SpringBootApplication
 @EnableResourceServer
 @RestController
 public class Application extends WebMvcConfigurerAdapter {
diff --git a/tests/annotation/jaxb/src/main/resources/application.yml b/tests/annotation/jaxb/src/main/resources/application.yml
index a9c0149f0..c88891b00 100644
--- a/tests/annotation/jaxb/src/main/resources/application.yml
+++ b/tests/annotation/jaxb/src/main/resources/application.yml
@@ -6,3 +6,6 @@ management:
 security:
   user:
     password: password
+  oauth2:
+    resource:
+      filter-order: 3
diff --git a/tests/annotation/jaxb/src/test/java/demo/ApplicationTests.java b/tests/annotation/jaxb/src/test/java/demo/ApplicationTests.java
index 15eca8da6..34f49b849 100644
--- a/tests/annotation/jaxb/src/test/java/demo/ApplicationTests.java
+++ b/tests/annotation/jaxb/src/test/java/demo/ApplicationTests.java
@@ -2,15 +2,11 @@
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.springframework.boot.test.IntegrationTest;
-import org.springframework.boot.test.SpringApplicationConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.junit4.SpringRunner;
 
-@RunWith(SpringJUnit4ClassRunner.class)
-@SpringApplicationConfiguration(classes = Application.class)
-@WebAppConfiguration
-@IntegrationTest("server.port=0")
+@RunWith(SpringRunner.class)
+@SpringBootTest
 public class ApplicationTests {
 
 	@Test
diff --git a/tests/annotation/jaxb/src/test/java/demo/AuthorizationCodeProviderTests.java b/tests/annotation/jaxb/src/test/java/demo/AuthorizationCodeProviderTests.java
index 7d8889a6c..0333fa789 100755
--- a/tests/annotation/jaxb/src/test/java/demo/AuthorizationCodeProviderTests.java
+++ b/tests/annotation/jaxb/src/test/java/demo/AuthorizationCodeProviderTests.java
@@ -18,7 +18,6 @@
 import java.util.Collection;
 
 import org.junit.Test;
-import org.springframework.boot.test.SpringApplicationConfiguration;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.http.converter.HttpMessageConverter;
@@ -28,7 +27,6 @@
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes = Application.class)
 public class AuthorizationCodeProviderTests extends AbstractAuthorizationCodeProviderTests {
 
 	@Test
diff --git a/tests/annotation/jaxb/src/test/java/demo/ClientCredentialsProviderTests.java b/tests/annotation/jaxb/src/test/java/demo/ClientCredentialsProviderTests.java
index ef9ade0cd..b24e666c8 100644
--- a/tests/annotation/jaxb/src/test/java/demo/ClientCredentialsProviderTests.java
+++ b/tests/annotation/jaxb/src/test/java/demo/ClientCredentialsProviderTests.java
@@ -3,7 +3,6 @@
 import java.util.Collection;
 import java.util.List;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
 import org.springframework.http.client.ClientHttpRequestInterceptor;
 import org.springframework.http.converter.HttpMessageConverter;
 
@@ -12,7 +11,6 @@
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
 public class ClientCredentialsProviderTests extends AbstractClientCredentialsProviderTests {
 
 	@Override
diff --git a/tests/annotation/jaxb/src/test/java/demo/ImplicitProviderTests.java b/tests/annotation/jaxb/src/test/java/demo/ImplicitProviderTests.java
index 874e9ca09..d5bbfd381 100644
--- a/tests/annotation/jaxb/src/test/java/demo/ImplicitProviderTests.java
+++ b/tests/annotation/jaxb/src/test/java/demo/ImplicitProviderTests.java
@@ -13,8 +13,7 @@
 import java.util.concurrent.Future;
 
 import org.junit.Test;
-import org.springframework.boot.test.SpringApplicationConfiguration;
-import org.springframework.boot.test.TestRestTemplate;
+import org.springframework.boot.test.web.client.TestRestTemplate;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.http.converter.HttpMessageConverter;
@@ -26,7 +25,6 @@
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes = Application.class)
 public class ImplicitProviderTests extends AbstractImplicitProviderTests {
 
 	@Test
diff --git a/tests/annotation/jaxb/src/test/java/demo/ProtectedResourceTests.java b/tests/annotation/jaxb/src/test/java/demo/ProtectedResourceTests.java
index d47fb4893..0a539c5f4 100644
--- a/tests/annotation/jaxb/src/test/java/demo/ProtectedResourceTests.java
+++ b/tests/annotation/jaxb/src/test/java/demo/ProtectedResourceTests.java
@@ -15,7 +15,6 @@
 
 import java.util.Collection;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
 import org.springframework.http.converter.HttpMessageConverter;
 
 import sparklr.common.AbstractProtectedResourceTests;
@@ -24,7 +23,6 @@
  * @author Dave Syer
  *
  */
-@SpringApplicationConfiguration(classes = Application.class)
 public class ProtectedResourceTests extends AbstractProtectedResourceTests {
 
 	@Override
diff --git a/tests/annotation/jaxb/src/test/java/demo/RefreshTokenSupportTests.java b/tests/annotation/jaxb/src/test/java/demo/RefreshTokenSupportTests.java
index adcaa1326..06804a151 100644
--- a/tests/annotation/jaxb/src/test/java/demo/RefreshTokenSupportTests.java
+++ b/tests/annotation/jaxb/src/test/java/demo/RefreshTokenSupportTests.java
@@ -2,7 +2,6 @@
 
 import java.util.Collection;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
 import org.springframework.http.converter.HttpMessageConverter;
 
 import sparklr.common.AbstractRefreshTokenSupportTests;
@@ -11,7 +10,6 @@
  * @author Ryan Heaton
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
 public class RefreshTokenSupportTests extends AbstractRefreshTokenSupportTests {
 
 	@Override
diff --git a/tests/annotation/jaxb/src/test/java/demo/ResourceOwnerPasswordProviderTests.java b/tests/annotation/jaxb/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
index c41de197c..c69f87d8a 100644
--- a/tests/annotation/jaxb/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
+++ b/tests/annotation/jaxb/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
@@ -2,7 +2,6 @@
 
 import java.util.Collection;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
 import org.springframework.http.converter.HttpMessageConverter;
 
 import sparklr.common.AbstractResourceOwnerPasswordProviderTests;
@@ -10,7 +9,6 @@
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
 public class ResourceOwnerPasswordProviderTests extends AbstractResourceOwnerPasswordProviderTests {
 
 	@Override
diff --git a/tests/annotation/jdbc/src/main/java/demo/Application.java b/tests/annotation/jdbc/src/main/java/demo/Application.java
index 36f243d80..300e4f250 100644
--- a/tests/annotation/jdbc/src/main/java/demo/Application.java
+++ b/tests/annotation/jdbc/src/main/java/demo/Application.java
@@ -129,7 +129,7 @@ public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
 	public void init(AuthenticationManagerBuilder auth) throws Exception {
 		// @formatter:off
 			auth.jdbcAuthentication().dataSource(dataSource).withUser("dave")
-					.password("secret").roles("USER");
+					.password("secret").roles("USER", "ACTUATOR");
 			// @formatter:on
 	}
 
diff --git a/tests/annotation/jdbc/src/main/resources/application.yml b/tests/annotation/jdbc/src/main/resources/application.yml
index da08708a2..d83b7e17a 100644
--- a/tests/annotation/jdbc/src/main/resources/application.yml
+++ b/tests/annotation/jdbc/src/main/resources/application.yml
@@ -3,6 +3,10 @@ spring:
     name: jdbc
 management:
   context_path: /admin
+security:
+  oauth2:
+    resource:
+      filter-order: 3
 logging:
   level:
     # org.springframework.security: DEBUG
diff --git a/tests/annotation/jdbc/src/test/java/demo/ApplicationTests.java b/tests/annotation/jdbc/src/test/java/demo/ApplicationTests.java
index ac31a7866..20748d419 100644
--- a/tests/annotation/jdbc/src/test/java/demo/ApplicationTests.java
+++ b/tests/annotation/jdbc/src/test/java/demo/ApplicationTests.java
@@ -3,22 +3,17 @@
 import static org.junit.Assert.assertTrue;
 
 import org.junit.Test;
-import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.IntegrationTest;
-import org.springframework.boot.test.SpringApplicationConfiguration;
 import org.springframework.security.oauth2.provider.ClientDetailsService;
 import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
 import org.springframework.security.oauth2.provider.token.TokenStore;
 import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.test.context.ContextConfiguration;
 
-@RunWith(SpringJUnit4ClassRunner.class)
-@SpringApplicationConfiguration(classes = Application.class)
-@WebAppConfiguration
-@IntegrationTest("server.port=0")
-public class ApplicationTests {
+import sparklr.common.AbstractIntegrationTests;
+
+@ContextConfiguration(classes=Application.class)
+public class ApplicationTests extends AbstractIntegrationTests {
 	
 	@Autowired
 	private TokenStore tokenStore;
diff --git a/tests/annotation/jdbc/src/test/java/demo/AuthorizationCodeProviderTests.java b/tests/annotation/jdbc/src/test/java/demo/AuthorizationCodeProviderTests.java
index 40787edad..5882b7cd3 100755
--- a/tests/annotation/jdbc/src/test/java/demo/AuthorizationCodeProviderTests.java
+++ b/tests/annotation/jdbc/src/test/java/demo/AuthorizationCodeProviderTests.java
@@ -15,14 +15,14 @@
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
+import org.springframework.test.context.ContextConfiguration;
 
 import sparklr.common.AbstractAuthorizationCodeProviderTests;
 
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes = Application.class)
+@ContextConfiguration(classes=Application.class)
 public class AuthorizationCodeProviderTests extends AbstractAuthorizationCodeProviderTests {
 
 	protected String getPassword() {
diff --git a/tests/annotation/jdbc/src/test/java/demo/ClientCredentialsProviderTests.java b/tests/annotation/jdbc/src/test/java/demo/ClientCredentialsProviderTests.java
index af8190074..e23fe4f49 100644
--- a/tests/annotation/jdbc/src/test/java/demo/ClientCredentialsProviderTests.java
+++ b/tests/annotation/jdbc/src/test/java/demo/ClientCredentialsProviderTests.java
@@ -1,13 +1,13 @@
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
+import org.springframework.test.context.ContextConfiguration;
 
 import sparklr.common.AbstractClientCredentialsProviderTests;
 
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
+@ContextConfiguration(classes=Application.class)
 public class ClientCredentialsProviderTests extends AbstractClientCredentialsProviderTests {
 
 
diff --git a/tests/annotation/jdbc/src/test/java/demo/ImplicitProviderTests.java b/tests/annotation/jdbc/src/test/java/demo/ImplicitProviderTests.java
index 89b5a1ef8..225c53741 100644
--- a/tests/annotation/jdbc/src/test/java/demo/ImplicitProviderTests.java
+++ b/tests/annotation/jdbc/src/test/java/demo/ImplicitProviderTests.java
@@ -1,13 +1,13 @@
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
+import org.springframework.test.context.ContextConfiguration;
 
 import sparklr.common.AbstractImplicitProviderTests;
 
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
+@ContextConfiguration(classes=Application.class)
 public class ImplicitProviderTests extends AbstractImplicitProviderTests {
 
 	protected String getPassword() {
diff --git a/tests/annotation/jdbc/src/test/java/demo/ProtectedResourceTests.java b/tests/annotation/jdbc/src/test/java/demo/ProtectedResourceTests.java
index c752cbe12..0e2acc8d9 100644
--- a/tests/annotation/jdbc/src/test/java/demo/ProtectedResourceTests.java
+++ b/tests/annotation/jdbc/src/test/java/demo/ProtectedResourceTests.java
@@ -13,7 +13,7 @@
 
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
+import org.springframework.test.context.ContextConfiguration;
 
 import sparklr.common.AbstractProtectedResourceTests;
 
@@ -21,7 +21,7 @@
  * @author Dave Syer
  *
  */
-@SpringApplicationConfiguration(classes = Application.class)
+@ContextConfiguration(classes=Application.class)
 public class ProtectedResourceTests extends AbstractProtectedResourceTests {
 
 }
diff --git a/tests/annotation/jdbc/src/test/java/demo/RefreshTokenSupportTests.java b/tests/annotation/jdbc/src/test/java/demo/RefreshTokenSupportTests.java
index 299e66005..9d2a59ca6 100644
--- a/tests/annotation/jdbc/src/test/java/demo/RefreshTokenSupportTests.java
+++ b/tests/annotation/jdbc/src/test/java/demo/RefreshTokenSupportTests.java
@@ -1,6 +1,6 @@
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
+import org.springframework.test.context.ContextConfiguration;
 
 import sparklr.common.AbstractRefreshTokenSupportTests;
 
@@ -8,7 +8,7 @@
  * @author Ryan Heaton
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
+@ContextConfiguration(classes=Application.class)
 public class RefreshTokenSupportTests extends AbstractRefreshTokenSupportTests {
 	protected String getPassword() {
 		return "secret";
diff --git a/tests/annotation/jdbc/src/test/java/demo/ResourceOwnerPasswordProviderTests.java b/tests/annotation/jdbc/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
index 65c784f57..408aeae50 100644
--- a/tests/annotation/jdbc/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
+++ b/tests/annotation/jdbc/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
@@ -4,16 +4,16 @@
 import static org.junit.Assert.assertTrue;
 
 import org.junit.Test;
-import org.springframework.boot.test.SpringApplicationConfiguration;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration;
+import org.springframework.test.context.ContextConfiguration;
 
 import sparklr.common.AbstractResourceOwnerPasswordProviderTests;
 
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes = Application.class)
+@ContextConfiguration(classes=Application.class)
 public class ResourceOwnerPasswordProviderTests extends AbstractResourceOwnerPasswordProviderTests {
 
 	protected String getPassword() {
diff --git a/tests/annotation/jpa/src/main/java/demo/Application.java b/tests/annotation/jpa/src/main/java/demo/Application.java
index 5cb7f67a1..20b5aecbc 100644
--- a/tests/annotation/jpa/src/main/java/demo/Application.java
+++ b/tests/annotation/jpa/src/main/java/demo/Application.java
@@ -95,7 +95,7 @@ public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
 	@Autowired
 	public void authenticationManager(AuthenticationManagerBuilder builder, UserRepository repository) throws Exception {
 		if (repository.count()==0) {
-			repository.save(new User("user", "password", Arrays.asList(new Role("USER"))));
+			repository.save(new User("user", "password", Arrays.asList(new Role("USER"), new Role("ACTUATOR"))));
 		}
 		builder.userDetailsService(userDetailsService(repository));
 	}
diff --git a/tests/annotation/jpa/src/main/resources/application.yml b/tests/annotation/jpa/src/main/resources/application.yml
index faea2bd5a..85e3c2c52 100644
--- a/tests/annotation/jpa/src/main/resources/application.yml
+++ b/tests/annotation/jpa/src/main/resources/application.yml
@@ -6,6 +6,9 @@ management:
 security:
   user:
     password: password
+  oauth2:
+    resource:
+      filter-order: 3
 logging:
   level:
     # org.springframework.security: DEBUG
diff --git a/tests/annotation/jpa/src/test/java/demo/ApplicationTests.java b/tests/annotation/jpa/src/test/java/demo/ApplicationTests.java
index 15eca8da6..34f49b849 100644
--- a/tests/annotation/jpa/src/test/java/demo/ApplicationTests.java
+++ b/tests/annotation/jpa/src/test/java/demo/ApplicationTests.java
@@ -2,15 +2,11 @@
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.springframework.boot.test.IntegrationTest;
-import org.springframework.boot.test.SpringApplicationConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.junit4.SpringRunner;
 
-@RunWith(SpringJUnit4ClassRunner.class)
-@SpringApplicationConfiguration(classes = Application.class)
-@WebAppConfiguration
-@IntegrationTest("server.port=0")
+@RunWith(SpringRunner.class)
+@SpringBootTest
 public class ApplicationTests {
 
 	@Test
diff --git a/tests/annotation/jpa/src/test/java/demo/AuthorizationCodeProviderCookieTests.java b/tests/annotation/jpa/src/test/java/demo/AuthorizationCodeProviderCookieTests.java
index 7b614e004..e9083e3f3 100644
--- a/tests/annotation/jpa/src/test/java/demo/AuthorizationCodeProviderCookieTests.java
+++ b/tests/annotation/jpa/src/test/java/demo/AuthorizationCodeProviderCookieTests.java
@@ -16,7 +16,6 @@
 import static org.junit.Assert.assertNotNull;
 
 import org.junit.Test;
-import org.springframework.boot.test.SpringApplicationConfiguration;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration;
@@ -27,7 +26,6 @@
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes = Application.class)
 public class AuthorizationCodeProviderCookieTests extends AbstractEmptyAuthorizationCodeProviderTests {
 
 	@Test
diff --git a/tests/annotation/jpa/src/test/java/demo/AuthorizationCodeProviderTests.java b/tests/annotation/jpa/src/test/java/demo/AuthorizationCodeProviderTests.java
index 49a38d4ab..34cdef81b 100755
--- a/tests/annotation/jpa/src/test/java/demo/AuthorizationCodeProviderTests.java
+++ b/tests/annotation/jpa/src/test/java/demo/AuthorizationCodeProviderTests.java
@@ -17,7 +17,6 @@
 import static org.junit.Assert.assertTrue;
 
 import org.junit.Test;
-import org.springframework.boot.test.SpringApplicationConfiguration;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration;
@@ -28,7 +27,6 @@
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes = Application.class)
 public class AuthorizationCodeProviderTests extends AbstractAuthorizationCodeProviderTests {
 	
 	@Test
diff --git a/tests/annotation/jpa/src/test/java/demo/ClientCredentialsProviderTests.java b/tests/annotation/jpa/src/test/java/demo/ClientCredentialsProviderTests.java
index af8190074..857ff7fa0 100644
--- a/tests/annotation/jpa/src/test/java/demo/ClientCredentialsProviderTests.java
+++ b/tests/annotation/jpa/src/test/java/demo/ClientCredentialsProviderTests.java
@@ -1,13 +1,10 @@
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractClientCredentialsProviderTests;
 
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
 public class ClientCredentialsProviderTests extends AbstractClientCredentialsProviderTests {
 
 
diff --git a/tests/annotation/jpa/src/test/java/demo/ImplicitProviderTests.java b/tests/annotation/jpa/src/test/java/demo/ImplicitProviderTests.java
index 06ebe766b..ef7c254ce 100644
--- a/tests/annotation/jpa/src/test/java/demo/ImplicitProviderTests.java
+++ b/tests/annotation/jpa/src/test/java/demo/ImplicitProviderTests.java
@@ -14,8 +14,7 @@
 
 import org.junit.BeforeClass;
 import org.junit.Test;
-import org.springframework.boot.test.SpringApplicationConfiguration;
-import org.springframework.boot.test.TestRestTemplate;
+import org.springframework.boot.test.web.client.TestRestTemplate;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration;
@@ -26,7 +25,6 @@
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes = Application.class)
 public class ImplicitProviderTests extends AbstractImplicitProviderTests {
 	
 	@BeforeClass
diff --git a/tests/annotation/jpa/src/test/java/demo/ProtectedResourceTests.java b/tests/annotation/jpa/src/test/java/demo/ProtectedResourceTests.java
index c752cbe12..302b30f96 100644
--- a/tests/annotation/jpa/src/test/java/demo/ProtectedResourceTests.java
+++ b/tests/annotation/jpa/src/test/java/demo/ProtectedResourceTests.java
@@ -13,15 +13,12 @@
 
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractProtectedResourceTests;
 
 /**
  * @author Dave Syer
  *
  */
-@SpringApplicationConfiguration(classes = Application.class)
 public class ProtectedResourceTests extends AbstractProtectedResourceTests {
 
 }
diff --git a/tests/annotation/jpa/src/test/java/demo/RefreshTokenSupportTests.java b/tests/annotation/jpa/src/test/java/demo/RefreshTokenSupportTests.java
index 4ed370eea..417bac867 100644
--- a/tests/annotation/jpa/src/test/java/demo/RefreshTokenSupportTests.java
+++ b/tests/annotation/jpa/src/test/java/demo/RefreshTokenSupportTests.java
@@ -1,13 +1,10 @@
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractRefreshTokenSupportTests;
 
 /**
  * @author Ryan Heaton
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
 public class RefreshTokenSupportTests extends AbstractRefreshTokenSupportTests {
 }
diff --git a/tests/annotation/jpa/src/test/java/demo/ResourceOwnerPasswordProviderTests.java b/tests/annotation/jpa/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
index 28a8e9f84..31a0f75b8 100644
--- a/tests/annotation/jpa/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
+++ b/tests/annotation/jpa/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
@@ -3,8 +3,7 @@
 import static org.junit.Assert.assertEquals;
 
 import org.junit.Test;
-import org.springframework.boot.test.SpringApplicationConfiguration;
-import org.springframework.boot.test.TestRestTemplate;
+import org.springframework.boot.test.web.client.TestRestTemplate;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration;
@@ -14,7 +13,6 @@
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
 public class ResourceOwnerPasswordProviderTests extends AbstractResourceOwnerPasswordProviderTests {
 
 	@Test
diff --git a/tests/annotation/jwt/src/main/java/demo/Application.java b/tests/annotation/jwt/src/main/java/demo/Application.java
index 5d5c71d5f..0aebd4b1f 100644
--- a/tests/annotation/jwt/src/main/java/demo/Application.java
+++ b/tests/annotation/jwt/src/main/java/demo/Application.java
@@ -2,9 +2,8 @@
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
@@ -17,9 +16,7 @@
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-@Configuration
-@ComponentScan
-@EnableAutoConfiguration
+@SpringBootApplication
 @EnableResourceServer
 @RestController
 public class Application {
diff --git a/tests/annotation/jwt/src/main/resources/application.yml b/tests/annotation/jwt/src/main/resources/application.yml
index ccf06f8ba..8f7a77341 100644
--- a/tests/annotation/jwt/src/main/resources/application.yml
+++ b/tests/annotation/jwt/src/main/resources/application.yml
@@ -6,6 +6,9 @@ management:
 security:
   user:
     password: password
+  oauth2:
+    resource:
+      filter-order: 3
 logging:
   level:
     # org.springframework.security: DEBUG
\ No newline at end of file
diff --git a/tests/annotation/jwt/src/test/java/demo/ApplicationTests.java b/tests/annotation/jwt/src/test/java/demo/ApplicationTests.java
index 13b37ed7a..1bb5192c6 100644
--- a/tests/annotation/jwt/src/test/java/demo/ApplicationTests.java
+++ b/tests/annotation/jwt/src/test/java/demo/ApplicationTests.java
@@ -6,24 +6,21 @@
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.boot.test.IntegrationTest;
-import org.springframework.boot.test.SpringApplicationConfiguration;
-import org.springframework.boot.test.TestRestTemplate;
+import org.springframework.boot.context.embedded.LocalServerPort;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.boot.test.web.client.TestRestTemplate;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
 import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.util.ReflectionTestUtils;
 
-@RunWith(SpringJUnit4ClassRunner.class)
-@SpringApplicationConfiguration(classes = Application.class)
-@WebAppConfiguration
-@IntegrationTest("server.port=0")
+@RunWith(SpringRunner.class)
+@SpringBootTest(webEnvironment=WebEnvironment.RANDOM_PORT)
 public class ApplicationTests {
 
-	@Value("${local.server.port}")
+	@LocalServerPort
 	private int port;
 
 	@Autowired
diff --git a/tests/annotation/jwt/src/test/java/demo/AuthorizationCodeProviderTests.java b/tests/annotation/jwt/src/test/java/demo/AuthorizationCodeProviderTests.java
index 632098bf1..2ef50fde6 100755
--- a/tests/annotation/jwt/src/test/java/demo/AuthorizationCodeProviderTests.java
+++ b/tests/annotation/jwt/src/test/java/demo/AuthorizationCodeProviderTests.java
@@ -12,14 +12,11 @@
  */
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractAuthorizationCodeProviderTests;
 
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes = Application.class)
 public class AuthorizationCodeProviderTests extends AbstractAuthorizationCodeProviderTests {
 
 }
diff --git a/tests/annotation/jwt/src/test/java/demo/ClientCredentialsProviderTests.java b/tests/annotation/jwt/src/test/java/demo/ClientCredentialsProviderTests.java
index f26763279..26ee5e7cf 100644
--- a/tests/annotation/jwt/src/test/java/demo/ClientCredentialsProviderTests.java
+++ b/tests/annotation/jwt/src/test/java/demo/ClientCredentialsProviderTests.java
@@ -6,8 +6,7 @@
 import java.util.Map;
 
 import org.junit.Test;
-import org.springframework.boot.test.SpringApplicationConfiguration;
-import org.springframework.boot.test.TestRestTemplate;
+import org.springframework.boot.test.web.client.TestRestTemplate;
 import org.springframework.http.HttpEntity;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
@@ -23,7 +22,6 @@
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes = Application.class)
 public class ClientCredentialsProviderTests extends AbstractClientCredentialsProviderTests {
 
 	/**
diff --git a/tests/annotation/jwt/src/test/java/demo/ImplicitProviderTests.java b/tests/annotation/jwt/src/test/java/demo/ImplicitProviderTests.java
index 7a8958187..0e34ccc7d 100644
--- a/tests/annotation/jwt/src/test/java/demo/ImplicitProviderTests.java
+++ b/tests/annotation/jwt/src/test/java/demo/ImplicitProviderTests.java
@@ -1,13 +1,10 @@
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractImplicitProviderTests;
 
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
 public class ImplicitProviderTests extends AbstractImplicitProviderTests {
 
 }
diff --git a/tests/annotation/jwt/src/test/java/demo/ProtectedResourceTests.java b/tests/annotation/jwt/src/test/java/demo/ProtectedResourceTests.java
index c752cbe12..302b30f96 100644
--- a/tests/annotation/jwt/src/test/java/demo/ProtectedResourceTests.java
+++ b/tests/annotation/jwt/src/test/java/demo/ProtectedResourceTests.java
@@ -13,15 +13,12 @@
 
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractProtectedResourceTests;
 
 /**
  * @author Dave Syer
  *
  */
-@SpringApplicationConfiguration(classes = Application.class)
 public class ProtectedResourceTests extends AbstractProtectedResourceTests {
 
 }
diff --git a/tests/annotation/jwt/src/test/java/demo/RefreshTokenSupportTests.java b/tests/annotation/jwt/src/test/java/demo/RefreshTokenSupportTests.java
index 141d73969..28349045f 100644
--- a/tests/annotation/jwt/src/test/java/demo/RefreshTokenSupportTests.java
+++ b/tests/annotation/jwt/src/test/java/demo/RefreshTokenSupportTests.java
@@ -3,7 +3,6 @@
 import static org.junit.Assert.assertEquals;
 
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.SpringApplicationConfiguration;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
@@ -16,7 +15,6 @@
  * @author Ryan Heaton
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
 public class RefreshTokenSupportTests extends AbstractRefreshTokenSupportTests {
 	
 	@Autowired
diff --git a/tests/annotation/jwt/src/test/java/demo/ResourceOwnerPasswordProviderTests.java b/tests/annotation/jwt/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
index d233098a2..4625d154e 100644
--- a/tests/annotation/jwt/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
+++ b/tests/annotation/jwt/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
@@ -6,8 +6,7 @@
 import java.util.Map;
 
 import org.junit.Test;
-import org.springframework.boot.test.SpringApplicationConfiguration;
-import org.springframework.boot.test.TestRestTemplate;
+import org.springframework.boot.test.web.client.TestRestTemplate;
 import org.springframework.http.HttpEntity;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
@@ -24,7 +23,6 @@
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
 public class ResourceOwnerPasswordProviderTests extends AbstractResourceOwnerPasswordProviderTests {
 
 	@Test
diff --git a/tests/annotation/mappings/src/main/resources/application.yml b/tests/annotation/mappings/src/main/resources/application.yml
index 3b09181d7..5f71e88df 100644
--- a/tests/annotation/mappings/src/main/resources/application.yml
+++ b/tests/annotation/mappings/src/main/resources/application.yml
@@ -6,6 +6,9 @@ management:
 security:
   user:
     password: password
+  oauth2:
+    resource:
+      filter-order: 3
 logging:
   level:
     # org.springframework.security: DEBUG
diff --git a/tests/annotation/mappings/src/test/java/demo/ApplicationTests.java b/tests/annotation/mappings/src/test/java/demo/ApplicationTests.java
index 15eca8da6..34f49b849 100644
--- a/tests/annotation/mappings/src/test/java/demo/ApplicationTests.java
+++ b/tests/annotation/mappings/src/test/java/demo/ApplicationTests.java
@@ -2,15 +2,11 @@
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.springframework.boot.test.IntegrationTest;
-import org.springframework.boot.test.SpringApplicationConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.junit4.SpringRunner;
 
-@RunWith(SpringJUnit4ClassRunner.class)
-@SpringApplicationConfiguration(classes = Application.class)
-@WebAppConfiguration
-@IntegrationTest("server.port=0")
+@RunWith(SpringRunner.class)
+@SpringBootTest
 public class ApplicationTests {
 
 	@Test
diff --git a/tests/annotation/mappings/src/test/java/demo/AuthorizationCodeProviderTests.java b/tests/annotation/mappings/src/test/java/demo/AuthorizationCodeProviderTests.java
index 04f4e3c31..5fba9cfe0 100755
--- a/tests/annotation/mappings/src/test/java/demo/AuthorizationCodeProviderTests.java
+++ b/tests/annotation/mappings/src/test/java/demo/AuthorizationCodeProviderTests.java
@@ -19,7 +19,6 @@
 import java.util.Arrays;
 
 import org.junit.Test;
-import org.springframework.boot.test.SpringApplicationConfiguration;
 import org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration;
 import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
 import org.springframework.security.oauth2.common.exceptions.InsufficientScopeException;
@@ -29,7 +28,6 @@
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes = Application.class)
 public class AuthorizationCodeProviderTests extends AbstractAuthorizationCodeProviderTests {
 
 	@Test
diff --git a/tests/annotation/mappings/src/test/java/demo/ClientCredentialsProviderTests.java b/tests/annotation/mappings/src/test/java/demo/ClientCredentialsProviderTests.java
index 8c5a6ceac..3765b268e 100644
--- a/tests/annotation/mappings/src/test/java/demo/ClientCredentialsProviderTests.java
+++ b/tests/annotation/mappings/src/test/java/demo/ClientCredentialsProviderTests.java
@@ -6,8 +6,7 @@
 import java.util.Map;
 
 import org.junit.Test;
-import org.springframework.boot.test.SpringApplicationConfiguration;
-import org.springframework.boot.test.TestRestTemplate;
+import org.springframework.boot.test.web.client.TestRestTemplate;
 import org.springframework.http.HttpEntity;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
@@ -23,7 +22,6 @@
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
 public class ClientCredentialsProviderTests extends AbstractClientCredentialsProviderTests {
 	
 	/**
diff --git a/tests/annotation/mappings/src/test/java/demo/ImplicitProviderTests.java b/tests/annotation/mappings/src/test/java/demo/ImplicitProviderTests.java
index 7a8958187..0e34ccc7d 100644
--- a/tests/annotation/mappings/src/test/java/demo/ImplicitProviderTests.java
+++ b/tests/annotation/mappings/src/test/java/demo/ImplicitProviderTests.java
@@ -1,13 +1,10 @@
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractImplicitProviderTests;
 
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
 public class ImplicitProviderTests extends AbstractImplicitProviderTests {
 
 }
diff --git a/tests/annotation/mappings/src/test/java/demo/ProtectedResourceTests.java b/tests/annotation/mappings/src/test/java/demo/ProtectedResourceTests.java
index 743d9158b..4f5e357cc 100644
--- a/tests/annotation/mappings/src/test/java/demo/ProtectedResourceTests.java
+++ b/tests/annotation/mappings/src/test/java/demo/ProtectedResourceTests.java
@@ -17,7 +17,6 @@
 import static org.junit.Assert.assertTrue;
 
 import org.junit.Test;
-import org.springframework.boot.test.SpringApplicationConfiguration;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 
@@ -27,7 +26,6 @@
  * @author Dave Syer
  *
  */
-@SpringApplicationConfiguration(classes = Application.class)
 public class ProtectedResourceTests extends AbstractProtectedResourceTests {
 
 	@Test
diff --git a/tests/annotation/mappings/src/test/java/demo/RefreshTokenSupportTests.java b/tests/annotation/mappings/src/test/java/demo/RefreshTokenSupportTests.java
index 4ed370eea..417bac867 100644
--- a/tests/annotation/mappings/src/test/java/demo/RefreshTokenSupportTests.java
+++ b/tests/annotation/mappings/src/test/java/demo/RefreshTokenSupportTests.java
@@ -1,13 +1,10 @@
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractRefreshTokenSupportTests;
 
 /**
  * @author Ryan Heaton
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
 public class RefreshTokenSupportTests extends AbstractRefreshTokenSupportTests {
 }
diff --git a/tests/annotation/mappings/src/test/java/demo/ResourceOwnerPasswordProviderTests.java b/tests/annotation/mappings/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
index aa5786098..5682e05a6 100644
--- a/tests/annotation/mappings/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
+++ b/tests/annotation/mappings/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
@@ -1,13 +1,10 @@
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractResourceOwnerPasswordProviderTests;
 
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
 public class ResourceOwnerPasswordProviderTests extends AbstractResourceOwnerPasswordProviderTests {
 
 }
diff --git a/tests/annotation/mappings/src/test/java/demo/ServletPathClientCredentialsProviderTests.java b/tests/annotation/mappings/src/test/java/demo/ServletPathClientCredentialsProviderTests.java
index e5344a065..967c864ef 100644
--- a/tests/annotation/mappings/src/test/java/demo/ServletPathClientCredentialsProviderTests.java
+++ b/tests/annotation/mappings/src/test/java/demo/ServletPathClientCredentialsProviderTests.java
@@ -5,21 +5,18 @@
 import java.util.Map;
 
 import org.junit.Test;
-import org.springframework.boot.test.IntegrationTest;
-import org.springframework.boot.test.SpringApplicationConfiguration;
-import org.springframework.boot.test.TestRestTemplate;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.boot.test.web.client.TestRestTemplate;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
-import org.springframework.test.annotation.DirtiesContext;
 
 import sparklr.common.AbstractClientCredentialsProviderTests;
 
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
-@IntegrationTest({"server.servlet_path:/server", "server.port=0"})
-@DirtiesContext
+@SpringBootTest(classes=Application.class, properties="server.servlet_path:/server", webEnvironment=WebEnvironment.RANDOM_PORT)
 public class ServletPathClientCredentialsProviderTests extends AbstractClientCredentialsProviderTests {
 	
 	@Test
diff --git a/tests/annotation/multi/src/main/java/demo/Application.java b/tests/annotation/multi/src/main/java/demo/Application.java
index a740fd5d6..e7e26ebda 100644
--- a/tests/annotation/multi/src/main/java/demo/Application.java
+++ b/tests/annotation/multi/src/main/java/demo/Application.java
@@ -6,6 +6,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.security.oauth2.OAuth2AutoConfiguration;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -21,7 +22,8 @@
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-@SpringBootApplication
+// TODO: remove the exclusion when Spring Boot 1.5.2 is out
+@SpringBootApplication(exclude=OAuth2AutoConfiguration.class)
 @RestController
 public class Application {
 
diff --git a/tests/annotation/multi/src/test/java/demo/ApplicationTests.java b/tests/annotation/multi/src/test/java/demo/ApplicationTests.java
index 15eca8da6..34f49b849 100644
--- a/tests/annotation/multi/src/test/java/demo/ApplicationTests.java
+++ b/tests/annotation/multi/src/test/java/demo/ApplicationTests.java
@@ -2,15 +2,11 @@
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.springframework.boot.test.IntegrationTest;
-import org.springframework.boot.test.SpringApplicationConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.junit4.SpringRunner;
 
-@RunWith(SpringJUnit4ClassRunner.class)
-@SpringApplicationConfiguration(classes = Application.class)
-@WebAppConfiguration
-@IntegrationTest("server.port=0")
+@RunWith(SpringRunner.class)
+@SpringBootTest
 public class ApplicationTests {
 
 	@Test
diff --git a/tests/annotation/multi/src/test/java/demo/AuthorizationCodeProviderTests.java b/tests/annotation/multi/src/test/java/demo/AuthorizationCodeProviderTests.java
index 632098bf1..2ef50fde6 100755
--- a/tests/annotation/multi/src/test/java/demo/AuthorizationCodeProviderTests.java
+++ b/tests/annotation/multi/src/test/java/demo/AuthorizationCodeProviderTests.java
@@ -12,14 +12,11 @@
  */
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractAuthorizationCodeProviderTests;
 
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes = Application.class)
 public class AuthorizationCodeProviderTests extends AbstractAuthorizationCodeProviderTests {
 
 }
diff --git a/tests/annotation/multi/src/test/java/demo/ClientCredentialsProviderTests.java b/tests/annotation/multi/src/test/java/demo/ClientCredentialsProviderTests.java
index af8190074..857ff7fa0 100644
--- a/tests/annotation/multi/src/test/java/demo/ClientCredentialsProviderTests.java
+++ b/tests/annotation/multi/src/test/java/demo/ClientCredentialsProviderTests.java
@@ -1,13 +1,10 @@
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractClientCredentialsProviderTests;
 
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
 public class ClientCredentialsProviderTests extends AbstractClientCredentialsProviderTests {
 
 
diff --git a/tests/annotation/multi/src/test/java/demo/ImplicitProviderTests.java b/tests/annotation/multi/src/test/java/demo/ImplicitProviderTests.java
index 7a8958187..0e34ccc7d 100644
--- a/tests/annotation/multi/src/test/java/demo/ImplicitProviderTests.java
+++ b/tests/annotation/multi/src/test/java/demo/ImplicitProviderTests.java
@@ -1,13 +1,10 @@
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractImplicitProviderTests;
 
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
 public class ImplicitProviderTests extends AbstractImplicitProviderTests {
 
 }
diff --git a/tests/annotation/multi/src/test/java/demo/ProtectedResourceTests.java b/tests/annotation/multi/src/test/java/demo/ProtectedResourceTests.java
index aa30f20f6..bf1dfd35f 100644
--- a/tests/annotation/multi/src/test/java/demo/ProtectedResourceTests.java
+++ b/tests/annotation/multi/src/test/java/demo/ProtectedResourceTests.java
@@ -17,7 +17,6 @@
 import static org.junit.Assert.assertTrue;
 
 import org.junit.Test;
-import org.springframework.boot.test.SpringApplicationConfiguration;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 
@@ -27,7 +26,6 @@
  * @author Dave Syer
  *
  */
-@SpringApplicationConfiguration(classes = Application.class)
 public class ProtectedResourceTests extends AbstractProtectedResourceTests {
 
 	@Test
diff --git a/tests/annotation/multi/src/test/java/demo/RefreshTokenSupportTests.java b/tests/annotation/multi/src/test/java/demo/RefreshTokenSupportTests.java
index 4ed370eea..417bac867 100644
--- a/tests/annotation/multi/src/test/java/demo/RefreshTokenSupportTests.java
+++ b/tests/annotation/multi/src/test/java/demo/RefreshTokenSupportTests.java
@@ -1,13 +1,10 @@
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractRefreshTokenSupportTests;
 
 /**
  * @author Ryan Heaton
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
 public class RefreshTokenSupportTests extends AbstractRefreshTokenSupportTests {
 }
diff --git a/tests/annotation/multi/src/test/java/demo/ResourceOwnerPasswordProviderTests.java b/tests/annotation/multi/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
index 886c48e28..8a82b64dd 100644
--- a/tests/annotation/multi/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
+++ b/tests/annotation/multi/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
@@ -5,7 +5,6 @@
 import java.util.Arrays;
 
 import org.junit.Test;
-import org.springframework.boot.test.SpringApplicationConfiguration;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration;
 
@@ -14,7 +13,6 @@
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
 public class ResourceOwnerPasswordProviderTests extends AbstractResourceOwnerPasswordProviderTests {
 
 	@Test
diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml
index 411d5a2bf..6f139dded 100644
--- a/tests/annotation/pom.xml
+++ b/tests/annotation/pom.xml
@@ -30,7 +30,7 @@
 	
 		org.springframework.boot
 		spring-boot-starter-parent
-		1.3.5.RELEASE
+		1.5.1.RELEASE
 		
 	
 
@@ -50,7 +50,7 @@
 		
 			org.springframework.security
 			spring-security-jwt
-			1.0.3.RELEASE
+			1.0.7.RELEASE
 		
 	
     
diff --git a/tests/annotation/resource/src/main/java/demo/Application.java b/tests/annotation/resource/src/main/java/demo/Application.java
index 2758734b1..55498e567 100644
--- a/tests/annotation/resource/src/main/java/demo/Application.java
+++ b/tests/annotation/resource/src/main/java/demo/Application.java
@@ -1,19 +1,15 @@
 package demo;
 
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.ComponentScan;
-import org.springframework.context.annotation.Configuration;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
 import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
 import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-@Configuration
-@ComponentScan
-@EnableAutoConfiguration
+@SpringBootApplication
 @EnableResourceServer
 @RestController
 public class Application {
diff --git a/tests/annotation/resource/src/main/resources/application.yml b/tests/annotation/resource/src/main/resources/application.yml
index a9c0149f0..c88891b00 100644
--- a/tests/annotation/resource/src/main/resources/application.yml
+++ b/tests/annotation/resource/src/main/resources/application.yml
@@ -6,3 +6,6 @@ management:
 security:
   user:
     password: password
+  oauth2:
+    resource:
+      filter-order: 3
diff --git a/tests/annotation/resource/src/test/java/demo/ApplicationTests.java b/tests/annotation/resource/src/test/java/demo/ApplicationTests.java
index 15eca8da6..34f49b849 100644
--- a/tests/annotation/resource/src/test/java/demo/ApplicationTests.java
+++ b/tests/annotation/resource/src/test/java/demo/ApplicationTests.java
@@ -2,15 +2,11 @@
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.springframework.boot.test.IntegrationTest;
-import org.springframework.boot.test.SpringApplicationConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.junit4.SpringRunner;
 
-@RunWith(SpringJUnit4ClassRunner.class)
-@SpringApplicationConfiguration(classes = Application.class)
-@WebAppConfiguration
-@IntegrationTest("server.port=0")
+@RunWith(SpringRunner.class)
+@SpringBootTest
 public class ApplicationTests {
 
 	@Test
diff --git a/tests/annotation/resource/src/test/java/demo/ProtectedResourceTests.java b/tests/annotation/resource/src/test/java/demo/ProtectedResourceTests.java
index c752cbe12..302b30f96 100644
--- a/tests/annotation/resource/src/test/java/demo/ProtectedResourceTests.java
+++ b/tests/annotation/resource/src/test/java/demo/ProtectedResourceTests.java
@@ -13,15 +13,12 @@
 
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractProtectedResourceTests;
 
 /**
  * @author Dave Syer
  *
  */
-@SpringApplicationConfiguration(classes = Application.class)
 public class ProtectedResourceTests extends AbstractProtectedResourceTests {
 
 }
diff --git a/tests/annotation/vanilla/src/main/resources/application.yml b/tests/annotation/vanilla/src/main/resources/application.yml
index 5414a20b3..21a0bac83 100644
--- a/tests/annotation/vanilla/src/main/resources/application.yml
+++ b/tests/annotation/vanilla/src/main/resources/application.yml
@@ -6,6 +6,9 @@ management:
 security:
   user:
     password: password
+  oauth2:
+    resource:
+      filter-order: 3
 logging:
   level:
     org.springframework.security: WARN
\ No newline at end of file
diff --git a/tests/annotation/vanilla/src/test/java/demo/ApplicationTests.java b/tests/annotation/vanilla/src/test/java/demo/ApplicationTests.java
index 15eca8da6..6a1f865e8 100644
--- a/tests/annotation/vanilla/src/test/java/demo/ApplicationTests.java
+++ b/tests/annotation/vanilla/src/test/java/demo/ApplicationTests.java
@@ -2,15 +2,12 @@
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.springframework.boot.test.IntegrationTest;
-import org.springframework.boot.test.SpringApplicationConfiguration;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-import org.springframework.test.context.web.WebAppConfiguration;
 
 @RunWith(SpringJUnit4ClassRunner.class)
-@SpringApplicationConfiguration(classes = Application.class)
-@WebAppConfiguration
-@IntegrationTest("server.port=0")
+@SpringBootTest(webEnvironment=WebEnvironment.RANDOM_PORT)
 public class ApplicationTests {
 
 	@Test
diff --git a/tests/annotation/vanilla/src/test/java/demo/AuthorizationCodeProviderCookieTests.java b/tests/annotation/vanilla/src/test/java/demo/AuthorizationCodeProviderCookieTests.java
index 7b614e004..e9083e3f3 100644
--- a/tests/annotation/vanilla/src/test/java/demo/AuthorizationCodeProviderCookieTests.java
+++ b/tests/annotation/vanilla/src/test/java/demo/AuthorizationCodeProviderCookieTests.java
@@ -16,7 +16,6 @@
 import static org.junit.Assert.assertNotNull;
 
 import org.junit.Test;
-import org.springframework.boot.test.SpringApplicationConfiguration;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration;
@@ -27,7 +26,6 @@
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes = Application.class)
 public class AuthorizationCodeProviderCookieTests extends AbstractEmptyAuthorizationCodeProviderTests {
 
 	@Test
diff --git a/tests/annotation/vanilla/src/test/java/demo/AuthorizationCodeProviderTests.java b/tests/annotation/vanilla/src/test/java/demo/AuthorizationCodeProviderTests.java
index 49a38d4ab..34cdef81b 100755
--- a/tests/annotation/vanilla/src/test/java/demo/AuthorizationCodeProviderTests.java
+++ b/tests/annotation/vanilla/src/test/java/demo/AuthorizationCodeProviderTests.java
@@ -17,7 +17,6 @@
 import static org.junit.Assert.assertTrue;
 
 import org.junit.Test;
-import org.springframework.boot.test.SpringApplicationConfiguration;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration;
@@ -28,7 +27,6 @@
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes = Application.class)
 public class AuthorizationCodeProviderTests extends AbstractAuthorizationCodeProviderTests {
 	
 	@Test
diff --git a/tests/annotation/vanilla/src/test/java/demo/ClientCredentialsProviderTests.java b/tests/annotation/vanilla/src/test/java/demo/ClientCredentialsProviderTests.java
index af8190074..857ff7fa0 100644
--- a/tests/annotation/vanilla/src/test/java/demo/ClientCredentialsProviderTests.java
+++ b/tests/annotation/vanilla/src/test/java/demo/ClientCredentialsProviderTests.java
@@ -1,13 +1,10 @@
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractClientCredentialsProviderTests;
 
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
 public class ClientCredentialsProviderTests extends AbstractClientCredentialsProviderTests {
 
 
diff --git a/tests/annotation/vanilla/src/test/java/demo/GlobalMethodSecurityTests.java b/tests/annotation/vanilla/src/test/java/demo/GlobalMethodSecurityTests.java
index 5977d393d..fcbf10952 100644
--- a/tests/annotation/vanilla/src/test/java/demo/GlobalMethodSecurityTests.java
+++ b/tests/annotation/vanilla/src/test/java/demo/GlobalMethodSecurityTests.java
@@ -1,23 +1,23 @@
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
 import org.springframework.security.oauth2.provider.expression.OAuth2MethodSecurityExpressionHandler;
 
-import sparklr.common.AbstractProtectedResourceTests;
 import demo.GlobalMethodSecurityTests.GlobalSecurityConfiguration;
+import sparklr.common.AbstractProtectedResourceTests;
 
-@SpringApplicationConfiguration(classes = { Application.class,
-		GlobalSecurityConfiguration.class })
+@SpringBootTest(classes = { Application.class, GlobalSecurityConfiguration.class }, webEnvironment=WebEnvironment.RANDOM_PORT)
 public class GlobalMethodSecurityTests extends AbstractProtectedResourceTests {
 
 	@Configuration
 	@EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
-	protected static class GlobalSecurityConfiguration extends
-			GlobalMethodSecurityConfiguration {
+	protected static class GlobalSecurityConfiguration
+			extends GlobalMethodSecurityConfiguration {
 
 		@Override
 		protected MethodSecurityExpressionHandler createExpressionHandler() {
diff --git a/tests/annotation/vanilla/src/test/java/demo/ImplicitProviderTests.java b/tests/annotation/vanilla/src/test/java/demo/ImplicitProviderTests.java
index 06ebe766b..ef7c254ce 100644
--- a/tests/annotation/vanilla/src/test/java/demo/ImplicitProviderTests.java
+++ b/tests/annotation/vanilla/src/test/java/demo/ImplicitProviderTests.java
@@ -14,8 +14,7 @@
 
 import org.junit.BeforeClass;
 import org.junit.Test;
-import org.springframework.boot.test.SpringApplicationConfiguration;
-import org.springframework.boot.test.TestRestTemplate;
+import org.springframework.boot.test.web.client.TestRestTemplate;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration;
@@ -26,7 +25,6 @@
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes = Application.class)
 public class ImplicitProviderTests extends AbstractImplicitProviderTests {
 	
 	@BeforeClass
diff --git a/tests/annotation/vanilla/src/test/java/demo/ProtectedResourceTests.java b/tests/annotation/vanilla/src/test/java/demo/ProtectedResourceTests.java
index c752cbe12..302b30f96 100644
--- a/tests/annotation/vanilla/src/test/java/demo/ProtectedResourceTests.java
+++ b/tests/annotation/vanilla/src/test/java/demo/ProtectedResourceTests.java
@@ -13,15 +13,12 @@
 
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractProtectedResourceTests;
 
 /**
  * @author Dave Syer
  *
  */
-@SpringApplicationConfiguration(classes = Application.class)
 public class ProtectedResourceTests extends AbstractProtectedResourceTests {
 
 }
diff --git a/tests/annotation/vanilla/src/test/java/demo/RefreshTokenSupportTests.java b/tests/annotation/vanilla/src/test/java/demo/RefreshTokenSupportTests.java
index 4ed370eea..417bac867 100644
--- a/tests/annotation/vanilla/src/test/java/demo/RefreshTokenSupportTests.java
+++ b/tests/annotation/vanilla/src/test/java/demo/RefreshTokenSupportTests.java
@@ -1,13 +1,10 @@
 package demo;
 
-import org.springframework.boot.test.SpringApplicationConfiguration;
-
 import sparklr.common.AbstractRefreshTokenSupportTests;
 
 /**
  * @author Ryan Heaton
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
 public class RefreshTokenSupportTests extends AbstractRefreshTokenSupportTests {
 }
diff --git a/tests/annotation/vanilla/src/test/java/demo/ResourceOwnerPasswordProviderTests.java b/tests/annotation/vanilla/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
index 28a8e9f84..31a0f75b8 100644
--- a/tests/annotation/vanilla/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
+++ b/tests/annotation/vanilla/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
@@ -3,8 +3,7 @@
 import static org.junit.Assert.assertEquals;
 
 import org.junit.Test;
-import org.springframework.boot.test.SpringApplicationConfiguration;
-import org.springframework.boot.test.TestRestTemplate;
+import org.springframework.boot.test.web.client.TestRestTemplate;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration;
@@ -14,7 +13,6 @@
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
 public class ResourceOwnerPasswordProviderTests extends AbstractResourceOwnerPasswordProviderTests {
 
 	@Test

From 2bea96bbce38ce1e764b6b23a7a00203bf49e948 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Wed, 22 Feb 2017 12:38:04 -0500
Subject: [PATCH 079/345] Polish TokenStore supporting Jwk verification

Add tests
Add javadoc
Fix bug to work with UAA 3.11.0

Issue gh-977
---
 .../token/store/jwk/JwkAttributes.java        |  27 ++
 .../token/store/jwk/JwkDefinition.java        |  38 ++-
 .../token/store/jwk/JwkDefinitionSource.java  |  55 +++-
 .../token/store/jwk/JwkException.java         |  21 +-
 .../token/store/jwk/JwkSetConverter.java      |  45 ++-
 .../token/store/jwk/JwkTokenStore.java        | 151 +++++++++-
 .../JwkVerifyingJwtAccessTokenConverter.java  | 121 +++++---
 .../token/store/jwk/JwtHeaderConverter.java   |  17 +-
 .../token/store/jwk/RSAJwkDefinition.java     |  20 ++
 .../store/jwk/JwkDefinitionSourceTest.java    |  40 +++
 .../token/store/jwk/JwkSetConverterTest.java  | 284 ++++++++++++++++++
 .../token/store/jwk/JwkTokenStoreTest.java    |  87 ++++++
 ...kVerifyingJwtAccessTokenConverterTest.java | 109 +++++++
 .../store/jwk/JwtHeaderConverterTest.java     |  58 ++++
 .../provider/token/store/jwk/JwtTestUtil.java |  86 ++++++
 15 files changed, 1103 insertions(+), 56 deletions(-)
 create mode 100644 spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceTest.java
 create mode 100644 spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverterTest.java
 create mode 100644 spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreTest.java
 create mode 100644 spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverterTest.java
 create mode 100644 spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverterTest.java
 create mode 100644 spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtTestUtil.java

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkAttributes.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkAttributes.java
index 72769bbc0..75343999a 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkAttributes.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkAttributes.java
@@ -16,20 +16,47 @@
 package org.springframework.security.oauth2.provider.token.store.jwk;
 
 /**
+ * Shared attribute values used by {@link JwkTokenStore} and associated collaborators.
+ *
  * @author Joe Grandja
  */
 final class JwkAttributes {
+
+	/**
+	 * The "kid" (key ID) parameter used in a JWT header and in a JWK.
+	 */
 	static final String KEY_ID = "kid";
 
+	/**
+	 * The "kty" (key type) parameter identifies the cryptographic algorithm family
+	 * used by a JWK, for example, "RSA" or "EC".
+	 */
 	static final String KEY_TYPE = "kty";
 
+	/**
+	 * The "alg" (algorithm) parameter used in a JWT header and in a JWK.
+	 */
 	static final String ALGORITHM = "alg";
 
+	/**
+	 * The "use" (public key use) parameter identifies the intended use of the public key.
+	 * For example, whether a public key is used for encrypting data or verifying the signature on data.
+	 */
 	static final String PUBLIC_KEY_USE = "use";
 
+	/**
+	 * The "n" (modulus) parameter contains the modulus value for a RSA public key.
+	 */
 	static final String RSA_PUBLIC_KEY_MODULUS = "n";
 
+	/**
+	 * The "e" (exponent) parameter contains the exponent value for a RSA public key.
+	 */
 	static final String RSA_PUBLIC_KEY_EXPONENT = "e";
 
+	/**
+	 * A JWK Set is a JSON object that has a "keys" member
+	 * and its value is an array (set) of JWKs.
+	 */
 	static final String KEYS = "keys";
 }
\ No newline at end of file
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinition.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinition.java
index 93caa5a5c..ac33281bd 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinition.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinition.java
@@ -16,6 +16,10 @@
 package org.springframework.security.oauth2.provider.token.store.jwk;
 
 /**
+ * The base representation of a JSON Web Key (JWK).
+ *
+ * @see JSON Web Key (JWK)
+ *
  * @author Joe Grandja
  */
 abstract class JwkDefinition {
@@ -24,6 +28,14 @@ abstract class JwkDefinition {
 	private final PublicKeyUse publicKeyUse;
 	private final CryptoAlgorithm algorithm;
 
+	/**
+	 * Creates an instance with the common attributes of a JWK.
+	 *
+	 * @param keyId the Key ID
+	 * @param keyType the Key Type
+	 * @param publicKeyUse the intended use of the Public Key
+	 * @param algorithm the algorithm intended to be used
+	 */
 	protected JwkDefinition(String keyId,
 							KeyType keyType,
 							PublicKeyUse publicKeyUse,
@@ -34,18 +46,31 @@ protected JwkDefinition(String keyId,
 		this.algorithm = algorithm;
 	}
 
+	/**
+	 * @return the Key ID ("kid")
+	 */
 	String getKeyId() {
 		return this.keyId;
 	}
 
+	/**
+	 * @return the Key Type ("kty")
+	 */
 	KeyType getKeyType() {
 		return this.keyType;
 	}
 
+	/**
+	 * @return the intended use of the Public Key ("use")
+	 */
 	PublicKeyUse getPublicKeyUse() {
 		return this.publicKeyUse;
 	}
 
+	/**
+	 *
+	 * @return the algorithm intended to be used ("alg")
+	 */
 	CryptoAlgorithm getAlgorithm() {
 		return this.algorithm;
 	}
@@ -74,6 +99,9 @@ public int hashCode() {
 		return result;
 	}
 
+	/**
+	 * The defined Key Type ("kty") values.
+	 */
 	enum KeyType {
 		RSA("RSA"),
 		EC("EC"),
@@ -101,6 +129,9 @@ static KeyType fromValue(String value) {
 		}
 	}
 
+	/**
+	 * The defined Public Key Use ("use") values.
+	 */
 	enum PublicKeyUse {
 		SIG("sig"),
 		ENC("enc");
@@ -127,6 +158,9 @@ static PublicKeyUse fromValue(String value) {
 		}
 	}
 
+	/**
+	 * The defined Algorithm ("alg") values.
+	 */
 	enum CryptoAlgorithm {
 		RS256("SHA256withRSA", "RS256", "RSASSA-PKCS1-v1_5 using SHA-256"),
 		RS384("SHA384withRSA", "RS384", "RSASSA-PKCS1-v1_5 using SHA-384"),
@@ -154,10 +188,10 @@ String description() {
 			return this.description;
 		}
 
-		static CryptoAlgorithm fromStandardName(String standardName) {
+		static CryptoAlgorithm fromHeaderParamValue(String headerParamValue) {
 			CryptoAlgorithm result = null;
 			for (CryptoAlgorithm algorithm : values()) {
-				if (algorithm.standardName().equals(standardName)) {
+				if (algorithm.headerParamValue().equals(headerParamValue)) {
 					result = algorithm;
 					break;
 				}
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java
index a9f241f92..83bf4b85f 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java
@@ -20,6 +20,7 @@
 import org.springframework.security.jwt.crypto.sign.SignatureVerifier;
 
 import java.io.IOException;
+import java.io.InputStream;
 import java.math.BigInteger;
 import java.net.MalformedURLException;
 import java.net.URL;
@@ -33,6 +34,14 @@
 import java.util.concurrent.atomic.AtomicReference;
 
 /**
+ * A source for JSON Web Key(s) (JWK) that is solely responsible for fetching (and caching)
+ * the JWK Set (a set of JWKs) from the URL supplied to the constructor.
+ *
+ * @see JwkSetConverter
+ * @see JwkDefinition
+ * @see SignatureVerifier
+ * @see JWK Set Format
+ *
  * @author Joe Grandja
  */
 class JwkDefinitionSource {
@@ -41,6 +50,11 @@ class JwkDefinitionSource {
 	private final AtomicReference> jwkDefinitions =
 			new AtomicReference>(new HashMap());
 
+	/**
+	 * Creates a new instance using the provided URL as the location for the JWK Set.
+	 *
+	 * @param jwkSetUrl the JWK Set URL
+	 */
 	JwkDefinitionSource(String jwkSetUrl) {
 		try {
 			this.jwkSetUrl = new URL(jwkSetUrl);
@@ -49,6 +63,12 @@ class JwkDefinitionSource {
 		}
 	}
 
+	/**
+	 * Returns the JWK definition matching the provided keyId ("kid").
+	 *
+	 * @param keyId the Key ID ("kid")
+	 * @return the matching {@link JwkDefinition} or null if not found
+	 */
 	JwkDefinition getDefinition(String keyId) {
 		JwkDefinition result = null;
 		for (JwkDefinition jwkDefinition : this.jwkDefinitions.get().keySet()) {
@@ -60,6 +80,14 @@ JwkDefinition getDefinition(String keyId) {
 		return result;
 	}
 
+	/**
+	 * Returns the JWK definition matching the provided keyId ("kid").
+	 * If the JWK definition is not available in the internal cache then {@link #refreshJwkDefinitions()}
+	 * will be called (to refresh the cache) and then followed-up with a second attempt to locate the JWK definition.
+	 *
+	 * @param keyId the Key ID ("kid")
+	 * @return the matching {@link JwkDefinition} or null if not found
+	 */
 	JwkDefinition getDefinitionRefreshIfNecessary(String keyId) {
 		JwkDefinition result = this.getDefinition(keyId);
 		if (result != null) {
@@ -69,6 +97,12 @@ JwkDefinition getDefinitionRefreshIfNecessary(String keyId) {
 		return this.getDefinition(keyId);
 	}
 
+	/**
+	 * Returns the {@link SignatureVerifier} matching the provided keyId ("kid").
+	 *
+	 * @param keyId the Key ID ("kid")
+	 * @return the matching {@link SignatureVerifier} or null if not found
+	 */
 	SignatureVerifier getVerifier(String keyId) {
 		SignatureVerifier result = null;
 		JwkDefinition jwkDefinition = this.getDefinitionRefreshIfNecessary(keyId);
@@ -78,14 +112,23 @@ SignatureVerifier getVerifier(String keyId) {
 		return result;
 	}
 
-	private void refreshJwkDefinitions() {
-		Set jwkDefinitionSet;
+	/**
+	 * Refreshes the internal cache of association(s) between {@link JwkDefinition} and {@link SignatureVerifier}.
+	 * Uses a {@link JwkSetConverter} to convert the JWK Set URL source to a set of {@link JwkDefinition}(s)
+	 * followed by the instantiation of a {@link SignatureVerifier} which is mapped to it's {@link JwkDefinition}.
+	 *
+	 * @see JwkSetConverter
+	 */
+	void refreshJwkDefinitions() {
+		InputStream jwkSetSource;
 		try {
-			jwkDefinitionSet = this.jwkSetConverter.convert(this.jwkSetUrl.openStream());
+			jwkSetSource = this.jwkSetUrl.openStream();
 		} catch (IOException ex) {
-			throw new JwkException("An I/O error occurred while refreshing the JWK Set: " + ex.getMessage(), ex);
+			throw new JwkException("An I/O error occurred while reading from the JWK Set source: " + ex.getMessage(), ex);
 		}
 
+		Set jwkDefinitionSet = this.jwkSetConverter.convert(jwkSetSource);
+
 		Map refreshedJwkDefinitions = new LinkedHashMap();
 
 		for (JwkDefinition jwkDefinition : jwkDefinitionSet) {
@@ -109,8 +152,8 @@ private RsaVerifier createRSAVerifier(RSAJwkDefinition rsaDefinition) {
 			result = new RsaVerifier(rsaPublicKey, rsaDefinition.getAlgorithm().standardName());
 
 		} catch (Exception ex) {
-			throw new JwkException("An error occurred while creating a RSA Public Key Verifier for \"" +
-					rsaDefinition.getKeyId() + "\" : " + ex.getMessage(), ex);
+			throw new JwkException("An error occurred while creating a RSA Public Key Verifier for " +
+					rsaDefinition.getKeyId() + " : " + ex.getMessage(), ex);
 		}
 		return result;
 	}
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkException.java
index f9a5e0032..f47ef672a 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkException.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkException.java
@@ -18,9 +18,14 @@
 import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
 
 /**
+ * General exception for JSON Web Key (JWK) related errors.
+ *
  * @author Joe Grandja
  */
 public class JwkException extends OAuth2Exception {
+	private static final String SERVER_ERROR_ERROR_CODE = "server_error";
+	private String errorCode = SERVER_ERROR_ERROR_CODE;
+	private int httpStatus = 500;
 
 	public JwkException(String message) {
 		super(message);
@@ -30,13 +35,25 @@ public JwkException(String message, Throwable cause) {
 		super(message, cause);
 	}
 
+	/**
+	 * Returns the error used in the OAuth2 Error Response
+	 * sent back to the caller. The default is "server_error".
+	 *
+	 * @return the error used in the OAuth2 Error Response
+	 */
 	@Override
 	public String getOAuth2ErrorCode() {
-		return "server_error";
+		return this.errorCode;
 	}
 
+	/**
+	 * Returns the Http Status used in the OAuth2 Error Response
+	 * sent back to the caller. The default is 500.
+	 *
+	 * @return the Http Status set on the OAuth2 Error Response
+	 */
 	@Override
 	public int getHttpErrorCode() {
-		return 500;
+		return this.httpStatus;
 	}
 }
\ No newline at end of file
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java
index 1b6964adb..2a31e37b6 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java
@@ -30,13 +30,32 @@
 
 import static org.springframework.security.oauth2.provider.token.store.jwk.JwkAttributes.*;
 
-
 /**
+ * A {@link Converter} that converts the supplied InputStream to a Set of {@link JwkDefinition}(s).
+ * The source of the InputStream must be a JWK Set representation which is a JSON object
+ * that has a "keys" member and its value is an array of JWKs.
+ * 

+ * 

+ *
+ * NOTE: The Key Type ("kty") currently supported by this {@link Converter} is {@link JwkDefinition.KeyType#RSA}.
+ * 

+ * 

+ *
+ * @see JwkDefinition
+ * @see JWK Set Format
+ *
  * @author Joe Grandja
  */
 class JwkSetConverter implements Converter> {
 	private final JsonFactory factory = new JsonFactory();
 
+	/**
+	 * Converts the supplied InputStream to a Set of {@link JwkDefinition}(s).
+	 *
+	 * @param jwkSetSource the source for the JWK Set
+	 * @return a Set of {@link JwkDefinition}(s)
+	 * @throws JwkException if the JWK Set JSON object is invalid
+	 */
 	@Override
 	public Set convert(InputStream jwkSetSource) {
 		Set jwkDefinitions;
@@ -52,7 +71,7 @@ public Set convert(InputStream jwkSetSource) {
 				throw new JwkException("Invalid JWK Set Object.");
 			}
 			if (!parser.getCurrentName().equals(KEYS)) {
-				throw new JwkException("Invalid JWK Set Object. The JWK Set MUST have a \"" + KEYS + "\" attribute.");
+				throw new JwkException("Invalid JWK Set Object. The JWK Set MUST have a " + KEYS + " attribute.");
 			}
 			if (parser.nextToken() != JsonToken.START_ARRAY) {
 				throw new JwkException("Invalid JWK Set Object. The JWK Set MUST have an array of JWK(s).");
@@ -87,6 +106,13 @@ public Set convert(InputStream jwkSetSource) {
 		return jwkDefinitions;
 	}
 
+	/**
+	 * Creates a {@link JwkDefinition} based on the supplied attributes.
+	 *
+	 * @param attributes the attributes used to create the {@link JwkDefinition}
+	 * @return a {@link JwkDefinition}
+	 * @throws JwkException if the Key Type ("kty") attribute value is not {@link JwkDefinition.KeyType#RSA}
+	 */
 	private JwkDefinition createJwkDefinition(Map attributes) {
 		JwkDefinition.KeyType keyType =
 				JwkDefinition.KeyType.fromValue(attributes.get(KEY_TYPE));
@@ -99,11 +125,18 @@ private JwkDefinition createJwkDefinition(Map attributes) {
 		return this.createRSAJwkDefinition(attributes);
 	}
 
+	/**
+	 * Creates a {@link RSAJwkDefinition} based on the supplied attributes.
+	 *
+	 * @param attributes the attributes used to create the {@link RSAJwkDefinition}
+	 * @return a {@link JwkDefinition} representation of a RSA Key
+	 * @throws JwkException if at least one attribute value is missing or invalid for a RSA Key
+	 */
 	private JwkDefinition createRSAJwkDefinition(Map attributes) {
 		// kid
 		String keyId = attributes.get(KEY_ID);
 		if (!StringUtils.hasText(keyId)) {
-			throw new JwkException("\"" + KEY_ID + "\" is a required attribute for a JWK.");
+			throw new JwkException(KEY_ID + " is a required attribute for a JWK.");
 		}
 
 		// use
@@ -116,7 +149,7 @@ private JwkDefinition createRSAJwkDefinition(Map attributes) {
 
 		// alg
 		JwkDefinition.CryptoAlgorithm algorithm =
-				JwkDefinition.CryptoAlgorithm.fromStandardName(attributes.get(ALGORITHM));
+				JwkDefinition.CryptoAlgorithm.fromHeaderParamValue(attributes.get(ALGORITHM));
 		if (!JwkDefinition.CryptoAlgorithm.RS256.equals(algorithm) &&
 				!JwkDefinition.CryptoAlgorithm.RS384.equals(algorithm) &&
 				!JwkDefinition.CryptoAlgorithm.RS512.equals(algorithm)) {
@@ -127,13 +160,13 @@ private JwkDefinition createRSAJwkDefinition(Map attributes) {
 		// n
 		String modulus = attributes.get(RSA_PUBLIC_KEY_MODULUS);
 		if (!StringUtils.hasText(modulus)) {
-			throw new JwkException("\"" + RSA_PUBLIC_KEY_MODULUS + "\" is a required attribute for a RSA JWK.");
+			throw new JwkException(RSA_PUBLIC_KEY_MODULUS + " is a required attribute for a RSA JWK.");
 		}
 
 		// e
 		String exponent = attributes.get(RSA_PUBLIC_KEY_EXPONENT);
 		if (!StringUtils.hasText(exponent)) {
-			throw new JwkException("\"" + RSA_PUBLIC_KEY_EXPONENT + "\" is a required attribute for a RSA JWK.");
+			throw new JwkException(RSA_PUBLIC_KEY_EXPONENT + " is a required attribute for a RSA JWK.");
 		}
 
 		RSAJwkDefinition jwkDefinition = new RSAJwkDefinition(
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java
index cbfd1696f..1f62f6467 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java
@@ -15,21 +15,88 @@
  */
 package org.springframework.security.oauth2.provider.token.store.jwk;
 
+import org.springframework.security.jwt.crypto.sign.SignatureVerifier;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.security.oauth2.common.OAuth2RefreshToken;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.token.TokenStore;
+import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
 import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
 import org.springframework.util.Assert;
 
 import java.util.Collection;
 
 /**
+ * A {@link TokenStore} implementation that provides support for verifying the
+ * JSON Web Signature (JWS) for a JSON Web Token (JWT) using a JSON Web Key (JWK).
+ * 

+ * 

+ *
+ * This {@link TokenStore} implementation is exclusively meant to be used by a Resource Server as
+ * it's sole responsibility is to decode a JWT and verify it's signature (JWS) using the corresponding JWK.
+ * 

+ * 

+ *
+ * NOTE:
+ * There are a few operations defined by {@link TokenStore} that are not applicable for a Resource Server.
+ * In these cases, the method implementation will explicitly throw a
+ * {@link JwkException} reporting "This operation is not supported".
+ * 

+ * 

+ *
+ * The unsupported operations are as follows:
+ * 
    
+ *     
  • {@link #storeAccessToken(OAuth2AccessToken, OAuth2Authentication)}
    • 
+ *     
  • {@link #removeAccessToken(OAuth2AccessToken)}
    • 
+ *     
  • {@link #storeRefreshToken(OAuth2RefreshToken, OAuth2Authentication)}
    • 
+ *     
  • {@link #readRefreshToken(String)}
    • 
+ *     
  • {@link #readAuthenticationForRefreshToken(OAuth2RefreshToken)}
    • 
+ *     
  • {@link #removeRefreshToken(OAuth2RefreshToken)}
    • 
+ *     
  • {@link #removeAccessTokenUsingRefreshToken(OAuth2RefreshToken)}
    • 
+ *     
  • {@link #getAccessToken(OAuth2Authentication)}
    • 
+ *     
  • {@link #findTokensByClientIdAndUserName(String, String)}
    • 
+ *     
  • {@link #findTokensByClientId(String)}
    • 
+ * 

+ * 

+ *
+ * This implementation delegates to an internal instance of a {@link JwtTokenStore} which uses a
+ * specialized extension of {@link JwtAccessTokenConverter}, specifically, {@link JwkVerifyingJwtAccessTokenConverter}.
+ * The {@link JwkVerifyingJwtAccessTokenConverter} is associated with a {@link JwkDefinitionSource} which is responsible
+ * for fetching (and caching) the JWK Set (a set of JWKs) from the URL supplied to the constructor of this implementation.
+ * 

+ * 

+ *
+ * The {@link JwkVerifyingJwtAccessTokenConverter} will verify the JWS in the following step sequence:
+ * 

+ * 

+ * 
    
+ *     
  1. Extract the "kid" parameter from the JWT header.
    2. 
+ *     
  2. Find the matching {@link JwkDefinition} from the {@link JwkDefinitionSource} with the corresponding "kid" attribute.
    3. 
+ *     
  3. Obtain the {@link SignatureVerifier} associated with the {@link JwkDefinition} via the {@link JwkDefinitionSource} and verify the signature.
    4. 
+ * 

+ * 

+ * NOTE: The algorithms currently supported by this implementation are: RS256, RS384 and RS512.
+ * 

+ * 

+ *
+ * @see JwtTokenStore
+ * @see JwkVerifyingJwtAccessTokenConverter
+ * @see JwkDefinitionSource
+ * @see JwkDefinition
+ * @see JSON Web Key (JWK)
+ * @see JSON Web Token (JWT)
+ * @see JSON Web Signature (JWS)
+ *
  * @author Joe Grandja
  */
 public class JwkTokenStore implements TokenStore {
 	private final JwtTokenStore delegate;
 
+	/**
+	 * Creates a new instance using the provided URL as the location for the JWK Set.
+	 *
+	 * @param jwkSetUrl the JWK Set URL
+	 */
 	public JwkTokenStore(String jwkSetUrl) {
 		Assert.hasText(jwkSetUrl, "jwkSetUrl cannot be empty");
 		JwkDefinitionSource jwkDefinitionSource = new JwkDefinitionSource(jwkSetUrl);
@@ -38,72 +105,150 @@ public JwkTokenStore(String jwkSetUrl) {
 		this.delegate = new JwtTokenStore(accessTokenConverter);
 	}
 
+	/**
+	 * Delegates to the internal instance {@link JwtTokenStore#readAuthentication(OAuth2AccessToken)}.
+	 *
+	 * @param token the access token
+	 * @return the {@link OAuth2Authentication} representation of the access token
+	 */
 	@Override
 	public OAuth2Authentication readAuthentication(OAuth2AccessToken token) {
 		return this.delegate.readAuthentication(token);
 	}
 
+	/**
+	 * Delegates to the internal instance {@link JwtTokenStore#readAuthentication(String)}.
+	 *
+	 * @param tokenValue the access token value
+	 * @return the {@link OAuth2Authentication} representation of the access token
+	 */
 	@Override
-	public OAuth2Authentication readAuthentication(String token) {
-		return this.delegate.readAuthentication(token);
+	public OAuth2Authentication readAuthentication(String tokenValue) {
+		return this.delegate.readAuthentication(tokenValue);
 	}
 
+	/**
+	 * This operation is not applicable for a Resource Server
+	 * and if called, will throw a {@link JwkException}.
+	 *
+	 * @throws JwkException reporting this operation is not supported
+	 */
 	@Override
 	public void storeAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) {
 		throw this.operationNotSupported();
 	}
 
+	/**
+	 * Delegates to the internal instance {@link JwtTokenStore#readAccessToken(String)}.
+	 *
+	 * @param tokenValue the access token value
+	 * @return the {@link OAuth2AccessToken} representation of the access token value
+	 */
 	@Override
 	public OAuth2AccessToken readAccessToken(String tokenValue) {
 		return this.delegate.readAccessToken(tokenValue);
 	}
 
+	/**
+	 * This operation is not applicable for a Resource Server
+	 * and if called, will throw a {@link JwkException}.
+	 *
+	 * @throws JwkException reporting this operation is not supported
+	 */
 	@Override
 	public void removeAccessToken(OAuth2AccessToken token) {
 		throw this.operationNotSupported();
 	}
 
+	/**
+	 * This operation is not applicable for a Resource Server
+	 * and if called, will throw a {@link JwkException}.
+	 *
+	 * @throws JwkException reporting this operation is not supported
+	 */
 	@Override
 	public void storeRefreshToken(OAuth2RefreshToken refreshToken, OAuth2Authentication authentication) {
 		throw this.operationNotSupported();
 	}
 
+	/**
+	 * This operation is not applicable for a Resource Server
+	 * and if called, will throw a {@link JwkException}.
+	 *
+	 * @throws JwkException reporting this operation is not supported
+	 */
 	@Override
 	public OAuth2RefreshToken readRefreshToken(String tokenValue) {
 		throw this.operationNotSupported();
 	}
 
+	/**
+	 * This operation is not applicable for a Resource Server
+	 * and if called, will throw a {@link JwkException}.
+	 *
+	 * @throws JwkException reporting this operation is not supported
+	 */
 	@Override
 	public OAuth2Authentication readAuthenticationForRefreshToken(OAuth2RefreshToken token) {
 		throw this.operationNotSupported();
 	}
 
+	/**
+	 * This operation is not applicable for a Resource Server
+	 * and if called, will throw a {@link JwkException}.
+	 *
+	 * @throws JwkException reporting this operation is not supported
+	 */
 	@Override
 	public void removeRefreshToken(OAuth2RefreshToken token) {
 		throw this.operationNotSupported();
 	}
 
+	/**
+	 * This operation is not applicable for a Resource Server
+	 * and if called, will throw a {@link JwkException}.
+	 *
+	 * @throws JwkException reporting this operation is not supported
+	 */
 	@Override
 	public void removeAccessTokenUsingRefreshToken(OAuth2RefreshToken refreshToken) {
 		throw this.operationNotSupported();
 	}
 
+	/**
+	 * This operation is not applicable for a Resource Server
+	 * and if called, will throw a {@link JwkException}.
+	 *
+	 * @throws JwkException reporting this operation is not supported
+	 */
 	@Override
 	public OAuth2AccessToken getAccessToken(OAuth2Authentication authentication) {
 		throw this.operationNotSupported();
 	}
 
+	/**
+	 * This operation is not applicable for a Resource Server
+	 * and if called, will throw a {@link JwkException}.
+	 *
+	 * @throws JwkException reporting this operation is not supported
+	 */
 	@Override
 	public Collection findTokensByClientIdAndUserName(String clientId, String userName) {
 		throw this.operationNotSupported();
 	}
 
+	/**
+	 * This operation is not applicable for a Resource Server
+	 * and if called, will throw a {@link JwkException}.
+	 *
+	 * @throws JwkException reporting this operation is not supported
+	 */
 	@Override
 	public Collection findTokensByClientId(String clientId) {
 		throw this.operationNotSupported();
 	}
 
 	private JwkException operationNotSupported() {
-		return new JwkException("This operation is currently not supported.");
+		return new JwkException("This operation is not supported.");
 	}
 }
\ No newline at end of file
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java
index dc7ea2606..f9a1a7e35 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java
@@ -19,6 +19,7 @@
 import org.springframework.security.jwt.JwtHelper;
 import org.springframework.security.jwt.crypto.sign.SignatureVerifier;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
 import org.springframework.security.oauth2.common.util.JsonParser;
 import org.springframework.security.oauth2.common.util.JsonParserFactory;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
@@ -30,6 +31,41 @@
 import static org.springframework.security.oauth2.provider.token.store.jwk.JwkAttributes.KEY_ID;
 
 /**
+ * A specialized extension of {@link JwtAccessTokenConverter} that is responsible for verifying
+ * the JSON Web Signature (JWS) for a JSON Web Token (JWT) using the corresponding JSON Web Key (JWK).
+ * This implementation is associated with a {@link JwkDefinitionSource} for looking up
+ * the matching {@link JwkDefinition} using the value of the JWT header parameter "kid".
+ * 

+ * 

+ *
+ * The JWS is verified in the following step sequence:
+ * 

+ * 

+ * 
    
+ *     
  1. Extract the "kid" parameter from the JWT header.
    2. 
+ *     
  2. Find the matching {@link JwkDefinition} from the {@link JwkDefinitionSource} with the corresponding "kid" attribute.
    3. 
+ *     
  3. Obtain the {@link SignatureVerifier} associated with the {@link JwkDefinition} via the {@link JwkDefinitionSource} and verify the signature.
    4. 
+ * 

+ * 

+ * NOTE: The algorithms currently supported by this implementation are: RS256, RS384 and RS512.
+ * 

+ * 

+ *
+ * NOTE: This {@link JwtAccessTokenConverter} does not support signing JWTs (JWS) and therefore
+ * the {@link #encode(OAuth2AccessToken, OAuth2Authentication)} method implementation, if called,
+ * will explicitly throw a {@link JwkException} reporting "JWT signing (JWS) is not supported.".
+ * 

+ * 

+ *
+ * @see JwtAccessTokenConverter
+ * @see JwtHeaderConverter
+ * @see JwkDefinitionSource
+ * @see JwkDefinition
+ * @see SignatureVerifier
+ * @see JSON Web Key (JWK)
+ * @see JSON Web Token (JWT)
+ * @see JSON Web Signature (JWS)
+ *
  * @author Joe Grandja
  */
 class JwkVerifyingJwtAccessTokenConverter extends JwtAccessTokenConverter {
@@ -37,55 +73,70 @@ class JwkVerifyingJwtAccessTokenConverter extends JwtAccessTokenConverter {
 	private final JwtHeaderConverter jwtHeaderConverter = new JwtHeaderConverter();
 	private final JsonParser jsonParser = JsonParserFactory.create();
 
+	/**
+	 * Creates a new instance using the provided {@link JwkDefinitionSource}
+	 * as the primary source for looking up {@link JwkDefinition}(s).
+	 *
+	 * @param jwkDefinitionSource the source for {@link JwkDefinition}(s)
+	 */
 	JwkVerifyingJwtAccessTokenConverter(JwkDefinitionSource jwkDefinitionSource) {
 		this.jwkDefinitionSource = jwkDefinitionSource;
 	}
 
+	/**
+	 * Decodes and validates the supplied JWT followed by signature verification
+	 * before returning the Claims from the JWT Payload.
+	 *
+	 * @param token the JSON Web Token
+	 * @return a Map of the JWT Claims
+	 * @throws JwkException if the JWT is invalid or if the JWS could not be verified
+	 */
 	@Override
 	protected Map decode(String token) {
-		try {
-			Map headers = this.jwtHeaderConverter.convert(token);
-
-			// Validate "kid" header
-			String keyIdHeader = headers.get(KEY_ID);
-			if (keyIdHeader == null) {
-				throw new JwkException("Invalid JWT/JWS: \"" + KEY_ID + "\" is a required JOSE Header.");
-			}
-			JwkDefinition jwkDefinition = this.jwkDefinitionSource.getDefinitionRefreshIfNecessary(keyIdHeader);
-			if (jwkDefinition == null) {
-				throw new JwkException("Invalid JOSE Header \"" + KEY_ID + "\" (" + keyIdHeader + ")");
-			}
-
-			// Validate "alg" header
-			String algorithmHeader = headers.get(ALGORITHM);
-			if (algorithmHeader == null) {
-				throw new JwkException("Invalid JWT/JWS: \"" + ALGORITHM + "\" is a required JOSE Header.");
-			}
-			if (!algorithmHeader.equals(jwkDefinition.getAlgorithm().headerParamValue())) {
-				throw new JwkException("Invalid JOSE Header \"" + ALGORITHM + "\" (" + algorithmHeader + ")" +
-						" does not match algorithm associated with \"" + KEY_ID + "\" (" + keyIdHeader + ")");
-			}
+		Map headers = this.jwtHeaderConverter.convert(token);
 
-			// Verify signature
-			SignatureVerifier verifier = this.jwkDefinitionSource.getVerifier(keyIdHeader);
-			Jwt jwt = JwtHelper.decode(token);
-			jwt.verifySignature(verifier);
+		// Validate "kid" header
+		String keyIdHeader = headers.get(KEY_ID);
+		if (keyIdHeader == null) {
+			throw new InvalidTokenException("Invalid JWT/JWS: " + KEY_ID + " is a required JOSE Header");
+		}
+		JwkDefinition jwkDefinition = this.jwkDefinitionSource.getDefinitionRefreshIfNecessary(keyIdHeader);
+		if (jwkDefinition == null) {
+			throw new InvalidTokenException("Invalid JOSE Header " + KEY_ID + " (" + keyIdHeader + ")");
+		}
 
-			Map claims = this.jsonParser.parseMap(jwt.getClaims());
-			if (claims.containsKey(EXP) && claims.get(EXP) instanceof Integer) {
-				Integer expiryInt = (Integer) claims.get(EXP);
-				claims.put(EXP, new Long(expiryInt));
-			}
+		// Validate "alg" header
+		String algorithmHeader = headers.get(ALGORITHM);
+		if (algorithmHeader == null) {
+			throw new InvalidTokenException("Invalid JWT/JWS: " + ALGORITHM + " is a required JOSE Header");
+		}
+		if (!algorithmHeader.equals(jwkDefinition.getAlgorithm().headerParamValue())) {
+			throw new InvalidTokenException("Invalid JOSE Header " + ALGORITHM + " (" + algorithmHeader + ")" +
+					" does not match algorithm associated to JWK with " + KEY_ID + " (" + keyIdHeader + ")");
+		}
 
-			return claims;
+		// Verify signature
+		SignatureVerifier verifier = this.jwkDefinitionSource.getVerifier(keyIdHeader);
+		Jwt jwt = JwtHelper.decode(token);
+		jwt.verifySignature(verifier);
 
-		} catch (Exception ex) {
-			throw new JwkException("Failed to decode/verify the JWT/JWS: " + ex.getMessage(), ex);
+		Map claims = this.jsonParser.parseMap(jwt.getClaims());
+		if (claims.containsKey(EXP) && claims.get(EXP) instanceof Integer) {
+			Integer expiryInt = (Integer) claims.get(EXP);
+			claims.put(EXP, new Long(expiryInt));
 		}
+
+		return claims;
 	}
 
+	/**
+	 * This operation (JWT signing) is not supported and if called,
+	 * will throw a {@link JwkException}.
+	 *
+	 * @throws JwkException
+	 */
 	@Override
 	protected String encode(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
-		throw new JwkException("JWT/JWS (signing) is currently not supported.");
+		throw new JwkException("JWT signing (JWS) is not supported.");
 	}
 }
\ No newline at end of file
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverter.java
index 2afa65a8d..1fb2daf27 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverter.java
@@ -20,24 +20,37 @@
 import com.fasterxml.jackson.core.JsonToken;
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.security.jwt.codec.Codecs;
+import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
 
 import java.io.IOException;
 import java.util.HashMap;
 import java.util.Map;
 
 /**
+ * A {@link Converter} that converts the supplied String representation of a JWT
+ * to a Map of JWT Header Parameters.
+ *
+ * @see JSON Web Token (JWT)
+ *
  * @author Joe Grandja
  */
 class JwtHeaderConverter implements Converter> {
 	private final JsonFactory factory = new JsonFactory();
 
+	/**
+	 * Converts the supplied JSON Web Token to a Map of JWT Header Parameters.
+	 *
+	 * @param token the JSON Web Token
+	 * @return a Map of JWT Header Parameters
+	 * @throws JwkException if the JWT is invalid
+	 */
 	@Override
 	public Map convert(String token) {
 		Map headers;
 
 		int headerEndIndex = token.indexOf('.');
 		if (headerEndIndex == -1) {
-			throw new JwkException("Invalid JWT. Missing JOSE Header.");
+			throw new InvalidTokenException("Invalid JWT. Missing JOSE Header.");
 		}
 		byte[] decodedHeader = Codecs.b64UrlDecode(token.substring(0, headerEndIndex));
 
@@ -56,7 +69,7 @@ public Map convert(String token) {
 			}
 
 		} catch (IOException ex) {
-			throw new JwkException("An I/O error occurred while reading the JWT: " + ex.getMessage(), ex);
+			throw new InvalidTokenException("An I/O error occurred while reading the JWT: " + ex.getMessage(), ex);
 		} finally {
 			try {
 				if (parser != null) parser.close();
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/RSAJwkDefinition.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/RSAJwkDefinition.java
index 6361784af..d94ebfb6e 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/RSAJwkDefinition.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/RSAJwkDefinition.java
@@ -16,12 +16,26 @@
 package org.springframework.security.oauth2.provider.token.store.jwk;
 
 /**
+ * A JSON Web Key (JWK) representation of a RSA key.
+ *
+ * @see JSON Web Key (JWK)
+ * @see JSON Web Algorithms (JWA)
+ *
  * @author Joe Grandja
  */
 final class RSAJwkDefinition extends JwkDefinition {
 	private final String modulus;
 	private final String exponent;
 
+	/**
+	 * Creates an instance of a RSA JSON Web Key (JWK).
+	 *
+	 * @param keyId the Key ID
+	 * @param publicKeyUse the intended use of the Public Key
+	 * @param algorithm the algorithm intended to be used
+	 * @param modulus the modulus value for the Public Key
+	 * @param exponent the exponent value for the Public Key
+	 */
 	RSAJwkDefinition(String keyId,
 					 PublicKeyUse publicKeyUse,
 					 CryptoAlgorithm algorithm,
@@ -33,10 +47,16 @@ final class RSAJwkDefinition extends JwkDefinition {
 		this.exponent = exponent;
 	}
 
+	/**
+	 * @return the modulus value for the Public Key
+	 */
 	String getModulus() {
 		return this.modulus;
 	}
 
+	/**
+	 * @return the exponent value for the Public Key
+	 */
 	String getExponent() {
 		return this.exponent;
 	}
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceTest.java
new file mode 100644
index 000000000..36b1bb459
--- /dev/null
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceTest.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.provider.token.store.jwk;
+
+import org.junit.Test;
+
+import static org.mockito.Mockito.*;
+
+/**
+ * @author jgrandja
+ */
+public class JwkDefinitionSourceTest {
+	private static final String DEFAULT_JWK_SET_URL = "https://identity.server1.io/token_keys";
+
+	@Test(expected = IllegalArgumentException.class)
+	public void constructorWhenInvalidJwkSetUrlThenThrowIllegalArgumentException() throws Exception {
+		new JwkDefinitionSource(DEFAULT_JWK_SET_URL.substring(1));
+	}
+
+	@Test
+	public void getDefinitionRefreshIfNecessaryWhenKeyIdNotFoundThenRefreshJwkDefinitions() throws Exception {
+		JwkDefinitionSource jwkDefinitionSource = spy(new JwkDefinitionSource(DEFAULT_JWK_SET_URL));
+		doNothing().when(jwkDefinitionSource).refreshJwkDefinitions();
+		jwkDefinitionSource.getDefinitionRefreshIfNecessary("invalid-key-id");
+		verify(jwkDefinitionSource).refreshJwkDefinitions();
+	}
+}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverterTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverterTest.java
new file mode 100644
index 000000000..834f9e559
--- /dev/null
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverterTest.java
@@ -0,0 +1,284 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.provider.token.store.jwk;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
+import static org.junit.Assert.*;
+import static org.springframework.security.oauth2.provider.token.store.jwk.JwkAttributes.KEYS;
+
+/**
+ * @author jgrandja
+ */
+public class JwkSetConverterTest {
+	private final JwkSetConverter converter = new JwkSetConverter();
+	private final ObjectMapper objectMapper = new ObjectMapper();
+
+	@Rule
+	public ExpectedException thrown = ExpectedException.none();
+
+
+	@Test
+	public void convertWhenJwkSetStreamIsNullThenThrowJwkException() throws Exception {
+		this.thrown.expect(JwkException.class);
+		this.thrown.expectMessage("Invalid JWK Set Object.");
+		this.converter.convert(null);
+	}
+
+	@Test
+	public void convertWhenJwkSetStreamIsEmptyThenThrowJwkException() throws Exception {
+		this.thrown.expect(JwkException.class);
+		this.thrown.expectMessage("Invalid JWK Set Object.");
+		this.converter.convert(new ByteArrayInputStream(new byte[0]));
+	}
+
+	@Test
+	public void convertWhenJwkSetStreamNotAnObjectThenThrowJwkException() throws Exception {
+		this.thrown.expect(JwkException.class);
+		this.thrown.expectMessage("Invalid JWK Set Object.");
+		this.converter.convert(new ByteArrayInputStream("".getBytes()));
+	}
+
+	@Test
+	public void convertWhenJwkSetStreamHasMissingKeysAttributeThenThrowJwkException() throws Exception {
+		this.thrown.expect(JwkException.class);
+		this.thrown.expectMessage("Invalid JWK Set Object.");
+		Map jwkSetObject = new HashMap();
+		this.converter.convert(this.asInputStream(jwkSetObject));
+	}
+
+	@Test
+	public void convertWhenJwkSetStreamHasInvalidKeysAttributeThenThrowJwkException() throws Exception {
+		this.thrown.expect(JwkException.class);
+		this.thrown.expectMessage("Invalid JWK Set Object. The JWK Set MUST have a keys attribute.");
+		Map jwkSetObject = new HashMap();
+		jwkSetObject.put(KEYS + "-invalid", new Map[0]);
+		this.converter.convert(this.asInputStream(jwkSetObject));
+	}
+
+	@Test
+	public void convertWhenJwkSetStreamHasInvalidJwkElementsThenThrowJwkException() throws Exception {
+		this.thrown.expect(JwkException.class);
+		this.thrown.expectMessage("Invalid JWK Set Object. The JWK Set MUST have an array of JWK(s).");
+		Map jwkSetObject = new HashMap();
+		jwkSetObject.put(JwkAttributes.KEYS, "");
+		this.converter.convert(this.asInputStream(jwkSetObject));
+	}
+
+	@Test
+	public void convertWhenJwkSetStreamHasEmptyJwkElementsThenReturnEmptyJwkSet() throws Exception {
+		Map jwkSetObject = new HashMap();
+		jwkSetObject.put(JwkAttributes.KEYS, new Map[0]);
+		Set jwkSet = this.converter.convert(this.asInputStream(jwkSetObject));
+		assertTrue("JWK Set NOT empty", jwkSet.isEmpty());
+	}
+
+	@Test
+	public void convertWhenJwkSetStreamHasEmptyJwkElementThenThrowJwkException() throws Exception {
+		this.thrown.expect(JwkException.class);
+		this.thrown.expectMessage("unknown (kty) is currently not supported.");
+		Map jwkSetObject = new HashMap();
+		Map jwkObject = new HashMap();
+		jwkSetObject.put(JwkAttributes.KEYS, new Map[] {jwkObject});
+		this.converter.convert(this.asInputStream(jwkSetObject));
+	}
+
+	@Test
+	public void convertWhenJwkSetStreamHasJwkElementWithECKeyTypeThenThrowJwkException() throws Exception {
+		this.thrown.expect(JwkException.class);
+		this.thrown.expectMessage("EC (kty) is currently not supported.");
+		Map jwkSetObject = new HashMap();
+		Map jwkObject = this.createJwkObject(JwkDefinition.KeyType.EC);
+		jwkSetObject.put(JwkAttributes.KEYS, new Map[] {jwkObject});
+		this.converter.convert(this.asInputStream(jwkSetObject));
+	}
+
+	@Test
+	public void convertWhenJwkSetStreamHasJwkElementWithOCTKeyTypeThenThrowJwkException() throws Exception {
+		this.thrown.expect(JwkException.class);
+		this.thrown.expectMessage("oct (kty) is currently not supported.");
+		Map jwkSetObject = new HashMap();
+		Map jwkObject = this.createJwkObject(JwkDefinition.KeyType.OCT);
+		jwkSetObject.put(JwkAttributes.KEYS, new Map[] {jwkObject});
+		this.converter.convert(this.asInputStream(jwkSetObject));
+	}
+
+	@Test
+	public void convertWhenJwkSetStreamHasJwkElementWithMissingKeyIdAttributeThenThrowJwkException() throws Exception {
+		this.thrown.expect(JwkException.class);
+		this.thrown.expectMessage("kid is a required attribute for a JWK.");
+		Map jwkSetObject = new HashMap();
+		Map jwkObject = this.createJwkObject(JwkDefinition.KeyType.RSA, null);
+		jwkSetObject.put(JwkAttributes.KEYS, new Map[] {jwkObject});
+		this.converter.convert(this.asInputStream(jwkSetObject));
+	}
+
+	@Test
+	public void convertWhenJwkSetStreamHasJwkElementWithMissingPublicKeyUseAttributeThenThrowJwkException() throws Exception {
+		this.thrown.expect(JwkException.class);
+		this.thrown.expectMessage("unknown (use) is currently not supported.");
+		Map jwkSetObject = new HashMap();
+		Map jwkObject = this.createJwkObject(JwkDefinition.KeyType.RSA, "key-id-1");
+		jwkSetObject.put(JwkAttributes.KEYS, new Map[] {jwkObject});
+		this.converter.convert(this.asInputStream(jwkSetObject));
+	}
+
+	@Test
+	public void convertWhenJwkSetStreamHasJwkElementWithENCPublicKeyUseAttributeThenThrowJwkException() throws Exception {
+		this.thrown.expect(JwkException.class);
+		this.thrown.expectMessage("enc (use) is currently not supported.");
+		Map jwkSetObject = new HashMap();
+		Map jwkObject = this.createJwkObject(JwkDefinition.KeyType.RSA, "key-id-1", JwkDefinition.PublicKeyUse.ENC);
+		jwkSetObject.put(JwkAttributes.KEYS, new Map[] {jwkObject});
+		this.converter.convert(this.asInputStream(jwkSetObject));
+	}
+
+	@Test
+	public void convertWhenJwkSetStreamHasJwkElementWithMissingAlgorithmAttributeThenThrowJwkException() throws Exception {
+		this.thrown.expect(JwkException.class);
+		this.thrown.expectMessage("unknown (alg) is currently not supported.");
+		Map jwkSetObject = new HashMap();
+		Map jwkObject = this.createJwkObject(JwkDefinition.KeyType.RSA, "key-id-1", JwkDefinition.PublicKeyUse.SIG);
+		jwkSetObject.put(JwkAttributes.KEYS, new Map[] {jwkObject});
+		this.converter.convert(this.asInputStream(jwkSetObject));
+	}
+
+	@Test
+	public void convertWhenJwkSetStreamHasJwkElementWithMissingRSAModulusAttributeThenThrowJwkException() throws Exception {
+		this.thrown.expect(JwkException.class);
+		this.thrown.expectMessage("n is a required attribute for a RSA JWK.");
+		Map jwkSetObject = new HashMap();
+		Map jwkObject = this.createJwkObject(JwkDefinition.KeyType.RSA, "key-id-1",
+				JwkDefinition.PublicKeyUse.SIG, JwkDefinition.CryptoAlgorithm.RS256);
+		jwkSetObject.put(JwkAttributes.KEYS, new Map[] {jwkObject});
+		this.converter.convert(this.asInputStream(jwkSetObject));
+	}
+
+	@Test
+	public void convertWhenJwkSetStreamHasJwkElementWithMissingRSAExponentAttributeThenThrowJwkException() throws Exception {
+		this.thrown.expect(JwkException.class);
+		this.thrown.expectMessage("e is a required attribute for a RSA JWK.");
+		Map jwkSetObject = new HashMap();
+		Map jwkObject = this.createJwkObject(JwkDefinition.KeyType.RSA, "key-id-1",
+				JwkDefinition.PublicKeyUse.SIG, JwkDefinition.CryptoAlgorithm.RS256, "AMh-pGAj9vX2gwFDyrXot1f2YfHgh8h0Qx6w9IqLL");
+		jwkSetObject.put(JwkAttributes.KEYS, new Map[] {jwkObject});
+		this.converter.convert(this.asInputStream(jwkSetObject));
+	}
+
+	@Test
+	public void convertWhenJwkSetStreamIsValidThenReturnJwkSet() throws Exception {
+		Map jwkSetObject = new HashMap();
+		Map jwkObject = this.createJwkObject(JwkDefinition.KeyType.RSA, "key-id-1",
+				JwkDefinition.PublicKeyUse.SIG, JwkDefinition.CryptoAlgorithm.RS256, "AMh-pGAj9vX2gwFDyrXot1f2YfHgh8h0Qx6w9IqLL", "AQAB");
+		jwkSetObject.put(JwkAttributes.KEYS, new Map[] {jwkObject});
+		Set jwkSet = this.converter.convert(this.asInputStream(jwkSetObject));
+		assertNotNull(jwkSet);
+		assertEquals("JWK Set NOT size=1", 1, jwkSet.size());
+
+		Map jwkObject2 = this.createJwkObject(JwkDefinition.KeyType.RSA, "key-id-2",
+				JwkDefinition.PublicKeyUse.SIG, JwkDefinition.CryptoAlgorithm.RS512, "AMh-pGAj9vX2gwFDyrXot1f2YfHgh8h0Qx6w9IqLL", "AQAB");
+		jwkSetObject.put(JwkAttributes.KEYS, new Map[] {jwkObject, jwkObject2});
+		jwkSet = this.converter.convert(this.asInputStream(jwkSetObject));
+		assertNotNull(jwkSet);
+		assertEquals("JWK Set NOT size=2", 2, jwkSet.size());
+	}
+
+	@Test
+	public void convertWhenJwkSetStreamHasDuplicateJwkElementsThenThrowJwkException() throws Exception {
+		this.thrown.expect(JwkException.class);
+		this.thrown.expectMessage("Duplicate JWK found in Set: key-id-1 (kid)");
+		Map jwkSetObject = new HashMap();
+		Map jwkObject = this.createJwkObject(JwkDefinition.KeyType.RSA, "key-id-1",
+				JwkDefinition.PublicKeyUse.SIG, JwkDefinition.CryptoAlgorithm.RS256, "AMh-pGAj9vX2gwFDyrXot1f2YfHgh8h0Qx6w9IqLL", "AQAB");
+		jwkSetObject.put(JwkAttributes.KEYS, new Map[] {jwkObject, jwkObject});
+		this.converter.convert(this.asInputStream(jwkSetObject));
+	}
+
+	private Map createJwkObject(JwkDefinition.KeyType keyType) {
+		return this.createJwkObject(keyType, null);
+	}
+
+	private Map createJwkObject(JwkDefinition.KeyType keyType, String keyId) {
+		return this.createJwkObject(keyType, keyId, null);
+	}
+
+	private Map createJwkObject(JwkDefinition.KeyType keyType,
+												String keyId,
+												JwkDefinition.PublicKeyUse publicKeyUse) {
+
+		return this.createJwkObject(keyType, keyId, publicKeyUse, null);
+	}
+
+	private Map createJwkObject(JwkDefinition.KeyType keyType,
+												String keyId,
+												JwkDefinition.PublicKeyUse publicKeyUse,
+												JwkDefinition.CryptoAlgorithm algorithm) {
+
+		return this.createJwkObject(keyType, keyId, publicKeyUse, algorithm, null);
+	}
+
+	private Map createJwkObject(JwkDefinition.KeyType keyType,
+												String keyId,
+												JwkDefinition.PublicKeyUse publicKeyUse,
+												JwkDefinition.CryptoAlgorithm algorithm,
+												String rsaModulus) {
+
+		return this.createJwkObject(keyType, keyId, publicKeyUse, algorithm, rsaModulus, null);
+	}
+
+	private Map createJwkObject(JwkDefinition.KeyType keyType,
+												String keyId,
+												JwkDefinition.PublicKeyUse publicKeyUse,
+												JwkDefinition.CryptoAlgorithm algorithm,
+												String rsaModulus,
+												String rsaExponent) {
+
+		Map jwkObject = new HashMap();
+		jwkObject.put(JwkAttributes.KEY_TYPE, keyType.value());
+		if (keyId != null) {
+			jwkObject.put(JwkAttributes.KEY_ID, keyId);
+		}
+		if (publicKeyUse != null) {
+			jwkObject.put(JwkAttributes.PUBLIC_KEY_USE, publicKeyUse.value());
+		}
+		if (algorithm != null) {
+			jwkObject.put(JwkAttributes.ALGORITHM, algorithm.headerParamValue());
+		}
+		if (rsaModulus != null) {
+			jwkObject.put(JwkAttributes.RSA_PUBLIC_KEY_MODULUS, rsaModulus);
+		}
+		if (rsaExponent != null) {
+			jwkObject.put(JwkAttributes.RSA_PUBLIC_KEY_EXPONENT, rsaExponent);
+		}
+		return jwkObject;
+	}
+
+	private InputStream asInputStream(Map content) throws Exception {
+		ByteArrayOutputStream out = new ByteArrayOutputStream();
+		this.objectMapper.writeValue(out, content);
+		return new ByteArrayInputStream(out.toByteArray());
+	}
+}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreTest.java
new file mode 100644
index 000000000..34353d37d
--- /dev/null
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreTest.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.provider.token.store.jwk;
+
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+
+/**
+ * @author jgrandja
+ */
+public class JwkTokenStoreTest {
+	private JwkTokenStore jwkTokenStore = new JwkTokenStore("https://identity.server1.io/token_keys");
+
+	@Rule
+	public ExpectedException thrown = ExpectedException.none();
+
+	@Before
+	public void setUp() throws Exception {
+		this.thrown.expect(JwkException.class);
+		this.thrown.expectMessage("This operation is not supported.");
+	}
+
+	@Test
+	public void storeAccessTokenWhenCalledThenThrowJwkException() throws Exception {
+		this.jwkTokenStore.storeAccessToken(null, null);
+	}
+
+	@Test
+	public void removeAccessTokenWhenCalledThenThrowJwkException() throws Exception {
+		this.jwkTokenStore.removeAccessToken(null);
+	}
+
+	@Test
+	public void storeRefreshTokenWhenCalledThenThrowJwkException() throws Exception {
+		this.jwkTokenStore.storeRefreshToken(null, null);
+	}
+
+	@Test
+	public void readRefreshTokenWhenCalledThenThrowJwkException() throws Exception {
+		this.jwkTokenStore.readRefreshToken(null);
+	}
+
+	@Test
+	public void readAuthenticationForRefreshTokenWhenCalledThenThrowJwkException() throws Exception {
+		this.jwkTokenStore.readAuthenticationForRefreshToken(null);
+	}
+
+	@Test
+	public void removeRefreshTokenWhenCalledThenThrowJwkException() throws Exception {
+		this.jwkTokenStore.removeRefreshToken(null);
+	}
+
+	@Test
+	public void removeAccessTokenUsingRefreshTokenWhenCalledThenThrowJwkException() throws Exception {
+		this.jwkTokenStore.removeAccessTokenUsingRefreshToken(null);
+	}
+
+	@Test
+	public void getAccessTokenWhenCalledThenThrowJwkException() throws Exception {
+		this.jwkTokenStore.getAccessToken(null);
+	}
+
+	@Test
+	public void findTokensByClientIdAndUserNameWhenCalledThenThrowJwkException() throws Exception {
+		this.jwkTokenStore.findTokensByClientIdAndUserName(null, null);
+	}
+
+	@Test
+	public void findTokensByClientIdWhenCalledThenThrowJwkException() throws Exception {
+		this.jwkTokenStore.findTokensByClientId(null);
+	}
+}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverterTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverterTest.java
new file mode 100644
index 000000000..a27db63f8
--- /dev/null
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverterTest.java
@@ -0,0 +1,109 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.provider.token.store.jwk;
+
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
+
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+import static org.springframework.security.oauth2.provider.token.store.jwk.JwtTestUtil.createJwt;
+import static org.springframework.security.oauth2.provider.token.store.jwk.JwtTestUtil.createJwtHeader;
+
+/**
+ * @author jgrandja
+ */
+public class JwkVerifyingJwtAccessTokenConverterTest {
+
+	@Rule
+	public ExpectedException thrown = ExpectedException.none();
+
+	@Test
+	public void encodeWhenCalledThenThrowJwkException() throws Exception {
+		this.thrown.expect(JwkException.class);
+		this.thrown.expectMessage("JWT signing (JWS) is not supported.");
+		JwkVerifyingJwtAccessTokenConverter accessTokenConverter =
+				new JwkVerifyingJwtAccessTokenConverter(mock(JwkDefinitionSource.class));
+		accessTokenConverter.encode(null, null);
+	}
+
+	@Test
+	public void decodeWhenKeyIdHeaderMissingThenThrowJwkException() throws Exception {
+		this.thrown.expect(InvalidTokenException.class);
+		this.thrown.expectMessage("Invalid JWT/JWS: kid is a required JOSE Header");
+		JwkVerifyingJwtAccessTokenConverter accessTokenConverter =
+				new JwkVerifyingJwtAccessTokenConverter(mock(JwkDefinitionSource.class));
+		String jwt = createJwt(createJwtHeader(null, JwkDefinition.CryptoAlgorithm.RS256));
+		accessTokenConverter.decode(jwt);
+	}
+
+	@Test
+	public void decodeWhenKeyIdHeaderInvalidThenThrowJwkException() throws Exception {
+		this.thrown.expect(InvalidTokenException.class);
+		this.thrown.expectMessage("Invalid JOSE Header kid (invalid-key-id)");
+		JwkDefinition jwkDefinition = this.createRSAJwkDefinition("key-id-1", JwkDefinition.CryptoAlgorithm.RS256);
+		JwkDefinitionSource jwkDefinitionSource = mock(JwkDefinitionSource.class);
+		when(jwkDefinitionSource.getDefinitionRefreshIfNecessary("key-id-1")).thenReturn(jwkDefinition);
+		JwkVerifyingJwtAccessTokenConverter accessTokenConverter =
+				new JwkVerifyingJwtAccessTokenConverter(jwkDefinitionSource);
+		String jwt = createJwt(createJwtHeader("invalid-key-id", JwkDefinition.CryptoAlgorithm.RS256));
+		accessTokenConverter.decode(jwt);
+	}
+
+	@Test
+	public void decodeWhenAlgorithmHeaderMissingThenThrowJwkException() throws Exception {
+		this.thrown.expect(InvalidTokenException.class);
+		this.thrown.expectMessage("Invalid JWT/JWS: alg is a required JOSE Header");
+		JwkDefinition jwkDefinition = this.createRSAJwkDefinition("key-id-1", JwkDefinition.CryptoAlgorithm.RS256);
+		JwkDefinitionSource jwkDefinitionSource = mock(JwkDefinitionSource.class);
+		when(jwkDefinitionSource.getDefinitionRefreshIfNecessary("key-id-1")).thenReturn(jwkDefinition);
+		JwkVerifyingJwtAccessTokenConverter accessTokenConverter =
+				new JwkVerifyingJwtAccessTokenConverter(jwkDefinitionSource);
+		String jwt = createJwt(createJwtHeader("key-id-1", null));
+		accessTokenConverter.decode(jwt);
+	}
+
+	@Test
+	public void decodeWhenAlgorithmHeaderDoesNotMatchJwkAlgorithmThenThrowJwkException() throws Exception {
+		this.thrown.expect(InvalidTokenException.class);
+		this.thrown.expectMessage("Invalid JOSE Header alg (RS512) " +
+				"does not match algorithm associated to JWK with kid (key-id-1)");
+		JwkDefinition jwkDefinition = this.createRSAJwkDefinition("key-id-1", JwkDefinition.CryptoAlgorithm.RS256);
+		JwkDefinitionSource jwkDefinitionSource = mock(JwkDefinitionSource.class);
+		when(jwkDefinitionSource.getDefinitionRefreshIfNecessary("key-id-1")).thenReturn(jwkDefinition);
+		JwkVerifyingJwtAccessTokenConverter accessTokenConverter =
+				new JwkVerifyingJwtAccessTokenConverter(jwkDefinitionSource);
+		String jwt = createJwt(createJwtHeader("key-id-1", JwkDefinition.CryptoAlgorithm.RS512));
+		accessTokenConverter.decode(jwt);
+	}
+
+	private JwkDefinition createRSAJwkDefinition(String keyId, JwkDefinition.CryptoAlgorithm algorithm) {
+		return createRSAJwkDefinition(JwkDefinition.KeyType.RSA, keyId,
+				JwkDefinition.PublicKeyUse.SIG, algorithm, "AMh-pGAj9vX2gwFDyrXot1f2YfHgh8h0Qx6w9IqLL", "AQAB");
+	}
+
+	private JwkDefinition createRSAJwkDefinition(JwkDefinition.KeyType keyType,
+												String keyId,
+												JwkDefinition.PublicKeyUse publicKeyUse,
+												JwkDefinition.CryptoAlgorithm algorithm,
+												String modulus,
+												String exponent) {
+
+		return new RSAJwkDefinition(keyId, publicKeyUse, algorithm, modulus, exponent);
+	}
+}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverterTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverterTest.java
new file mode 100644
index 000000000..f652e61c7
--- /dev/null
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverterTest.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.provider.token.store.jwk;
+
+
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
+
+import java.util.Map;
+
+import static org.junit.Assert.assertEquals;
+import static org.springframework.security.oauth2.provider.token.store.jwk.JwtTestUtil.createJwt;
+
+/**
+ * @author jgrandja
+ */
+public class JwtHeaderConverterTest {
+	private final JwtHeaderConverter converter = new JwtHeaderConverter();
+
+	@Rule
+	public ExpectedException thrown = ExpectedException.none();
+
+
+	@Test
+	public void convertWhenJwtTokenIsNullThenThrowNullPointerException() throws Exception {
+		this.thrown.expect(NullPointerException.class);
+		this.converter.convert(null);
+	}
+
+	@Test
+	public void convertWhenJwtTokenInvalidThenThrowJwkException() throws Exception {
+		this.thrown.expect(InvalidTokenException.class);
+		this.thrown.expectMessage("Invalid JWT. Missing JOSE Header.");
+		this.converter.convert("");
+	}
+
+	@Test
+	public void convertWhenJwtTokenValidThenReturnJwtHeaders() throws Exception {
+		Map jwtHeaders = this.converter.convert(createJwt());
+		assertEquals("key-id-1", jwtHeaders.get(JwkAttributes.KEY_ID));
+		assertEquals(JwkDefinition.CryptoAlgorithm.RS256.headerParamValue(), jwtHeaders.get(JwkAttributes.ALGORITHM));
+	}
+}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtTestUtil.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtTestUtil.java
new file mode 100644
index 000000000..b8df0e87b
--- /dev/null
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtTestUtil.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.provider.token.store.jwk;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.springframework.security.jwt.codec.Codecs;
+
+import java.io.ByteArrayOutputStream;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * @author Joe Grandja
+ */
+class JwtTestUtil {
+	private static final ObjectMapper objectMapper = new ObjectMapper();
+
+	static String createJwt() throws Exception {
+		return createJwt(createDefaultJwtHeader());
+	}
+
+	static String createJwt(byte[] jwtHeader) throws Exception {
+		return createJwt(jwtHeader, createDefaultJwtPayload());
+	}
+
+	static String createJwt(byte[] jwtHeader, byte[] jwtPayload) throws Exception {
+		byte[] encodedJwtHeader = Codecs.b64UrlEncode(jwtHeader);
+		byte[] encodedJwtPayload = Codecs.b64UrlEncode(jwtPayload);
+		byte[] period = Codecs.utf8Encode(".");
+		return new String(join(encodedJwtHeader, period, encodedJwtPayload));
+	}
+
+	static byte[] createDefaultJwtHeader() throws Exception {
+		return createJwtHeader("key-id-1", JwkDefinition.CryptoAlgorithm.RS256);
+	}
+
+	static byte[] createJwtHeader(String keyId, JwkDefinition.CryptoAlgorithm algorithm) throws Exception {
+		Map jwtHeader = new HashMap();
+		if (keyId != null) {
+			jwtHeader.put(JwkAttributes.KEY_ID, keyId);
+		}
+		if (algorithm != null) {
+			jwtHeader.put(JwkAttributes.ALGORITHM, algorithm.headerParamValue());
+		}
+		ByteArrayOutputStream out = new ByteArrayOutputStream();
+		objectMapper.writeValue(out, jwtHeader);
+		return out.toByteArray();
+	}
+
+	static byte[] createDefaultJwtPayload() throws Exception {
+		Map jwtPayload = new HashMap();
+		jwtPayload.put("claim-name-1", "claim-value-1");
+		jwtPayload.put("claim-name-2", "claim-value-2");
+		jwtPayload.put("claim-name-3", "claim-value-3");
+		ByteArrayOutputStream out = new ByteArrayOutputStream();
+		objectMapper.writeValue(out, jwtPayload);
+		return out.toByteArray();
+	}
+
+	private static byte[] join(byte[]... byteArrays) {
+		int size = 0;
+		for (byte[] bytes : byteArrays) {
+			size += bytes.length;
+		}
+		byte[] result = new byte[size];
+		int index = 0;
+		for (byte[] bytes : byteArrays) {
+			System.arraycopy(bytes, 0, result, index, bytes.length);
+			index += bytes.length;
+		}
+		return result;
+	}
+}
\ No newline at end of file

From 44c97375ce756a2bfa576f79c0da1f28879247d8 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Wed, 1 Mar 2017 11:44:46 -0500
Subject: [PATCH 080/345] Polish gh-977

Fixes gh-994
---
 .../token/store/jwk/JwkAttributes.java        |  2 +-
 .../token/store/jwk/JwkDefinition.java        | 16 ++--
 .../token/store/jwk/JwkDefinitionSource.java  | 74 ++++++++++-------
 .../token/store/jwk/JwkException.java         |  2 +-
 .../token/store/jwk/JwkSetConverter.java      | 15 ++--
 .../token/store/jwk/JwkTokenStore.java        | 20 ++---
 .../JwkVerifyingJwtAccessTokenConverter.java  |  4 +-
 .../token/store/jwk/JwtHeaderConverter.java   |  2 +-
 ...kDefinition.java => RsaJwkDefinition.java} |  6 +-
 .../store/jwk/JwkDefinitionSourceTest.java    | 26 ++++--
 .../token/store/jwk/JwkDefinitionTest.java    | 51 ++++++++++++
 .../token/store/jwk/JwkSetConverterTest.java  |  4 +-
 .../token/store/jwk/JwkTokenStoreTest.java    | 80 +++++++++++++++++--
 ...kVerifyingJwtAccessTokenConverterTest.java | 12 +--
 .../store/jwk/JwtHeaderConverterTest.java     |  4 +-
 .../provider/token/store/jwk/JwtTestUtil.java |  2 +-
 .../token/store/jwk/RsaJwkDefinitionTest.java | 45 +++++++++++
 17 files changed, 275 insertions(+), 90 deletions(-)
 rename spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/{RSAJwkDefinition.java => RsaJwkDefinition.java} (92%)
 create mode 100644 spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionTest.java
 create mode 100644 spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/RsaJwkDefinitionTest.java

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkAttributes.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkAttributes.java
index 75343999a..642dcc430 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkAttributes.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkAttributes.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2016 the original author or authors.
+ * Copyright 2012-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinition.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinition.java
index ac33281bd..2768ca3f1 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinition.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinition.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2016 the original author or authors.
+ * Copyright 2012-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -162,18 +162,16 @@ static PublicKeyUse fromValue(String value) {
 	 * The defined Algorithm ("alg") values.
 	 */
 	enum CryptoAlgorithm {
-		RS256("SHA256withRSA", "RS256", "RSASSA-PKCS1-v1_5 using SHA-256"),
-		RS384("SHA384withRSA", "RS384", "RSASSA-PKCS1-v1_5 using SHA-384"),
-		RS512("SHA512withRSA", "RS512", "RSASSA-PKCS1-v1_5 using SHA-512");
+		RS256("SHA256withRSA", "RS256"),
+		RS384("SHA384withRSA", "RS384"),
+		RS512("SHA512withRSA", "RS512");
 
 		private final String standardName;		// JCA Standard Name
 		private final String headerParamValue;
-		private final String description;
 
-		CryptoAlgorithm(String standardName, String headerParamValue, String description) {
+		CryptoAlgorithm(String standardName, String headerParamValue) {
 			this.standardName = standardName;
 			this.headerParamValue = headerParamValue;
-			this.description = description;
 		}
 
 		String standardName() {
@@ -184,10 +182,6 @@ String headerParamValue() {
 			return this.headerParamValue;
 		}
 
-		String description() {
-			return this.description;
-		}
-
 		static CryptoAlgorithm fromHeaderParamValue(String headerParamValue) {
 			CryptoAlgorithm result = null;
 			for (CryptoAlgorithm algorithm : values()) {
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java
index 83bf4b85f..de643ff03 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2016 the original author or authors.
+ * Copyright 2012-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -27,11 +27,10 @@
 import java.security.KeyFactory;
 import java.security.interfaces.RSAPublicKey;
 import java.security.spec.RSAPublicKeySpec;
-import java.util.HashMap;
 import java.util.LinkedHashMap;
 import java.util.Map;
 import java.util.Set;
-import java.util.concurrent.atomic.AtomicReference;
+import java.util.concurrent.ConcurrentHashMap;
 
 /**
  * A source for JSON Web Key(s) (JWK) that is solely responsible for fetching (and caching)
@@ -46,9 +45,8 @@
  */
 class JwkDefinitionSource {
 	private final URL jwkSetUrl;
-	private final JwkSetConverter jwkSetConverter = new JwkSetConverter();
-	private final AtomicReference> jwkDefinitions =
-			new AtomicReference>(new HashMap());
+	private final Map jwkDefinitions = new ConcurrentHashMap();
+	private static final JwkSetConverter jwkSetConverter = new JwkSetConverter();
 
 	/**
 	 * Creates a new instance using the provided URL as the location for the JWK Set.
@@ -71,29 +69,28 @@ class JwkDefinitionSource {
 	 */
 	JwkDefinition getDefinition(String keyId) {
 		JwkDefinition result = null;
-		for (JwkDefinition jwkDefinition : this.jwkDefinitions.get().keySet()) {
-			if (jwkDefinition.getKeyId().equals(keyId)) {
-				result = jwkDefinition;
-				break;
-			}
+		JwkDefinitionHolder jwkDefinitionHolder = this.jwkDefinitions.get(keyId);
+		if (jwkDefinitionHolder != null) {
+			result = jwkDefinitionHolder.getJwkDefinition();
 		}
 		return result;
 	}
 
 	/**
 	 * Returns the JWK definition matching the provided keyId ("kid").
-	 * If the JWK definition is not available in the internal cache then {@link #refreshJwkDefinitions()}
-	 * will be called (to refresh the cache) and then followed-up with a second attempt to locate the JWK definition.
+	 * If the JWK definition is not available in the internal cache then {@link #loadJwkDefinitions(URL)}
+	 * will be called (to re-load the cache) and then followed-up with a second attempt to locate the JWK definition.
 	 *
 	 * @param keyId the Key ID ("kid")
 	 * @return the matching {@link JwkDefinition} or null if not found
 	 */
-	JwkDefinition getDefinitionRefreshIfNecessary(String keyId) {
+	JwkDefinition getDefinitionLoadIfNecessary(String keyId) {
 		JwkDefinition result = this.getDefinition(keyId);
 		if (result != null) {
 			return result;
 		}
-		this.refreshJwkDefinitions();
+		this.jwkDefinitions.clear();
+		this.jwkDefinitions.putAll(loadJwkDefinitions(this.jwkSetUrl));
 		return this.getDefinition(keyId);
 	}
 
@@ -105,42 +102,47 @@ JwkDefinition getDefinitionRefreshIfNecessary(String keyId) {
 	 */
 	SignatureVerifier getVerifier(String keyId) {
 		SignatureVerifier result = null;
-		JwkDefinition jwkDefinition = this.getDefinitionRefreshIfNecessary(keyId);
+		JwkDefinition jwkDefinition = this.getDefinitionLoadIfNecessary(keyId);
 		if (jwkDefinition != null) {
-			result = this.jwkDefinitions.get().get(jwkDefinition);
+			result = this.jwkDefinitions.get(keyId).getSignatureVerifier();
 		}
 		return result;
 	}
 
 	/**
-	 * Refreshes the internal cache of association(s) between {@link JwkDefinition} and {@link SignatureVerifier}.
+	 * Fetches the JWK Set from the provided URL and
+	 * returns a Map keyed by the JWK keyId ("kid")
+	 * and mapped to an association of the {@link JwkDefinition} and {@link SignatureVerifier}.
 	 * Uses a {@link JwkSetConverter} to convert the JWK Set URL source to a set of {@link JwkDefinition}(s)
-	 * followed by the instantiation of a {@link SignatureVerifier} which is mapped to it's {@link JwkDefinition}.
+	 * followed by the instantiation of a {@link SignatureVerifier} which is associated to it's {@link JwkDefinition}.
 	 *
+	 * @param jwkSetUrl the JWK Set URL
+	 * @return a Map keyed by the JWK keyId and mapped to an association of {@link JwkDefinition} and {@link SignatureVerifier}
 	 * @see JwkSetConverter
 	 */
-	void refreshJwkDefinitions() {
+	static Map loadJwkDefinitions(URL jwkSetUrl) {
 		InputStream jwkSetSource;
 		try {
-			jwkSetSource = this.jwkSetUrl.openStream();
+			jwkSetSource = jwkSetUrl.openStream();
 		} catch (IOException ex) {
 			throw new JwkException("An I/O error occurred while reading from the JWK Set source: " + ex.getMessage(), ex);
 		}
 
-		Set jwkDefinitionSet = this.jwkSetConverter.convert(jwkSetSource);
+		Set jwkDefinitionSet = jwkSetConverter.convert(jwkSetSource);
 
-		Map refreshedJwkDefinitions = new LinkedHashMap();
+		Map jwkDefinitions = new LinkedHashMap();
 
 		for (JwkDefinition jwkDefinition : jwkDefinitionSet) {
 			if (JwkDefinition.KeyType.RSA.equals(jwkDefinition.getKeyType())) {
-				refreshedJwkDefinitions.put(jwkDefinition, this.createRSAVerifier((RSAJwkDefinition)jwkDefinition));
+				jwkDefinitions.put(jwkDefinition.getKeyId(),
+						new JwkDefinitionHolder(jwkDefinition, createRsaVerifier((RsaJwkDefinition) jwkDefinition)));
 			}
 		}
 
-		this.jwkDefinitions.set(refreshedJwkDefinitions);
+		return jwkDefinitions;
 	}
 
-	private RsaVerifier createRSAVerifier(RSAJwkDefinition rsaDefinition) {
+	private static RsaVerifier createRsaVerifier(RsaJwkDefinition rsaDefinition) {
 		RsaVerifier result;
 		try {
 			BigInteger modulus = new BigInteger(Codecs.b64UrlDecode(rsaDefinition.getModulus()));
@@ -157,4 +159,22 @@ private RsaVerifier createRSAVerifier(RSAJwkDefinition rsaDefinition) {
 		}
 		return result;
 	}
-}
+
+	static class JwkDefinitionHolder {
+		private final JwkDefinition jwkDefinition;
+		private final SignatureVerifier signatureVerifier;
+
+		private JwkDefinitionHolder(JwkDefinition jwkDefinition, SignatureVerifier signatureVerifier) {
+			this.jwkDefinition = jwkDefinition;
+			this.signatureVerifier = signatureVerifier;
+		}
+
+		private JwkDefinition getJwkDefinition() {
+			return jwkDefinition;
+		}
+
+		private SignatureVerifier getSignatureVerifier() {
+			return signatureVerifier;
+		}
+	}
+}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkException.java
index f47ef672a..1d3211dfb 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkException.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkException.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2016 the original author or authors.
+ * Copyright 2012-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java
index 2a31e37b6..e0284261c 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2016 the original author or authors.
+ * Copyright 2012-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -119,20 +119,21 @@ private JwkDefinition createJwkDefinition(Map attributes) {
 
 		if (!JwkDefinition.KeyType.RSA.equals(keyType)) {
 			throw new JwkException((keyType != null ? keyType.value() : "unknown") +
-					" (" + KEY_TYPE + ") is currently not supported.");
+					" (" + KEY_TYPE + ") is currently not supported." +
+					" Valid values for '" + KEY_TYPE + "' are: " + JwkDefinition.KeyType.RSA.value());
 		}
 
-		return this.createRSAJwkDefinition(attributes);
+		return this.createRsaJwkDefinition(attributes);
 	}
 
 	/**
-	 * Creates a {@link RSAJwkDefinition} based on the supplied attributes.
+	 * Creates a {@link RsaJwkDefinition} based on the supplied attributes.
 	 *
-	 * @param attributes the attributes used to create the {@link RSAJwkDefinition}
+	 * @param attributes the attributes used to create the {@link RsaJwkDefinition}
 	 * @return a {@link JwkDefinition} representation of a RSA Key
 	 * @throws JwkException if at least one attribute value is missing or invalid for a RSA Key
 	 */
-	private JwkDefinition createRSAJwkDefinition(Map attributes) {
+	private JwkDefinition createRsaJwkDefinition(Map attributes) {
 		// kid
 		String keyId = attributes.get(KEY_ID);
 		if (!StringUtils.hasText(keyId)) {
@@ -169,7 +170,7 @@ private JwkDefinition createRSAJwkDefinition(Map attributes) {
 			throw new JwkException(RSA_PUBLIC_KEY_EXPONENT + " is a required attribute for a RSA JWK.");
 		}
 
-		RSAJwkDefinition jwkDefinition = new RSAJwkDefinition(
+		RsaJwkDefinition jwkDefinition = new RsaJwkDefinition(
 				keyId, publicKeyUse, algorithm, modulus, exponent);
 
 		return jwkDefinition;
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java
index 1f62f6467..85706ba4a 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2016 the original author or authors.
+ * Copyright 2012-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +15,6 @@
  */
 package org.springframework.security.oauth2.provider.token.store.jwk;
 
-import org.springframework.security.jwt.crypto.sign.SignatureVerifier;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.security.oauth2.common.OAuth2RefreshToken;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
@@ -60,19 +59,19 @@
  * 

  *
  * This implementation delegates to an internal instance of a {@link JwtTokenStore} which uses a
- * specialized extension of {@link JwtAccessTokenConverter}, specifically, {@link JwkVerifyingJwtAccessTokenConverter}.
- * The {@link JwkVerifyingJwtAccessTokenConverter} is associated with a {@link JwkDefinitionSource} which is responsible
- * for fetching (and caching) the JWK Set (a set of JWKs) from the URL supplied to the constructor of this implementation.
+ * specialized extension of {@link JwtAccessTokenConverter}.
+ * This specialized {@link JwtAccessTokenConverter} is capable of fetching (and caching)
+ * the JWK Set (a set of JWKs) from the URL supplied to the constructor of this implementation.
  * 

  * 

  *
- * The {@link JwkVerifyingJwtAccessTokenConverter} will verify the JWS in the following step sequence:
+ * The {@link JwtAccessTokenConverter} will verify the JWS in the following step sequence:
  * 

  * 

  * 
    
  *     
  1. Extract the "kid" parameter from the JWT header.
    2. 
- *     
  2. Find the matching {@link JwkDefinition} from the {@link JwkDefinitionSource} with the corresponding "kid" attribute.
    3. 
- *     
  3. Obtain the {@link SignatureVerifier} associated with the {@link JwkDefinition} via the {@link JwkDefinitionSource} and verify the signature.
    4. 
+ *     
  4. Find the matching JWK with the corresponding "kid" attribute.
    5. 
+ *     
  5. Obtain the SignatureVerifier associated with the JWK and verify the signature.
    6. 
  * 

  * 

  * NOTE: The algorithms currently supported by this implementation are: RS256, RS384 and RS512.
@@ -80,16 +79,13 @@
  * 

  *
  * @see JwtTokenStore
- * @see JwkVerifyingJwtAccessTokenConverter
- * @see JwkDefinitionSource
- * @see JwkDefinition
  * @see JSON Web Key (JWK)
  * @see JSON Web Token (JWT)
  * @see JSON Web Signature (JWS)
  *
  * @author Joe Grandja
  */
-public class JwkTokenStore implements TokenStore {
+public final class JwkTokenStore implements TokenStore {
 	private final JwtTokenStore delegate;
 
 	/**
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java
index f9a1a7e35..431ade84a 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2016 the original author or authors.
+ * Copyright 2012-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -100,7 +100,7 @@ protected Map decode(String token) {
 		if (keyIdHeader == null) {
 			throw new InvalidTokenException("Invalid JWT/JWS: " + KEY_ID + " is a required JOSE Header");
 		}
-		JwkDefinition jwkDefinition = this.jwkDefinitionSource.getDefinitionRefreshIfNecessary(keyIdHeader);
+		JwkDefinition jwkDefinition = this.jwkDefinitionSource.getDefinitionLoadIfNecessary(keyIdHeader);
 		if (jwkDefinition == null) {
 			throw new InvalidTokenException("Invalid JOSE Header " + KEY_ID + " (" + keyIdHeader + ")");
 		}
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverter.java
index 1fb2daf27..62981f33b 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverter.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2016 the original author or authors.
+ * Copyright 2012-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/RSAJwkDefinition.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/RsaJwkDefinition.java
similarity index 92%
rename from spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/RSAJwkDefinition.java
rename to spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/RsaJwkDefinition.java
index d94ebfb6e..41655c7af 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/RSAJwkDefinition.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/RsaJwkDefinition.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2016 the original author or authors.
+ * Copyright 2012-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -23,7 +23,7 @@
  *
  * @author Joe Grandja
  */
-final class RSAJwkDefinition extends JwkDefinition {
+final class RsaJwkDefinition extends JwkDefinition {
 	private final String modulus;
 	private final String exponent;
 
@@ -36,7 +36,7 @@ final class RSAJwkDefinition extends JwkDefinition {
 	 * @param modulus the modulus value for the Public Key
 	 * @param exponent the exponent value for the Public Key
 	 */
-	RSAJwkDefinition(String keyId,
+	RsaJwkDefinition(String keyId,
 					 PublicKeyUse publicKeyUse,
 					 CryptoAlgorithm algorithm,
 					 String modulus,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceTest.java
index 36b1bb459..75a545379 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceTest.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2016 the original author or authors.
+ * Copyright 2012-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,12 +16,23 @@
 package org.springframework.security.oauth2.provider.token.store.jwk;
 
 import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+import java.net.URL;
+import java.util.Collections;
+
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.when;
+import static org.powermock.api.mockito.PowerMockito.*;
 
-import static org.mockito.Mockito.*;
 
 /**
- * @author jgrandja
+ * @author Joe Grandja
  */
+@RunWith(PowerMockRunner.class)
+@PrepareForTest(JwkDefinitionSource.class)
 public class JwkDefinitionSourceTest {
 	private static final String DEFAULT_JWK_SET_URL = "https://identity.server1.io/token_keys";
 
@@ -31,10 +42,11 @@ public void constructorWhenInvalidJwkSetUrlThenThrowIllegalArgumentException() t
 	}
 
 	@Test
-	public void getDefinitionRefreshIfNecessaryWhenKeyIdNotFoundThenRefreshJwkDefinitions() throws Exception {
+	public void getDefinitionLoadIfNecessaryWhenKeyIdNotFoundThenLoadJwkDefinitions() throws Exception {
 		JwkDefinitionSource jwkDefinitionSource = spy(new JwkDefinitionSource(DEFAULT_JWK_SET_URL));
-		doNothing().when(jwkDefinitionSource).refreshJwkDefinitions();
-		jwkDefinitionSource.getDefinitionRefreshIfNecessary("invalid-key-id");
-		verify(jwkDefinitionSource).refreshJwkDefinitions();
+		mockStatic(JwkDefinitionSource.class);
+		when(JwkDefinitionSource.loadJwkDefinitions(any(URL.class))).thenReturn(Collections.emptyMap());
+		jwkDefinitionSource.getDefinitionLoadIfNecessary("invalid-key-id");
+		verifyStatic();
 	}
 }
\ No newline at end of file
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionTest.java
new file mode 100644
index 000000000..a6ad3d2b2
--- /dev/null
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionTest.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2012-2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.provider.token.store.jwk;
+
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ * @author Joe Grandja
+ */
+public class JwkDefinitionTest {
+
+	@Test
+	public void constructorWhenArgumentsPassedThenAttributesAreCorrectlySet() throws Exception {
+		String keyId = "key-id-1";
+		JwkDefinition.KeyType keyType = JwkDefinition.KeyType.RSA;
+		JwkDefinition.PublicKeyUse publicKeyUse = JwkDefinition.PublicKeyUse.SIG;
+		JwkDefinition.CryptoAlgorithm algorithm = JwkDefinition.CryptoAlgorithm.RS512;
+
+		JwkDefinition jwkDefinition = new JwkDefinition(keyId, keyType, publicKeyUse, algorithm) { };
+
+		assertEquals(keyId, jwkDefinition.getKeyId());
+		assertEquals(keyType, jwkDefinition.getKeyType());
+		assertEquals(publicKeyUse, jwkDefinition.getPublicKeyUse());
+		assertEquals(algorithm, jwkDefinition.getAlgorithm());
+	}
+
+	@Test
+	public void cryptoAlgorithmWhenAttributesAccessedThenCorrectValuesReturned() {
+		assertEquals("RS256", JwkDefinition.CryptoAlgorithm.RS256.headerParamValue());
+		assertEquals("SHA256withRSA", JwkDefinition.CryptoAlgorithm.RS256.standardName());
+		assertEquals("RS384", JwkDefinition.CryptoAlgorithm.RS384.headerParamValue());
+		assertEquals("SHA384withRSA", JwkDefinition.CryptoAlgorithm.RS384.standardName());
+		assertEquals("RS512", JwkDefinition.CryptoAlgorithm.RS512.headerParamValue());
+		assertEquals("SHA512withRSA", JwkDefinition.CryptoAlgorithm.RS512.standardName());
+	}
+}
\ No newline at end of file
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverterTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverterTest.java
index 834f9e559..233385aeb 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverterTest.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverterTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2016 the original author or authors.
+ * Copyright 2012-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -31,7 +31,7 @@
 import static org.springframework.security.oauth2.provider.token.store.jwk.JwkAttributes.KEYS;
 
 /**
- * @author jgrandja
+ * @author Joe Grandja
  */
 public class JwkSetConverterTest {
 	private final JwkSetConverter converter = new JwkSetConverter();
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreTest.java
index 34353d37d..28ea3b528 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreTest.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2016 the original author or authors.
+ * Copyright 2012-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,73 +15,139 @@
  */
 package org.springframework.security.oauth2.provider.token.store.jwk;
 
-import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
+import org.junit.runner.RunWith;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
+import org.springframework.util.ReflectionUtils;
+
+import java.lang.reflect.Field;
+
+import static org.mockito.Matchers.any;
+import static org.mockito.Matchers.anyString;
+import static org.mockito.Mockito.*;
+import static org.powermock.api.mockito.PowerMockito.spy;
+
 
 /**
- * @author jgrandja
+ * @author Joe Grandja
  */
+@RunWith(PowerMockRunner.class)
+@PrepareForTest(JwkTokenStore.class)
 public class JwkTokenStoreTest {
 	private JwkTokenStore jwkTokenStore = new JwkTokenStore("https://identity.server1.io/token_keys");
 
 	@Rule
 	public ExpectedException thrown = ExpectedException.none();
 
-	@Before
-	public void setUp() throws Exception {
-		this.thrown.expect(JwkException.class);
-		this.thrown.expectMessage("This operation is not supported.");
+	@Test
+	public void readAuthenticationUsingOAuth2AccessTokenWhenCalledThenDelegateCalled() throws Exception {
+		JwkTokenStore spy = spy(this.jwkTokenStore);
+		JwtTokenStore delegate = mock(JwtTokenStore.class);
+		when(delegate.readAuthentication(any(OAuth2AccessToken.class))).thenReturn(null);
+
+		Field field = ReflectionUtils.findField(spy.getClass(), "delegate");
+		field.setAccessible(true);
+		ReflectionUtils.setField(field, spy, delegate);
+
+		spy.readAuthentication(mock(OAuth2AccessToken.class));
+		verify(delegate).readAuthentication(any(OAuth2AccessToken.class));
+	}
+
+	@Test
+	public void readAuthenticationUsingAccessTokenStringWhenCalledThenDelegateCalled() throws Exception {
+		JwkTokenStore spy = spy(this.jwkTokenStore);
+		JwtTokenStore delegate = mock(JwtTokenStore.class);
+		when(delegate.readAuthentication(anyString())).thenReturn(null);
+
+		Field field = ReflectionUtils.findField(spy.getClass(), "delegate");
+		field.setAccessible(true);
+		ReflectionUtils.setField(field, spy, delegate);
+
+		spy.readAuthentication(anyString());
+		verify(delegate).readAuthentication(anyString());
+	}
+
+	@Test
+	public void readAccessTokenWhenCalledThenDelegateCalled() throws Exception {
+		JwkTokenStore spy = spy(this.jwkTokenStore);
+		JwtTokenStore delegate = mock(JwtTokenStore.class);
+		when(delegate.readAccessToken(anyString())).thenReturn(null);
+
+		Field field = ReflectionUtils.findField(spy.getClass(), "delegate");
+		field.setAccessible(true);
+		ReflectionUtils.setField(field, spy, delegate);
+
+		spy.readAccessToken(anyString());
+		verify(delegate).readAccessToken(anyString());
 	}
 
 	@Test
 	public void storeAccessTokenWhenCalledThenThrowJwkException() throws Exception {
+		this.setUpExpectedJwkException();
 		this.jwkTokenStore.storeAccessToken(null, null);
 	}
 
 	@Test
 	public void removeAccessTokenWhenCalledThenThrowJwkException() throws Exception {
+		this.setUpExpectedJwkException();
 		this.jwkTokenStore.removeAccessToken(null);
 	}
 
 	@Test
 	public void storeRefreshTokenWhenCalledThenThrowJwkException() throws Exception {
+		this.setUpExpectedJwkException();
 		this.jwkTokenStore.storeRefreshToken(null, null);
 	}
 
 	@Test
 	public void readRefreshTokenWhenCalledThenThrowJwkException() throws Exception {
+		this.setUpExpectedJwkException();
 		this.jwkTokenStore.readRefreshToken(null);
 	}
 
 	@Test
 	public void readAuthenticationForRefreshTokenWhenCalledThenThrowJwkException() throws Exception {
+		this.setUpExpectedJwkException();
 		this.jwkTokenStore.readAuthenticationForRefreshToken(null);
 	}
 
 	@Test
 	public void removeRefreshTokenWhenCalledThenThrowJwkException() throws Exception {
+		this.setUpExpectedJwkException();
 		this.jwkTokenStore.removeRefreshToken(null);
 	}
 
 	@Test
 	public void removeAccessTokenUsingRefreshTokenWhenCalledThenThrowJwkException() throws Exception {
+		this.setUpExpectedJwkException();
 		this.jwkTokenStore.removeAccessTokenUsingRefreshToken(null);
 	}
 
 	@Test
 	public void getAccessTokenWhenCalledThenThrowJwkException() throws Exception {
+		this.setUpExpectedJwkException();
 		this.jwkTokenStore.getAccessToken(null);
 	}
 
 	@Test
 	public void findTokensByClientIdAndUserNameWhenCalledThenThrowJwkException() throws Exception {
+		this.setUpExpectedJwkException();
 		this.jwkTokenStore.findTokensByClientIdAndUserName(null, null);
 	}
 
 	@Test
 	public void findTokensByClientIdWhenCalledThenThrowJwkException() throws Exception {
+		this.setUpExpectedJwkException();
 		this.jwkTokenStore.findTokensByClientId(null);
 	}
+
+	private void setUpExpectedJwkException() {
+		this.thrown.expect(JwkException.class);
+		this.thrown.expectMessage("This operation is not supported.");
+	}
 }
\ No newline at end of file
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverterTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverterTest.java
index a27db63f8..3c830838e 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverterTest.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverterTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2016 the original author or authors.
+ * Copyright 2012-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -26,7 +26,7 @@
 import static org.springframework.security.oauth2.provider.token.store.jwk.JwtTestUtil.createJwtHeader;
 
 /**
- * @author jgrandja
+ * @author Joe Grandja
  */
 public class JwkVerifyingJwtAccessTokenConverterTest {
 
@@ -58,7 +58,7 @@ public void decodeWhenKeyIdHeaderInvalidThenThrowJwkException() throws Exception
 		this.thrown.expectMessage("Invalid JOSE Header kid (invalid-key-id)");
 		JwkDefinition jwkDefinition = this.createRSAJwkDefinition("key-id-1", JwkDefinition.CryptoAlgorithm.RS256);
 		JwkDefinitionSource jwkDefinitionSource = mock(JwkDefinitionSource.class);
-		when(jwkDefinitionSource.getDefinitionRefreshIfNecessary("key-id-1")).thenReturn(jwkDefinition);
+		when(jwkDefinitionSource.getDefinitionLoadIfNecessary("key-id-1")).thenReturn(jwkDefinition);
 		JwkVerifyingJwtAccessTokenConverter accessTokenConverter =
 				new JwkVerifyingJwtAccessTokenConverter(jwkDefinitionSource);
 		String jwt = createJwt(createJwtHeader("invalid-key-id", JwkDefinition.CryptoAlgorithm.RS256));
@@ -71,7 +71,7 @@ public void decodeWhenAlgorithmHeaderMissingThenThrowJwkException() throws Excep
 		this.thrown.expectMessage("Invalid JWT/JWS: alg is a required JOSE Header");
 		JwkDefinition jwkDefinition = this.createRSAJwkDefinition("key-id-1", JwkDefinition.CryptoAlgorithm.RS256);
 		JwkDefinitionSource jwkDefinitionSource = mock(JwkDefinitionSource.class);
-		when(jwkDefinitionSource.getDefinitionRefreshIfNecessary("key-id-1")).thenReturn(jwkDefinition);
+		when(jwkDefinitionSource.getDefinitionLoadIfNecessary("key-id-1")).thenReturn(jwkDefinition);
 		JwkVerifyingJwtAccessTokenConverter accessTokenConverter =
 				new JwkVerifyingJwtAccessTokenConverter(jwkDefinitionSource);
 		String jwt = createJwt(createJwtHeader("key-id-1", null));
@@ -85,7 +85,7 @@ public void decodeWhenAlgorithmHeaderDoesNotMatchJwkAlgorithmThenThrowJwkExcepti
 				"does not match algorithm associated to JWK with kid (key-id-1)");
 		JwkDefinition jwkDefinition = this.createRSAJwkDefinition("key-id-1", JwkDefinition.CryptoAlgorithm.RS256);
 		JwkDefinitionSource jwkDefinitionSource = mock(JwkDefinitionSource.class);
-		when(jwkDefinitionSource.getDefinitionRefreshIfNecessary("key-id-1")).thenReturn(jwkDefinition);
+		when(jwkDefinitionSource.getDefinitionLoadIfNecessary("key-id-1")).thenReturn(jwkDefinition);
 		JwkVerifyingJwtAccessTokenConverter accessTokenConverter =
 				new JwkVerifyingJwtAccessTokenConverter(jwkDefinitionSource);
 		String jwt = createJwt(createJwtHeader("key-id-1", JwkDefinition.CryptoAlgorithm.RS512));
@@ -104,6 +104,6 @@ private JwkDefinition createRSAJwkDefinition(JwkDefinition.KeyType keyType,
 												String modulus,
 												String exponent) {
 
-		return new RSAJwkDefinition(keyId, publicKeyUse, algorithm, modulus, exponent);
+		return new RsaJwkDefinition(keyId, publicKeyUse, algorithm, modulus, exponent);
 	}
 }
\ No newline at end of file
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverterTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverterTest.java
index f652e61c7..a7689d5c3 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverterTest.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverterTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2016 the original author or authors.
+ * Copyright 2012-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -27,7 +27,7 @@
 import static org.springframework.security.oauth2.provider.token.store.jwk.JwtTestUtil.createJwt;
 
 /**
- * @author jgrandja
+ * @author Joe Grandja
  */
 public class JwtHeaderConverterTest {
 	private final JwtHeaderConverter converter = new JwtHeaderConverter();
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtTestUtil.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtTestUtil.java
index b8df0e87b..5aab5d5e9 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtTestUtil.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtTestUtil.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2016 the original author or authors.
+ * Copyright 2012-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/RsaJwkDefinitionTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/RsaJwkDefinitionTest.java
new file mode 100644
index 000000000..72ca34d3c
--- /dev/null
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/RsaJwkDefinitionTest.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2012-2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.provider.token.store.jwk;
+
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ * @author Joe Grandja
+ */
+public class RsaJwkDefinitionTest {
+
+	@Test
+	public void constructorWhenArgumentsPassedThenAttributesAreCorrectlySet() throws Exception {
+		String keyId = "key-id-1";
+		JwkDefinition.PublicKeyUse publicKeyUse = JwkDefinition.PublicKeyUse.ENC;
+		JwkDefinition.CryptoAlgorithm algorithm = JwkDefinition.CryptoAlgorithm.RS384;
+		String modulus = "AMh-pGAj9vX2gwFDyrXot1f2YfHgh8h0Qx6w9IqLL";
+		String exponent = "AQAB";
+
+		RsaJwkDefinition rsaJwkDefinition = new RsaJwkDefinition(
+				keyId, publicKeyUse, algorithm, modulus, exponent);
+
+		assertEquals(keyId, rsaJwkDefinition.getKeyId());
+		assertEquals(JwkDefinition.KeyType.RSA, rsaJwkDefinition.getKeyType());
+		assertEquals(publicKeyUse, rsaJwkDefinition.getPublicKeyUse());
+		assertEquals(algorithm, rsaJwkDefinition.getAlgorithm());
+		assertEquals(modulus, rsaJwkDefinition.getModulus());
+		assertEquals(exponent, rsaJwkDefinition.getExponent());
+	}
+}
\ No newline at end of file

From 220183d8cf56860cddae2def4efdb1a552b60d69 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Wed, 1 Mar 2017 19:59:41 -0500
Subject: [PATCH 081/345] Release version 2.1.0.RELEASE

---
 pom.xml                                        | 2 +-
 samples/oauth/sparklr/pom.xml                  | 2 +-
 samples/oauth/tonr/pom.xml                     | 2 +-
 samples/oauth2/sparklr/pom.xml                 | 2 +-
 samples/oauth2/tonr/pom.xml                    | 2 +-
 samples/pom.xml                                | 2 +-
 spring-security-oauth/pom.xml                  | 2 +-
 spring-security-oauth2/pom.xml                 | 2 +-
 tests/annotation/approval/pom.xml              | 2 +-
 tests/annotation/client/pom.xml                | 2 +-
 tests/annotation/common/pom.xml                | 2 +-
 tests/annotation/custom-authentication/pom.xml | 2 +-
 tests/annotation/custom-grant/pom.xml          | 2 +-
 tests/annotation/form/pom.xml                  | 2 +-
 tests/annotation/jaxb/pom.xml                  | 2 +-
 tests/annotation/jdbc/pom.xml                  | 2 +-
 tests/annotation/jpa/pom.xml                   | 2 +-
 tests/annotation/jwt/pom.xml                   | 2 +-
 tests/annotation/mappings/pom.xml              | 2 +-
 tests/annotation/multi/pom.xml                 | 2 +-
 tests/annotation/pom.xml                       | 4 ++--
 tests/annotation/resource/pom.xml              | 2 +-
 tests/annotation/ssl/pom.xml                   | 2 +-
 tests/annotation/vanilla/pom.xml               | 2 +-
 tests/pom.xml                                  | 2 +-
 tests/xml/approval/pom.xml                     | 2 +-
 tests/xml/client/pom.xml                       | 2 +-
 tests/xml/common/pom.xml                       | 2 +-
 tests/xml/form/pom.xml                         | 2 +-
 tests/xml/jdbc/pom.xml                         | 2 +-
 tests/xml/jwt/pom.xml                          | 2 +-
 tests/xml/mappings/pom.xml                     | 2 +-
 tests/xml/pom.xml                              | 4 ++--
 tests/xml/vanilla/pom.xml                      | 2 +-
 34 files changed, 36 insertions(+), 36 deletions(-)

diff --git a/pom.xml b/pom.xml
index 3d5e79f56..bd0477f35 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
   OAuth for Spring Security
   Parent Project for OAuth Support for Spring Security
   pom
-  2.0.13.BUILD-SNAPSHOT
+  2.1.0.RELEASE
   http://static.springframework.org/spring-security/oauth
 
   
diff --git a/samples/oauth/sparklr/pom.xml b/samples/oauth/sparklr/pom.xml
index 4cc3debd2..91e000ecd 100644
--- a/samples/oauth/sparklr/pom.xml
+++ b/samples/oauth/sparklr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.13.BUILD-SNAPSHOT
+		2.1.0.RELEASE
 		../../..
 	
 
diff --git a/samples/oauth/tonr/pom.xml b/samples/oauth/tonr/pom.xml
index 570abf329..6d48cf227 100644
--- a/samples/oauth/tonr/pom.xml
+++ b/samples/oauth/tonr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.13.BUILD-SNAPSHOT
+		2.1.0.RELEASE
 		../../..
 	
 
diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml
index fa285f8af..cca907196 100644
--- a/samples/oauth2/sparklr/pom.xml
+++ b/samples/oauth2/sparklr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.13.BUILD-SNAPSHOT
+		2.1.0.RELEASE
 		../../..
 	
 
diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml
index 1131e00b1..5c5de38d2 100644
--- a/samples/oauth2/tonr/pom.xml
+++ b/samples/oauth2/tonr/pom.xml
@@ -6,7 +6,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.13.BUILD-SNAPSHOT
+		2.1.0.RELEASE
 		../../..
 	
 
diff --git a/samples/pom.xml b/samples/pom.xml
index 2c56b940a..2ff069739 100755
--- a/samples/pom.xml
+++ b/samples/pom.xml
@@ -4,7 +4,7 @@
   
     org.springframework.security.oauth
     spring-security-oauth-parent
-    2.0.13.BUILD-SNAPSHOT
+    2.1.0.RELEASE
   
 
   spring-security-oauth-samples
diff --git a/spring-security-oauth/pom.xml b/spring-security-oauth/pom.xml
index 7dd4a4c1d..aa4bbe97a 100644
--- a/spring-security-oauth/pom.xml
+++ b/spring-security-oauth/pom.xml
@@ -4,7 +4,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.13.BUILD-SNAPSHOT
+		2.1.0.RELEASE
 	
 
 	spring-security-oauth
diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml
index 4949b5ba2..cd9cd7c0e 100644
--- a/spring-security-oauth2/pom.xml
+++ b/spring-security-oauth2/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.0.13.BUILD-SNAPSHOT
+		2.1.0.RELEASE
 	
 
 	spring-security-oauth2
diff --git a/tests/annotation/approval/pom.xml b/tests/annotation/approval/pom.xml
index 2dc67ad4d..02a45f1a3 100644
--- a/tests/annotation/approval/pom.xml
+++ b/tests/annotation/approval/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.13.BUILD-SNAPSHOT
+		2.1.0.RELEASE
 	
 
 	
diff --git a/tests/annotation/client/pom.xml b/tests/annotation/client/pom.xml
index 555854c6d..8854f5fab 100644
--- a/tests/annotation/client/pom.xml
+++ b/tests/annotation/client/pom.xml
@@ -11,7 +11,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.13.BUILD-SNAPSHOT
+		2.1.0.RELEASE
 	
 
 	
diff --git a/tests/annotation/common/pom.xml b/tests/annotation/common/pom.xml
index ec1d24e93..f67e73cd5 100644
--- a/tests/annotation/common/pom.xml
+++ b/tests/annotation/common/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.13.BUILD-SNAPSHOT
+		2.1.0.RELEASE
 	
 
 	
diff --git a/tests/annotation/custom-authentication/pom.xml b/tests/annotation/custom-authentication/pom.xml
index f2f8cb481..d524766ee 100644
--- a/tests/annotation/custom-authentication/pom.xml
+++ b/tests/annotation/custom-authentication/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.13.BUILD-SNAPSHOT
+		2.1.0.RELEASE
 	
 
 	
diff --git a/tests/annotation/custom-grant/pom.xml b/tests/annotation/custom-grant/pom.xml
index 3ef3ac2de..1f1c65f98 100644
--- a/tests/annotation/custom-grant/pom.xml
+++ b/tests/annotation/custom-grant/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.13.BUILD-SNAPSHOT
+		2.1.0.RELEASE
 	
 
 	
diff --git a/tests/annotation/form/pom.xml b/tests/annotation/form/pom.xml
index 311156648..c6baa174e 100644
--- a/tests/annotation/form/pom.xml
+++ b/tests/annotation/form/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.13.BUILD-SNAPSHOT
+		2.1.0.RELEASE
 	
 
 	
diff --git a/tests/annotation/jaxb/pom.xml b/tests/annotation/jaxb/pom.xml
index 05fc8f4cd..5d2bc2cd1 100644
--- a/tests/annotation/jaxb/pom.xml
+++ b/tests/annotation/jaxb/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.13.BUILD-SNAPSHOT
+		2.1.0.RELEASE
 	
 
 	
diff --git a/tests/annotation/jdbc/pom.xml b/tests/annotation/jdbc/pom.xml
index b38274a78..51c136659 100644
--- a/tests/annotation/jdbc/pom.xml
+++ b/tests/annotation/jdbc/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.13.BUILD-SNAPSHOT
+		2.1.0.RELEASE
 	
 
 	
diff --git a/tests/annotation/jpa/pom.xml b/tests/annotation/jpa/pom.xml
index b82319fc0..a7ba7a4ac 100644
--- a/tests/annotation/jpa/pom.xml
+++ b/tests/annotation/jpa/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.13.BUILD-SNAPSHOT
+		2.1.0.RELEASE
 	
 
 	
diff --git a/tests/annotation/jwt/pom.xml b/tests/annotation/jwt/pom.xml
index 6d92b9026..e2364ddee 100644
--- a/tests/annotation/jwt/pom.xml
+++ b/tests/annotation/jwt/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.13.BUILD-SNAPSHOT
+		2.1.0.RELEASE
 	
 
 	
diff --git a/tests/annotation/mappings/pom.xml b/tests/annotation/mappings/pom.xml
index 8346ed914..b2b1a2765 100644
--- a/tests/annotation/mappings/pom.xml
+++ b/tests/annotation/mappings/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.13.BUILD-SNAPSHOT
+		2.1.0.RELEASE
 	
 
 	
diff --git a/tests/annotation/multi/pom.xml b/tests/annotation/multi/pom.xml
index e2634b7c1..25cee2368 100644
--- a/tests/annotation/multi/pom.xml
+++ b/tests/annotation/multi/pom.xml
@@ -9,7 +9,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.13.BUILD-SNAPSHOT
+		2.1.0.RELEASE
 	
 
 	
diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml
index 6f139dded..ebb378cf7 100644
--- a/tests/annotation/pom.xml
+++ b/tests/annotation/pom.xml
@@ -4,7 +4,7 @@
 
 	org.demo
 	spring-oauth2-tests-parent
-	2.0.13.BUILD-SNAPSHOT
+	2.1.0.RELEASE
     pom
 
     
@@ -39,7 +39,7 @@
 		
 			org.springframework.security.oauth
 			spring-security-oauth2
-			2.0.13.BUILD-SNAPSHOT
+			2.1.0.RELEASE
 			
 				
 					jackson-mapper-asl
diff --git a/tests/annotation/resource/pom.xml b/tests/annotation/resource/pom.xml
index 6d3b500f1..bbe5e3288 100644
--- a/tests/annotation/resource/pom.xml
+++ b/tests/annotation/resource/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.13.BUILD-SNAPSHOT
+		2.1.0.RELEASE
 	
 
 	
diff --git a/tests/annotation/ssl/pom.xml b/tests/annotation/ssl/pom.xml
index 13dbe9cd3..3c2ae4c67 100644
--- a/tests/annotation/ssl/pom.xml
+++ b/tests/annotation/ssl/pom.xml
@@ -11,7 +11,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.13.BUILD-SNAPSHOT
+		2.1.0.RELEASE
 	
 
 	
diff --git a/tests/annotation/vanilla/pom.xml b/tests/annotation/vanilla/pom.xml
index 590597180..99dd26ae0 100644
--- a/tests/annotation/vanilla/pom.xml
+++ b/tests/annotation/vanilla/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.0.13.BUILD-SNAPSHOT
+		2.1.0.RELEASE
 	
 
 	
diff --git a/tests/pom.xml b/tests/pom.xml
index 4d58bbcb0..770460930 100644
--- a/tests/pom.xml
+++ b/tests/pom.xml
@@ -4,7 +4,7 @@
   
     org.springframework.security.oauth
     spring-security-oauth-parent
-    2.0.13.BUILD-SNAPSHOT
+    2.1.0.RELEASE
   
 
   spring-security-oauth-tests
diff --git a/tests/xml/approval/pom.xml b/tests/xml/approval/pom.xml
index f66b6a0f6..9c209c065 100644
--- a/tests/xml/approval/pom.xml
+++ b/tests/xml/approval/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.13.BUILD-SNAPSHOT
+		2.1.0.RELEASE
 	
 
 	
diff --git a/tests/xml/client/pom.xml b/tests/xml/client/pom.xml
index 349d602a2..b604409eb 100644
--- a/tests/xml/client/pom.xml
+++ b/tests/xml/client/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.13.BUILD-SNAPSHOT
+		2.1.0.RELEASE
 	
 
 	
diff --git a/tests/xml/common/pom.xml b/tests/xml/common/pom.xml
index 654689b20..f4b5da6e3 100644
--- a/tests/xml/common/pom.xml
+++ b/tests/xml/common/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.13.BUILD-SNAPSHOT
+		2.1.0.RELEASE
 	
 
 	
diff --git a/tests/xml/form/pom.xml b/tests/xml/form/pom.xml
index e6302c055..83f7a4481 100644
--- a/tests/xml/form/pom.xml
+++ b/tests/xml/form/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.13.BUILD-SNAPSHOT
+		2.1.0.RELEASE
 	
 
 	
diff --git a/tests/xml/jdbc/pom.xml b/tests/xml/jdbc/pom.xml
index e777afb3d..bd3ef53f1 100644
--- a/tests/xml/jdbc/pom.xml
+++ b/tests/xml/jdbc/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.13.BUILD-SNAPSHOT
+		2.1.0.RELEASE
 	
 
 	
diff --git a/tests/xml/jwt/pom.xml b/tests/xml/jwt/pom.xml
index 965689999..17fe67982 100644
--- a/tests/xml/jwt/pom.xml
+++ b/tests/xml/jwt/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.13.BUILD-SNAPSHOT
+		2.1.0.RELEASE
 	
 
 	
diff --git a/tests/xml/mappings/pom.xml b/tests/xml/mappings/pom.xml
index 84d9a32d9..9297aebc1 100644
--- a/tests/xml/mappings/pom.xml
+++ b/tests/xml/mappings/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.13.BUILD-SNAPSHOT
+		2.1.0.RELEASE
 	
 
 	
diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml
index 421c0c48a..21fa83142 100644
--- a/tests/xml/pom.xml
+++ b/tests/xml/pom.xml
@@ -4,7 +4,7 @@
 
 	org.demo
 	spring-oauth2-tests-xml-parent
-	2.0.13.BUILD-SNAPSHOT
+	2.1.0.RELEASE
     pom
 
     
@@ -33,7 +33,7 @@
 		
 			org.springframework.security.oauth
 			spring-security-oauth2
-			2.0.13.BUILD-SNAPSHOT
+			2.1.0.RELEASE
 			
 				
 					jackson-mapper-asl
diff --git a/tests/xml/vanilla/pom.xml b/tests/xml/vanilla/pom.xml
index f64a2d1f2..3f3ffe999 100644
--- a/tests/xml/vanilla/pom.xml
+++ b/tests/xml/vanilla/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.0.13.BUILD-SNAPSHOT
+		2.1.0.RELEASE
 	
 
 	

From 5dbb8a220ea45a9053638d50975d1b41a9c6ca5f Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Thu, 2 Mar 2017 17:46:55 -0500
Subject: [PATCH 082/345] Next development version

---
 pom.xml                                        | 2 +-
 samples/oauth/sparklr/pom.xml                  | 2 +-
 samples/oauth/tonr/pom.xml                     | 2 +-
 samples/oauth2/sparklr/pom.xml                 | 2 +-
 samples/oauth2/tonr/pom.xml                    | 2 +-
 samples/pom.xml                                | 2 +-
 spring-security-oauth/pom.xml                  | 2 +-
 spring-security-oauth2/pom.xml                 | 2 +-
 tests/annotation/approval/pom.xml              | 2 +-
 tests/annotation/client/pom.xml                | 2 +-
 tests/annotation/common/pom.xml                | 2 +-
 tests/annotation/custom-authentication/pom.xml | 2 +-
 tests/annotation/custom-grant/pom.xml          | 2 +-
 tests/annotation/form/pom.xml                  | 2 +-
 tests/annotation/jaxb/pom.xml                  | 2 +-
 tests/annotation/jdbc/pom.xml                  | 2 +-
 tests/annotation/jpa/pom.xml                   | 2 +-
 tests/annotation/jwt/pom.xml                   | 2 +-
 tests/annotation/mappings/pom.xml              | 2 +-
 tests/annotation/multi/pom.xml                 | 2 +-
 tests/annotation/pom.xml                       | 4 ++--
 tests/annotation/resource/pom.xml              | 2 +-
 tests/annotation/ssl/pom.xml                   | 2 +-
 tests/annotation/vanilla/pom.xml               | 2 +-
 tests/pom.xml                                  | 2 +-
 tests/xml/approval/pom.xml                     | 2 +-
 tests/xml/client/pom.xml                       | 2 +-
 tests/xml/common/pom.xml                       | 2 +-
 tests/xml/form/pom.xml                         | 2 +-
 tests/xml/jdbc/pom.xml                         | 2 +-
 tests/xml/jwt/pom.xml                          | 2 +-
 tests/xml/mappings/pom.xml                     | 2 +-
 tests/xml/pom.xml                              | 4 ++--
 tests/xml/vanilla/pom.xml                      | 2 +-
 34 files changed, 36 insertions(+), 36 deletions(-)

diff --git a/pom.xml b/pom.xml
index bd0477f35..b05c742dc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
   OAuth for Spring Security
   Parent Project for OAuth Support for Spring Security
   pom
-  2.1.0.RELEASE
+  2.1.1.BUILD-SNAPSHOT
   http://static.springframework.org/spring-security/oauth
 
   
diff --git a/samples/oauth/sparklr/pom.xml b/samples/oauth/sparklr/pom.xml
index 91e000ecd..d5985dc6d 100644
--- a/samples/oauth/sparklr/pom.xml
+++ b/samples/oauth/sparklr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.1.0.RELEASE
+		2.1.1.BUILD-SNAPSHOT
 		../../..
 	
 
diff --git a/samples/oauth/tonr/pom.xml b/samples/oauth/tonr/pom.xml
index 6d48cf227..283337497 100644
--- a/samples/oauth/tonr/pom.xml
+++ b/samples/oauth/tonr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.1.0.RELEASE
+		2.1.1.BUILD-SNAPSHOT
 		../../..
 	
 
diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml
index cca907196..1f9013dd3 100644
--- a/samples/oauth2/sparklr/pom.xml
+++ b/samples/oauth2/sparklr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.1.0.RELEASE
+		2.1.1.BUILD-SNAPSHOT
 		../../..
 	
 
diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml
index 5c5de38d2..50334a463 100644
--- a/samples/oauth2/tonr/pom.xml
+++ b/samples/oauth2/tonr/pom.xml
@@ -6,7 +6,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.1.0.RELEASE
+		2.1.1.BUILD-SNAPSHOT
 		../../..
 	
 
diff --git a/samples/pom.xml b/samples/pom.xml
index 2ff069739..96c07851c 100755
--- a/samples/pom.xml
+++ b/samples/pom.xml
@@ -4,7 +4,7 @@
   
     org.springframework.security.oauth
     spring-security-oauth-parent
-    2.1.0.RELEASE
+    2.1.1.BUILD-SNAPSHOT
   
 
   spring-security-oauth-samples
diff --git a/spring-security-oauth/pom.xml b/spring-security-oauth/pom.xml
index aa4bbe97a..587b63fac 100644
--- a/spring-security-oauth/pom.xml
+++ b/spring-security-oauth/pom.xml
@@ -4,7 +4,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.1.0.RELEASE
+		2.1.1.BUILD-SNAPSHOT
 	
 
 	spring-security-oauth
diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml
index cd9cd7c0e..a850142f0 100644
--- a/spring-security-oauth2/pom.xml
+++ b/spring-security-oauth2/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.1.0.RELEASE
+		2.1.1.BUILD-SNAPSHOT
 	
 
 	spring-security-oauth2
diff --git a/tests/annotation/approval/pom.xml b/tests/annotation/approval/pom.xml
index 02a45f1a3..d1110a48a 100644
--- a/tests/annotation/approval/pom.xml
+++ b/tests/annotation/approval/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.0.RELEASE
+		2.1.1.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/client/pom.xml b/tests/annotation/client/pom.xml
index 8854f5fab..d2aebd623 100644
--- a/tests/annotation/client/pom.xml
+++ b/tests/annotation/client/pom.xml
@@ -11,7 +11,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.0.RELEASE
+		2.1.1.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/common/pom.xml b/tests/annotation/common/pom.xml
index f67e73cd5..dc24d1048 100644
--- a/tests/annotation/common/pom.xml
+++ b/tests/annotation/common/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.0.RELEASE
+		2.1.1.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/custom-authentication/pom.xml b/tests/annotation/custom-authentication/pom.xml
index d524766ee..38884d6b4 100644
--- a/tests/annotation/custom-authentication/pom.xml
+++ b/tests/annotation/custom-authentication/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.0.RELEASE
+		2.1.1.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/custom-grant/pom.xml b/tests/annotation/custom-grant/pom.xml
index 1f1c65f98..648084bea 100644
--- a/tests/annotation/custom-grant/pom.xml
+++ b/tests/annotation/custom-grant/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.0.RELEASE
+		2.1.1.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/form/pom.xml b/tests/annotation/form/pom.xml
index c6baa174e..0170024a6 100644
--- a/tests/annotation/form/pom.xml
+++ b/tests/annotation/form/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.0.RELEASE
+		2.1.1.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/jaxb/pom.xml b/tests/annotation/jaxb/pom.xml
index 5d2bc2cd1..6b76b5c08 100644
--- a/tests/annotation/jaxb/pom.xml
+++ b/tests/annotation/jaxb/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.0.RELEASE
+		2.1.1.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/jdbc/pom.xml b/tests/annotation/jdbc/pom.xml
index 51c136659..2035871b8 100644
--- a/tests/annotation/jdbc/pom.xml
+++ b/tests/annotation/jdbc/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.0.RELEASE
+		2.1.1.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/jpa/pom.xml b/tests/annotation/jpa/pom.xml
index a7ba7a4ac..e973072a1 100644
--- a/tests/annotation/jpa/pom.xml
+++ b/tests/annotation/jpa/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.0.RELEASE
+		2.1.1.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/jwt/pom.xml b/tests/annotation/jwt/pom.xml
index e2364ddee..46c3a4609 100644
--- a/tests/annotation/jwt/pom.xml
+++ b/tests/annotation/jwt/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.0.RELEASE
+		2.1.1.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/mappings/pom.xml b/tests/annotation/mappings/pom.xml
index b2b1a2765..eff643328 100644
--- a/tests/annotation/mappings/pom.xml
+++ b/tests/annotation/mappings/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.0.RELEASE
+		2.1.1.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/multi/pom.xml b/tests/annotation/multi/pom.xml
index 25cee2368..554119314 100644
--- a/tests/annotation/multi/pom.xml
+++ b/tests/annotation/multi/pom.xml
@@ -9,7 +9,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.0.RELEASE
+		2.1.1.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml
index ebb378cf7..065a54434 100644
--- a/tests/annotation/pom.xml
+++ b/tests/annotation/pom.xml
@@ -4,7 +4,7 @@
 
 	org.demo
 	spring-oauth2-tests-parent
-	2.1.0.RELEASE
+	2.1.1.BUILD-SNAPSHOT
     pom
 
     
@@ -39,7 +39,7 @@
 		
 			org.springframework.security.oauth
 			spring-security-oauth2
-			2.1.0.RELEASE
+			2.1.1.BUILD-SNAPSHOT
 			
 				
 					jackson-mapper-asl
diff --git a/tests/annotation/resource/pom.xml b/tests/annotation/resource/pom.xml
index bbe5e3288..df34736a2 100644
--- a/tests/annotation/resource/pom.xml
+++ b/tests/annotation/resource/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.0.RELEASE
+		2.1.1.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/ssl/pom.xml b/tests/annotation/ssl/pom.xml
index 3c2ae4c67..9a6a8a01a 100644
--- a/tests/annotation/ssl/pom.xml
+++ b/tests/annotation/ssl/pom.xml
@@ -11,7 +11,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.0.RELEASE
+		2.1.1.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/vanilla/pom.xml b/tests/annotation/vanilla/pom.xml
index 99dd26ae0..7b31b952a 100644
--- a/tests/annotation/vanilla/pom.xml
+++ b/tests/annotation/vanilla/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.0.RELEASE
+		2.1.1.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/pom.xml b/tests/pom.xml
index 770460930..234e3141c 100644
--- a/tests/pom.xml
+++ b/tests/pom.xml
@@ -4,7 +4,7 @@
   
     org.springframework.security.oauth
     spring-security-oauth-parent
-    2.1.0.RELEASE
+    2.1.1.BUILD-SNAPSHOT
   
 
   spring-security-oauth-tests
diff --git a/tests/xml/approval/pom.xml b/tests/xml/approval/pom.xml
index 9c209c065..c8569a5d2 100644
--- a/tests/xml/approval/pom.xml
+++ b/tests/xml/approval/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.1.0.RELEASE
+		2.1.1.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/client/pom.xml b/tests/xml/client/pom.xml
index b604409eb..049f30793 100644
--- a/tests/xml/client/pom.xml
+++ b/tests/xml/client/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.1.0.RELEASE
+		2.1.1.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/common/pom.xml b/tests/xml/common/pom.xml
index f4b5da6e3..4d15848f3 100644
--- a/tests/xml/common/pom.xml
+++ b/tests/xml/common/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.1.0.RELEASE
+		2.1.1.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/form/pom.xml b/tests/xml/form/pom.xml
index 83f7a4481..37d5a50f7 100644
--- a/tests/xml/form/pom.xml
+++ b/tests/xml/form/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.1.0.RELEASE
+		2.1.1.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/jdbc/pom.xml b/tests/xml/jdbc/pom.xml
index bd3ef53f1..1c130362a 100644
--- a/tests/xml/jdbc/pom.xml
+++ b/tests/xml/jdbc/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.1.0.RELEASE
+		2.1.1.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/jwt/pom.xml b/tests/xml/jwt/pom.xml
index 17fe67982..0275e803f 100644
--- a/tests/xml/jwt/pom.xml
+++ b/tests/xml/jwt/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.1.0.RELEASE
+		2.1.1.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/mappings/pom.xml b/tests/xml/mappings/pom.xml
index 9297aebc1..f55d557c9 100644
--- a/tests/xml/mappings/pom.xml
+++ b/tests/xml/mappings/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.1.0.RELEASE
+		2.1.1.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml
index 21fa83142..887dca74e 100644
--- a/tests/xml/pom.xml
+++ b/tests/xml/pom.xml
@@ -4,7 +4,7 @@
 
 	org.demo
 	spring-oauth2-tests-xml-parent
-	2.1.0.RELEASE
+	2.1.1.BUILD-SNAPSHOT
     pom
 
     
@@ -33,7 +33,7 @@
 		
 			org.springframework.security.oauth
 			spring-security-oauth2
-			2.1.0.RELEASE
+			2.1.1.BUILD-SNAPSHOT
 			
 				
 					jackson-mapper-asl
diff --git a/tests/xml/vanilla/pom.xml b/tests/xml/vanilla/pom.xml
index 3f3ffe999..abe8c9fa1 100644
--- a/tests/xml/vanilla/pom.xml
+++ b/tests/xml/vanilla/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.1.0.RELEASE
+		2.1.1.BUILD-SNAPSHOT
 	
 
 	

From 0651688c5ef21c85a3a58576380b04870c47b12c Mon Sep 17 00:00:00 2001
From: Guillaume Wallet 
Date: Wed, 8 Mar 2017 08:07:42 +0100
Subject: [PATCH 083/345] Read RSA PK modulus/exponent as unsigned int from JWK

Fixes gh-1010
---
 .../token/store/jwk/JwkDefinitionSource.java  |  4 +-
 .../store/jwk/JwkDefinitionSourceTest.java    | 37 +++++++++++++++++++
 .../provider/token/store/jwk/jwk-set.json     | 12 ++++++
 .../oauth2/provider/token/store/jwk/token.jwt |  1 +
 4 files changed, 52 insertions(+), 2 deletions(-)
 create mode 100644 spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/provider/token/store/jwk/jwk-set.json
 create mode 100644 spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/provider/token/store/jwk/token.jwt

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java
index de643ff03..08ea6f807 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java
@@ -145,8 +145,8 @@ static Map loadJwkDefinitions(URL jwkSetUrl) {
 	private static RsaVerifier createRsaVerifier(RsaJwkDefinition rsaDefinition) {
 		RsaVerifier result;
 		try {
-			BigInteger modulus = new BigInteger(Codecs.b64UrlDecode(rsaDefinition.getModulus()));
-			BigInteger exponent = new BigInteger(Codecs.b64UrlDecode(rsaDefinition.getExponent()));
+			BigInteger modulus = new BigInteger(1, Codecs.b64UrlDecode(rsaDefinition.getModulus()));
+			BigInteger exponent = new BigInteger(1, Codecs.b64UrlDecode(rsaDefinition.getExponent()));
 
 			RSAPublicKey rsaPublicKey = (RSAPublicKey) KeyFactory.getInstance("RSA")
 					.generatePublic(new RSAPublicKeySpec(modulus, exponent));
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceTest.java
index 75a545379..195531157 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceTest.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceTest.java
@@ -15,11 +15,16 @@
  */
 package org.springframework.security.oauth2.provider.token.store.jwk;
 
+import org.apache.commons.codec.Charsets;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
+import org.springframework.security.jwt.codec.Codecs;
+import org.springframework.security.jwt.crypto.sign.SignatureVerifier;
 
+import java.io.IOException;
+import java.io.InputStream;
 import java.net.URL;
 import java.util.Collections;
 
@@ -49,4 +54,36 @@ public void getDefinitionLoadIfNecessaryWhenKeyIdNotFoundThenLoadJwkDefinitions(
 		jwkDefinitionSource.getDefinitionLoadIfNecessary("invalid-key-id");
 		verifyStatic();
 	}
+
+	// gh-1010
+	@Test
+	public void getVerifierWhenModulusMostSignificantBitIs1ThenVerifierStillVerifyContentSignature() throws Exception {
+		String jwkSetUrl = JwkDefinitionSourceTest.class.getResource("jwk-set.json").toString();
+		JwkDefinitionSource jwkDefinitionSource = new JwkDefinitionSource(jwkSetUrl);
+		SignatureVerifier verifier = jwkDefinitionSource.getVerifier("_Ci3-VfV_N0YAG22NQOgOUpFBDDcDe_rJxpu5JK702o");
+		String token = this.readToken("token.jwt");
+		int secondPeriodIndex = token.indexOf('.', token.indexOf('.') + 1);
+		String contentString = token.substring(0, secondPeriodIndex);
+		byte[] content = contentString.getBytes(Charsets.UTF_8);
+		String signatureString = token.substring(secondPeriodIndex + 1);
+		byte[] signature = Codecs.b64UrlDecode(signatureString);
+		verifier.verify(content, signature);
+	}
+
+	private String readToken(String resource) throws IOException {
+		StringBuilder sb = new StringBuilder();
+		InputStream in = null;
+		try {
+			in = JwkDefinitionSourceTest.class.getResourceAsStream(resource);
+			int ch;
+			while ((ch = in.read()) != -1) {
+				sb.append((char) ch);
+			}
+		} finally {
+			if (in != null) {
+				in.close();
+			}
+		}
+		return sb.toString();
+	}
 }
\ No newline at end of file
diff --git a/spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/provider/token/store/jwk/jwk-set.json b/spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/provider/token/store/jwk/jwk-set.json
new file mode 100644
index 000000000..4879780fe
--- /dev/null
+++ b/spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/provider/token/store/jwk/jwk-set.json
@@ -0,0 +1,12 @@
+{
+    "keys": [
+        {
+            "kid": "_Ci3-VfV_N0YAG22NQOgOUpFBDDcDe_rJxpu5JK702o",
+            "kty": "RSA",
+            "alg": "RS256",
+            "use": "sig",
+            "n": "rne3dowbQHcFCzg2ejWb6az5QNxWFiv6kRpd34VDzYNMhWeewfeEL5Pf5clE8Xh1KlllrDYSxtnzUQm-t9p92yEBASfV96ydTYG-ITfxfJzKtJUN-iIS5K9WGYXnDNS4eYZ_ygW-zBU_9NwFMXdwSTzRqHeJmLJrfbmmjoIuuWyfh2Ko52KzyidceR5SJxGeW0ckeyWka1lDf4cr7fv-s093Y_sd2wrNvg0-9IAkXotbxWWXcfMgXFyw0qHFT_5LrKmiwkY3HCaiV5NgEFJmC6fBIG2EOZG4rqjBoYV6LZwrfTMHknaeel9MOZesW6SR2bswtuuWN3DGq2zg0KamLw",
+            "e": "AQAB"
+        }
+    ]
+}
diff --git a/spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/provider/token/store/jwk/token.jwt b/spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/provider/token/store/jwk/token.jwt
new file mode 100644
index 000000000..72469e7e0
--- /dev/null
+++ b/spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/provider/token/store/jwk/token.jwt
@@ -0,0 +1 @@
+eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJfQ2kzLVZmVl9OMFlBRzIyTlFPZ09VcEZCRERjRGVfckp4cHU1Sks3MDJvIn0.eyJqdGkiOiIzOWQxMmU1NC00MjliLTRkZjUtOTM2OS01YWVlOTFkNzAwZjgiLCJleHAiOjE0ODg5MDk1NzMsIm5iZiI6MCwiaWF0IjoxNDg4OTA5MjczLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgxODAvYXV0aC9yZWFsbXMvRGVtbyIsImF1ZCI6ImJvb3QtYXBwIiwic3ViIjoiNGM5NjE5NDQtN2VkZC00ZDZiLTg2MGUtYmJiZGNhODk0MDU4IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYm9vdC1hcHAiLCJhdXRoX3RpbWUiOjE0ODg5MDkyNzMsInNlc3Npb25fc3RhdGUiOiJiMjdjMDZlNi02ODgwLTQxZTEtOTM2MS1jZmEzYzY2ZjYyNjAiLCJhY3IiOiIxIiwiY2xpZW50X3Nlc3Npb24iOiIyYjA5NTFiOC1iMjdkLTRlYWMtYjUxOC1kZTQ5OTA5OTY2ZDgiLCJhbGxvd2VkLW9yaWdpbnMiOltdLCJyZXNvdXJjZV9hY2Nlc3MiOnsiYm9vdC1hcGkiOnsicm9sZXMiOlsiYm9vdC1hcGktcm9sZSJdfSwiYm9vdC1hcHAiOnsicm9sZXMiOlsiYm9vdC1yb2xlIl19fSwibmFtZSI6IkFsaWNlICIsInByZWZlcnJlZF91c2VybmFtZSI6ImFsaWNlIiwiZ2l2ZW5fbmFtZSI6IkFsaWNlIiwiZmFtaWx5X25hbWUiOiIiLCJlbWFpbCI6ImFsaWNlQGV4YW1wbGUubmV0In0.NfF5rPMabu8gaigUHZnX3gIzNGAxKpmPP206U5keNtexNqsmQEFO4KT2i1JYLwvNVFnRWCa8FmYokAtzeHgLvHk2B8CZXqL6GSMGQ26wPS5RIFTak9HjfHMhodqSIdy4wZTKmEcum_uYTaCdrVRSfWU8l94xAY6OzwElZX5ulkucvgWQnpFs0HB7X54kB07OqpN8L3i1jeQoEV0iJchtxZiEOSipqMNO7cujMqB_6lf9i78URPuyExfeLzAWyDbMWSJBp3zUoS7HakwE_4oC3eVEYTxDtMRL2yl2_8R0C0g2Dc0Qb9aezFxo3-SDNuy9aicDmibEEOpIoetlrIYbNA
\ No newline at end of file

From 536de80971a74f76e9eebef921cbdadc5144d46c Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Mon, 8 May 2017 15:46:13 -0400
Subject: [PATCH 084/345] Call delegate when JwkTokenStore.removeAccessToken()
 called

Fixes gh-1055
---
 .../token/store/jwk/JwkTokenStore.java        |  7 +++----
 .../token/store/jwk/JwkTokenStoreTest.java    | 19 ++++++++++++++-----
 2 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java
index 85706ba4a..f021b5536 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java
@@ -146,14 +146,13 @@ public OAuth2AccessToken readAccessToken(String tokenValue) {
 	}
 
 	/**
-	 * This operation is not applicable for a Resource Server
-	 * and if called, will throw a {@link JwkException}.
+	 * Delegates to the internal instance {@link JwtTokenStore#removeAccessToken(OAuth2AccessToken)}.
 	 *
-	 * @throws JwkException reporting this operation is not supported
+	 * @param token the access token
 	 */
 	@Override
 	public void removeAccessToken(OAuth2AccessToken token) {
-		throw this.operationNotSupported();
+		this.delegate.removeAccessToken(token);
 	}
 
 	/**
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreTest.java
index 28ea3b528..d6914ad5d 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreTest.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreTest.java
@@ -87,15 +87,24 @@ public void readAccessTokenWhenCalledThenDelegateCalled() throws Exception {
 	}
 
 	@Test
-	public void storeAccessTokenWhenCalledThenThrowJwkException() throws Exception {
-		this.setUpExpectedJwkException();
-		this.jwkTokenStore.storeAccessToken(null, null);
+	public void removeAccessTokenWhenCalledThenDelegateCalled() throws Exception {
+		JwkTokenStore spy = spy(this.jwkTokenStore);
+		JwtTokenStore delegate = mock(JwtTokenStore.class);
+
+		doNothing().when(delegate).removeAccessToken(any(OAuth2AccessToken.class));
+
+		Field field = ReflectionUtils.findField(spy.getClass(), "delegate");
+		field.setAccessible(true);
+		ReflectionUtils.setField(field, spy, delegate);
+
+		spy.removeAccessToken(any(OAuth2AccessToken.class));
+		verify(delegate).removeAccessToken(any(OAuth2AccessToken.class));
 	}
 
 	@Test
-	public void removeAccessTokenWhenCalledThenThrowJwkException() throws Exception {
+	public void storeAccessTokenWhenCalledThenThrowJwkException() throws Exception {
 		this.setUpExpectedJwkException();
-		this.jwkTokenStore.removeAccessToken(null);
+		this.jwkTokenStore.storeAccessToken(null, null);
 	}
 
 	@Test

From 3ae2d7ee966406b8fdb6de33ca160e92a71aef78 Mon Sep 17 00:00:00 2001
From: denis 
Date: Thu, 15 Sep 2016 20:49:23 -0300
Subject: [PATCH 085/345] Fix NPE on evicted authentication

Fixes gh-844
---
 .../token/store/redis/RedisTokenStore.java        | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStore.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStore.java
index 343326c2b..fb3708f3c 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStore.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStore.java
@@ -97,12 +97,15 @@ public OAuth2AccessToken getAccessToken(OAuth2Authentication authentication) {
 			conn.close();
 		}
 		OAuth2AccessToken accessToken = deserializeAccessToken(bytes);
-		if (accessToken != null
-				&& !key.equals(authenticationKeyGenerator.extractKey(readAuthentication(accessToken.getValue())))) {
-			// Keep the stores consistent (maybe the same user is
-			// represented by this authentication but the details have
-			// changed)
-			storeAccessToken(accessToken, authentication);
+		if (accessToken != null) {
+			OAuth2Authentication storedAuthentication = readAuthentication(accessToken.getValue());
+			if ((storedAuthentication == null || !key.equals(authenticationKeyGenerator.extractKey(storedAuthentication)))) {
+				// Keep the stores consistent (maybe the same user is
+				// represented by this authentication but the details have
+				// changed)
+				storeAccessToken(accessToken, authentication);
+			}
+
 		}
 		return accessToken;
 	}

From 1cb6ce40d9d2a2524b1f8473989d7459a8e5bb81 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Fri, 12 May 2017 10:29:07 -0400
Subject: [PATCH 086/345] Upgrade bcpkix-jdk15on to 1.5.6

Fixes gh-1046
---
 spring-security-jwt/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spring-security-jwt/pom.xml b/spring-security-jwt/pom.xml
index 12aaf8300..49db4c907 100755
--- a/spring-security-jwt/pom.xml
+++ b/spring-security-jwt/pom.xml
@@ -29,7 +29,7 @@
 		
 			org.bouncycastle
 			bcpkix-jdk15on
-			1.55
+			1.56
 		
 
 		

From b418cab1f64c3a3dd6def25c75c9fcea26b19b53 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Mon, 15 May 2017 12:02:56 -0400
Subject: [PATCH 087/345] CheckTokenEndpoint returns 'active' attribute

Fixes gh-1070
---
 .../provider/endpoint/CheckTokenEndpoint.java |  9 ++-
 .../endpoint/CheckTokenEndpointTest.java      | 64 +++++++++++++++++++
 2 files changed, 70 insertions(+), 3 deletions(-)
 create mode 100644 spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/CheckTokenEndpointTest.java

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/CheckTokenEndpoint.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/CheckTokenEndpoint.java
index 8c2315614..0639f893c 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/CheckTokenEndpoint.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/CheckTokenEndpoint.java
@@ -12,8 +12,6 @@
  *******************************************************************************/
 package org.springframework.security.oauth2.provider.endpoint;
 
-import java.util.Map;
-
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.http.ResponseEntity;
@@ -31,6 +29,8 @@
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
 
+import java.util.Map;
+
 /**
  * Controller which decodes access tokens for clients who are not able to do so (or where opaque token values are used).
  * 
@@ -81,7 +81,10 @@ public void setAccessTokenConverter(AccessTokenConverter accessTokenConverter) {
 
 		OAuth2Authentication authentication = resourceServerTokenServices.loadAuthentication(token.getValue());
 
-		Map response = accessTokenConverter.convertAccessToken(token, authentication);
+		Map response = (Map)accessTokenConverter.convertAccessToken(token, authentication);
+
+		// gh-1070
+		response.put("active", true);	// Always true if token exists and not expired
 
 		return response;
 	}
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/CheckTokenEndpointTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/CheckTokenEndpointTest.java
new file mode 100644
index 000000000..87fc2ffb7
--- /dev/null
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/CheckTokenEndpointTest.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2012-2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.provider.endpoint;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
+import org.springframework.security.oauth2.provider.token.AccessTokenConverter;
+import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.mockito.Matchers.anyString;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+/**
+ * @author Joe Grandja
+ */
+public class CheckTokenEndpointTest {
+	private CheckTokenEndpoint checkTokenEndpoint;
+
+	@Before
+	public void setUp() {
+		ResourceServerTokenServices resourceServerTokenServices = mock(ResourceServerTokenServices.class);
+		OAuth2AccessToken accessToken = mock(OAuth2AccessToken.class);
+		OAuth2Authentication authentication = mock(OAuth2Authentication.class);
+		when(resourceServerTokenServices.readAccessToken(anyString())).thenReturn(accessToken);
+		when(accessToken.isExpired()).thenReturn(false);
+		when(accessToken.getValue()).thenReturn("access-token-1234");
+		when(resourceServerTokenServices.loadAuthentication(accessToken.getValue())).thenReturn(authentication);
+		this.checkTokenEndpoint = new CheckTokenEndpoint(resourceServerTokenServices);
+
+		AccessTokenConverter accessTokenConverter = mock(AccessTokenConverter.class);
+		when(accessTokenConverter.convertAccessToken(accessToken, authentication)).thenReturn(new HashMap());
+		this.checkTokenEndpoint.setAccessTokenConverter(accessTokenConverter);
+	}
+
+	// gh-1070
+	@Test
+	public void checkTokenWhenTokenValidThenReturnActiveAttribute() throws Exception {
+		Map response = this.checkTokenEndpoint.checkToken("access-token-1234");
+		Object active = response.get("active");
+		assertNotNull("active is null", active);
+		assertEquals("active not true", Boolean.TRUE, active);
+	}
+}
\ No newline at end of file

From f1a9b976389672ff94dfe697d8315256eabc5bf3 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Fri, 12 May 2017 17:19:50 -0400
Subject: [PATCH 088/345] RemoteTokenServices validates 'active' attribute

Fixes gh-838
---
 .../provider/token/RemoteTokenServices.java   |  8 +-
 .../token/RemoteTokenServicesTest.java        | 92 +++++++++++++++++++
 2 files changed, 98 insertions(+), 2 deletions(-)
 create mode 100644 spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/RemoteTokenServicesTest.java

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/RemoteTokenServices.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/RemoteTokenServices.java
index e0ba9c525..9af98ab6e 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/RemoteTokenServices.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/RemoteTokenServices.java
@@ -24,7 +24,6 @@
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
-import org.springframework.util.Assert;
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
 import org.springframework.web.client.DefaultResponseErrorHandler;
@@ -111,7 +110,12 @@ public OAuth2Authentication loadAuthentication(String accessToken) throws Authen
 			throw new InvalidTokenException(accessToken);
 		}
 
-		Assert.state(map.containsKey("client_id"), "Client id must be present in response from auth server");
+		// gh-838
+		if (!Boolean.TRUE.equals(map.get("active"))) {
+			logger.debug("check_token returned active attribute: " + map.get("active"));
+			throw new InvalidTokenException(accessToken);
+		}
+
 		return tokenConverter.extractAuthentication(map);
 	}
 
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/RemoteTokenServicesTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/RemoteTokenServicesTest.java
new file mode 100644
index 000000000..709755ff5
--- /dev/null
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/RemoteTokenServicesTest.java
@@ -0,0 +1,92 @@
+/*
+ * Copyright 2012-2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.provider.token;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
+import org.springframework.web.client.RestTemplate;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import static org.junit.Assert.assertNotNull;
+import static org.mockito.Matchers.any;
+import static org.mockito.Matchers.anyString;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+/**
+ * @author Joe Grandja
+ */
+public class RemoteTokenServicesTest {
+	private static final String DEFAULT_CLIENT_ID = "client-id-1234";
+	private static final String DEFAULT_CLIENT_SECRET = "client-secret-1234";
+	private static final String DEFAULT_CHECK_TOKEN_ENDPOINT_URI = "/oauth/check_token";
+	private RemoteTokenServices remoteTokenServices;
+
+	@Before
+	public void setUp() {
+		this.remoteTokenServices = new RemoteTokenServices();
+		this.remoteTokenServices.setClientId(DEFAULT_CLIENT_ID);
+		this.remoteTokenServices.setClientSecret(DEFAULT_CLIENT_SECRET);
+		this.remoteTokenServices.setCheckTokenEndpointUrl(DEFAULT_CHECK_TOKEN_ENDPOINT_URI);
+	}
+
+	// gh-838
+	@Test
+	public void loadAuthenticationWhenIntrospectionResponseContainsActiveTrueThenReturnAuthentication() throws Exception {
+		Map responseAttrs = new HashMap();
+		responseAttrs.put("active", true);		// "active" is the only required attribute as per RFC 7662 (https://tools.ietf.org/search/rfc7662#section-2.2)
+		ResponseEntity response = new ResponseEntity(responseAttrs, HttpStatus.OK);
+		RestTemplate restTemplate = mock(RestTemplate.class);
+		when(restTemplate.exchange(anyString(), any(HttpMethod.class), any(HttpEntity.class), any(Class.class))).thenReturn(response);
+		this.remoteTokenServices.setRestTemplate(restTemplate);
+
+		OAuth2Authentication authentication = this.remoteTokenServices.loadAuthentication("access-token-1234");
+		assertNotNull(authentication);
+	}
+
+	// gh-838
+	@Test(expected = InvalidTokenException.class)
+	public void loadAuthenticationWhenIntrospectionResponseContainsActiveFalseThenThrowInvalidTokenException() throws Exception {
+		Map responseAttrs = new HashMap();
+		responseAttrs.put("active", false);		// "active" is the only required attribute as per RFC 7662 (https://tools.ietf.org/search/rfc7662#section-2.2)
+		ResponseEntity response = new ResponseEntity(responseAttrs, HttpStatus.OK);
+		RestTemplate restTemplate = mock(RestTemplate.class);
+		when(restTemplate.exchange(anyString(), any(HttpMethod.class), any(HttpEntity.class), any(Class.class))).thenReturn(response);
+		this.remoteTokenServices.setRestTemplate(restTemplate);
+
+		this.remoteTokenServices.loadAuthentication("access-token-1234");
+	}
+
+	// gh-838
+	@Test(expected = InvalidTokenException.class)
+	public void loadAuthenticationWhenIntrospectionResponseMissingActiveAttributeThenThrowInvalidTokenException() throws Exception {
+		Map responseAttrs = new HashMap();
+		ResponseEntity response = new ResponseEntity(responseAttrs, HttpStatus.OK);
+		RestTemplate restTemplate = mock(RestTemplate.class);
+		when(restTemplate.exchange(anyString(), any(HttpMethod.class), any(HttpEntity.class), any(Class.class))).thenReturn(response);
+		this.remoteTokenServices.setRestTemplate(restTemplate);
+
+		this.remoteTokenServices.loadAuthentication("access-token-1234");
+	}
+}
\ No newline at end of file

From e286111e4f6665f16eacdd5b781c5bf21a5f3477 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Tue, 9 May 2017 14:34:43 -0400
Subject: [PATCH 089/345] Build against Spring Framework 5

Fixes gh-1069
---
 pom.xml                                       | 86 +++++++++++++------
 samples/oauth2/sparklr/pom.xml                | 17 +++-
 .../AuthorizationCodeProviderTests.java       | 19 +---
 .../provider/ImplicitProviderTests.java       | 29 +++----
 samples/oauth2/tonr/pom.xml                   | 17 +++-
 spring-security-oauth/pom.xml                 | 19 +++-
 .../security/oauth/config/ConfigUtils.java    | 16 +++-
 ...erverBeanDefinitionParserTests-context.xml |  2 +-
 ...rviceBeanDefinitionParserTests-context.xml |  2 +-
 ...FilterChainInitializationTests-context.xml |  2 +-
 spring-security-oauth2/pom.xml                | 23 ++++-
 .../token/DefaultAccessTokenRequest.java      |  6 ++
 .../oauth2/config/xml/ConfigUtils.java        | 15 +++-
 .../OAuth2ClientContextFilterTests.java       | 10 ++-
 .../token/OAuth2AccessTokenSupportTests.java  |  4 +
 ...ccessTokenProviderWithConversionTests.java |  4 +
 .../client/BaseClientDetailsTests.java        |  3 +-
 .../error/OAuth2AccessDeniedHandlerTests.java |  3 +-
 .../OAuth2AuthenticationEntryPointTests.java  |  4 +-
 ...er-client-credentials-password-invalid.xml | 25 +++++-
 ...rver-client-credentials-password-valid.xml | 25 +++++-
 21 files changed, 241 insertions(+), 90 deletions(-)

diff --git a/pom.xml b/pom.xml
index b05c742dc..3c797edbb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -162,6 +162,64 @@
         
       
     
+    
+      springframework-build
+        
+            5.0.0.BUILD-SNAPSHOT
+            4.2.3.BUILD-SNAPSHOT
+        
+        
+            
+                repo.spring.io-milestone
+                Spring Framework Milestone Repository
+                http://repo.spring.io/libs-milestone-local
+            
+            
+                repo.spring.io-snapshot
+                Spring Framework Maven Snapshot Repository
+                http://repo.spring.io/libs-snapshot-local
+                true
+            
+        
+    
+    
+        default
+        
+          true
+        
+        
+            
+                
+                    org.codehaus.mojo
+                    animal-sniffer-maven-plugin
+                    1.6
+                    
+                        
+                            org.codehaus.mojo.signature
+                            java16
+                            1.0
+                        
+                    
+                    
+                        
+                            enforce-java-6
+                            test
+                            
+                                check
+                            
+                            
+                                
+                                    
+                                    sun.net.www.protocol.http.*
+                                    sun.net.www.protocol.https.*
+                                
+                            
+                        
+                    
+                
+            
+        
+    
   
 
   
@@ -314,34 +372,6 @@
             
           
         
-      
-      
-        org.codehaus.mojo
-        animal-sniffer-maven-plugin
-        1.6
-        
-          
-            org.codehaus.mojo.signature
-            java16
-            1.0
-          
-        
-        
-          
-            enforce-java-6
-            test
-            
-              check
-            
-            
-              
-                
-                sun.net.www.protocol.http.*
-                sun.net.www.protocol.https.*
-              
-            
-          
-        
       
 	  
 		
-			3.0.1
+			${servlet-api.version}
 			true
 		
 
 		
 			junit
 			junit
-			4.11
+			${junit.version}
 			test
 		
 
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ConfigUtils.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ConfigUtils.java
index 2f2b8e434..7d5e17c96 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ConfigUtils.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ConfigUtils.java
@@ -1,5 +1,6 @@
 package org.springframework.security.oauth.config;
 
+import java.lang.reflect.Method;
 import java.util.Collections;
 import java.util.List;
 
@@ -13,16 +14,23 @@
 import org.springframework.security.config.BeanIds;
 import org.springframework.security.config.http.MatcherType;
 import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource;
+import org.springframework.util.ReflectionUtils;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
 import org.w3c.dom.Element;
 
+
 /**
  * Common place for OAuth namespace configuration utils.
  *
  * @author Ryan Heaton
  */
 public class ConfigUtils {
+  private static final Method createMatcherMethod3x = ReflectionUtils.findMethod(
+          MatcherType.class, "createMatcher", String.class, String.class);
+  private static final Method createMatcherMethod4x = ReflectionUtils.findMethod(
+          MatcherType.class, "createMatcher", ParserContext.class, String.class, String.class);
+
   private ConfigUtils() {
   }
 
@@ -56,7 +64,13 @@ public static BeanDefinition createSecurityMetadataSource(Element element, Parse
       String access = filterPattern.getAttribute("resources");
 
       if (StringUtils.hasText(access)) {
-        BeanDefinition matcher = matcherType.createMatcher(path, method);
+        BeanDefinition matcher;
+        if (createMatcherMethod4x != null) {
+          matcher  = (BeanDefinition)ReflectionUtils.invokeMethod(createMatcherMethod4x, matcherType, pc, path, method);
+        } else {
+          matcher  = (BeanDefinition)ReflectionUtils.invokeMethod(createMatcherMethod3x, matcherType, path, method);
+        }
+
         if (access.equals("none")) {
           invocationDefinitionMap.put(matcher, BeanDefinitionBuilder.rootBeanDefinition(Collections.class).setFactoryMethod("emptyList").getBeanDefinition());
         }
diff --git a/spring-security-oauth/src/test/resources/org/springframework/security/oauth/config/AuthorizationServerBeanDefinitionParserTests-context.xml b/spring-security-oauth/src/test/resources/org/springframework/security/oauth/config/AuthorizationServerBeanDefinitionParserTests-context.xml
index 3cfacc02d..74ae58447 100644
--- a/spring-security-oauth/src/test/resources/org/springframework/security/oauth/config/AuthorizationServerBeanDefinitionParserTests-context.xml
+++ b/spring-security-oauth/src/test/resources/org/springframework/security/oauth/config/AuthorizationServerBeanDefinitionParserTests-context.xml
@@ -6,7 +6,7 @@
               http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
               http://www.springframework.org/schema/security/oauth http://www.springframework.org/schema/security/spring-security-oauth-1.0.xsd">
 
-  
+  
     
     
     
diff --git a/spring-security-oauth/src/test/resources/org/springframework/security/oauth/config/ConsumerServiceBeanDefinitionParserTests-context.xml b/spring-security-oauth/src/test/resources/org/springframework/security/oauth/config/ConsumerServiceBeanDefinitionParserTests-context.xml
index 6a00a1361..a80ba48ba 100644
--- a/spring-security-oauth/src/test/resources/org/springframework/security/oauth/config/ConsumerServiceBeanDefinitionParserTests-context.xml
+++ b/spring-security-oauth/src/test/resources/org/springframework/security/oauth/config/ConsumerServiceBeanDefinitionParserTests-context.xml
@@ -6,7 +6,7 @@
               http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
               http://www.springframework.org/schema/security/oauth http://www.springframework.org/schema/security/spring-security-oauth-1.0.xsd">
 
-	
+	
 		
 		
 		
diff --git a/spring-security-oauth/src/test/resources/org/springframework/security/oauth/config/FilterChainInitializationTests-context.xml b/spring-security-oauth/src/test/resources/org/springframework/security/oauth/config/FilterChainInitializationTests-context.xml
index dd55adb30..4ee38a579 100644
--- a/spring-security-oauth/src/test/resources/org/springframework/security/oauth/config/FilterChainInitializationTests-context.xml
+++ b/spring-security-oauth/src/test/resources/org/springframework/security/oauth/config/FilterChainInitializationTests-context.xml
@@ -10,7 +10,7 @@
 
 	
 
-	
+	
 		
 		
 	
diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml
index a850142f0..c0a1b9813 100644
--- a/spring-security-oauth2/pom.xml
+++ b/spring-security-oauth2/pom.xml
@@ -15,9 +15,24 @@
 	
 		1.9.13
 		2.3.2
+		3.0.1
 		1.0.2.RELEASE
+		4.11
+		1.5.4
 	
 
+	
+		
+			springframework-build
+			
+				2.9.0.pr3
+				3.1.0
+				4.12
+				1.6.1
+			
+		
+	
+
 	
 		
 			
@@ -59,7 +74,7 @@
 			javax.servlet
 			javax.servlet-api
 			
-			3.0.1
+			${servlet-api.version}
 			true
 		
 
@@ -181,7 +196,7 @@
 		
 			junit
 			junit
-			4.11
+			${junit.version}
 			compile
 			true
 		
@@ -189,14 +204,14 @@
 		
 			org.powermock
 			powermock-module-junit4
-			1.5.4
+			${powermock.version}
 			test
 		
 
 		
 			org.powermock
 			powermock-api-mockito
-			1.5.4
+			${powermock.version}
 			test
 		
 
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultAccessTokenRequest.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultAccessTokenRequest.java
index 559e02e9c..c40154ca3 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultAccessTokenRequest.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultAccessTokenRequest.java
@@ -139,6 +139,12 @@ public void add(String key, String value) {
 		parameters.add(key, value);
 	}
 
+	public void addAll(String key, List values) {
+		for (String value : values) {
+			this.add(key, value);
+		}
+	}
+
 	public void set(String key, String value) {
 		parameters.set(key, value);
 	}
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ConfigUtils.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ConfigUtils.java
index 88004ef60..77fde32c3 100755
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ConfigUtils.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ConfigUtils.java
@@ -1,5 +1,6 @@
 package org.springframework.security.oauth2.config.xml;
 
+import java.lang.reflect.Method;
 import java.util.Collections;
 import java.util.List;
 
@@ -13,6 +14,7 @@
 import org.springframework.security.config.BeanIds;
 import org.springframework.security.config.http.MatcherType;
 import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource;
+import org.springframework.util.ReflectionUtils;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
 import org.w3c.dom.Element;
@@ -23,6 +25,11 @@
  * @author Ryan Heaton
  */
 public class ConfigUtils {
+  private static final Method createMatcherMethod3x = ReflectionUtils.findMethod(
+          MatcherType.class, "createMatcher", String.class, String.class);
+  private static final Method createMatcherMethod4x = ReflectionUtils.findMethod(
+          MatcherType.class, "createMatcher", ParserContext.class, String.class, String.class);
+
   private ConfigUtils() {
   }
 
@@ -57,7 +64,13 @@ public static BeanDefinition createSecurityMetadataSource(Element element, Parse
       String access = filterPattern.getAttribute("resources");
 
       if (StringUtils.hasText(access)) {
-        BeanDefinition matcher = matcherType.createMatcher(path, method);
+        BeanDefinition matcher;
+        if (createMatcherMethod4x != null) {
+          matcher  = (BeanDefinition)ReflectionUtils.invokeMethod(createMatcherMethod4x, matcherType, pc, path, method);
+        } else {
+          matcher  = (BeanDefinition)ReflectionUtils.invokeMethod(createMatcherMethod3x, matcherType, path, method);
+        }
+
         if (access.equals("none")) {
           invocationDefinitionMap.put(matcher, BeanDefinitionBuilder.rootBeanDefinition(Collections.class).setFactoryMethod("emptyList").getBeanDefinition());
         }
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/filter/OAuth2ClientContextFilterTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/filter/OAuth2ClientContextFilterTests.java
index ed10052c6..d0938781a 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/filter/OAuth2ClientContextFilterTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/filter/OAuth2ClientContextFilterTests.java
@@ -125,6 +125,14 @@ public void testCurrentUriWithInvalidQueryString() throws Exception {
 		OAuth2ClientContextFilter filter = new OAuth2ClientContextFilter();
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setQueryString("foo=bar&code=XXXX&parm=%xx");
-		assertEquals(null, filter.calculateCurrentUri(request));
+		try {
+			assertEquals(null, filter.calculateCurrentUri(request));
+		} catch (IllegalStateException ex) {
+			// OAuth2ClientContextFilter.calculateCurrentUri() internally uses
+			// ServletUriComponentsBuilder.fromRequest(), which behaves differently in Spring Framework 5
+			// and throws an IllegalStateException for a malformed URI.
+			// Previous to Spring Framework 5, 'null' would be returned by OAuth2ClientContextFilter.calculateCurrentUri()
+			// instead of the thrown IllegalStateException.
+		}
 	}
 }
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/OAuth2AccessTokenSupportTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/OAuth2AccessTokenSupportTests.java
index 924f68b78..783df39e0 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/OAuth2AccessTokenSupportTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/OAuth2AccessTokenSupportTests.java
@@ -187,6 +187,10 @@ public HttpMethod getMethod() {
 			return HttpMethod.GET;
 		}
 
+		public String getMethodValue() {
+			return getMethod().name();
+		}
+
 		public URI getURI() {
 			return null;
 		}
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeAccessTokenProviderWithConversionTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeAccessTokenProviderWithConversionTests.java
index 568a2ebee..bf09ee61e 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeAccessTokenProviderWithConversionTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeAccessTokenProviderWithConversionTests.java
@@ -103,6 +103,10 @@ public HttpMethod getMethod() {
 			return HttpMethod.POST;
 		}
 
+		public String getMethodValue() {
+			return getMethod().name();
+		}
+
 		public ClientHttpResponse execute() throws IOException {
 			return new ClientHttpResponse() {
 
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/client/BaseClientDetailsTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/client/BaseClientDetailsTests.java
index 9ea52d430..d80e9b773 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/client/BaseClientDetailsTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/client/BaseClientDetailsTests.java
@@ -21,6 +21,7 @@
 import static org.junit.Assert.assertTrue;
 
 import java.util.Collections;
+import java.util.TreeSet;
 
 import org.codehaus.jackson.map.ObjectMapper;
 import org.junit.Test;
@@ -52,7 +53,7 @@ public void testBaseClientDetailsDefaultConstructor() {
 	public void testBaseClientDetailsConvenienceConstructor() {
 		BaseClientDetails details = new BaseClientDetails("foo", "", "foo,bar", "authorization_code", "ROLE_USER");
 		assertEquals("[]", details.getResourceIds().toString());
-		assertEquals("[bar, foo]", details.getScope().toString());
+		assertEquals("[bar, foo]", new TreeSet(details.getScope()).toString());
 		assertEquals("[authorization_code]", details.getAuthorizedGrantTypes().toString());
 		assertEquals("[ROLE_USER]", details.getAuthorities().toString());
 	}
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/error/OAuth2AccessDeniedHandlerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/error/OAuth2AccessDeniedHandlerTests.java
index 969c1c8d5..b03239049 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/error/OAuth2AccessDeniedHandlerTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/error/OAuth2AccessDeniedHandlerTests.java
@@ -13,6 +13,7 @@
 package org.springframework.security.oauth2.provider.error;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
 
 import javax.servlet.http.HttpServletResponse;
 
@@ -39,7 +40,7 @@ public void testHandleWithJson() throws Exception {
 		request.addHeader("Accept", MediaType.APPLICATION_JSON_VALUE);
 		handler.handle(request, response, new AccessDeniedException("Bad"));
 		assertEquals(HttpServletResponse.SC_FORBIDDEN, response.getStatus());
-		assertEquals(MediaType.APPLICATION_JSON_VALUE, response.getContentType());
+		assertTrue(response.getContentType().contains(MediaType.APPLICATION_JSON_VALUE));
 		assertEquals(null, response.getErrorMessage());
 	}
 
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/error/OAuth2AuthenticationEntryPointTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/error/OAuth2AuthenticationEntryPointTests.java
index 7c437cfc6..cba776763 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/error/OAuth2AuthenticationEntryPointTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/error/OAuth2AuthenticationEntryPointTests.java
@@ -46,7 +46,7 @@ public void testCommenceWithJson() throws Exception {
 		entryPoint.commence(request, response, new BadCredentialsException("Bad"));
 		assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getStatus());
 		assertEquals("{\"error\":\"unauthorized\",\"error_description\":\"Bad\"}", response.getContentAsString());
-		assertEquals(MediaType.APPLICATION_JSON_VALUE, response.getContentType());
+		assertTrue(response.getContentType().contains(MediaType.APPLICATION_JSON_VALUE));
 		assertEquals(null, response.getErrorMessage());
 	}
 
@@ -57,7 +57,7 @@ public void testCommenceWithOAuth2Exception() throws Exception {
 				"Bad client")));
 		assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getStatus());
 		assertEquals("{\"error\":\"invalid_client\",\"error_description\":\"Bad client\"}", response.getContentAsString());
-		assertEquals(MediaType.APPLICATION_JSON_VALUE, response.getContentType());
+		assertTrue(response.getContentType().contains(MediaType.APPLICATION_JSON_VALUE));
 		assertEquals(null, response.getErrorMessage());
 	}
 
diff --git a/spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/config/xml/authorization-server-client-credentials-password-invalid.xml b/spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/config/xml/authorization-server-client-credentials-password-invalid.xml
index 1ec6e2d06..e488b9719 100644
--- a/spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/config/xml/authorization-server-client-credentials-password-invalid.xml
+++ b/spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/config/xml/authorization-server-client-credentials-password-invalid.xml
@@ -4,9 +4,9 @@
 		 xmlns:b="http://www.springframework.org/schema/beans"
 		 xmlns:mvc="http://www.springframework.org/schema/mvc"
 		 xmlns:oauth2="http://www.springframework.org/schema/security/oauth2"
-		 xsi:schemaLocation="http://www.springframework.org/schema/security%20http://www.springframework.org/schema/security/spring-security-3.2.xsd-http://www.springframework.org/schema/beans%20http://www.springframework.org/schema/beans/spring-beans-4.0.xsd-http://www.springframework.org/schema/mvc%20http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd+%20xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
+							http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+							http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
 							http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2.xsd">
 
 	
 	
 		
+
+		
+		
 	
 
+	
+		
+	
+
 	
 		
 	
diff --git a/spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/config/xml/authorization-server-client-credentials-password-valid.xml b/spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/config/xml/authorization-server-client-credentials-password-valid.xml
index 1622316b3..ead090030 100644
--- a/spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/config/xml/authorization-server-client-credentials-password-valid.xml
+++ b/spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/config/xml/authorization-server-client-credentials-password-valid.xml
@@ -4,15 +4,34 @@
 		 xmlns:b="http://www.springframework.org/schema/beans"
 		 xmlns:mvc="http://www.springframework.org/schema/mvc"
 		 xmlns:oauth2="http://www.springframework.org/schema/security/oauth2"
-		 xsi:schemaLocation="http://www.springframework.org/schema/security%20http://www.springframework.org/schema/security/spring-security-3.2.xsd-http://www.springframework.org/schema/beans%20http://www.springframework.org/schema/beans/spring-beans-4.0.xsd-http://www.springframework.org/schema/mvc%20http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd+%20xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
+							http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+							http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
 							http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2.xsd">
 
 	
 		
+
+		
+		
 	
 
+	
+		
+	
+
 	
 		
 	

From f065d8d4d39e4113a9b58bba9911a15a668e3324 Mon Sep 17 00:00:00 2001
From: liumian 
Date: Thu, 6 Apr 2017 16:17:52 +0800
Subject: [PATCH 090/345] Fix typo

Fixes gh-1037
---
 .../config/annotation/web/configuration/EnableOAuth2Client.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/EnableOAuth2Client.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/EnableOAuth2Client.java
index 30abe3155..b19b31858 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/EnableOAuth2Client.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/EnableOAuth2Client.java
@@ -46,7 +46,7 @@
  * 
  * Client apps that use client credentials grants do not need the AccessTokenRequest or the scoped RestOperations (the
  * state is global for the app), but they should still use the filter to trigger the OAuth2RestOperations to obtain a
- * token when necessary. Apps that us password grants need to set the authentication properties in the
+ * token when necessary. Apps that use password grants need to set the authentication properties in the
  * OAuth2ProtectedResourceDetails before using the RestOperations, and this means the resource details themselves also
  * have to be per session (assuming there are multiple users in the system).
  * 

From a2ced3977de350bf6f7ad1ba9d0bfc23d39dc300 Mon Sep 17 00:00:00 2001
From: Nick Ebbitt 
Date: Thu, 25 May 2017 16:31:48 +0100
Subject: [PATCH 091/345] Fix minor typo

Fixes gh-1075
---
 docs/oauth2.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/oauth2.md b/docs/oauth2.md
index 3d14228ef..12c6f88a0 100644
--- a/docs/oauth2.md
+++ b/docs/oauth2.md
@@ -153,7 +153,7 @@ A Resource Server (can be the same as the Authorization Server or a separate app
 
 * `tokenServices`: the bean that defines the token services (instance of `ResourceServerTokenServices`).
 * `resourceId`: the id for the resource (optional, but recommended and will be validated by the auth server if present).
-* other extension points for the resourecs server (e.g. `tokenExtractor` for extracting the tokens from incoming requests)
+* other extension points for the resources server (e.g. `tokenExtractor` for extracting the tokens from incoming requests)
 * request matchers for protected resources (defaults to all)
 * access rules for protected resources (defaults to plain "authenticated")
 * other customizations for the protected resources permitted by the `HttpSecurity` configurer in Spring Security

From 8da411576b1b8b34c1445d74d498b5c60b7835b3 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Mon, 29 May 2017 12:48:26 -0400
Subject: [PATCH 092/345] Revert to snapshots for JWT

---
 spring-security-jwt/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spring-security-jwt/pom.xml b/spring-security-jwt/pom.xml
index 49db4c907..75334b89c 100755
--- a/spring-security-jwt/pom.xml
+++ b/spring-security-jwt/pom.xml
@@ -5,7 +5,7 @@
 
 	org.springframework.security
 	spring-security-jwt
-	1.0.8.RELEASE
+	1.0.9.BUILD-SNAPSHOT
 	jar
 	Spring Security JWT Library
 

From d8eb4f4bc54d7c42aa63dc15b14689016d2639b8 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Mon, 29 May 2017 12:53:07 -0400
Subject: [PATCH 093/345] Upgrade spring.security.jwt to 1.0.8.RELEASE

Fixes gh-1078
---
 spring-security-oauth2/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml
index c0a1b9813..6cf25a7d0 100644
--- a/spring-security-oauth2/pom.xml
+++ b/spring-security-oauth2/pom.xml
@@ -16,7 +16,7 @@
 		1.9.13
 		2.3.2
 		3.0.1
-		1.0.2.RELEASE
+		1.0.8.RELEASE
 		4.11
 		1.5.4
 	

From 0d9036078cfb672726cf64f9c1e26845b9bb4e19 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Mon, 29 May 2017 14:28:21 -0400
Subject: [PATCH 094/345] Release version 2.1.1.RELEASE

---
 pom.xml                                        | 2 +-
 samples/oauth/sparklr/pom.xml                  | 2 +-
 samples/oauth/tonr/pom.xml                     | 2 +-
 samples/oauth2/sparklr/pom.xml                 | 2 +-
 samples/oauth2/tonr/pom.xml                    | 2 +-
 samples/pom.xml                                | 2 +-
 spring-security-oauth/pom.xml                  | 2 +-
 spring-security-oauth2/pom.xml                 | 2 +-
 tests/annotation/approval/pom.xml              | 2 +-
 tests/annotation/client/pom.xml                | 2 +-
 tests/annotation/common/pom.xml                | 2 +-
 tests/annotation/custom-authentication/pom.xml | 2 +-
 tests/annotation/custom-grant/pom.xml          | 2 +-
 tests/annotation/form/pom.xml                  | 2 +-
 tests/annotation/jaxb/pom.xml                  | 2 +-
 tests/annotation/jdbc/pom.xml                  | 2 +-
 tests/annotation/jpa/pom.xml                   | 2 +-
 tests/annotation/jwt/pom.xml                   | 2 +-
 tests/annotation/mappings/pom.xml              | 2 +-
 tests/annotation/multi/pom.xml                 | 2 +-
 tests/annotation/pom.xml                       | 4 ++--
 tests/annotation/resource/pom.xml              | 2 +-
 tests/annotation/ssl/pom.xml                   | 2 +-
 tests/annotation/vanilla/pom.xml               | 2 +-
 tests/pom.xml                                  | 2 +-
 tests/xml/approval/pom.xml                     | 2 +-
 tests/xml/client/pom.xml                       | 2 +-
 tests/xml/common/pom.xml                       | 2 +-
 tests/xml/form/pom.xml                         | 2 +-
 tests/xml/jdbc/pom.xml                         | 2 +-
 tests/xml/jwt/pom.xml                          | 2 +-
 tests/xml/mappings/pom.xml                     | 2 +-
 tests/xml/pom.xml                              | 4 ++--
 tests/xml/vanilla/pom.xml                      | 2 +-
 34 files changed, 36 insertions(+), 36 deletions(-)

diff --git a/pom.xml b/pom.xml
index 3c797edbb..13ea1b49e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
   OAuth for Spring Security
   Parent Project for OAuth Support for Spring Security
   pom
-  2.1.1.BUILD-SNAPSHOT
+  2.1.1.RELEASE
   http://static.springframework.org/spring-security/oauth
 
   
diff --git a/samples/oauth/sparklr/pom.xml b/samples/oauth/sparklr/pom.xml
index d5985dc6d..4088bf30b 100644
--- a/samples/oauth/sparklr/pom.xml
+++ b/samples/oauth/sparklr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.1.1.BUILD-SNAPSHOT
+		2.1.1.RELEASE
 		../../..
 	
 
diff --git a/samples/oauth/tonr/pom.xml b/samples/oauth/tonr/pom.xml
index 283337497..eb226ffaa 100644
--- a/samples/oauth/tonr/pom.xml
+++ b/samples/oauth/tonr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.1.1.BUILD-SNAPSHOT
+		2.1.1.RELEASE
 		../../..
 	
 
diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml
index 78dee58c1..a06ab465c 100644
--- a/samples/oauth2/sparklr/pom.xml
+++ b/samples/oauth2/sparklr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.1.1.BUILD-SNAPSHOT
+		2.1.1.RELEASE
 		../../..
 	
 
diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml
index 99a03f865..254eb2d18 100644
--- a/samples/oauth2/tonr/pom.xml
+++ b/samples/oauth2/tonr/pom.xml
@@ -6,7 +6,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.1.1.BUILD-SNAPSHOT
+		2.1.1.RELEASE
 		../../..
 	
 
diff --git a/samples/pom.xml b/samples/pom.xml
index 96c07851c..22738da3a 100755
--- a/samples/pom.xml
+++ b/samples/pom.xml
@@ -4,7 +4,7 @@
   
     org.springframework.security.oauth
     spring-security-oauth-parent
-    2.1.1.BUILD-SNAPSHOT
+    2.1.1.RELEASE
   
 
   spring-security-oauth-samples
diff --git a/spring-security-oauth/pom.xml b/spring-security-oauth/pom.xml
index a4a443e91..41a4ebcfe 100644
--- a/spring-security-oauth/pom.xml
+++ b/spring-security-oauth/pom.xml
@@ -4,7 +4,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.1.1.BUILD-SNAPSHOT
+		2.1.1.RELEASE
 	
 
 	spring-security-oauth
diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml
index 6cf25a7d0..c21552b4e 100644
--- a/spring-security-oauth2/pom.xml
+++ b/spring-security-oauth2/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.1.1.BUILD-SNAPSHOT
+		2.1.1.RELEASE
 	
 
 	spring-security-oauth2
diff --git a/tests/annotation/approval/pom.xml b/tests/annotation/approval/pom.xml
index d1110a48a..1ce4602ba 100644
--- a/tests/annotation/approval/pom.xml
+++ b/tests/annotation/approval/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.1.BUILD-SNAPSHOT
+		2.1.1.RELEASE
 	
 
 	
diff --git a/tests/annotation/client/pom.xml b/tests/annotation/client/pom.xml
index d2aebd623..660ddcbcf 100644
--- a/tests/annotation/client/pom.xml
+++ b/tests/annotation/client/pom.xml
@@ -11,7 +11,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.1.BUILD-SNAPSHOT
+		2.1.1.RELEASE
 	
 
 	
diff --git a/tests/annotation/common/pom.xml b/tests/annotation/common/pom.xml
index dc24d1048..45f5808d3 100644
--- a/tests/annotation/common/pom.xml
+++ b/tests/annotation/common/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.1.BUILD-SNAPSHOT
+		2.1.1.RELEASE
 	
 
 	
diff --git a/tests/annotation/custom-authentication/pom.xml b/tests/annotation/custom-authentication/pom.xml
index 38884d6b4..1ed46534d 100644
--- a/tests/annotation/custom-authentication/pom.xml
+++ b/tests/annotation/custom-authentication/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.1.BUILD-SNAPSHOT
+		2.1.1.RELEASE
 	
 
 	
diff --git a/tests/annotation/custom-grant/pom.xml b/tests/annotation/custom-grant/pom.xml
index 648084bea..3eb8aff49 100644
--- a/tests/annotation/custom-grant/pom.xml
+++ b/tests/annotation/custom-grant/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.1.BUILD-SNAPSHOT
+		2.1.1.RELEASE
 	
 
 	
diff --git a/tests/annotation/form/pom.xml b/tests/annotation/form/pom.xml
index 0170024a6..fbaeaad8f 100644
--- a/tests/annotation/form/pom.xml
+++ b/tests/annotation/form/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.1.BUILD-SNAPSHOT
+		2.1.1.RELEASE
 	
 
 	
diff --git a/tests/annotation/jaxb/pom.xml b/tests/annotation/jaxb/pom.xml
index 6b76b5c08..047c77594 100644
--- a/tests/annotation/jaxb/pom.xml
+++ b/tests/annotation/jaxb/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.1.BUILD-SNAPSHOT
+		2.1.1.RELEASE
 	
 
 	
diff --git a/tests/annotation/jdbc/pom.xml b/tests/annotation/jdbc/pom.xml
index 2035871b8..096db4420 100644
--- a/tests/annotation/jdbc/pom.xml
+++ b/tests/annotation/jdbc/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.1.BUILD-SNAPSHOT
+		2.1.1.RELEASE
 	
 
 	
diff --git a/tests/annotation/jpa/pom.xml b/tests/annotation/jpa/pom.xml
index e973072a1..d078b5a00 100644
--- a/tests/annotation/jpa/pom.xml
+++ b/tests/annotation/jpa/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.1.BUILD-SNAPSHOT
+		2.1.1.RELEASE
 	
 
 	
diff --git a/tests/annotation/jwt/pom.xml b/tests/annotation/jwt/pom.xml
index 46c3a4609..b5e857820 100644
--- a/tests/annotation/jwt/pom.xml
+++ b/tests/annotation/jwt/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.1.BUILD-SNAPSHOT
+		2.1.1.RELEASE
 	
 
 	
diff --git a/tests/annotation/mappings/pom.xml b/tests/annotation/mappings/pom.xml
index eff643328..0effeda91 100644
--- a/tests/annotation/mappings/pom.xml
+++ b/tests/annotation/mappings/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.1.BUILD-SNAPSHOT
+		2.1.1.RELEASE
 	
 
 	
diff --git a/tests/annotation/multi/pom.xml b/tests/annotation/multi/pom.xml
index 554119314..f1125d231 100644
--- a/tests/annotation/multi/pom.xml
+++ b/tests/annotation/multi/pom.xml
@@ -9,7 +9,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.1.BUILD-SNAPSHOT
+		2.1.1.RELEASE
 	
 
 	
diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml
index 065a54434..f0a0a86f6 100644
--- a/tests/annotation/pom.xml
+++ b/tests/annotation/pom.xml
@@ -4,7 +4,7 @@
 
 	org.demo
 	spring-oauth2-tests-parent
-	2.1.1.BUILD-SNAPSHOT
+	2.1.1.RELEASE
     pom
 
     
@@ -39,7 +39,7 @@
 		
 			org.springframework.security.oauth
 			spring-security-oauth2
-			2.1.1.BUILD-SNAPSHOT
+			2.1.1.RELEASE
 			
 				
 					jackson-mapper-asl
diff --git a/tests/annotation/resource/pom.xml b/tests/annotation/resource/pom.xml
index df34736a2..d9b8e1085 100644
--- a/tests/annotation/resource/pom.xml
+++ b/tests/annotation/resource/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.1.BUILD-SNAPSHOT
+		2.1.1.RELEASE
 	
 
 	
diff --git a/tests/annotation/ssl/pom.xml b/tests/annotation/ssl/pom.xml
index 9a6a8a01a..468dff9df 100644
--- a/tests/annotation/ssl/pom.xml
+++ b/tests/annotation/ssl/pom.xml
@@ -11,7 +11,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.1.BUILD-SNAPSHOT
+		2.1.1.RELEASE
 	
 
 	
diff --git a/tests/annotation/vanilla/pom.xml b/tests/annotation/vanilla/pom.xml
index 7b31b952a..15786f50b 100644
--- a/tests/annotation/vanilla/pom.xml
+++ b/tests/annotation/vanilla/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.1.BUILD-SNAPSHOT
+		2.1.1.RELEASE
 	
 
 	
diff --git a/tests/pom.xml b/tests/pom.xml
index 234e3141c..a5bfe7081 100644
--- a/tests/pom.xml
+++ b/tests/pom.xml
@@ -4,7 +4,7 @@
   
     org.springframework.security.oauth
     spring-security-oauth-parent
-    2.1.1.BUILD-SNAPSHOT
+    2.1.1.RELEASE
   
 
   spring-security-oauth-tests
diff --git a/tests/xml/approval/pom.xml b/tests/xml/approval/pom.xml
index c8569a5d2..aa10af282 100644
--- a/tests/xml/approval/pom.xml
+++ b/tests/xml/approval/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.1.1.BUILD-SNAPSHOT
+		2.1.1.RELEASE
 	
 
 	
diff --git a/tests/xml/client/pom.xml b/tests/xml/client/pom.xml
index 049f30793..56ddda8f4 100644
--- a/tests/xml/client/pom.xml
+++ b/tests/xml/client/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.1.1.BUILD-SNAPSHOT
+		2.1.1.RELEASE
 	
 
 	
diff --git a/tests/xml/common/pom.xml b/tests/xml/common/pom.xml
index 4d15848f3..42200fbb6 100644
--- a/tests/xml/common/pom.xml
+++ b/tests/xml/common/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.1.1.BUILD-SNAPSHOT
+		2.1.1.RELEASE
 	
 
 	
diff --git a/tests/xml/form/pom.xml b/tests/xml/form/pom.xml
index 37d5a50f7..a023d5cff 100644
--- a/tests/xml/form/pom.xml
+++ b/tests/xml/form/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.1.1.BUILD-SNAPSHOT
+		2.1.1.RELEASE
 	
 
 	
diff --git a/tests/xml/jdbc/pom.xml b/tests/xml/jdbc/pom.xml
index 1c130362a..cf061bfdf 100644
--- a/tests/xml/jdbc/pom.xml
+++ b/tests/xml/jdbc/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.1.1.BUILD-SNAPSHOT
+		2.1.1.RELEASE
 	
 
 	
diff --git a/tests/xml/jwt/pom.xml b/tests/xml/jwt/pom.xml
index 0275e803f..37b428f04 100644
--- a/tests/xml/jwt/pom.xml
+++ b/tests/xml/jwt/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.1.1.BUILD-SNAPSHOT
+		2.1.1.RELEASE
 	
 
 	
diff --git a/tests/xml/mappings/pom.xml b/tests/xml/mappings/pom.xml
index f55d557c9..06a77ddb1 100644
--- a/tests/xml/mappings/pom.xml
+++ b/tests/xml/mappings/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.1.1.BUILD-SNAPSHOT
+		2.1.1.RELEASE
 	
 
 	
diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml
index 887dca74e..e714a052c 100644
--- a/tests/xml/pom.xml
+++ b/tests/xml/pom.xml
@@ -4,7 +4,7 @@
 
 	org.demo
 	spring-oauth2-tests-xml-parent
-	2.1.1.BUILD-SNAPSHOT
+	2.1.1.RELEASE
     pom
 
     
@@ -33,7 +33,7 @@
 		
 			org.springframework.security.oauth
 			spring-security-oauth2
-			2.1.1.BUILD-SNAPSHOT
+			2.1.1.RELEASE
 			
 				
 					jackson-mapper-asl
diff --git a/tests/xml/vanilla/pom.xml b/tests/xml/vanilla/pom.xml
index abe8c9fa1..aaeac2fea 100644
--- a/tests/xml/vanilla/pom.xml
+++ b/tests/xml/vanilla/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.1.1.BUILD-SNAPSHOT
+		2.1.1.RELEASE
 	
 
 	

From 064dbfdc6883792475dffe08142b19b309d5c602 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Mon, 29 May 2017 15:04:22 -0400
Subject: [PATCH 095/345] Next development version

---
 pom.xml                                        | 2 +-
 samples/oauth/sparklr/pom.xml                  | 2 +-
 samples/oauth/tonr/pom.xml                     | 2 +-
 samples/oauth2/sparklr/pom.xml                 | 2 +-
 samples/oauth2/tonr/pom.xml                    | 2 +-
 samples/pom.xml                                | 2 +-
 spring-security-oauth/pom.xml                  | 2 +-
 spring-security-oauth2/pom.xml                 | 2 +-
 tests/annotation/approval/pom.xml              | 2 +-
 tests/annotation/client/pom.xml                | 2 +-
 tests/annotation/common/pom.xml                | 2 +-
 tests/annotation/custom-authentication/pom.xml | 2 +-
 tests/annotation/custom-grant/pom.xml          | 2 +-
 tests/annotation/form/pom.xml                  | 2 +-
 tests/annotation/jaxb/pom.xml                  | 2 +-
 tests/annotation/jdbc/pom.xml                  | 2 +-
 tests/annotation/jpa/pom.xml                   | 2 +-
 tests/annotation/jwt/pom.xml                   | 2 +-
 tests/annotation/mappings/pom.xml              | 2 +-
 tests/annotation/multi/pom.xml                 | 2 +-
 tests/annotation/pom.xml                       | 4 ++--
 tests/annotation/resource/pom.xml              | 2 +-
 tests/annotation/ssl/pom.xml                   | 2 +-
 tests/annotation/vanilla/pom.xml               | 2 +-
 tests/pom.xml                                  | 2 +-
 tests/xml/approval/pom.xml                     | 2 +-
 tests/xml/client/pom.xml                       | 2 +-
 tests/xml/common/pom.xml                       | 2 +-
 tests/xml/form/pom.xml                         | 2 +-
 tests/xml/jdbc/pom.xml                         | 2 +-
 tests/xml/jwt/pom.xml                          | 2 +-
 tests/xml/mappings/pom.xml                     | 2 +-
 tests/xml/pom.xml                              | 4 ++--
 tests/xml/vanilla/pom.xml                      | 2 +-
 34 files changed, 36 insertions(+), 36 deletions(-)

diff --git a/pom.xml b/pom.xml
index 13ea1b49e..97aa98094 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
   OAuth for Spring Security
   Parent Project for OAuth Support for Spring Security
   pom
-  2.1.1.RELEASE
+  2.1.2.BUILD-SNAPSHOT
   http://static.springframework.org/spring-security/oauth
 
   
diff --git a/samples/oauth/sparklr/pom.xml b/samples/oauth/sparklr/pom.xml
index 4088bf30b..dcda0323c 100644
--- a/samples/oauth/sparklr/pom.xml
+++ b/samples/oauth/sparklr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.1.1.RELEASE
+		2.1.2.BUILD-SNAPSHOT
 		../../..
 	
 
diff --git a/samples/oauth/tonr/pom.xml b/samples/oauth/tonr/pom.xml
index eb226ffaa..59466c233 100644
--- a/samples/oauth/tonr/pom.xml
+++ b/samples/oauth/tonr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.1.1.RELEASE
+		2.1.2.BUILD-SNAPSHOT
 		../../..
 	
 
diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml
index a06ab465c..9b164fea9 100644
--- a/samples/oauth2/sparklr/pom.xml
+++ b/samples/oauth2/sparklr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.1.1.RELEASE
+		2.1.2.BUILD-SNAPSHOT
 		../../..
 	
 
diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml
index 254eb2d18..bf5cb2ece 100644
--- a/samples/oauth2/tonr/pom.xml
+++ b/samples/oauth2/tonr/pom.xml
@@ -6,7 +6,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.1.1.RELEASE
+		2.1.2.BUILD-SNAPSHOT
 		../../..
 	
 
diff --git a/samples/pom.xml b/samples/pom.xml
index 22738da3a..72f07104a 100755
--- a/samples/pom.xml
+++ b/samples/pom.xml
@@ -4,7 +4,7 @@
   
     org.springframework.security.oauth
     spring-security-oauth-parent
-    2.1.1.RELEASE
+    2.1.2.BUILD-SNAPSHOT
   
 
   spring-security-oauth-samples
diff --git a/spring-security-oauth/pom.xml b/spring-security-oauth/pom.xml
index 41a4ebcfe..09d4b53ca 100644
--- a/spring-security-oauth/pom.xml
+++ b/spring-security-oauth/pom.xml
@@ -4,7 +4,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.1.1.RELEASE
+		2.1.2.BUILD-SNAPSHOT
 	
 
 	spring-security-oauth
diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml
index c21552b4e..0a4ea9043 100644
--- a/spring-security-oauth2/pom.xml
+++ b/spring-security-oauth2/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.1.1.RELEASE
+		2.1.2.BUILD-SNAPSHOT
 	
 
 	spring-security-oauth2
diff --git a/tests/annotation/approval/pom.xml b/tests/annotation/approval/pom.xml
index 1ce4602ba..7223d7ded 100644
--- a/tests/annotation/approval/pom.xml
+++ b/tests/annotation/approval/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.1.RELEASE
+		2.1.2.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/client/pom.xml b/tests/annotation/client/pom.xml
index 660ddcbcf..3177145df 100644
--- a/tests/annotation/client/pom.xml
+++ b/tests/annotation/client/pom.xml
@@ -11,7 +11,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.1.RELEASE
+		2.1.2.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/common/pom.xml b/tests/annotation/common/pom.xml
index 45f5808d3..b5228fd3c 100644
--- a/tests/annotation/common/pom.xml
+++ b/tests/annotation/common/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.1.RELEASE
+		2.1.2.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/custom-authentication/pom.xml b/tests/annotation/custom-authentication/pom.xml
index 1ed46534d..ee50731b4 100644
--- a/tests/annotation/custom-authentication/pom.xml
+++ b/tests/annotation/custom-authentication/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.1.RELEASE
+		2.1.2.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/custom-grant/pom.xml b/tests/annotation/custom-grant/pom.xml
index 3eb8aff49..9da160286 100644
--- a/tests/annotation/custom-grant/pom.xml
+++ b/tests/annotation/custom-grant/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.1.RELEASE
+		2.1.2.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/form/pom.xml b/tests/annotation/form/pom.xml
index fbaeaad8f..0440ac9b8 100644
--- a/tests/annotation/form/pom.xml
+++ b/tests/annotation/form/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.1.RELEASE
+		2.1.2.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/jaxb/pom.xml b/tests/annotation/jaxb/pom.xml
index 047c77594..7284a6484 100644
--- a/tests/annotation/jaxb/pom.xml
+++ b/tests/annotation/jaxb/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.1.RELEASE
+		2.1.2.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/jdbc/pom.xml b/tests/annotation/jdbc/pom.xml
index 096db4420..7be66ab4b 100644
--- a/tests/annotation/jdbc/pom.xml
+++ b/tests/annotation/jdbc/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.1.RELEASE
+		2.1.2.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/jpa/pom.xml b/tests/annotation/jpa/pom.xml
index d078b5a00..3b507b3e0 100644
--- a/tests/annotation/jpa/pom.xml
+++ b/tests/annotation/jpa/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.1.RELEASE
+		2.1.2.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/jwt/pom.xml b/tests/annotation/jwt/pom.xml
index b5e857820..b90bafe6e 100644
--- a/tests/annotation/jwt/pom.xml
+++ b/tests/annotation/jwt/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.1.RELEASE
+		2.1.2.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/mappings/pom.xml b/tests/annotation/mappings/pom.xml
index 0effeda91..a6081ed7d 100644
--- a/tests/annotation/mappings/pom.xml
+++ b/tests/annotation/mappings/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.1.RELEASE
+		2.1.2.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/multi/pom.xml b/tests/annotation/multi/pom.xml
index f1125d231..c52287b17 100644
--- a/tests/annotation/multi/pom.xml
+++ b/tests/annotation/multi/pom.xml
@@ -9,7 +9,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.1.RELEASE
+		2.1.2.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml
index f0a0a86f6..53994f7ac 100644
--- a/tests/annotation/pom.xml
+++ b/tests/annotation/pom.xml
@@ -4,7 +4,7 @@
 
 	org.demo
 	spring-oauth2-tests-parent
-	2.1.1.RELEASE
+	2.1.2.BUILD-SNAPSHOT
     pom
 
     
@@ -39,7 +39,7 @@
 		
 			org.springframework.security.oauth
 			spring-security-oauth2
-			2.1.1.RELEASE
+			2.1.2.BUILD-SNAPSHOT
 			
 				
 					jackson-mapper-asl
diff --git a/tests/annotation/resource/pom.xml b/tests/annotation/resource/pom.xml
index d9b8e1085..82f769f49 100644
--- a/tests/annotation/resource/pom.xml
+++ b/tests/annotation/resource/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.1.RELEASE
+		2.1.2.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/ssl/pom.xml b/tests/annotation/ssl/pom.xml
index 468dff9df..1cbdc39d4 100644
--- a/tests/annotation/ssl/pom.xml
+++ b/tests/annotation/ssl/pom.xml
@@ -11,7 +11,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.1.RELEASE
+		2.1.2.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/vanilla/pom.xml b/tests/annotation/vanilla/pom.xml
index 15786f50b..edd058617 100644
--- a/tests/annotation/vanilla/pom.xml
+++ b/tests/annotation/vanilla/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.1.1.RELEASE
+		2.1.2.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/pom.xml b/tests/pom.xml
index a5bfe7081..841e51a04 100644
--- a/tests/pom.xml
+++ b/tests/pom.xml
@@ -4,7 +4,7 @@
   
     org.springframework.security.oauth
     spring-security-oauth-parent
-    2.1.1.RELEASE
+    2.1.2.BUILD-SNAPSHOT
   
 
   spring-security-oauth-tests
diff --git a/tests/xml/approval/pom.xml b/tests/xml/approval/pom.xml
index aa10af282..4953e30d3 100644
--- a/tests/xml/approval/pom.xml
+++ b/tests/xml/approval/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.1.1.RELEASE
+		2.1.2.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/client/pom.xml b/tests/xml/client/pom.xml
index 56ddda8f4..8fd60ec52 100644
--- a/tests/xml/client/pom.xml
+++ b/tests/xml/client/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.1.1.RELEASE
+		2.1.2.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/common/pom.xml b/tests/xml/common/pom.xml
index 42200fbb6..72cf2b5ed 100644
--- a/tests/xml/common/pom.xml
+++ b/tests/xml/common/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.1.1.RELEASE
+		2.1.2.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/form/pom.xml b/tests/xml/form/pom.xml
index a023d5cff..d3a8760a7 100644
--- a/tests/xml/form/pom.xml
+++ b/tests/xml/form/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.1.1.RELEASE
+		2.1.2.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/jdbc/pom.xml b/tests/xml/jdbc/pom.xml
index cf061bfdf..6dbe9e847 100644
--- a/tests/xml/jdbc/pom.xml
+++ b/tests/xml/jdbc/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.1.1.RELEASE
+		2.1.2.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/jwt/pom.xml b/tests/xml/jwt/pom.xml
index 37b428f04..24bf55f47 100644
--- a/tests/xml/jwt/pom.xml
+++ b/tests/xml/jwt/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.1.1.RELEASE
+		2.1.2.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/mappings/pom.xml b/tests/xml/mappings/pom.xml
index 06a77ddb1..d4e718841 100644
--- a/tests/xml/mappings/pom.xml
+++ b/tests/xml/mappings/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.1.1.RELEASE
+		2.1.2.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml
index e714a052c..b9f43c993 100644
--- a/tests/xml/pom.xml
+++ b/tests/xml/pom.xml
@@ -4,7 +4,7 @@
 
 	org.demo
 	spring-oauth2-tests-xml-parent
-	2.1.1.RELEASE
+	2.1.2.BUILD-SNAPSHOT
     pom
 
     
@@ -33,7 +33,7 @@
 		
 			org.springframework.security.oauth
 			spring-security-oauth2
-			2.1.1.RELEASE
+			2.1.2.BUILD-SNAPSHOT
 			
 				
 					jackson-mapper-asl
diff --git a/tests/xml/vanilla/pom.xml b/tests/xml/vanilla/pom.xml
index aaeac2fea..a856b7808 100644
--- a/tests/xml/vanilla/pom.xml
+++ b/tests/xml/vanilla/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.1.1.RELEASE
+		2.1.2.BUILD-SNAPSHOT
 	
 
 	

From 65f54ebc8b155b832b24786317cf55529dda95a9 Mon Sep 17 00:00:00 2001
From: Neale Upstone 
Date: Thu, 15 Jun 2017 09:00:12 +0100
Subject: [PATCH 096/345] JwkSetConverter should handle arrays

Fixes gh-1082
---
 .../token/store/jwk/JwkSetConverter.java      | 10 +++++++---
 .../token/store/jwk/JwkSetConverterTest.java  | 19 ++++++++++++++++++-
 2 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java
index e0284261c..e35dde176 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java
@@ -83,9 +83,13 @@ public Set convert(InputStream jwkSetSource) {
 			while (parser.nextToken() == JsonToken.START_OBJECT) {
 				while (parser.nextToken() == JsonToken.FIELD_NAME) {
 					String attributeName = parser.getCurrentName();
-					parser.nextToken();
-					String attributeValue = parser.getValueAsString();
-					attributes.put(attributeName, attributeValue);
+					// gh-1082 - skip arrays such as x5c as we can't deal with them yet
+					if (parser.nextToken() == JsonToken.START_ARRAY) {
+						while (parser.nextToken() != JsonToken.END_ARRAY) {
+						}
+					} else {
+						attributes.put(attributeName, parser.getValueAsString());
+					}
 				}
 				JwkDefinition jwkDefinition = this.createJwkDefinition(attributes);
 				if (!jwkDefinitions.add(jwkDefinition)) {
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverterTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverterTest.java
index 233385aeb..9e250710b 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverterTest.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverterTest.java
@@ -199,7 +199,8 @@ public void convertWhenJwkSetStreamIsValidThenReturnJwkSet() throws Exception {
 		assertEquals("JWK Set NOT size=1", 1, jwkSet.size());
 
 		Map jwkObject2 = this.createJwkObject(JwkDefinition.KeyType.RSA, "key-id-2",
-				JwkDefinition.PublicKeyUse.SIG, JwkDefinition.CryptoAlgorithm.RS512, "AMh-pGAj9vX2gwFDyrXot1f2YfHgh8h0Qx6w9IqLL", "AQAB");
+				JwkDefinition.PublicKeyUse.SIG, JwkDefinition.CryptoAlgorithm.RS512,
+				"AMh-pGAj9vX2gwFDyrXot1f2YfHgh8h0Qx6w9IqLL", "AQAB", new String[] {"chain1", "chain2"});
 		jwkSetObject.put(JwkAttributes.KEYS, new Map[] {jwkObject, jwkObject2});
 		jwkSet = this.converter.convert(this.asInputStream(jwkSetObject));
 		assertNotNull(jwkSet);
@@ -256,6 +257,17 @@ private Map createJwkObject(JwkDefinition.KeyType keyType,
 												String rsaModulus,
 												String rsaExponent) {
 
+		return this.createJwkObject(keyType, keyId, publicKeyUse, algorithm, rsaModulus, rsaExponent, null);
+	}
+
+	private Map createJwkObject(JwkDefinition.KeyType keyType,
+												String keyId,
+												JwkDefinition.PublicKeyUse publicKeyUse,
+												JwkDefinition.CryptoAlgorithm algorithm,
+												String rsaModulus,
+												String rsaExponent,
+												String[] x5c) {
+
 		Map jwkObject = new HashMap();
 		jwkObject.put(JwkAttributes.KEY_TYPE, keyType.value());
 		if (keyId != null) {
@@ -273,6 +285,11 @@ private Map createJwkObject(JwkDefinition.KeyType keyType,
 		if (rsaExponent != null) {
 			jwkObject.put(JwkAttributes.RSA_PUBLIC_KEY_EXPONENT, rsaExponent);
 		}
+		// gh-1082 - parser should be able to handle arrays
+		if (x5c != null) {
+			// x5c (X.509 certificate chain)
+			jwkObject.put("x5c", x5c);
+		}
 		return jwkObject;
 	}
 

From fe5df2f3e14ef9c276dfba72d951aa66416a59ce Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Mon, 26 Jun 2017 11:08:40 -0400
Subject: [PATCH 097/345] Resolve compile error Spring 5
 MultiValueMap.addAll(MultiValueMap)

Fixes gh-1100
---
 .../token/DefaultAccessTokenRequest.java       | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultAccessTokenRequest.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultAccessTokenRequest.java
index c40154ca3..90c445af1 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultAccessTokenRequest.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultAccessTokenRequest.java
@@ -15,17 +15,13 @@
  */
 package org.springframework.security.oauth2.client.token;
 
-import java.io.Serializable;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
 
+import java.io.Serializable;
+import java.util.*;
+
 /**
  * Local context for an access token request encapsulating the parameters that are sent by the client requesting the
  * token, as opposed to the more static variables representing the client itself and the resource being targeted.
@@ -139,12 +135,18 @@ public void add(String key, String value) {
 		parameters.add(key, value);
 	}
 
-	public void addAll(String key, List values) {
+	public void addAll(String key, List values) {
 		for (String value : values) {
 			this.add(key, value);
 		}
 	}
 
+	public void addAll(MultiValueMap map) {
+		for (Entry> entry : map.entrySet()) {
+			this.addAll(entry.getKey(), entry.getValue());
+		}
+	}
+
 	public void set(String key, String value) {
 		parameters.set(key, value);
 	}

From a9990f4b818a3ac399272e85a4e52d20e165f58b Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Mon, 26 Jun 2017 11:44:55 -0400
Subject: [PATCH 098/345] Add build profile against Spring Security 5

Fixes gh-1101
---
 .travis.yml                                               | 6 +++---
 pom.xml                                                   | 4 ++--
 samples/oauth2/sparklr/pom.xml                            | 2 +-
 samples/oauth2/tonr/pom.xml                               | 2 +-
 spring-security-oauth/pom.xml                             | 2 +-
 spring-security-oauth2/pom.xml                            | 2 +-
 ...ization-server-client-credentials-password-invalid.xml | 8 ++++----
 ...orization-server-client-credentials-password-valid.xml | 8 ++++----
 8 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index c6252a7c9..f960d5568 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -4,6 +4,6 @@ services:
   - redis-server
 
 install: ./mvnw -U install --quiet -DskipTests=true -P bootstrap
-script: ./mvnw clean test -P bootstrap
-
-
+script:
+- ./mvnw clean test -P bootstrap
+- ./mvnw -U clean test -P spring5
diff --git a/pom.xml b/pom.xml
index 97aa98094..dd1017546 100644
--- a/pom.xml
+++ b/pom.xml
@@ -163,10 +163,10 @@
       
     
     
-      springframework-build
+      spring5
         
             5.0.0.BUILD-SNAPSHOT
-            4.2.3.BUILD-SNAPSHOT
+            5.0.0.BUILD-SNAPSHOT
         
         
             
diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml
index 9b164fea9..e234b2f09 100644
--- a/samples/oauth2/sparklr/pom.xml
+++ b/samples/oauth2/sparklr/pom.xml
@@ -22,7 +22,7 @@
 
 	
 		
-			springframework-build
+			spring5
 			
 				2.9.0.pr3
 				3.1.0
diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml
index bf5cb2ece..b6974e11f 100644
--- a/samples/oauth2/tonr/pom.xml
+++ b/samples/oauth2/tonr/pom.xml
@@ -23,7 +23,7 @@
 
 	
 		
-			springframework-build
+			spring5
 			
 				2.9.0.pr3
 				3.1.0
diff --git a/spring-security-oauth/pom.xml b/spring-security-oauth/pom.xml
index 09d4b53ca..e4524b481 100644
--- a/spring-security-oauth/pom.xml
+++ b/spring-security-oauth/pom.xml
@@ -18,7 +18,7 @@
 
 	
 		
-			springframework-build
+			spring5
 			
 				3.1.0
 				4.12
diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml
index 0a4ea9043..dbb44ca47 100644
--- a/spring-security-oauth2/pom.xml
+++ b/spring-security-oauth2/pom.xml
@@ -23,7 +23,7 @@
 
 	
 		
-			springframework-build
+			spring5
 			
 				2.9.0.pr3
 				3.1.0
diff --git a/spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/config/xml/authorization-server-client-credentials-password-invalid.xml b/spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/config/xml/authorization-server-client-credentials-password-invalid.xml
index e488b9719..5927e0a93 100644
--- a/spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/config/xml/authorization-server-client-credentials-password-invalid.xml
+++ b/spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/config/xml/authorization-server-client-credentials-password-invalid.xml
@@ -19,14 +19,14 @@
 		
 
 		
+
+### Summary
+
+
+
+### Actual Behavior
+
+
+
+### Expected Behavior
+
+
+
+### Configuration
+
+
+
+### Version
+
+
+
+### Sample
+
+

From be7e5c3dad9d3d13b845d222395000bcb92511f6 Mon Sep 17 00:00:00 2001
From: Rob Winch 
Date: Wed, 30 Jan 2019 11:09:21 -0600
Subject: [PATCH 178/345] Create PULL_REQUEST_TEMPLATE.md

---
 .github/PULL_REQUEST_TEMPLATE.md | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 .github/PULL_REQUEST_TEMPLATE.md

diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
new file mode 100644
index 000000000..70c6c946d
--- /dev/null
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,7 @@
+
+
+

From 3927321fbf9e57a6093b1cef99b53dfa49575196 Mon Sep 17 00:00:00 2001
From: Fabien Crespel 
Date: Wed, 21 Nov 2018 17:25:23 +0100
Subject: [PATCH 179/345] Allow missing "active" field in
 check_token/introspect response.

Also support both Boolean and String values for this field.

Fixes gh-1533
---
 .../provider/token/RemoteTokenServices.java   |  2 +-
 .../token/RemoteTokenServicesTest.java        | 22 +++++++++++++++----
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/RemoteTokenServices.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/RemoteTokenServices.java
index f6555613c..7ba183ad1 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/RemoteTokenServices.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/RemoteTokenServices.java
@@ -113,7 +113,7 @@ public OAuth2Authentication loadAuthentication(String accessToken) throws Authen
 		}
 
 		// gh-838
-		if (!Boolean.TRUE.equals(map.get("active"))) {
+		if (map.containsKey("active") && !"true".equals(String.valueOf(map.get("active")))) {
 			logger.debug("check_token returned active attribute: " + map.get("active"));
 			throw new InvalidTokenException(accessToken);
 		}
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/RemoteTokenServicesTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/RemoteTokenServicesTest.java
index 709755ff5..5d156fbeb 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/RemoteTokenServicesTest.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/RemoteTokenServicesTest.java
@@ -53,7 +53,7 @@ public void setUp() {
 
 	// gh-838
 	@Test
-	public void loadAuthenticationWhenIntrospectionResponseContainsActiveTrueThenReturnAuthentication() throws Exception {
+	public void loadAuthenticationWhenIntrospectionResponseContainsActiveTrueBooleanThenReturnAuthentication() throws Exception {
 		Map responseAttrs = new HashMap();
 		responseAttrs.put("active", true);		// "active" is the only required attribute as per RFC 7662 (https://tools.ietf.org/search/rfc7662#section-2.2)
 		ResponseEntity response = new ResponseEntity(responseAttrs, HttpStatus.OK);
@@ -65,6 +65,19 @@ public void loadAuthenticationWhenIntrospectionResponseContainsActiveTrueThenRet
 		assertNotNull(authentication);
 	}
 
+	@Test
+	public void loadAuthenticationWhenIntrospectionResponseContainsActiveTrueStringThenReturnAuthentication() throws Exception {
+		Map responseAttrs = new HashMap();
+		responseAttrs.put("active", "true");		// "active" is the only required attribute as per RFC 7662 (https://tools.ietf.org/search/rfc7662#section-2.2)
+		ResponseEntity response = new ResponseEntity(responseAttrs, HttpStatus.OK);
+		RestTemplate restTemplate = mock(RestTemplate.class);
+		when(restTemplate.exchange(anyString(), any(HttpMethod.class), any(HttpEntity.class), any(Class.class))).thenReturn(response);
+		this.remoteTokenServices.setRestTemplate(restTemplate);
+
+		OAuth2Authentication authentication = this.remoteTokenServices.loadAuthentication("access-token-1234");
+		assertNotNull(authentication);
+	}
+
 	// gh-838
 	@Test(expected = InvalidTokenException.class)
 	public void loadAuthenticationWhenIntrospectionResponseContainsActiveFalseThenThrowInvalidTokenException() throws Exception {
@@ -79,14 +92,15 @@ public void loadAuthenticationWhenIntrospectionResponseContainsActiveFalseThenTh
 	}
 
 	// gh-838
-	@Test(expected = InvalidTokenException.class)
-	public void loadAuthenticationWhenIntrospectionResponseMissingActiveAttributeThenThrowInvalidTokenException() throws Exception {
+	@Test
+	public void loadAuthenticationWhenIntrospectionResponseMissingActiveAttributeThenReturnAuthentication() throws Exception {
 		Map responseAttrs = new HashMap();
 		ResponseEntity response = new ResponseEntity(responseAttrs, HttpStatus.OK);
 		RestTemplate restTemplate = mock(RestTemplate.class);
 		when(restTemplate.exchange(anyString(), any(HttpMethod.class), any(HttpEntity.class), any(Class.class))).thenReturn(response);
 		this.remoteTokenServices.setRestTemplate(restTemplate);
 
-		this.remoteTokenServices.loadAuthentication("access-token-1234");
+		OAuth2Authentication authentication = this.remoteTokenServices.loadAuthentication("access-token-1234");
+		assertNotNull(authentication);
 	}
 }
\ No newline at end of file

From ec78c7ba22e4c321ba24ff3b2b9f354faa212a7d Mon Sep 17 00:00:00 2001
From: Michael Holtermann 
Date: Sat, 12 Jan 2019 21:11:58 +0100
Subject: [PATCH 180/345] Log generic Exceptions to ERROR with stack trace

Log Exceptions to ERROR. Protocol Exceptions are treated in separate ExceptionHandlers, but generic Exceptions like NPEs must be logged with full stack trace

Fixes gh-1545
---
 .../security/oauth2/provider/endpoint/TokenEndpoint.java      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpoint.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpoint.java
index af46865d5..2fb806176 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpoint.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpoint.java
@@ -165,8 +165,8 @@ public ResponseEntity handleHttpRequestMethodNotSupportedExcept
 	
 	@ExceptionHandler(Exception.class)
 	public ResponseEntity handleException(Exception e) throws Exception {
-		if (logger.isWarnEnabled()) {
-			logger.warn("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
+		if (logger.isErrorEnabled()) {
+			logger.error("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage(), e);
 		}
 		return getExceptionTranslator().translate(e);
 	}

From 1e5536af65d76696908fc277432f0399e31acc33 Mon Sep 17 00:00:00 2001
From: masm22 
Date: Fri, 21 Dec 2018 11:02:00 +0300
Subject: [PATCH 181/345] JwkSetConverter excludes enc keys

skip unsupported public key use (enc) without discarding the entire set

Fixes gh-1470
---
 .../token/store/jwk/JwkSetConverter.java         | 11 +++++++++--
 .../token/store/jwk/JwkSetConverterTest.java     | 16 +++++++---------
 2 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java
index 0054de7c9..2962e977a 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2017 the original author or authors.
+ * Copyright 2012-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -83,6 +83,7 @@ public Set convert(InputStream jwkSetSource) {
 			Map attributes = new HashMap();
 
 			while (parser.nextToken() == JsonToken.START_OBJECT) {
+				attributes.clear();
 				while (parser.nextToken() == JsonToken.FIELD_NAME) {
 					String attributeName = parser.getCurrentName();
 					// gh-1082 - skip arrays such as x5c as we can't deal with them yet
@@ -94,6 +95,13 @@ public Set convert(InputStream jwkSetSource) {
 					}
 				}
 
+				// gh-1470 - skip unsupported public key use (enc) without discarding the entire set
+				JwkDefinition.PublicKeyUse publicKeyUse =
+						JwkDefinition.PublicKeyUse.fromValue(attributes.get(PUBLIC_KEY_USE));
+				if (JwkDefinition.PublicKeyUse.ENC.equals(publicKeyUse)) {
+					continue;
+				}
+			
 				JwkDefinition jwkDefinition = null;
 				JwkDefinition.KeyType keyType =
 						JwkDefinition.KeyType.fromValue(attributes.get(KEY_TYPE));
@@ -108,7 +116,6 @@ public Set convert(InputStream jwkSetSource) {
 								jwkDefinition.getKeyId() + " (" + KEY_ID + ")");
 					}
 				}
-				attributes.clear();
 			}
 
 		} catch (IOException ex) {
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverterTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverterTest.java
index 068e759a6..df1620318 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverterTest.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverterTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2017 the original author or authors.
+ * Copyright 2012-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -138,13 +138,12 @@ public void convertWhenJwkSetStreamHasRSAJwkElementWithMissingPublicKeyUseAttrib
 	}
 
 	@Test
-	public void convertWhenJwkSetStreamHasRSAJwkElementWithENCPublicKeyUseAttributeThenThrowJwkException() throws Exception {
-		this.thrown.expect(JwkException.class);
-		this.thrown.expectMessage("enc (use) is currently not supported.");
+	public void convertWhenJwkSetStreamHasRSAJwkElementWithENCPublicKeyUseAttributeThenReturnEmptyJwkSet() throws Exception {
 		Map jwkSetObject = new HashMap();
 		Map jwkObject = this.createJwkObject(JwkDefinition.KeyType.RSA, "key-id-1", JwkDefinition.PublicKeyUse.ENC);
 		jwkSetObject.put(JwkAttributes.KEYS, new Map[] {jwkObject});
-		this.converter.convert(this.asInputStream(jwkSetObject));
+		Set jwkSet = this.converter.convert(this.asInputStream(jwkSetObject));
+		assertTrue("JWK Set NOT empty", jwkSet.isEmpty());
 	}
 
 	@Test
@@ -190,13 +189,12 @@ public void convertWhenJwkSetStreamHasECJwkElementWithMissingPublicKeyUseAttribu
 	}
 
 	@Test
-	public void convertWhenJwkSetStreamHasECJwkElementWithENCPublicKeyUseAttributeThenThrowJwkException() throws Exception {
-		this.thrown.expect(JwkException.class);
-		this.thrown.expectMessage("enc (use) is currently not supported.");
+	public void convertWhenJwkSetStreamHasECJwkElementWithENCPublicKeyUseAttributeThenReturnEmptyJwkSet() throws Exception {
 		Map jwkSetObject = new HashMap();
 		Map jwkObject = this.createEllipticCurveJwkObject("key-id-1", JwkDefinition.PublicKeyUse.ENC, null);
 		jwkSetObject.put(JwkAttributes.KEYS, new Map[] {jwkObject});
-		this.converter.convert(this.asInputStream(jwkSetObject));
+		Set jwkSet = this.converter.convert(this.asInputStream(jwkSetObject));
+		assertTrue("JWK Set NOT empty", jwkSet.isEmpty());
 	}
 
 	@Test

From 97e0b4ab282acbed3588e05be03d5a0c4dbf3367 Mon Sep 17 00:00:00 2001
From: Dirk Koehler 
Date: Mon, 28 Jan 2019 23:13:55 -0800
Subject: [PATCH 182/345] DefaultRedirectResolver matches on userinfo and query

Fixes gh-1585
---
 .../endpoint/DefaultRedirectResolver.java     |  98 +++++++++++---
 .../code/SubdomainRedirectResolverTests.java  |   6 +-
 .../DefaultRedirectResolverTests.java         | 128 ++++++++++++++++--
 .../AuthorizationCodeProviderCookieTests.java |   2 +-
 .../AuthorizationCodeProviderCookieTests.java |   2 +-
 5 files changed, 202 insertions(+), 34 deletions(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolver.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolver.java
index 72953311e..9f12b27f1 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolver.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolver.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,6 +21,7 @@
 import org.springframework.security.oauth2.common.exceptions.RedirectMismatchException;
 import org.springframework.security.oauth2.provider.ClientDetails;
 import org.springframework.util.Assert;
+import org.springframework.util.MultiValueMap;
 import org.springframework.util.StringUtils;
 import org.springframework.web.util.UriComponents;
 import org.springframework.web.util.UriComponentsBuilder;
@@ -28,6 +29,8 @@
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
 import java.util.Set;
 
 /**
@@ -47,7 +50,7 @@ public class DefaultRedirectResolver implements RedirectResolver {
 	/**
 	 * Flag to indicate that requested URIs will match if they are a subdomain of the registered value.
 	 * 
-	 * @param matchSubdomains the flag value to set (deafult true)
+	 * @param matchSubdomains the flag value to set (default true)
 	 */
 	public void setMatchSubdomains(boolean matchSubdomains) {
 		this.matchSubdomains = matchSubdomains;
@@ -105,7 +108,8 @@ private boolean containsRedirectGrantType(Set grantTypes) {
 	/**
 	 * Whether the requested redirect URI "matches" the specified redirect URI. For a URL, this implementation tests if
 	 * the user requested redirect starts with the registered redirect, so it would have the same host and root path if
-	 * it is an HTTP URL. The port is also matched.
+	 * it is an HTTP URL. The port, userinfo, query params also matched. Request redirect uri path can include
+	 * additional parameters which are ignored for the match
 	 * 

 	 * For other (non-URL) cases, such as for some implicit clients, the redirect_uri must be an exact match.
 	 * 
@@ -115,22 +119,65 @@ private boolean containsRedirectGrantType(Set grantTypes) {
 	 */
 	protected boolean redirectMatches(String requestedRedirect, String redirectUri) {
 		UriComponents requestedRedirectUri = UriComponentsBuilder.fromUriString(requestedRedirect).build();
-		String requestedRedirectUriScheme = (requestedRedirectUri.getScheme() != null ? requestedRedirectUri.getScheme() : "");
-		String requestedRedirectUriHost = (requestedRedirectUri.getHost() != null ? requestedRedirectUri.getHost() : "");
-		String requestedRedirectUriPath = (requestedRedirectUri.getPath() != null ? requestedRedirectUri.getPath() : "");
-
 		UriComponents registeredRedirectUri = UriComponentsBuilder.fromUriString(redirectUri).build();
-		String registeredRedirectUriScheme = (registeredRedirectUri.getScheme() != null ? registeredRedirectUri.getScheme() : "");
-		String registeredRedirectUriHost = (registeredRedirectUri.getHost() != null ? registeredRedirectUri.getHost() : "");
-		String registeredRedirectUriPath = (registeredRedirectUri.getPath() != null ? registeredRedirectUri.getPath() : "");
 
-		boolean portsMatch = this.matchPorts ? (registeredRedirectUri.getPort() == requestedRedirectUri.getPort()) : true;
+		boolean schemeMatch = isEqual(registeredRedirectUri.getScheme(), requestedRedirectUri.getScheme());
+		boolean userInfoMatch = isEqual(registeredRedirectUri.getUserInfo(), requestedRedirectUri.getUserInfo());
+		boolean hostMatch = hostMatches(registeredRedirectUri.getHost(), requestedRedirectUri.getHost());
+		boolean portMatch = matchPorts ? registeredRedirectUri.getPort() == requestedRedirectUri.getPort() : true;
+		boolean pathMatch = isEqual(registeredRedirectUri.getPath(),
+				StringUtils.cleanPath(requestedRedirectUri.getPath()));
+		boolean queryParamMatch = matchQueryParams(registeredRedirectUri.getQueryParams(),
+				requestedRedirectUri.getQueryParams());
+
+		return schemeMatch && userInfoMatch && hostMatch && portMatch && pathMatch && queryParamMatch;
+	}
+
+
+	/**
+	 * Checks whether the registered redirect uri query params key and values contains match the requested set
+	 *
+	 * The requested redirect uri query params are allowed to contain additional params which will be retained
+	 *
+	 * @param registeredRedirectUriQueryParams
+	 * @param requestedRedirectUriQueryParams
+	 * @return whether the params match
+	 */
+	private boolean matchQueryParams(MultiValueMap registeredRedirectUriQueryParams,
+									 MultiValueMap requestedRedirectUriQueryParams) {
+
+
+		Iterator iter = registeredRedirectUriQueryParams.keySet().iterator();
+		while (iter.hasNext()) {
+			String key = iter.next();
+			List registeredRedirectUriQueryParamsValues = registeredRedirectUriQueryParams.get(key);
+			List requestedRedirectUriQueryParamsValues = requestedRedirectUriQueryParams.get(key);
+
+			if (!registeredRedirectUriQueryParamsValues.equals(requestedRedirectUriQueryParamsValues)) {
+				return false;
+			}
+		}
+
+		return true;
+	}
+
+
 
-		return registeredRedirectUriScheme.equals(requestedRedirectUriScheme) &&
-				hostMatches(registeredRedirectUriHost, requestedRedirectUriHost) &&
-				portsMatch &&
-				// Ensure exact path matching
-				registeredRedirectUriPath.equals(StringUtils.cleanPath(requestedRedirectUriPath));
+	/**
+	 * Compares two strings but treats empty string or null equal
+	 *
+	 * @param str1
+	 * @param str2
+	 * @return true if strings are equal, false otherwise
+	 */
+	private boolean isEqual(String str1, String str2) {
+		if (StringUtils.isEmpty(str1) && StringUtils.isEmpty(str2)) {
+			return true;
+		} else if (!StringUtils.isEmpty(str1)) {
+			return str1.equals(str2);
+		} else {
+			return false;
+		}
 	}
 
 	/**
@@ -152,7 +199,7 @@ protected boolean hostMatches(String registered, String requested) {
 	 * 
 	 * @param redirectUris the set of the registered URIs to try and find a match. This cannot be null or empty.
 	 * @param requestedRedirect the URI used as part of the request
-	 * @return the matching URI
+	 * @return redirect uri
 	 * @throws RedirectMismatchException if no match was found
 	 */
 	private String obtainMatchingRedirect(Set redirectUris, String requestedRedirect) {
@@ -161,11 +208,26 @@ private String obtainMatchingRedirect(Set redirectUris, String requested
 		if (redirectUris.size() == 1 && requestedRedirect == null) {
 			return redirectUris.iterator().next();
 		}
+
 		for (String redirectUri : redirectUris) {
 			if (requestedRedirect != null && redirectMatches(requestedRedirect, redirectUri)) {
-				return requestedRedirect;
+				// Initialize with the registered redirect-uri
+				UriComponentsBuilder redirectUriBuilder = UriComponentsBuilder.fromUriString(redirectUri);
+
+				UriComponents requestedRedirectUri = UriComponentsBuilder.fromUriString(requestedRedirect).build();
+
+				if (this.matchSubdomains) {
+					redirectUriBuilder.host(requestedRedirectUri.getHost());
+				}
+				if (!this.matchPorts) {
+					redirectUriBuilder.port(requestedRedirectUri.getPort());
+				}
+				redirectUriBuilder.replaceQuery(requestedRedirectUri.getQuery());		// retain additional params (if any)
+				redirectUriBuilder.fragment(null);
+				return redirectUriBuilder.build().toUriString();
 			}
 		}
+
 		throw new RedirectMismatchException("Invalid redirect: " + requestedRedirect
 				+ " does not match one of the registered values.");
 	}
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/code/SubdomainRedirectResolverTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/code/SubdomainRedirectResolverTests.java
index ebfd3fe2f..0f2f37196 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/code/SubdomainRedirectResolverTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/code/SubdomainRedirectResolverTests.java
@@ -23,7 +23,7 @@ public class SubdomainRedirectResolverTests
 
 
 	@Test
-	public void testRedirectWatchdox() throws Exception 
+	public void testRedirectMatch() throws Exception
 	{
 		Set redirectUris = new HashSet(Arrays.asList("http://watchdox.com/"));
 		client.setRegisteredRedirectUri(redirectUris);
@@ -32,9 +32,9 @@ public void testRedirectWatchdox() throws Exception
 	}
 
 	@Test(expected=RedirectMismatchException.class)
-	public void testRedirectBadWatchdox() throws Exception 
+	public void testRedirectNoMatch() throws Exception
 	{
-		Set redirectUris = new HashSet(Arrays.asList("http//watchdox.com"));
+		Set redirectUris = new HashSet(Arrays.asList("http://watchdox.com/"));
 		client.setRegisteredRedirectUri(redirectUris);
 		String requestedRedirect = "http://anywhere.google.com/";
 		assertEquals(requestedRedirect, resolver.resolveRedirect(requestedRedirect, client));
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolverTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolverTests.java
index 1202036bb..b65967280 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolverTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolverTests.java
@@ -1,14 +1,17 @@
 /*
- * Copyright 2006-2011 the original author or authors.
- * 
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
- * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations under the License.
+ * Copyright 2002-2019 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
  */
 package org.springframework.security.oauth2.provider.endpoint;
 
@@ -195,4 +198,107 @@ public void testRedirectNotMatchingReturnsGenericErrorMessage() throws Exception
 			assertEquals("Invalid redirect: http://anywhere.com/myendpoint does not match one of the registered values.", ex.getMessage());
 		}
 	}
-}
\ No newline at end of file
+
+	// gh-1566
+	@Test(expected = RedirectMismatchException.class)
+	public void testRedirectRegisteredUserInfoNotMatching() throws Exception {
+		Set redirectUris = new HashSet(Arrays.asList("http://userinfo@anywhere.com/"));
+		client.setRegisteredRedirectUri(redirectUris);
+		resolver.resolveRedirect("http://otheruserinfo@anywhere.com/", client);
+	}
+
+	// gh-1566
+	@Test(expected = RedirectMismatchException.class)
+	public void testRedirectRegisteredNoUserInfoNotMatching() throws Exception {
+		Set redirectUris = new HashSet(Arrays.asList("http://userinfo@anywhere.com/"));
+		client.setRegisteredRedirectUri(redirectUris);
+		resolver.resolveRedirect("http://anywhere.com/", client);
+	}
+
+	// gh-1566
+	@Test()
+	public void testRedirectRegisteredUserInfoMatching() throws Exception {
+		Set redirectUris = new HashSet(Arrays.asList("http://userinfo@anywhere.com/"));
+		client.setRegisteredRedirectUri(redirectUris);
+		String requestedRedirect = "http://userinfo@anywhere.com/";
+		assertEquals(requestedRedirect, resolver.resolveRedirect(requestedRedirect, client));
+	}
+
+	// gh-1566
+	@Test()
+	public void testRedirectRegisteredFragmentIgnoredAndStripped() throws Exception {
+		Set redirectUris = new HashSet(Arrays.asList("http://userinfo@anywhere.com/foo/bar#baz"));
+		client.setRegisteredRedirectUri(redirectUris);
+		String requestedRedirect = "http://userinfo@anywhere.com/foo/bar";
+		assertEquals(requestedRedirect, resolver.resolveRedirect(requestedRedirect + "#bar", client));
+	}
+
+	// gh-1566
+	@Test()
+	public void testRedirectRegisteredQueryParamsMatching() throws Exception {
+		Set redirectUris = new HashSet(Arrays.asList("http://anywhere.com/?p1=v1&p2=v2"));
+		client.setRegisteredRedirectUri(redirectUris);
+		String requestedRedirect = "http://anywhere.com/?p1=v1&p2=v2";
+		assertEquals(requestedRedirect, resolver.resolveRedirect(requestedRedirect, client));
+	}
+
+	// gh-1566
+	@Test()
+	public void testRedirectRegisteredQueryParamsMatchingIgnoringAdditionalParams() throws Exception {
+		Set redirectUris = new HashSet(Arrays.asList("http://anywhere.com/?p1=v1&p2=v2"));
+		client.setRegisteredRedirectUri(redirectUris);
+		String requestedRedirect = "http://anywhere.com/?p1=v1&p2=v2&p3=v3";
+		assertEquals(requestedRedirect, resolver.resolveRedirect(requestedRedirect, client));
+	}
+
+	// gh-1566
+	@Test()
+	public void testRedirectRegisteredQueryParamsMatchingDifferentOrder() throws Exception {
+		Set redirectUris = new HashSet(Arrays.asList("http://anywhere.com/?p1=v1&p2=v2"));
+		client.setRegisteredRedirectUri(redirectUris);
+		String requestedRedirect = "http://anywhere.com/?p2=v2&p1=v1";
+		assertEquals(requestedRedirect, resolver.resolveRedirect(requestedRedirect, client));
+	}
+
+	// gh-1566
+	@Test(expected = RedirectMismatchException.class)
+	public void testRedirectRegisteredQueryParamsWithDifferentValues() throws Exception {
+		Set redirectUris = new HashSet(Arrays.asList("http://anywhere.com/?p1=v1&p2=v2"));
+		client.setRegisteredRedirectUri(redirectUris);
+		resolver.resolveRedirect("http://anywhere.com/?p1=v1&p2=v3", client);
+	}
+
+	// gh-1566
+	@Test(expected = RedirectMismatchException.class)
+	public void testRedirectRegisteredQueryParamsNotMatching() throws Exception {
+		Set redirectUris = new HashSet(Arrays.asList("http://anywhere.com/?p1=v1"));
+		client.setRegisteredRedirectUri(redirectUris);
+		resolver.resolveRedirect("http://anywhere.com/?p2=v2", client);
+	}
+
+	// gh-1566
+	@Test(expected = RedirectMismatchException.class)
+	public void testRedirectRegisteredQueryParamsPartiallyMatching() throws Exception {
+		Set redirectUris = new HashSet(Arrays.asList("http://anywhere.com/?p1=v1&p2=v2"));
+		client.setRegisteredRedirectUri(redirectUris);
+		resolver.resolveRedirect("http://anywhere.com/?p2=v2&p3=v3", client);
+	}
+
+	// gh-1566
+	@Test
+	public void testRedirectRegisteredQueryParamsMatchingWithMultipleValuesInRegistered() throws Exception {
+		Set redirectUris = new HashSet(Arrays.asList("http://anywhere.com/?p1=v11&p1=v12"));
+		client.setRegisteredRedirectUri(redirectUris);
+		String requestedRedirect = "http://anywhere.com/?p1=v11&p1=v12";
+		assertEquals(requestedRedirect, resolver.resolveRedirect(requestedRedirect, client));
+	}
+
+	// gh-1566
+	@Test
+	public void testRedirectRegisteredQueryParamsMatchingWithParamWithNoValue() throws Exception {
+		Set redirectUris = new HashSet(Arrays.asList("http://anywhere.com/?p1&p2=v2"));
+		client.setRegisteredRedirectUri(redirectUris);
+		String requestedRedirect = "http://anywhere.com/?p1&p2=v2";
+		assertEquals(requestedRedirect, resolver.resolveRedirect(requestedRedirect, client));
+	}
+}
diff --git a/tests/annotation/jpa/src/test/java/demo/AuthorizationCodeProviderCookieTests.java b/tests/annotation/jpa/src/test/java/demo/AuthorizationCodeProviderCookieTests.java
index fdfae6dc2..26d88d46a 100644
--- a/tests/annotation/jpa/src/test/java/demo/AuthorizationCodeProviderCookieTests.java
+++ b/tests/annotation/jpa/src/test/java/demo/AuthorizationCodeProviderCookieTests.java
@@ -31,7 +31,7 @@ public class AuthorizationCodeProviderCookieTests extends AbstractEmptyAuthoriza
 	@Test
 	@OAuth2ContextConfiguration(resource = MyClientWithRegisteredRedirect.class, initialize = false)
 	public void testPostToProtectedResource() throws Exception {
-		approveAccessTokenGrant("http://anywhere/", true);
+		approveAccessTokenGrant("http://anywhere/?key=value", true);
 		assertNotNull(context.getAccessToken());
 		LinkedMultiValueMap form = new LinkedMultiValueMap<>();
 		form.set("foo", "bar");
diff --git a/tests/annotation/vanilla/src/test/java/demo/AuthorizationCodeProviderCookieTests.java b/tests/annotation/vanilla/src/test/java/demo/AuthorizationCodeProviderCookieTests.java
index fdfae6dc2..26d88d46a 100644
--- a/tests/annotation/vanilla/src/test/java/demo/AuthorizationCodeProviderCookieTests.java
+++ b/tests/annotation/vanilla/src/test/java/demo/AuthorizationCodeProviderCookieTests.java
@@ -31,7 +31,7 @@ public class AuthorizationCodeProviderCookieTests extends AbstractEmptyAuthoriza
 	@Test
 	@OAuth2ContextConfiguration(resource = MyClientWithRegisteredRedirect.class, initialize = false)
 	public void testPostToProtectedResource() throws Exception {
-		approveAccessTokenGrant("http://anywhere/", true);
+		approveAccessTokenGrant("http://anywhere/?key=value", true);
 		assertNotNull(context.getAccessToken());
 		LinkedMultiValueMap form = new LinkedMultiValueMap<>();
 		form.set("foo", "bar");

From 852cec2b6d4b91db8e2e392d714a7bfec4cbf53e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9o=20Millon?= 
Date: Thu, 2 Aug 2018 15:47:18 +0200
Subject: [PATCH 183/345] Double-checked locking when loading Jwk definitions

Fixes gh-1405
---
 .../oauth2/provider/token/store/jwk/JwkDefinitionSource.java  | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java
index 8cea751e0..c60d29866 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java
@@ -92,6 +92,10 @@ JwkDefinitionHolder getDefinitionLoadIfNecessary(String keyId) {
 			return result;
 		}
 		synchronized (this.jwkDefinitions) {
+			result = this.getDefinition(keyId);
+			if (result != null) {
+				return result;
+			}
 			this.jwkDefinitions.clear();
 			for (URL jwkSetUrl : jwkSetUrls) {
 				this.jwkDefinitions.putAll(loadJwkDefinitions(jwkSetUrl));

From d8a0bb8fba7cee90a4c7991610b30ae779df6b8d Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Tue, 19 Feb 2019 13:06:05 -0500
Subject: [PATCH 184/345] Allow overriding 'active' attribute in
 CheckTokenEndpoint

Fixes gh-1591
---
 .../provider/endpoint/CheckTokenEndpoint.java | 63 ++++++++++++++-----
 .../endpoint/CheckTokenEndpointTest.java      | 33 ++++++----
 2 files changed, 66 insertions(+), 30 deletions(-)

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/CheckTokenEndpoint.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/CheckTokenEndpoint.java
index ab1010725..75c978731 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/CheckTokenEndpoint.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/CheckTokenEndpoint.java
@@ -1,15 +1,18 @@
-/*******************************************************************************
- *     Cloud Foundry 
- *     Copyright (c) [2009-2014] Pivotal Software, Inc. All Rights Reserved.
+/*
+ * Copyright 2009-2019 the original author or authors.
  *
- *     This product is licensed to you under the Apache License, Version 2.0 (the "License").
- *     You may not use this product except in compliance with the License.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
  *
- *     This product includes a number of subcomponents with
- *     separate copyright notices and license terms. Your use of these
- *     subcomponents is subject to the terms and conditions of the
- *     subcomponent's license, as noted in the LICENSE file.
- *******************************************************************************/
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package org.springframework.security.oauth2.provider.endpoint;
 
 import org.apache.commons.logging.Log;
@@ -42,7 +45,7 @@ public class CheckTokenEndpoint {
 
 	private ResourceServerTokenServices resourceServerTokenServices;
 
-	private AccessTokenConverter accessTokenConverter = new DefaultAccessTokenConverter();
+	private AccessTokenConverter accessTokenConverter = new CheckTokenAccessTokenConverter();
 
 	protected final Log logger = LogFactory.getLog(getClass());
 
@@ -81,12 +84,7 @@ public void setAccessTokenConverter(AccessTokenConverter accessTokenConverter) {
 
 		OAuth2Authentication authentication = resourceServerTokenServices.loadAuthentication(token.getValue());
 
-		Map response = (Map)accessTokenConverter.convertAccessToken(token, authentication);
-
-		// gh-1070
-		response.put("active", true);	// Always true if token exists and not expired
-
-		return response;
+		return accessTokenConverter.convertAccessToken(token, authentication);
 	}
 
 	@ExceptionHandler(InvalidTokenException.class)
@@ -106,4 +104,35 @@ public int getHttpErrorCode() {
 		return exceptionTranslator.translate(e400);
 	}
 
+	static class CheckTokenAccessTokenConverter implements AccessTokenConverter {
+		private final AccessTokenConverter accessTokenConverter;
+
+		CheckTokenAccessTokenConverter() {
+			this(new DefaultAccessTokenConverter());
+		}
+
+		CheckTokenAccessTokenConverter(AccessTokenConverter accessTokenConverter) {
+			this.accessTokenConverter = accessTokenConverter;
+		}
+
+		@Override
+		public Map convertAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) {
+			Map claims = (Map) this.accessTokenConverter.convertAccessToken(token, authentication);
+
+			// gh-1070
+			claims.put("active", true);		// Always true if token exists and not expired
+
+			return claims;
+		}
+
+		@Override
+		public OAuth2AccessToken extractAccessToken(String value, Map map) {
+			return this.accessTokenConverter.extractAccessToken(value, map);
+		}
+
+		@Override
+		public OAuth2Authentication extractAuthentication(Map map) {
+			return this.accessTokenConverter.extractAuthentication(map);
+		}
+	}
 }
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/CheckTokenEndpointTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/CheckTokenEndpointTest.java
index 87fc2ffb7..5c7dfd093 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/CheckTokenEndpointTest.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/CheckTokenEndpointTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2017 the original author or authors.
+ * Copyright 2012-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -25,8 +25,8 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.*;
+import static org.mockito.Matchers.any;
 import static org.mockito.Matchers.anyString;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
@@ -36,29 +36,36 @@
  */
 public class CheckTokenEndpointTest {
 	private CheckTokenEndpoint checkTokenEndpoint;
+	private AccessTokenConverter accessTokenConverter;
 
 	@Before
 	public void setUp() {
-		ResourceServerTokenServices resourceServerTokenServices = mock(ResourceServerTokenServices.class);
 		OAuth2AccessToken accessToken = mock(OAuth2AccessToken.class);
-		OAuth2Authentication authentication = mock(OAuth2Authentication.class);
-		when(resourceServerTokenServices.readAccessToken(anyString())).thenReturn(accessToken);
 		when(accessToken.isExpired()).thenReturn(false);
-		when(accessToken.getValue()).thenReturn("access-token-1234");
-		when(resourceServerTokenServices.loadAuthentication(accessToken.getValue())).thenReturn(authentication);
+		ResourceServerTokenServices resourceServerTokenServices = mock(ResourceServerTokenServices.class);
+		when(resourceServerTokenServices.readAccessToken(anyString())).thenReturn(accessToken);
 		this.checkTokenEndpoint = new CheckTokenEndpoint(resourceServerTokenServices);
-
-		AccessTokenConverter accessTokenConverter = mock(AccessTokenConverter.class);
-		when(accessTokenConverter.convertAccessToken(accessToken, authentication)).thenReturn(new HashMap());
-		this.checkTokenEndpoint.setAccessTokenConverter(accessTokenConverter);
+		this.accessTokenConverter = mock(AccessTokenConverter.class);
+		when(this.accessTokenConverter.convertAccessToken(any(OAuth2AccessToken.class), any(OAuth2Authentication.class))).thenReturn(new HashMap());
+		this.checkTokenEndpoint.setAccessTokenConverter(new CheckTokenEndpoint.CheckTokenAccessTokenConverter(this.accessTokenConverter));
 	}
 
 	// gh-1070
 	@Test
-	public void checkTokenWhenTokenValidThenReturnActiveAttribute() throws Exception {
+	public void checkTokenWhenDefaultAccessTokenConverterThenActiveAttributeReturned() throws Exception {
 		Map response = this.checkTokenEndpoint.checkToken("access-token-1234");
 		Object active = response.get("active");
 		assertNotNull("active is null", active);
 		assertEquals("active not true", Boolean.TRUE, active);
 	}
+
+	// gh-1591
+	@Test
+	public void checkTokenWhenCustomAccessTokenConverterThenActiveAttributeNotReturned() throws Exception {
+		this.accessTokenConverter = mock(AccessTokenConverter.class);
+		when(this.accessTokenConverter.convertAccessToken(any(OAuth2AccessToken.class), any(OAuth2Authentication.class))).thenReturn(new HashMap());
+		this.checkTokenEndpoint.setAccessTokenConverter(this.accessTokenConverter);
+		Map response = this.checkTokenEndpoint.checkToken("access-token-1234");
+		assertNull("active is not null", response.get("active"));
+	}
 }
\ No newline at end of file

From a453deac3b3fe2c380dde59aaebd9e220453a31c Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Tue, 19 Feb 2019 14:47:00 -0500
Subject: [PATCH 185/345] Release version 2.3.5.RELEASE

---
 pom.xml                                        | 2 +-
 samples/oauth/sparklr/pom.xml                  | 2 +-
 samples/oauth/tonr/pom.xml                     | 2 +-
 samples/oauth2/sparklr/pom.xml                 | 2 +-
 samples/oauth2/tonr/pom.xml                    | 2 +-
 samples/pom.xml                                | 2 +-
 spring-security-oauth/pom.xml                  | 2 +-
 spring-security-oauth2/pom.xml                 | 2 +-
 tests/annotation/approval/pom.xml              | 2 +-
 tests/annotation/client/pom.xml                | 2 +-
 tests/annotation/common/pom.xml                | 2 +-
 tests/annotation/custom-authentication/pom.xml | 2 +-
 tests/annotation/custom-grant/pom.xml          | 2 +-
 tests/annotation/form/pom.xml                  | 2 +-
 tests/annotation/jaxb/pom.xml                  | 2 +-
 tests/annotation/jdbc/pom.xml                  | 2 +-
 tests/annotation/jpa/pom.xml                   | 2 +-
 tests/annotation/jwt/pom.xml                   | 2 +-
 tests/annotation/mappings/pom.xml              | 2 +-
 tests/annotation/multi/pom.xml                 | 2 +-
 tests/annotation/pom.xml                       | 4 ++--
 tests/annotation/resource/pom.xml              | 2 +-
 tests/annotation/ssl/pom.xml                   | 2 +-
 tests/annotation/vanilla/pom.xml               | 2 +-
 tests/pom.xml                                  | 2 +-
 tests/xml/approval/pom.xml                     | 2 +-
 tests/xml/client/pom.xml                       | 2 +-
 tests/xml/common/pom.xml                       | 2 +-
 tests/xml/form/pom.xml                         | 2 +-
 tests/xml/jdbc/pom.xml                         | 2 +-
 tests/xml/jwt/pom.xml                          | 2 +-
 tests/xml/mappings/pom.xml                     | 2 +-
 tests/xml/pom.xml                              | 4 ++--
 tests/xml/vanilla/pom.xml                      | 2 +-
 34 files changed, 36 insertions(+), 36 deletions(-)

diff --git a/pom.xml b/pom.xml
index 05585aaf0..0bf41e81f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
   OAuth for Spring Security
   Parent Project for OAuth Support for Spring Security
   pom
-  2.3.5.BUILD-SNAPSHOT
+  2.3.5.RELEASE
   http://static.springframework.org/spring-security/oauth
 
   
diff --git a/samples/oauth/sparklr/pom.xml b/samples/oauth/sparklr/pom.xml
index 518b1d4fe..81e507b5b 100644
--- a/samples/oauth/sparklr/pom.xml
+++ b/samples/oauth/sparklr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.3.5.BUILD-SNAPSHOT
+		2.3.5.RELEASE
 		../../..
 	
 
diff --git a/samples/oauth/tonr/pom.xml b/samples/oauth/tonr/pom.xml
index c7c5851bd..c530378d9 100644
--- a/samples/oauth/tonr/pom.xml
+++ b/samples/oauth/tonr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.3.5.BUILD-SNAPSHOT
+		2.3.5.RELEASE
 		../../..
 	
 
diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml
index 142246451..021b4cebe 100644
--- a/samples/oauth2/sparklr/pom.xml
+++ b/samples/oauth2/sparklr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.3.5.BUILD-SNAPSHOT
+		2.3.5.RELEASE
 		../../..
 	
 
diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml
index 52ae2ad59..48d83fc77 100644
--- a/samples/oauth2/tonr/pom.xml
+++ b/samples/oauth2/tonr/pom.xml
@@ -6,7 +6,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.3.5.BUILD-SNAPSHOT
+		2.3.5.RELEASE
 		../../..
 	
 
diff --git a/samples/pom.xml b/samples/pom.xml
index 51e5e4122..34aa5f2b6 100755
--- a/samples/pom.xml
+++ b/samples/pom.xml
@@ -4,7 +4,7 @@
   
     org.springframework.security.oauth
     spring-security-oauth-parent
-    2.3.5.BUILD-SNAPSHOT
+    2.3.5.RELEASE
   
 
   spring-security-oauth-samples
diff --git a/spring-security-oauth/pom.xml b/spring-security-oauth/pom.xml
index 792c9174c..859688f76 100644
--- a/spring-security-oauth/pom.xml
+++ b/spring-security-oauth/pom.xml
@@ -4,7 +4,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.3.5.BUILD-SNAPSHOT
+		2.3.5.RELEASE
 	
 
 	spring-security-oauth
diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml
index 28a1f44ad..e421c9b0b 100644
--- a/spring-security-oauth2/pom.xml
+++ b/spring-security-oauth2/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.3.5.BUILD-SNAPSHOT
+		2.3.5.RELEASE
 	
 
 	spring-security-oauth2
diff --git a/tests/annotation/approval/pom.xml b/tests/annotation/approval/pom.xml
index f889a32a7..b6580f3dd 100644
--- a/tests/annotation/approval/pom.xml
+++ b/tests/annotation/approval/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.3.5.BUILD-SNAPSHOT
+		2.3.5.RELEASE
 	
 
 	
diff --git a/tests/annotation/client/pom.xml b/tests/annotation/client/pom.xml
index cc42476aa..2a02b5e1d 100644
--- a/tests/annotation/client/pom.xml
+++ b/tests/annotation/client/pom.xml
@@ -11,7 +11,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.3.5.BUILD-SNAPSHOT
+		2.3.5.RELEASE
 	
 
 	
diff --git a/tests/annotation/common/pom.xml b/tests/annotation/common/pom.xml
index 72bf74c92..4e5120ac1 100644
--- a/tests/annotation/common/pom.xml
+++ b/tests/annotation/common/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.3.5.BUILD-SNAPSHOT
+		2.3.5.RELEASE
 	
 
 	
diff --git a/tests/annotation/custom-authentication/pom.xml b/tests/annotation/custom-authentication/pom.xml
index 83714af4e..7c8795c43 100644
--- a/tests/annotation/custom-authentication/pom.xml
+++ b/tests/annotation/custom-authentication/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.3.5.BUILD-SNAPSHOT
+		2.3.5.RELEASE
 	
 
 	
diff --git a/tests/annotation/custom-grant/pom.xml b/tests/annotation/custom-grant/pom.xml
index 4ef779184..fa788f66e 100644
--- a/tests/annotation/custom-grant/pom.xml
+++ b/tests/annotation/custom-grant/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.3.5.BUILD-SNAPSHOT
+		2.3.5.RELEASE
 	
 
 	
diff --git a/tests/annotation/form/pom.xml b/tests/annotation/form/pom.xml
index 562d0680e..2f75e7fcc 100644
--- a/tests/annotation/form/pom.xml
+++ b/tests/annotation/form/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.3.5.BUILD-SNAPSHOT
+		2.3.5.RELEASE
 	
 
 	
diff --git a/tests/annotation/jaxb/pom.xml b/tests/annotation/jaxb/pom.xml
index 30232a017..ab4d5b89b 100644
--- a/tests/annotation/jaxb/pom.xml
+++ b/tests/annotation/jaxb/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.3.5.BUILD-SNAPSHOT
+		2.3.5.RELEASE
 	
 
 	
diff --git a/tests/annotation/jdbc/pom.xml b/tests/annotation/jdbc/pom.xml
index f18a32b14..14f0ad9ec 100644
--- a/tests/annotation/jdbc/pom.xml
+++ b/tests/annotation/jdbc/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.3.5.BUILD-SNAPSHOT
+		2.3.5.RELEASE
 	
 
 	
diff --git a/tests/annotation/jpa/pom.xml b/tests/annotation/jpa/pom.xml
index 8f186ab91..298044e61 100644
--- a/tests/annotation/jpa/pom.xml
+++ b/tests/annotation/jpa/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.3.5.BUILD-SNAPSHOT
+		2.3.5.RELEASE
 	
 
 	
diff --git a/tests/annotation/jwt/pom.xml b/tests/annotation/jwt/pom.xml
index f1428bed6..b58ccc76f 100644
--- a/tests/annotation/jwt/pom.xml
+++ b/tests/annotation/jwt/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.3.5.BUILD-SNAPSHOT
+		2.3.5.RELEASE
 	
 
 	
diff --git a/tests/annotation/mappings/pom.xml b/tests/annotation/mappings/pom.xml
index 06bf2ded5..1dc2e7831 100644
--- a/tests/annotation/mappings/pom.xml
+++ b/tests/annotation/mappings/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.3.5.BUILD-SNAPSHOT
+		2.3.5.RELEASE
 	
 
 	
diff --git a/tests/annotation/multi/pom.xml b/tests/annotation/multi/pom.xml
index fcfdf9888..e77f1a114 100644
--- a/tests/annotation/multi/pom.xml
+++ b/tests/annotation/multi/pom.xml
@@ -9,7 +9,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.3.5.BUILD-SNAPSHOT
+		2.3.5.RELEASE
 	
 
 	
diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml
index 4de9e3ba7..634d56f3b 100644
--- a/tests/annotation/pom.xml
+++ b/tests/annotation/pom.xml
@@ -4,7 +4,7 @@
 
 	org.demo
 	spring-oauth2-tests-parent
-	2.3.5.BUILD-SNAPSHOT
+	2.3.5.RELEASE
     pom
 
     
@@ -39,7 +39,7 @@
 		
 			org.springframework.security.oauth
 			spring-security-oauth2
-			2.3.5.BUILD-SNAPSHOT
+			2.3.5.RELEASE
 			
 				
 					jackson-mapper-asl
diff --git a/tests/annotation/resource/pom.xml b/tests/annotation/resource/pom.xml
index 6d39a6602..1fcc8a346 100644
--- a/tests/annotation/resource/pom.xml
+++ b/tests/annotation/resource/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.3.5.BUILD-SNAPSHOT
+		2.3.5.RELEASE
 	
 
 	
diff --git a/tests/annotation/ssl/pom.xml b/tests/annotation/ssl/pom.xml
index 5a88daa77..b87dee1ed 100644
--- a/tests/annotation/ssl/pom.xml
+++ b/tests/annotation/ssl/pom.xml
@@ -11,7 +11,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.3.5.BUILD-SNAPSHOT
+		2.3.5.RELEASE
 	
 
 	
diff --git a/tests/annotation/vanilla/pom.xml b/tests/annotation/vanilla/pom.xml
index 12891f643..71d180769 100644
--- a/tests/annotation/vanilla/pom.xml
+++ b/tests/annotation/vanilla/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.3.5.BUILD-SNAPSHOT
+		2.3.5.RELEASE
 	
 
 	
diff --git a/tests/pom.xml b/tests/pom.xml
index c053c28bf..90eba8b08 100644
--- a/tests/pom.xml
+++ b/tests/pom.xml
@@ -4,7 +4,7 @@
   
     org.springframework.security.oauth
     spring-security-oauth-parent
-    2.3.5.BUILD-SNAPSHOT
+    2.3.5.RELEASE
   
 
   spring-security-oauth-tests
diff --git a/tests/xml/approval/pom.xml b/tests/xml/approval/pom.xml
index 46dc23330..8cb4a6412 100644
--- a/tests/xml/approval/pom.xml
+++ b/tests/xml/approval/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.3.5.BUILD-SNAPSHOT
+		2.3.5.RELEASE
 	
 
 	
diff --git a/tests/xml/client/pom.xml b/tests/xml/client/pom.xml
index cba66893b..70324030a 100644
--- a/tests/xml/client/pom.xml
+++ b/tests/xml/client/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.3.5.BUILD-SNAPSHOT
+		2.3.5.RELEASE
 	
 
 	
diff --git a/tests/xml/common/pom.xml b/tests/xml/common/pom.xml
index 167367d11..032b32afe 100644
--- a/tests/xml/common/pom.xml
+++ b/tests/xml/common/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.3.5.BUILD-SNAPSHOT
+		2.3.5.RELEASE
 	
 
 	
diff --git a/tests/xml/form/pom.xml b/tests/xml/form/pom.xml
index ce9acb9cc..d4d71b427 100644
--- a/tests/xml/form/pom.xml
+++ b/tests/xml/form/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.3.5.BUILD-SNAPSHOT
+		2.3.5.RELEASE
 	
 
 	
diff --git a/tests/xml/jdbc/pom.xml b/tests/xml/jdbc/pom.xml
index aa2808eb2..0b26fa136 100644
--- a/tests/xml/jdbc/pom.xml
+++ b/tests/xml/jdbc/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.3.5.BUILD-SNAPSHOT
+		2.3.5.RELEASE
 	
 
 	
diff --git a/tests/xml/jwt/pom.xml b/tests/xml/jwt/pom.xml
index abe7d86c2..760e0c0a2 100644
--- a/tests/xml/jwt/pom.xml
+++ b/tests/xml/jwt/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.3.5.BUILD-SNAPSHOT
+		2.3.5.RELEASE
 	
 
 	
diff --git a/tests/xml/mappings/pom.xml b/tests/xml/mappings/pom.xml
index 84c202fc6..17055406c 100644
--- a/tests/xml/mappings/pom.xml
+++ b/tests/xml/mappings/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.3.5.BUILD-SNAPSHOT
+		2.3.5.RELEASE
 	
 
 	
diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml
index 92810aa1b..21275e7da 100644
--- a/tests/xml/pom.xml
+++ b/tests/xml/pom.xml
@@ -4,7 +4,7 @@
 
 	org.demo
 	spring-oauth2-tests-xml-parent
-	2.3.5.BUILD-SNAPSHOT
+	2.3.5.RELEASE
     pom
 
     
@@ -33,7 +33,7 @@
 		
 			org.springframework.security.oauth
 			spring-security-oauth2
-			2.3.5.BUILD-SNAPSHOT
+			2.3.5.RELEASE
 			
 				
 					jackson-mapper-asl
diff --git a/tests/xml/vanilla/pom.xml b/tests/xml/vanilla/pom.xml
index 2a3b35e42..dfd8dde0e 100644
--- a/tests/xml/vanilla/pom.xml
+++ b/tests/xml/vanilla/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.3.5.BUILD-SNAPSHOT
+		2.3.5.RELEASE
 	
 
 	

From 05cfb0e079e171076fde8a87dc5b736faad455fb Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Tue, 19 Feb 2019 16:03:11 -0500
Subject: [PATCH 186/345] Next development version

---
 pom.xml                                        | 2 +-
 samples/oauth/sparklr/pom.xml                  | 2 +-
 samples/oauth/tonr/pom.xml                     | 2 +-
 samples/oauth2/sparklr/pom.xml                 | 2 +-
 samples/oauth2/tonr/pom.xml                    | 2 +-
 samples/pom.xml                                | 2 +-
 spring-security-oauth/pom.xml                  | 2 +-
 spring-security-oauth2/pom.xml                 | 2 +-
 tests/annotation/approval/pom.xml              | 2 +-
 tests/annotation/client/pom.xml                | 2 +-
 tests/annotation/common/pom.xml                | 2 +-
 tests/annotation/custom-authentication/pom.xml | 2 +-
 tests/annotation/custom-grant/pom.xml          | 2 +-
 tests/annotation/form/pom.xml                  | 2 +-
 tests/annotation/jaxb/pom.xml                  | 2 +-
 tests/annotation/jdbc/pom.xml                  | 2 +-
 tests/annotation/jpa/pom.xml                   | 2 +-
 tests/annotation/jwt/pom.xml                   | 2 +-
 tests/annotation/mappings/pom.xml              | 2 +-
 tests/annotation/multi/pom.xml                 | 2 +-
 tests/annotation/pom.xml                       | 4 ++--
 tests/annotation/resource/pom.xml              | 2 +-
 tests/annotation/ssl/pom.xml                   | 2 +-
 tests/annotation/vanilla/pom.xml               | 2 +-
 tests/pom.xml                                  | 2 +-
 tests/xml/approval/pom.xml                     | 2 +-
 tests/xml/client/pom.xml                       | 2 +-
 tests/xml/common/pom.xml                       | 2 +-
 tests/xml/form/pom.xml                         | 2 +-
 tests/xml/jdbc/pom.xml                         | 2 +-
 tests/xml/jwt/pom.xml                          | 2 +-
 tests/xml/mappings/pom.xml                     | 2 +-
 tests/xml/pom.xml                              | 4 ++--
 tests/xml/vanilla/pom.xml                      | 2 +-
 34 files changed, 36 insertions(+), 36 deletions(-)

diff --git a/pom.xml b/pom.xml
index 0bf41e81f..32474a878 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
   OAuth for Spring Security
   Parent Project for OAuth Support for Spring Security
   pom
-  2.3.5.RELEASE
+  2.3.6.BUILD-SNAPSHOT
   http://static.springframework.org/spring-security/oauth
 
   
diff --git a/samples/oauth/sparklr/pom.xml b/samples/oauth/sparklr/pom.xml
index 81e507b5b..bd44cf661 100644
--- a/samples/oauth/sparklr/pom.xml
+++ b/samples/oauth/sparklr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.3.5.RELEASE
+		2.3.6.BUILD-SNAPSHOT
 		../../..
 	
 
diff --git a/samples/oauth/tonr/pom.xml b/samples/oauth/tonr/pom.xml
index c530378d9..be01d9e76 100644
--- a/samples/oauth/tonr/pom.xml
+++ b/samples/oauth/tonr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.3.5.RELEASE
+		2.3.6.BUILD-SNAPSHOT
 		../../..
 	
 
diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml
index 021b4cebe..70a1d868b 100644
--- a/samples/oauth2/sparklr/pom.xml
+++ b/samples/oauth2/sparklr/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.3.5.RELEASE
+		2.3.6.BUILD-SNAPSHOT
 		../../..
 	
 
diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml
index 48d83fc77..af8c148b2 100644
--- a/samples/oauth2/tonr/pom.xml
+++ b/samples/oauth2/tonr/pom.xml
@@ -6,7 +6,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.3.5.RELEASE
+		2.3.6.BUILD-SNAPSHOT
 		../../..
 	
 
diff --git a/samples/pom.xml b/samples/pom.xml
index 34aa5f2b6..6be997346 100755
--- a/samples/pom.xml
+++ b/samples/pom.xml
@@ -4,7 +4,7 @@
   
     org.springframework.security.oauth
     spring-security-oauth-parent
-    2.3.5.RELEASE
+    2.3.6.BUILD-SNAPSHOT
   
 
   spring-security-oauth-samples
diff --git a/spring-security-oauth/pom.xml b/spring-security-oauth/pom.xml
index 859688f76..e7d99a71b 100644
--- a/spring-security-oauth/pom.xml
+++ b/spring-security-oauth/pom.xml
@@ -4,7 +4,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.3.5.RELEASE
+		2.3.6.BUILD-SNAPSHOT
 	
 
 	spring-security-oauth
diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml
index e421c9b0b..a0af01cf6 100644
--- a/spring-security-oauth2/pom.xml
+++ b/spring-security-oauth2/pom.xml
@@ -5,7 +5,7 @@
 	
 		org.springframework.security.oauth
 		spring-security-oauth-parent
-		2.3.5.RELEASE
+		2.3.6.BUILD-SNAPSHOT
 	
 
 	spring-security-oauth2
diff --git a/tests/annotation/approval/pom.xml b/tests/annotation/approval/pom.xml
index b6580f3dd..d3859e818 100644
--- a/tests/annotation/approval/pom.xml
+++ b/tests/annotation/approval/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.3.5.RELEASE
+		2.3.6.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/client/pom.xml b/tests/annotation/client/pom.xml
index 2a02b5e1d..de7f6f4e5 100644
--- a/tests/annotation/client/pom.xml
+++ b/tests/annotation/client/pom.xml
@@ -11,7 +11,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.3.5.RELEASE
+		2.3.6.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/common/pom.xml b/tests/annotation/common/pom.xml
index 4e5120ac1..069432372 100644
--- a/tests/annotation/common/pom.xml
+++ b/tests/annotation/common/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.3.5.RELEASE
+		2.3.6.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/custom-authentication/pom.xml b/tests/annotation/custom-authentication/pom.xml
index 7c8795c43..d7b764413 100644
--- a/tests/annotation/custom-authentication/pom.xml
+++ b/tests/annotation/custom-authentication/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.3.5.RELEASE
+		2.3.6.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/custom-grant/pom.xml b/tests/annotation/custom-grant/pom.xml
index fa788f66e..14ba8b794 100644
--- a/tests/annotation/custom-grant/pom.xml
+++ b/tests/annotation/custom-grant/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.3.5.RELEASE
+		2.3.6.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/form/pom.xml b/tests/annotation/form/pom.xml
index 2f75e7fcc..974761a37 100644
--- a/tests/annotation/form/pom.xml
+++ b/tests/annotation/form/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.3.5.RELEASE
+		2.3.6.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/jaxb/pom.xml b/tests/annotation/jaxb/pom.xml
index ab4d5b89b..02077e121 100644
--- a/tests/annotation/jaxb/pom.xml
+++ b/tests/annotation/jaxb/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.3.5.RELEASE
+		2.3.6.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/jdbc/pom.xml b/tests/annotation/jdbc/pom.xml
index 14f0ad9ec..fc2510e72 100644
--- a/tests/annotation/jdbc/pom.xml
+++ b/tests/annotation/jdbc/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.3.5.RELEASE
+		2.3.6.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/jpa/pom.xml b/tests/annotation/jpa/pom.xml
index 298044e61..5ed4c2b2e 100644
--- a/tests/annotation/jpa/pom.xml
+++ b/tests/annotation/jpa/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.3.5.RELEASE
+		2.3.6.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/jwt/pom.xml b/tests/annotation/jwt/pom.xml
index b58ccc76f..50248ff34 100644
--- a/tests/annotation/jwt/pom.xml
+++ b/tests/annotation/jwt/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.3.5.RELEASE
+		2.3.6.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/mappings/pom.xml b/tests/annotation/mappings/pom.xml
index 1dc2e7831..db71b5234 100644
--- a/tests/annotation/mappings/pom.xml
+++ b/tests/annotation/mappings/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.3.5.RELEASE
+		2.3.6.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/multi/pom.xml b/tests/annotation/multi/pom.xml
index e77f1a114..7a2035b3a 100644
--- a/tests/annotation/multi/pom.xml
+++ b/tests/annotation/multi/pom.xml
@@ -9,7 +9,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.3.5.RELEASE
+		2.3.6.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml
index 634d56f3b..db787f9e2 100644
--- a/tests/annotation/pom.xml
+++ b/tests/annotation/pom.xml
@@ -4,7 +4,7 @@
 
 	org.demo
 	spring-oauth2-tests-parent
-	2.3.5.RELEASE
+	2.3.6.BUILD-SNAPSHOT
     pom
 
     
@@ -39,7 +39,7 @@
 		
 			org.springframework.security.oauth
 			spring-security-oauth2
-			2.3.5.RELEASE
+			2.3.6.BUILD-SNAPSHOT
 			
 				
 					jackson-mapper-asl
diff --git a/tests/annotation/resource/pom.xml b/tests/annotation/resource/pom.xml
index 1fcc8a346..c14109ae9 100644
--- a/tests/annotation/resource/pom.xml
+++ b/tests/annotation/resource/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.3.5.RELEASE
+		2.3.6.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/ssl/pom.xml b/tests/annotation/ssl/pom.xml
index b87dee1ed..490f72a27 100644
--- a/tests/annotation/ssl/pom.xml
+++ b/tests/annotation/ssl/pom.xml
@@ -11,7 +11,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.3.5.RELEASE
+		2.3.6.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/annotation/vanilla/pom.xml b/tests/annotation/vanilla/pom.xml
index 71d180769..14b32c5e5 100644
--- a/tests/annotation/vanilla/pom.xml
+++ b/tests/annotation/vanilla/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-parent
-		2.3.5.RELEASE
+		2.3.6.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/pom.xml b/tests/pom.xml
index 90eba8b08..4e9e1eb5f 100644
--- a/tests/pom.xml
+++ b/tests/pom.xml
@@ -4,7 +4,7 @@
   
     org.springframework.security.oauth
     spring-security-oauth-parent
-    2.3.5.RELEASE
+    2.3.6.BUILD-SNAPSHOT
   
 
   spring-security-oauth-tests
diff --git a/tests/xml/approval/pom.xml b/tests/xml/approval/pom.xml
index 8cb4a6412..d075f7721 100644
--- a/tests/xml/approval/pom.xml
+++ b/tests/xml/approval/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.3.5.RELEASE
+		2.3.6.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/client/pom.xml b/tests/xml/client/pom.xml
index 70324030a..57b33458f 100644
--- a/tests/xml/client/pom.xml
+++ b/tests/xml/client/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.3.5.RELEASE
+		2.3.6.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/common/pom.xml b/tests/xml/common/pom.xml
index 032b32afe..167261833 100644
--- a/tests/xml/common/pom.xml
+++ b/tests/xml/common/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.3.5.RELEASE
+		2.3.6.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/form/pom.xml b/tests/xml/form/pom.xml
index d4d71b427..7ffa953e9 100644
--- a/tests/xml/form/pom.xml
+++ b/tests/xml/form/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.3.5.RELEASE
+		2.3.6.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/jdbc/pom.xml b/tests/xml/jdbc/pom.xml
index 0b26fa136..0a1d67871 100644
--- a/tests/xml/jdbc/pom.xml
+++ b/tests/xml/jdbc/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.3.5.RELEASE
+		2.3.6.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/jwt/pom.xml b/tests/xml/jwt/pom.xml
index 760e0c0a2..5eaaa6a40 100644
--- a/tests/xml/jwt/pom.xml
+++ b/tests/xml/jwt/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.3.5.RELEASE
+		2.3.6.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/mappings/pom.xml b/tests/xml/mappings/pom.xml
index 17055406c..486a44c8b 100644
--- a/tests/xml/mappings/pom.xml
+++ b/tests/xml/mappings/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.3.5.RELEASE
+		2.3.6.BUILD-SNAPSHOT
 	
 
 	
diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml
index 21275e7da..cc6330292 100644
--- a/tests/xml/pom.xml
+++ b/tests/xml/pom.xml
@@ -4,7 +4,7 @@
 
 	org.demo
 	spring-oauth2-tests-xml-parent
-	2.3.5.RELEASE
+	2.3.6.BUILD-SNAPSHOT
     pom
 
     
@@ -33,7 +33,7 @@
 		
 			org.springframework.security.oauth
 			spring-security-oauth2
-			2.3.5.RELEASE
+			2.3.6.BUILD-SNAPSHOT
 			
 				
 					jackson-mapper-asl
diff --git a/tests/xml/vanilla/pom.xml b/tests/xml/vanilla/pom.xml
index dfd8dde0e..1edef3c55 100644
--- a/tests/xml/vanilla/pom.xml
+++ b/tests/xml/vanilla/pom.xml
@@ -10,7 +10,7 @@
 	
 		org.demo
 		spring-oauth2-tests-xml-parent
-		2.3.5.RELEASE
+		2.3.6.BUILD-SNAPSHOT
 	
 
 	

From 9946272766c42d3e54c40099d37b7ebf5e25bb44 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Fri, 22 Feb 2019 15:31:17 -0500
Subject: [PATCH 187/345] AuthenticationEntryPoint set on
 BasicAuthenticationFilter

Fixes gh-501
---
 ...AuthorizationServerSecurityConfigurer.java |   4 +-
 .../Gh501EnableAuthorizationServerTests.java  | 148 ++++++++++++++++++
 .../jaxb/src/main/java/demo/Application.java  |  10 +-
 3 files changed, 154 insertions(+), 8 deletions(-)
 create mode 100644 spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/Gh501EnableAuthorizationServerTests.java

diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerSecurityConfigurer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerSecurityConfigurer.java
index 3e37e2b4c..7c34c2e3d 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerSecurityConfigurer.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerSecurityConfigurer.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2013 the original author or authors.
+ * Copyright 2002-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not
  * use this file except in compliance with the License. You may obtain a copy of
@@ -141,7 +141,7 @@ public void init(HttpSecurity http) throws Exception {
 			http.userDetailsService(new ClientDetailsUserDetailsService(clientDetailsService()));
 		}
 		http.securityContext().securityContextRepository(new NullSecurityContextRepository()).and().csrf().disable()
-				.httpBasic().realmName(realm);
+				.httpBasic().authenticationEntryPoint(this.authenticationEntryPoint).realmName(realm);
 		if (sslOnly) {
 			http.requiresChannel().anyRequest().requiresSecure();
 		}
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/Gh501EnableAuthorizationServerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/Gh501EnableAuthorizationServerTests.java
new file mode 100644
index 000000000..062dab6b3
--- /dev/null
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/Gh501EnableAuthorizationServerTests.java
@@ -0,0 +1,148 @@
+/*
+ * Copyright 2012-2019 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.config.annotation;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.crypto.codec.Base64;
+import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
+import org.springframework.security.oauth2.provider.ClientDetails;
+import org.springframework.security.oauth2.provider.ClientDetailsService;
+import org.springframework.security.oauth2.provider.ClientRegistrationException;
+import org.springframework.security.oauth2.provider.client.BaseClientDetails;
+import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.FilterChainProxy;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.web.context.WebApplicationContext;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.UnsupportedEncodingException;
+
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.verify;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+/**
+ * gh-501
+ *
+ * @author Joe Grandja
+ */
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration
+@WebAppConfiguration
+public class Gh501EnableAuthorizationServerTests {
+	private static final String CLIENT_ID = "client-1234";
+	private static final String CLIENT_SECRET = "secret-1234";
+	private static BaseClientDetails client;
+
+	@Autowired
+	WebApplicationContext context;
+
+	@Autowired
+	FilterChainProxy springSecurityFilterChain;
+
+	MockMvc mockMvc;
+
+	static {
+		client = new BaseClientDetails(CLIENT_ID, null, "read,write", "client_credentials", null);
+		client.setClientSecret(CLIENT_SECRET);
+	}
+
+	@Before
+	public void setup() {
+		mockMvc = MockMvcBuilders.webAppContextSetup(context).addFilters(springSecurityFilterChain).build();
+	}
+
+	@Test
+	public void clientAuthenticationFailsThenCustomAuthenticationEntryPointCalled() throws Exception {
+		mockMvc.perform(post("/oauth/token")
+				.param("grant_type", "client_credentials")
+				.header("Authorization", httpBasicCredentials(CLIENT_ID, "invalid-secret")))
+				.andExpect(status().isUnauthorized());
+
+		verify(AuthorizationServerConfig.authenticationEntryPoint).commence(
+				any(HttpServletRequest.class), any(HttpServletResponse.class), any(AuthenticationException.class));
+	}
+
+	private String httpBasicCredentials(String userName, String password) {
+		String headerValue = "Basic ";
+		byte[] toEncode = null;
+		try {
+			toEncode = (userName + ":" + password).getBytes("UTF-8");
+		} catch (UnsupportedEncodingException e) { }
+		headerValue += new String(Base64.encode(toEncode));
+		return headerValue;
+	}
+
+	@Configuration
+	@EnableAuthorizationServer
+	@EnableWebMvc
+	static class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
+		private static AuthenticationEntryPoint authenticationEntryPoint = spy(new OAuth2AuthenticationEntryPoint());
+
+		@Override
+		public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
+			security.authenticationEntryPoint(authenticationEntryPoint);
+		}
+
+		@Override
+		public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
+			clients.withClientDetails(clientDetailsService());
+		}
+
+		@Bean
+		public ClientDetailsService clientDetailsService() {
+			return new ClientDetailsService() {
+				@Override
+				public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
+					return client;
+				}
+			};
+		}
+	}
+
+	@Configuration
+	@EnableWebSecurity
+	static class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			http
+				.authorizeRequests()
+					.anyRequest().authenticated();
+		}
+	}
+}
diff --git a/tests/annotation/jaxb/src/main/java/demo/Application.java b/tests/annotation/jaxb/src/main/java/demo/Application.java
index 56ed06c4a..3ff888b30 100644
--- a/tests/annotation/jaxb/src/main/java/demo/Application.java
+++ b/tests/annotation/jaxb/src/main/java/demo/Application.java
@@ -1,8 +1,5 @@
 package demo;
 
-import java.util.ArrayList;
-import java.util.List;
-
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
@@ -27,6 +24,8 @@
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
 
+import java.util.List;
+
 @SpringBootApplication
 @EnableResourceServer
 @RestController
@@ -72,15 +71,14 @@ private AccessDeniedHandler accessDeniedHandler() {
 
 		private AuthenticationEntryPoint authenticationEntryPoint() {
 			OAuth2AuthenticationEntryPoint authenticationEntryPoint = new OAuth2AuthenticationEntryPoint();
+			authenticationEntryPoint.setTypeName("Basic");
+			authenticationEntryPoint.setRealmName("oauth2/client");
 			authenticationEntryPoint.setExceptionRenderer(exceptionRenderer());
 			return authenticationEntryPoint;
 		}
 
 		private OAuth2ExceptionRenderer exceptionRenderer() {
 			DefaultOAuth2ExceptionRenderer exceptionRenderer = new DefaultOAuth2ExceptionRenderer();
-			List> converters = new ArrayList<>();
-			converters.add(new JaxbOAuth2ExceptionMessageConverter());
-			exceptionRenderer.setMessageConverters(converters);
 			return exceptionRenderer;
 		}
 

From d2f5401f5789c36e42a51995d61ca4daf74fa8c3 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Mon, 25 Feb 2019 12:22:49 -0500
Subject: [PATCH 188/345] Fix test

Issue gh-501
---
 .../annotation/Gh501EnableAuthorizationServerTests.java    | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/Gh501EnableAuthorizationServerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/Gh501EnableAuthorizationServerTests.java
index 062dab6b3..a4da13677 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/Gh501EnableAuthorizationServerTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/Gh501EnableAuthorizationServerTests.java
@@ -26,6 +26,8 @@
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.crypto.codec.Base64;
+import org.springframework.security.crypto.password.NoOpPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
@@ -144,5 +146,10 @@ protected void configure(HttpSecurity http) throws Exception {
 				.authorizeRequests()
 					.anyRequest().authenticated();
 		}
+
+		@Bean
+		public PasswordEncoder passwordEncoder() {
+			return NoOpPasswordEncoder.getInstance();
+		}
 	}
 }

From 31377e0c8aaafbe23a987477632546f29dd9e3bd Mon Sep 17 00:00:00 2001
From: Spring Operator 
Date: Tue, 5 Mar 2019 21:00:57 -0600
Subject: [PATCH 189/345] URL Cleanup

This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).

# HTTP URLs that Could Not Be Fixed
These URLs were unable to be fixed. Please review them to see if they can be manually resolved.

* http://junit.sourceforge.net/javadoc/ (200) migrated to:
  http://junit.sourceforge.net/javadoc/ ([https](https://junit.sourceforge.net/javadoc/) result AnnotatedConnectException).

# Fixed URLs

## Fixed But Review Recommended
These URLs were fixed, but the https status was not OK. However, the https status was the same as the http request or http redirected to an https URL, so they were migrated. Your review is recommended.

* http://jakarta.apache.org/regexp/apidocs/ (404) migrated to:
  https://jakarta.apache.org/regexp/apidocs/ ([https](https://jakarta.apache.org/regexp/apidocs/) result 404).
* http://logging.apache.org/log4j/docs/api/ (404) migrated to:
  https://logging.apache.org/log4j/docs/api/ ([https](https://logging.apache.org/log4j/docs/api/) result 404).
* http://oauth.googlecode.com/svn/code/maven/ (404) migrated to:
  https://oauth.googlecode.com/svn/code/maven/ ([https](https://oauth.googlecode.com/svn/code/maven/) result 404).

## Fixed Success
These URLs were fixed successfully.

* http://github.com/spring-projects/spring-security-oauth migrated to:
  https://github.com/spring-projects/spring-security-oauth ([https](https://github.com/spring-projects/spring-security-oauth) result 200).
* http://www.apache.org/licenses/LICENSE-2.0 migrated to:
  https://www.apache.org/licenses/LICENSE-2.0 ([https](https://www.apache.org/licenses/LICENSE-2.0) result 200).
* http://www.apache.org/licenses/LICENSE-2.0.txt migrated to:
  https://www.apache.org/licenses/LICENSE-2.0.txt ([https](https://www.apache.org/licenses/LICENSE-2.0.txt) result 200).
* http://static.springframework.org/spring-security/oauth (301) migrated to:
  https://docs.spring.io/spring-security/oauth ([https](https://static.springframework.org/spring-security/oauth) result 301).
* http://static.springframework.org/spring-security/oauth/samples (301) migrated to:
  https://docs.spring.io/spring-security/oauth/samples ([https](https://static.springframework.org/spring-security/oauth/samples) result 301).
* http://static.springframework.org/spring/docs/2.5.x/api/ (301) migrated to:
  https://docs.spring.io/spring/docs/2.5.x/api/ ([https](https://static.springframework.org/spring/docs/2.5.x/api/) result 301).
* http://forum.springframework.org/forumdisplay.php?f=79 migrated to:
  https://forum.springframework.org/forumdisplay.php?f=79 ([https](https://forum.springframework.org/forumdisplay.php?f=79) result 301).
* http://github.com/SpringSource/spring-security-oauth migrated to:
  https://github.com/SpringSource/spring-security-oauth ([https](https://github.com/SpringSource/spring-security-oauth) result 301).
* http://jakarta.apache.org/commons/collections/apidocs-COLLECTIONS_3_0/ migrated to:
  https://jakarta.apache.org/commons/collections/apidocs-COLLECTIONS_3_0/ ([https](https://jakarta.apache.org/commons/collections/apidocs-COLLECTIONS_3_0/) result 301).
* http://jakarta.apache.org/commons/dbcp/apidocs/ migrated to:
  https://jakarta.apache.org/commons/dbcp/apidocs/ ([https](https://jakarta.apache.org/commons/dbcp/apidocs/) result 301).
* http://jakarta.apache.org/commons/fileupload/apidocs/ migrated to:
  https://jakarta.apache.org/commons/fileupload/apidocs/ ([https](https://jakarta.apache.org/commons/fileupload/apidocs/) result 301).
* http://jakarta.apache.org/commons/httpclient/apidocs/ migrated to:
  https://jakarta.apache.org/commons/httpclient/apidocs/ ([https](https://jakarta.apache.org/commons/httpclient/apidocs/) result 301).
* http://jakarta.apache.org/commons/logging/apidocs/ migrated to:
  https://jakarta.apache.org/commons/logging/apidocs/ ([https](https://jakarta.apache.org/commons/logging/apidocs/) result 301).
* http://jakarta.apache.org/commons/pool/apidocs/ migrated to:
  https://jakarta.apache.org/commons/pool/apidocs/ ([https](https://jakarta.apache.org/commons/pool/apidocs/) result 301).
* http://jakarta.apache.org/velocity/api/ migrated to:
  https://jakarta.apache.org/velocity/api/ ([https](https://jakarta.apache.org/velocity/api/) result 301).
* http://opensource.atlassian.com/projects/spring/browse/SECOAUTH migrated to:
  https://opensource.atlassian.com/projects/spring/browse/SECOAUTH ([https](https://opensource.atlassian.com/projects/spring/browse/SECOAUTH) result 301).
* http://www.springsource.com migrated to:
  https://www.springsource.com ([https](https://www.springsource.com) result 301).
* http://repo.spring.io/libs-milestone-local migrated to:
  https://repo.spring.io/libs-milestone-local ([https](https://repo.spring.io/libs-milestone-local) result 302).
* http://repo.spring.io/libs-release-local migrated to:
  https://repo.spring.io/libs-release-local ([https](https://repo.spring.io/libs-release-local) result 302).
* http://repo.spring.io/libs-snapshot migrated to:
  https://repo.spring.io/libs-snapshot ([https](https://repo.spring.io/libs-snapshot) result 302).
* http://repo.spring.io/libs-snapshot-local migrated to:
  https://repo.spring.io/libs-snapshot-local ([https](https://repo.spring.io/libs-snapshot-local) result 302).
* http://repo.spring.io/milestone migrated to:
  https://repo.spring.io/milestone ([https](https://repo.spring.io/milestone) result 302).
* http://repo.spring.io/release migrated to:
  https://repo.spring.io/release ([https](https://repo.spring.io/release) result 302).
* http://repo.spring.io/snapshot migrated to:
  https://repo.spring.io/snapshot ([https](https://repo.spring.io/snapshot) result 302).

# Ignored
These URLs were intentionally ignored.

* http://java.sun.com/j2ee/1.4/docs/api
* http://java.sun.com/j2se/1.5.0/docs/api
* http://maven.apache.org/POM/4.0.0
* http://maven.apache.org/maven-v4_0_0.xsd
* http://maven.apache.org/xsd/maven-4.0.0.xsd
* http://www.w3.org/2001/XMLSchema-instance
---
 mvnw                            |  2 +-
 mvnw.cmd                        |  2 +-
 pom.xml                         | 50 ++++++++++++++++-----------------
 samples/oauth/sparklr/pom.xml   |  2 +-
 samples/oauth/tonr/pom.xml      |  2 +-
 samples/oauth2/sparklr/pom.xml  |  2 +-
 samples/oauth2/tonr/pom.xml     |  2 +-
 samples/pom.xml                 |  2 +-
 spring-security-jwt/mvnw        |  2 +-
 spring-security-jwt/mvnw.cmd    |  2 +-
 spring-security-jwt/pom.xml     |  8 +++---
 tests/annotation/common/pom.xml |  6 ++--
 tests/annotation/pom.xml        | 10 +++----
 tests/xml/common/pom.xml        |  6 ++--
 14 files changed, 49 insertions(+), 49 deletions(-)

diff --git a/mvnw b/mvnw
index 53c0d7219..02f96acef 100755
--- a/mvnw
+++ b/mvnw
@@ -8,7 +8,7 @@
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
-#    http://www.apache.org/licenses/LICENSE-2.0
+#    https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
diff --git a/mvnw.cmd b/mvnw.cmd
index fc8302432..eb9a292a7 100644
--- a/mvnw.cmd
+++ b/mvnw.cmd
@@ -7,7 +7,7 @@
 @REM "License"); you may not use this file except in compliance
 @REM with the License.  You may obtain a copy of the License at
 @REM
-@REM    http://www.apache.org/licenses/LICENSE-2.0
+@REM    https://www.apache.org/licenses/LICENSE-2.0
 @REM
 @REM Unless required by applicable law or agreed to in writing,
 @REM software distributed under the License is distributed on an
diff --git a/pom.xml b/pom.xml
index 32474a878..be056fde5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
   Parent Project for OAuth Support for Spring Security
   pom
   2.3.6.BUILD-SNAPSHOT
-  http://static.springframework.org/spring-security/oauth
+  https://docs.spring.io/spring-security/oauth
 
   
     spring-security-oauth
@@ -27,20 +27,20 @@
   
 
   
-    http://github.com/SpringSource/spring-security-oauth
+    https://github.com/SpringSource/spring-security-oauth
     scm:git:git://github.com/SpringSource/spring-security-oauth.git
     scm:git:ssh://git@github.com/SpringSource/spring-security-oauth.git
     HEAD
   
   
     JIRA
-    http://opensource.atlassian.com/projects/spring/browse/SECOAUTH
+    https://opensource.atlassian.com/projects/spring/browse/SECOAUTH
   
   
     
       Spring Security OAuth Forum
-      http://forum.springframework.org/forumdisplay.php?f=79
-      http://forum.springframework.org/forumdisplay.php?f=79
+      https://forum.springframework.org/forumdisplay.php?f=79
+      https://forum.springframework.org/forumdisplay.php?f=79
     
   
   
@@ -50,7 +50,7 @@
   
     
       Apache 2.0
-      http://www.apache.org/licenses/LICENSE-2.0.txt
+      https://www.apache.org/licenses/LICENSE-2.0.txt
     
   
 
@@ -94,22 +94,22 @@
         
           repo.spring.io-milestone
           Spring Framework Milestone Repository
-          http://repo.spring.io/libs-milestone-local
+          https://repo.spring.io/libs-milestone-local
         
         
           repo.spring.io-release
           Spring Framework Release Repository
-          http://repo.spring.io/libs-release-local
+          https://repo.spring.io/libs-release-local
         
         
           repo.spring.io-snapshot
           Spring Framework Maven Snapshot Repository
-          http://repo.spring.io/libs-snapshot-local
+          https://repo.spring.io/libs-snapshot-local
           true
         
         
           oauth.googlecode.net
-          http://oauth.googlecode.com/svn/code/maven/
+          https://oauth.googlecode.com/svn/code/maven/
         
       
     
@@ -119,7 +119,7 @@
             
               repo.spring.io
               Spring Milestone Repository
-              http://repo.spring.io/libs-milestone-local
+              https://repo.spring.io/libs-milestone-local
             
       
     
@@ -176,12 +176,12 @@
             
                 repo.spring.io-milestone
                 Spring Framework Milestone Repository
-                http://repo.spring.io/libs-milestone-local
+                https://repo.spring.io/libs-milestone-local
             
             
                 repo.spring.io-snapshot
                 Spring Framework Maven Snapshot Repository
-                http://repo.spring.io/libs-snapshot-local
+                https://repo.spring.io/libs-snapshot-local
                 true
             
         
@@ -472,17 +472,17 @@
           
             http://java.sun.com/j2ee/1.4/docs/api
             http://java.sun.com/j2se/1.5.0/docs/api
-            http://jakarta.apache.org/commons/collections/apidocs-COLLECTIONS_3_0/
-            http://jakarta.apache.org/commons/dbcp/apidocs/
-            http://jakarta.apache.org/commons/fileupload/apidocs/
-            http://jakarta.apache.org/commons/httpclient/apidocs/
-            http://jakarta.apache.org/commons/pool/apidocs/
-            http://jakarta.apache.org/commons/logging/apidocs/
+            https://jakarta.apache.org/commons/collections/apidocs-COLLECTIONS_3_0/
+            https://jakarta.apache.org/commons/dbcp/apidocs/
+            https://jakarta.apache.org/commons/fileupload/apidocs/
+            https://jakarta.apache.org/commons/httpclient/apidocs/
+            https://jakarta.apache.org/commons/pool/apidocs/
+            https://jakarta.apache.org/commons/logging/apidocs/
             http://junit.sourceforge.net/javadoc/
-            http://logging.apache.org/log4j/docs/api/
-            http://jakarta.apache.org/regexp/apidocs/
-            http://jakarta.apache.org/velocity/api/
-            http://static.springframework.org/spring/docs/2.5.x/api/
+            https://logging.apache.org/log4j/docs/api/
+            https://jakarta.apache.org/regexp/apidocs/
+            https://jakarta.apache.org/velocity/api/
+            https://docs.spring.io/spring/docs/2.5.x/api/
           
           example
         
@@ -504,13 +504,13 @@
     
       repo.spring.io
       Spring Release Repository
-      http://repo.spring.io/libs-release-local
+      https://repo.spring.io/libs-release-local
     
 
     
       repo.spring.io
       Spring Snapshot Repository
-      http://repo.spring.io/libs-snapshot-local
+      https://repo.spring.io/libs-snapshot-local
     
 
   
diff --git a/samples/oauth/sparklr/pom.xml b/samples/oauth/sparklr/pom.xml
index bd44cf661..ae43f43aa 100644
--- a/samples/oauth/sparklr/pom.xml
+++ b/samples/oauth/sparklr/pom.xml
@@ -47,7 +47,7 @@
 		
 			spring
 			Spring Framework Repository
-			http://repo.spring.io/libs-snapshot
+			https://repo.spring.io/libs-snapshot
 		
 	
 
diff --git a/samples/oauth/tonr/pom.xml b/samples/oauth/tonr/pom.xml
index be01d9e76..88d9561ad 100644
--- a/samples/oauth/tonr/pom.xml
+++ b/samples/oauth/tonr/pom.xml
@@ -51,7 +51,7 @@
 		
 			spring
 			Spring Framework Repository
-			http://repo.spring.io/libs-snapshot
+			https://repo.spring.io/libs-snapshot
 		
 	
 
diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml
index 70a1d868b..eb49c2f47 100644
--- a/samples/oauth2/sparklr/pom.xml
+++ b/samples/oauth2/sparklr/pom.xml
@@ -110,7 +110,7 @@
 		
 			spring
 			Spring Framework Repository
-			http://repo.spring.io/libs-snapshot
+			https://repo.spring.io/libs-snapshot
 		
 	
 
diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml
index af8c148b2..85e4f0967 100644
--- a/samples/oauth2/tonr/pom.xml
+++ b/samples/oauth2/tonr/pom.xml
@@ -121,7 +121,7 @@
 		
 			spring
 			Spring Framework Repository
-			http://repo.spring.io/libs-snapshot
+			https://repo.spring.io/libs-snapshot
 		
 	
 
diff --git a/samples/pom.xml b/samples/pom.xml
index 6be997346..31f7e8e11 100755
--- a/samples/pom.xml
+++ b/samples/pom.xml
@@ -19,7 +19,7 @@
     oauth2/tonr
   
 
-  http://static.springframework.org/spring-security/oauth/samples
+  https://docs.spring.io/spring-security/oauth/samples
 
   
 	
diff --git a/spring-security-jwt/mvnw b/spring-security-jwt/mvnw
index 53c0d7219..02f96acef 100755
--- a/spring-security-jwt/mvnw
+++ b/spring-security-jwt/mvnw
@@ -8,7 +8,7 @@
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
-#    http://www.apache.org/licenses/LICENSE-2.0
+#    https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
diff --git a/spring-security-jwt/mvnw.cmd b/spring-security-jwt/mvnw.cmd
index fc8302432..eb9a292a7 100644
--- a/spring-security-jwt/mvnw.cmd
+++ b/spring-security-jwt/mvnw.cmd
@@ -7,7 +7,7 @@
 @REM "License"); you may not use this file except in compliance
 @REM with the License.  You may obtain a copy of the License at
 @REM
-@REM    http://www.apache.org/licenses/LICENSE-2.0
+@REM    https://www.apache.org/licenses/LICENSE-2.0
 @REM
 @REM Unless required by applicable law or agreed to in writing,
 @REM software distributed under the License is distributed on an
diff --git a/spring-security-jwt/pom.xml b/spring-security-jwt/pom.xml
index c005d8de7..2c3f34321 100755
--- a/spring-security-jwt/pom.xml
+++ b/spring-security-jwt/pom.xml
@@ -13,15 +13,15 @@
 	It belongs to the family of Spring Security crypto libraries that handle encoding and decoding text as
 	a general, useful thing to be able to do.
 
-	http://github.com/spring-projects/spring-security-oauth
+	https://github.com/spring-projects/spring-security-oauth
 	
 		SpringSource
-		http://www.springsource.com
+		https://www.springsource.com
 	
 	
 		
 			Apache 2.0
-			http://www.apache.org/licenses/LICENSE-2.0.txt
+			https://www.apache.org/licenses/LICENSE-2.0.txt
 		
 	
 
@@ -178,7 +178,7 @@
 	
 
 	
-		http://github.com/spring-projects/spring-security-oauth
+		https://github.com/spring-projects/spring-security-oauth
 		scm:git:git://github.com/spring-projects/spring-security-oauth.git
 		scm:git:ssh://git@github.com/spring-projects/spring-security-oauth.git
 	
diff --git a/tests/annotation/common/pom.xml b/tests/annotation/common/pom.xml
index 069432372..b8c1b2823 100644
--- a/tests/annotation/common/pom.xml
+++ b/tests/annotation/common/pom.xml
@@ -57,7 +57,7 @@
 		
 			spring-snapshots
 			Spring Snapshots
-			http://repo.spring.io/snapshot
+			https://repo.spring.io/snapshot
 			
 				true
 			
@@ -65,7 +65,7 @@
 		
 			spring-milestones
 			Spring Milestones
-			http://repo.spring.io/milestone
+			https://repo.spring.io/milestone
 			
 				false
 			
@@ -75,7 +75,7 @@
 		
 			spring-snapshots
 			Spring Snapshots
-			http://repo.spring.io/snapshot
+			https://repo.spring.io/snapshot
 			
 				true
 			
diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml
index db787f9e2..a7ce37c01 100644
--- a/tests/annotation/pom.xml
+++ b/tests/annotation/pom.xml
@@ -94,7 +94,7 @@
 		
 		  spring-snapshots
 		  Spring Snapshots
-		  http://repo.spring.io/libs-snapshot-local
+		  https://repo.spring.io/libs-snapshot-local
 		  
 			true
 		  
@@ -102,7 +102,7 @@
 		
 		  spring-milestones
 		  Spring Milestones
-		  http://repo.spring.io/libs-milestone-local
+		  https://repo.spring.io/libs-milestone-local
 		  
 			false
 		  
@@ -110,7 +110,7 @@
 		
 		  spring-releases
 		  Spring Releases
-		  http://repo.spring.io/release
+		  https://repo.spring.io/release
 		  
 			false
 		  
@@ -120,7 +120,7 @@
 		
 		  spring-snapshots
 		  Spring Snapshots
-		  http://repo.spring.io/libs-snapshot-local
+		  https://repo.spring.io/libs-snapshot-local
 		  
 			true
 		  
@@ -128,7 +128,7 @@
 		
 		  spring-milestones
 		  Spring Milestones
-		  http://repo.spring.io/libs-milestone-local
+		  https://repo.spring.io/libs-milestone-local
 		  
 			false
 		  
diff --git a/tests/xml/common/pom.xml b/tests/xml/common/pom.xml
index 167261833..a45840913 100644
--- a/tests/xml/common/pom.xml
+++ b/tests/xml/common/pom.xml
@@ -66,7 +66,7 @@
 		
 			spring-snapshots
 			Spring Snapshots
-			http://repo.spring.io/snapshot
+			https://repo.spring.io/snapshot
 			
 				true
 			
@@ -74,7 +74,7 @@
 		
 			spring-milestones
 			Spring Milestones
-			http://repo.spring.io/milestone
+			https://repo.spring.io/milestone
 			
 				false
 			
@@ -84,7 +84,7 @@
 		
 			spring-snapshots
 			Spring Snapshots
-			http://repo.spring.io/snapshot
+			https://repo.spring.io/snapshot
 			
 				true
 			

From 7be5eba69eb0f4200807a8bb400e827b543825c5 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Wed, 6 Mar 2019 13:09:22 -0500
Subject: [PATCH 190/345] Update to Spring 4.3.22.RELEASE

Fixes gh-1603
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index be056fde5..179e4b8d7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
   
     UTF-8
     1.9
-    4.0.9.RELEASE
+    4.3.22.RELEASE
     3.2.10.RELEASE
     1.5.0.RELEASE
     2.6.3

From 36dc5d0cb1c3af64d3673fe52d3a559cb7fe10a6 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Wed, 6 Mar 2019 13:12:28 -0500
Subject: [PATCH 191/345] Update to Spring Security 4.2.11.RELEASE

Fixes gh-1604
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 179e4b8d7..0994f95b7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -20,7 +20,7 @@
     UTF-8
     1.9
     4.3.22.RELEASE
-    3.2.10.RELEASE
+    4.2.11.RELEASE
     1.5.0.RELEASE
     2.6.3
     1.6

From adc4c90d4599cbb986d833f8ba4414e842f09411 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Wed, 6 Mar 2019 13:19:03 -0500
Subject: [PATCH 192/345] Update to JUnit 4.12

Fixes gh-1605
---
 pom.xml                        | 1 +
 samples/oauth2/sparklr/pom.xml | 2 --
 samples/oauth2/tonr/pom.xml    | 2 --
 spring-security-oauth/pom.xml  | 2 --
 spring-security-oauth2/pom.xml | 2 --
 5 files changed, 1 insertion(+), 8 deletions(-)

diff --git a/pom.xml b/pom.xml
index 0994f95b7..7e36626e2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -23,6 +23,7 @@
     4.2.11.RELEASE
     1.5.0.RELEASE
     2.6.3
+    4.12
     1.6
   
 
diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml
index eb49c2f47..2f846e0da 100644
--- a/samples/oauth2/sparklr/pom.xml
+++ b/samples/oauth2/sparklr/pom.xml
@@ -17,7 +17,6 @@
 		/sparklr2
 		2.3.1
 		3.0.1
-		4.11
 	
 
 	
@@ -26,7 +25,6 @@
 			
 				2.9.0.pr3
 				3.1.0
-				4.12
 			
 		
 		
diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml
index 85e4f0967..e013b6b3c 100644
--- a/samples/oauth2/tonr/pom.xml
+++ b/samples/oauth2/tonr/pom.xml
@@ -18,7 +18,6 @@
 		/tonr2
 		2.3.2
 		3.0.1
-		4.11
 	
 
 	
@@ -27,7 +26,6 @@
 			
 				2.9.0.pr3
 				3.1.0
-				4.12
 			
 		
 		
diff --git a/spring-security-oauth/pom.xml b/spring-security-oauth/pom.xml
index e7d99a71b..16595dc37 100644
--- a/spring-security-oauth/pom.xml
+++ b/spring-security-oauth/pom.xml
@@ -13,7 +13,6 @@
 
 	
 		3.0.1
-		4.11
 	
 
 	
@@ -21,7 +20,6 @@
 			spring5
 			
 				3.1.0
-				4.12
 			
 		
 	
diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml
index a0af01cf6..75e637734 100644
--- a/spring-security-oauth2/pom.xml
+++ b/spring-security-oauth2/pom.xml
@@ -17,7 +17,6 @@
 		2.3.2
 		3.0.1
 		1.0.9.RELEASE
-		4.11
 		1.5.4
 	
 
@@ -27,7 +26,6 @@
 			
 				2.9.0.pr3
 				3.1.0
-				4.12
 				1.6.1
 			
 		

From 29fcbe91f553f5f700d81ef1903be2b44bddcead Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Wed, 6 Mar 2019 13:23:29 -0500
Subject: [PATCH 193/345] Update to Mockito 1.10.19

Fixes gh-1606
---
 pom.xml                        | 1 +
 spring-security-oauth/pom.xml  | 2 +-
 spring-security-oauth2/pom.xml | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 7e36626e2..55efc4792 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,6 +24,7 @@
     1.5.0.RELEASE
     2.6.3
     4.12
+    1.10.19
     1.6
   
 
diff --git a/spring-security-oauth/pom.xml b/spring-security-oauth/pom.xml
index 16595dc37..0f38f2eb7 100644
--- a/spring-security-oauth/pom.xml
+++ b/spring-security-oauth/pom.xml
@@ -141,7 +141,7 @@
 		
 			org.mockito
 			mockito-core
-			1.9.5
+			${mockito.version}
 			test
 		
 
diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml
index 75e637734..a109481ca 100644
--- a/spring-security-oauth2/pom.xml
+++ b/spring-security-oauth2/pom.xml
@@ -223,7 +223,7 @@
 		
 			org.mockito
 			mockito-core
-			1.9.5
+			${mockito.version}
 			test
 		
 

From c2ce6c5c9eafd4c3266c68fbfa023ec0f91ed35c Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Wed, 6 Mar 2019 13:26:11 -0500
Subject: [PATCH 194/345] Update to Powermock 1.7.4

Fixes gh-1607
---
 spring-security-oauth2/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml
index a109481ca..bc49f7ce3 100644
--- a/spring-security-oauth2/pom.xml
+++ b/spring-security-oauth2/pom.xml
@@ -17,7 +17,7 @@
 		2.3.2
 		3.0.1
 		1.0.9.RELEASE
-		1.5.4
+		1.7.4
 	
 
 	

From 366f9e0a4263bed0b63a8f82652d368305e870bd Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Wed, 6 Mar 2019 13:30:12 -0500
Subject: [PATCH 195/345] Update to Jackson2 2.9.8

Fixes gh-1608
---
 samples/oauth2/sparklr/pom.xml | 4 ++--
 samples/oauth2/tonr/pom.xml    | 4 ++--
 spring-security-oauth2/pom.xml | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml
index 2f846e0da..4703a2f45 100644
--- a/samples/oauth2/sparklr/pom.xml
+++ b/samples/oauth2/sparklr/pom.xml
@@ -15,7 +15,7 @@
 
 	
 		/sparklr2
-		2.3.1
+		2.9.8
 		3.0.1
 	
 
@@ -23,7 +23,7 @@
 		
 			spring5
 			
-				2.9.0.pr3
+				2.9.8
 				3.1.0
 			
 		
diff --git a/samples/oauth2/tonr/pom.xml b/samples/oauth2/tonr/pom.xml
index e013b6b3c..26aa7c8d0 100644
--- a/samples/oauth2/tonr/pom.xml
+++ b/samples/oauth2/tonr/pom.xml
@@ -16,7 +16,7 @@
 
 	
 		/tonr2
-		2.3.2
+		2.9.8
 		3.0.1
 	
 
@@ -24,7 +24,7 @@
 		
 			spring5
 			
-				2.9.0.pr3
+				2.9.8
 				3.1.0
 			
 		
diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml
index bc49f7ce3..3b5a9e664 100644
--- a/spring-security-oauth2/pom.xml
+++ b/spring-security-oauth2/pom.xml
@@ -14,7 +14,7 @@
 
 	
 		1.9.13
-		2.3.2
+		2.9.8
 		3.0.1
 		1.0.9.RELEASE
 		1.7.4
@@ -24,7 +24,7 @@
 		
 			spring5
 			
-				2.9.0.pr3
+				2.9.8
 				3.1.0
 				1.6.1
 			

From 558a428d4637e0df2bab707b24e9e38620153220 Mon Sep 17 00:00:00 2001
From: Joe Grandja 
Date: Wed, 6 Mar 2019 13:34:15 -0500
Subject: [PATCH 196/345] Update to httpclient 4.5.6

Fixes gh-1609
---
 samples/oauth2/sparklr/pom.xml | 2 +-
 spring-security-oauth/pom.xml  | 2 +-
 spring-security-oauth2/pom.xml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/samples/oauth2/sparklr/pom.xml b/samples/oauth2/sparklr/pom.xml
index 4703a2f45..f96614a73 100644
--- a/samples/oauth2/sparklr/pom.xml
+++ b/samples/oauth2/sparklr/pom.xml
@@ -186,7 +186,7 @@
 		
 			org.apache.httpcomponents
 			httpclient
-			4.3.3
+			4.5.6
 			test
 		
 
diff --git a/spring-security-oauth/pom.xml b/spring-security-oauth/pom.xml
index 0f38f2eb7..791df94f7 100644
--- a/spring-security-oauth/pom.xml
+++ b/spring-security-oauth/pom.xml
@@ -169,7 +169,7 @@
 		
 			org.apache.httpcomponents
 			httpclient
-			4.3.3
+			4.5.6
 		
 
 		
diff --git a/spring-security-oauth2/pom.xml b/spring-security-oauth2/pom.xml
index 3b5a9e664..ffb7ff646 100644
--- a/spring-security-oauth2/pom.xml
+++ b/spring-security-oauth2/pom.xml
@@ -187,7 +187,7 @@
 		
 			org.apache.httpcomponents
 			httpclient
-			4.3.3
+			4.5.6
             true
 		
 

From 7bfe08d8f95b2fec035de484068f7907851b27d0 Mon Sep 17 00:00:00 2001
From: Spring Operator 
Date: Thu, 14 Mar 2019 20:14:55 -0500
Subject: [PATCH 197/345] URL Cleanup

This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).

These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.

* http://www.apache.org/licenses/ with 1 occurrences migrated to:
  https://www.apache.org/licenses/ ([https](https://www.apache.org/licenses/) result 200).
* http://www.apache.org/licenses/LICENSE-2.0 with 450 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0 ([https](https://www.apache.org/licenses/LICENSE-2.0) result 200).

Fixes gh-1621
---
 license.txt                                                   | 4 ++--
 .../oauth/examples/sparklr/impl/PhotoServiceImpl.java         | 2 +-
 .../oauth/examples/sparklr/config/MethodSecurityConfig.java   | 2 +-
 .../oauth/examples/sparklr/config/OAuth2ServerConfig.java     | 2 +-
 .../oauth/examples/sparklr/config/ServletInitializer.java     | 2 +-
 .../examples/sparklr/oauth/SparklrUserApprovalHandler.java    | 2 +-
 .../oauth2/provider/AuthorizationCodeProviderTests.java       | 2 +-
 .../samples/config/ApplicationConfigurationTests.java         | 2 +-
 .../security/oauth/examples/config/ServletInitializer.java    | 2 +-
 .../examples/tonr/converter/AccessTokenRequestConverter.java  | 2 +-
 .../springframework/security/samples/config/AdHocTests.java   | 2 +-
 .../security/samples/config/SecurityConfigTests.java          | 2 +-
 .../org/springframework/security/jwt/AlgorithmMetadata.java   | 2 +-
 .../java/org/springframework/security/jwt/BinaryFormat.java   | 2 +-
 .../src/main/java/org/springframework/security/jwt/Jwt.java   | 2 +-
 .../java/org/springframework/security/jwt/JwtAlgorithms.java  | 2 +-
 .../main/java/org/springframework/security/jwt/JwtHelper.java | 2 +-
 .../java/org/springframework/security/jwt/codec/Codecs.java   | 2 +-
 .../security/jwt/crypto/cipher/CipherMetadata.java            | 2 +-
 .../security/jwt/crypto/sign/EllipticCurveKeyHelper.java      | 2 +-
 .../jwt/crypto/sign/EllipticCurveSignatureHelper.java         | 2 +-
 .../security/jwt/crypto/sign/EllipticCurveVerifier.java       | 2 +-
 .../security/jwt/crypto/sign/InvalidSignatureException.java   | 2 +-
 .../springframework/security/jwt/crypto/sign/MacSigner.java   | 2 +-
 .../security/jwt/crypto/sign/RsaKeyHelper.java                | 2 +-
 .../springframework/security/jwt/crypto/sign/RsaSigner.java   | 2 +-
 .../springframework/security/jwt/crypto/sign/RsaVerifier.java | 2 +-
 .../security/jwt/crypto/sign/SignatureVerifier.java           | 2 +-
 .../org/springframework/security/jwt/crypto/sign/Signer.java  | 2 +-
 .../security/jwt/crypto/sign/SignerVerifier.java              | 2 +-
 .../java/org/springframework/security/jwt/JwtSpecData.java    | 2 +-
 .../test/java/org/springframework/security/jwt/JwtTests.java  | 2 +-
 .../springframework/security/jwt/RubyJwtIntegrationTests.java | 2 +-
 .../security/jwt/crypto/cipher/RsaTestKeyData.java            | 2 +-
 .../security/jwt/crypto/sign/EllipticCurveVerifierTests.java  | 2 +-
 .../security/jwt/crypto/sign/RsaSigningTests.java             | 2 +-
 .../org/springframework/security/oauth/common/OAuthCodec.java | 2 +-
 .../security/oauth/common/OAuthConsumerParameter.java         | 2 +-
 .../springframework/security/oauth/common/OAuthException.java | 2 +-
 .../security/oauth/common/OAuthProviderParameter.java         | 2 +-
 .../common/signature/CoreOAuthSignatureMethodFactory.java     | 2 +-
 .../oauth/common/signature/HMAC_SHA1SignatureMethod.java      | 2 +-
 .../oauth/common/signature/InvalidSignatureException.java     | 2 +-
 .../security/oauth/common/signature/OAuthSignatureMethod.java | 2 +-
 .../oauth/common/signature/OAuthSignatureMethodFactory.java   | 2 +-
 .../oauth/common/signature/PlainTextSignatureMethod.java      | 2 +-
 .../security/oauth/common/signature/RSAKeySecret.java         | 2 +-
 .../oauth/common/signature/RSA_SHA1SignatureMethod.java       | 2 +-
 .../security/oauth/common/signature/SharedConsumerSecret.java | 2 +-
 .../oauth/common/signature/SharedConsumerSecretImpl.java      | 2 +-
 .../security/oauth/common/signature/SignatureSecret.java      | 2 +-
 .../oauth/common/signature/SignatureSecretEditor.java         | 2 +-
 .../common/signature/UnsupportedSignatureMethodException.java | 2 +-
 .../security/oauth/config/ConsumerDetailsFactoryBean.java     | 2 +-
 .../oauth/config/ConsumerServiceBeanDefinitionParser.java     | 2 +-
 .../oauth/config/ExpressionHandlerBeanDefinitionParser.java   | 2 +-
 .../oauth/config/OAuthConsumerBeanDefinitionParser.java       | 2 +-
 .../oauth/config/OAuthProviderBeanDefinitionParser.java       | 2 +-
 .../security/oauth/config/OAuthSecurityNamespaceHandler.java  | 2 +-
 .../config/ProtectedResourceDetailsBeanDefinitionParser.java  | 2 +-
 .../oauth/config/TokenServiceBeanDefinitionParser.java        | 2 +-
 .../oauth/config/VerifierServiceBeanDefinitionParser.java     | 2 +-
 .../security/oauth/consumer/BaseProtectedResourceDetails.java | 2 +-
 .../consumer/InMemoryProtectedResourceDetailsService.java     | 2 +-
 .../security/oauth/consumer/InvalidOAuthRealmException.java   | 2 +-
 .../security/oauth/consumer/OAuthConsumerSupport.java         | 2 +-
 .../security/oauth/consumer/OAuthConsumerToken.java           | 2 +-
 .../security/oauth/consumer/OAuthRequestFailedException.java  | 2 +-
 .../security/oauth/consumer/ProtectedResourceDetails.java     | 2 +-
 .../oauth/consumer/ProtectedResourceDetailsService.java       | 2 +-
 .../oauth/consumer/UnverifiedRequestTokenException.java       | 2 +-
 .../oauth/consumer/client/CoreOAuthConsumerSupport.java       | 2 +-
 .../oauth/consumer/filter/OAuthConsumerContextFilter.java     | 2 +-
 .../oauth/consumer/filter/OAuthConsumerProcessingFilter.java  | 2 +-
 .../consumer/net/DefaultOAuthURLStreamHandlerFactory.java     | 2 +-
 .../oauth/consumer/net/OAuthOverHttpURLStreamHandler.java     | 2 +-
 .../oauth/consumer/net/OAuthOverHttpsURLStreamHandler.java    | 2 +-
 .../oauth/consumer/net/OAuthURLStreamHandlerFactory.java      | 2 +-
 .../security/oauth/consumer/nonce/NonceFactory.java           | 2 +-
 .../security/oauth/consumer/nonce/UUIDNonceFactory.java       | 2 +-
 .../oauth/consumer/token/HttpSessionBasedTokenServices.java   | 2 +-
 .../oauth/consumer/token/OAuthConsumerTokenServices.java      | 2 +-
 .../security/oauth/provider/BaseConsumerDetails.java          | 2 +-
 .../security/oauth/provider/ConsumerAuthentication.java       | 2 +-
 .../security/oauth/provider/ConsumerCredentials.java          | 2 +-
 .../security/oauth/provider/ConsumerDetails.java              | 2 +-
 .../security/oauth/provider/ConsumerDetailsService.java       | 2 +-
 .../security/oauth/provider/ExtraTrustConsumerDetails.java    | 2 +-
 .../oauth/provider/InMemoryConsumerDetailsService.java        | 2 +-
 .../oauth/provider/InvalidOAuthParametersException.java       | 2 +-
 .../security/oauth/provider/OAuthAuthenticationDetails.java   | 2 +-
 .../oauth/provider/OAuthProcessingFilterEntryPoint.java       | 2 +-
 .../security/oauth/provider/OAuthProviderSupport.java         | 2 +-
 .../oauth/provider/OAuthVersionUnsupportedException.java      | 2 +-
 .../oauth/provider/ResourceSpecificConsumerDetails.java       | 2 +-
 .../oauth/provider/attributes/ConsumerKeysAllowed.java        | 2 +-
 .../oauth/provider/attributes/ConsumerRolesAllowed.java       | 2 +-
 .../oauth/provider/attributes/ConsumerSecurityConfig.java     | 2 +-
 .../provider/attributes/ConsumerSecurityMetadataSource.java   | 2 +-
 .../oauth/provider/attributes/ConsumerSecurityVoter.java      | 2 +-
 .../security/oauth/provider/attributes/DenyAllConsumers.java  | 2 +-
 .../oauth/provider/attributes/PermitAllConsumers.java         | 2 +-
 .../oauth/provider/filter/AccessTokenProcessingFilter.java    | 2 +-
 .../oauth/provider/filter/CoreOAuthProviderSupport.java       | 2 +-
 .../oauth/provider/filter/OAuthProviderProcessingFilter.java  | 2 +-
 .../provider/filter/ProtectedResourceProcessingFilter.java    | 2 +-
 .../filter/UnauthenticatedRequestTokenProcessingFilter.java   | 2 +-
 .../provider/filter/UserAuthorizationProcessingFilter.java    | 2 +-
 .../UserAuthorizationSuccessfulAuthenticationHandler.java     | 2 +-
 .../oauth/provider/nonce/ExpiringTimestampNonceServices.java  | 2 +-
 .../security/oauth/provider/nonce/InMemoryNonceServices.java  | 2 +-
 .../oauth/provider/nonce/NonceAlreadyUsedException.java       | 2 +-
 .../security/oauth/provider/nonce/NullNonceServices.java      | 2 +-
 .../security/oauth/provider/nonce/OAuthNonceServices.java     | 2 +-
 .../oauth/provider/token/ExpiredOAuthTokenException.java      | 2 +-
 .../oauth/provider/token/InMemoryProviderTokenServices.java   | 2 +-
 .../token/InMemorySelfCleaningProviderTokenServices.java      | 2 +-
 .../oauth/provider/token/InvalidOAuthTokenException.java      | 2 +-
 .../oauth/provider/token/OAuthAccessProviderToken.java        | 2 +-
 .../security/oauth/provider/token/OAuthProviderToken.java     | 2 +-
 .../security/oauth/provider/token/OAuthProviderTokenImpl.java | 2 +-
 .../oauth/provider/token/OAuthProviderTokenServices.java      | 2 +-
 .../provider/token/RandomValueProviderTokenServices.java      | 2 +-
 .../oauth/provider/verifier/VerificationFailedException.java  | 2 +-
 .../net/oauth/signature/GoogleCodeCompatibilityTests.java     | 2 +-
 .../security/oauth/common/OAuthCodecTests.java                | 2 +-
 .../signature/CoreOAuthSignatureMethodFactoryTests.java       | 2 +-
 .../oauth/common/signature/HMAC_SHA1SignatureMethodTests.java | 2 +-
 .../oauth/common/signature/PlainTextSignatureMethodTests.java | 2 +-
 .../oauth/common/signature/RSA_SHA1SignatureMethodTests.java  | 2 +-
 .../config/AuthorizationServerBeanDefinitionParserTests.java  | 2 +-
 .../oauth/consumer/client/CoreOAuthConsumerSupportTests.java  | 2 +-
 .../rememberme/HttpSessionOAuthRememberMeServicesTests.java   | 2 +-
 .../oauth/provider/CoreOAuthProviderSupportTests.java         | 2 +-
 .../provider/filter/AccessTokenProcessingFilterTests.java     | 2 +-
 .../oauth/provider/filter/OAuthProcessingFilterTests.java     | 2 +-
 .../filter/OAuthUserAuthorizationProcessingFilterTests.java   | 2 +-
 .../filter/ProtectedResourceProcessingFilterTests.java        | 2 +-
 .../UnauthenticatedRequestTokenProcessingFilterTests.java     | 2 +-
 ...UserAuthorizationSuccessfulAuthenticationHandlerTests.java | 2 +-
 .../oauth2/client/DefaultOAuth2RequestAuthenticator.java      | 2 +-
 .../security/oauth2/client/OAuth2ClientContext.java           | 2 +-
 .../security/oauth2/client/OAuth2RequestAuthenticator.java    | 2 +-
 .../security/oauth2/client/OAuth2RestOperations.java          | 2 +-
 .../oauth2/client/discovery/ProviderConfiguration.java        | 2 +-
 .../oauth2/client/discovery/ProviderDiscoveryClient.java      | 2 +-
 .../filter/OAuth2ClientAuthenticationProcessingFilter.java    | 2 +-
 .../oauth2/client/filter/state/DefaultStateKeyGenerator.java  | 2 +-
 .../oauth2/client/filter/state/StateKeyGenerator.java         | 2 +-
 .../security/oauth2/client/http/OAuth2ErrorHandler.java       | 2 +-
 .../oauth2/client/resource/UserApprovalRequiredException.java | 2 +-
 .../security/oauth2/client/test/BeforeOAuth2Context.java      | 2 +-
 .../oauth2/client/test/OAuth2ContextConfiguration.java        | 2 +-
 .../security/oauth2/client/test/OAuth2ContextSetup.java       | 2 +-
 .../security/oauth2/client/test/RestTemplateHolder.java       | 2 +-
 .../security/oauth2/client/test/TestAccounts.java             | 2 +-
 .../security/oauth2/client/token/AccessTokenProvider.java     | 2 +-
 .../oauth2/client/token/AccessTokenProviderChain.java         | 2 +-
 .../security/oauth2/client/token/AccessTokenRequest.java      | 2 +-
 .../security/oauth2/client/token/ClientKeyGenerator.java      | 2 +-
 .../security/oauth2/client/token/ClientTokenServices.java     | 2 +-
 .../oauth2/client/token/DefaultAccessTokenRequest.java        | 2 +-
 .../oauth2/client/token/DefaultClientKeyGenerator.java        | 2 +-
 .../security/oauth2/client/token/DefaultRequestEnhancer.java  | 2 +-
 .../security/oauth2/client/token/RequestEnhancer.java         | 2 +-
 .../oauth2/client/token/auth/ClientAuthenticationHandler.java | 2 +-
 .../grant/code/AuthorizationCodeAccessTokenProvider.java      | 4 ++--
 .../grant/password/ResourceOwnerPasswordResourceDetails.java  | 2 +-
 .../security/oauth2/common/AuthenticationScheme.java          | 2 +-
 .../security/oauth2/common/ExpiringOAuth2RefreshToken.java    | 2 +-
 .../security/oauth2/common/OAuth2AccessToken.java             | 2 +-
 .../oauth2/common/OAuth2AccessTokenJackson1Deserializer.java  | 2 +-
 .../oauth2/common/OAuth2AccessTokenJackson1Serializer.java    | 2 +-
 .../oauth2/common/OAuth2AccessTokenJackson2Deserializer.java  | 2 +-
 .../oauth2/common/OAuth2AccessTokenJackson2Serializer.java    | 2 +-
 .../security/oauth2/common/OAuth2RefreshToken.java            | 2 +-
 .../oauth2/common/exceptions/InvalidTokenException.java       | 2 +-
 .../exceptions/OAuth2ExceptionJackson1Deserializer.java       | 2 +-
 .../common/exceptions/OAuth2ExceptionJackson1Serializer.java  | 2 +-
 .../exceptions/OAuth2ExceptionJackson2Deserializer.java       | 2 +-
 .../common/exceptions/OAuth2ExceptionJackson2Serializer.java  | 2 +-
 .../security/oauth2/common/util/DefaultJdbcListFactory.java   | 2 +-
 .../security/oauth2/common/util/Jackson2JsonParser.java       | 2 +-
 .../security/oauth2/common/util/JacksonJsonParser.java        | 2 +-
 .../security/oauth2/common/util/JdbcListFactory.java          | 2 +-
 .../security/oauth2/common/util/JsonParser.java               | 2 +-
 .../security/oauth2/common/util/JsonParserFactory.java        | 2 +-
 .../security/oauth2/common/util/OAuth2Utils.java              | 2 +-
 .../security/oauth2/common/util/ProxyCreator.java             | 2 +-
 .../annotation/builders/ClientDetailsServiceBuilder.java      | 2 +-
 .../builders/InMemoryClientDetailsServiceBuilder.java         | 2 +-
 .../annotation/builders/JdbcClientDetailsServiceBuilder.java  | 2 +-
 .../configuration/ClientDetailsServiceConfiguration.java      | 2 +-
 .../configurers/ClientDetailsServiceConfigurer.java           | 2 +-
 .../web/configuration/AuthorizationServerConfigurer.java      | 2 +-
 .../configuration/AuthorizationServerConfigurerAdapter.java   | 2 +-
 .../AuthorizationServerEndpointsConfiguration.java            | 2 +-
 .../AuthorizationServerSecurityConfiguration.java             | 2 +-
 .../web/configuration/EnableAuthorizationServer.java          | 2 +-
 .../annotation/web/configuration/EnableOAuth2Client.java      | 2 +-
 .../annotation/web/configuration/EnableResourceServer.java    | 2 +-
 .../web/configuration/OAuth2ClientConfiguration.java          | 2 +-
 .../web/configuration/ResourceServerConfiguration.java        | 2 +-
 .../web/configuration/ResourceServerConfigurer.java           | 2 +-
 .../web/configuration/ResourceServerConfigurerAdapter.java    | 2 +-
 .../configurers/AuthorizationServerEndpointsConfigurer.java   | 2 +-
 .../configurers/AuthorizationServerSecurityConfigurer.java    | 2 +-
 .../web/configurers/ResourceServerSecurityConfigurer.java     | 2 +-
 .../config/xml/AuthorizationServerBeanDefinitionParser.java   | 2 +-
 .../oauth2/config/xml/ClientBeanDefinitionParser.java         | 2 +-
 .../config/xml/ClientDetailsServiceBeanDefinitionParser.java  | 2 +-
 .../config/xml/ExpressionHandlerBeanDefinitionParser.java     | 2 +-
 .../oauth2/config/xml/OAuth2ClientContextFactoryBean.java     | 2 +-
 .../oauth2/config/xml/OAuth2SecurityNamespaceHandler.java     | 2 +-
 .../oauth2/config/xml/ProviderBeanDefinitionParser.java       | 2 +-
 .../oauth2/config/xml/ResourceBeanDefinitionParser.java       | 2 +-
 .../oauth2/config/xml/ResourceServerBeanDefinitionParser.java | 2 +-
 .../oauth2/config/xml/RestTemplateBeanDefinitionParser.java   | 2 +-
 .../config/xml/WebExpressionHandlerBeanDefinitionParser.java  | 2 +-
 .../http/converter/FormOAuth2AccessTokenMessageConverter.java | 2 +-
 .../converter/FormOAuth2ExceptionHttpMessageConverter.java    | 2 +-
 .../http/converter/jaxb/AbstractJaxbMessageConverter.java     | 2 +-
 .../oauth2/http/converter/jaxb/JaxbOAuth2AccessToken.java     | 2 +-
 .../converter/jaxb/JaxbOAuth2AccessTokenMessageConverter.java | 2 +-
 .../oauth2/http/converter/jaxb/JaxbOAuth2Exception.java       | 2 +-
 .../converter/jaxb/JaxbOAuth2ExceptionMessageConverter.java   | 2 +-
 .../springframework/security/oauth2/provider/BaseRequest.java | 2 +-
 .../oauth2/provider/ClientAlreadyExistsException.java         | 2 +-
 .../security/oauth2/provider/ClientDetailsService.java        | 2 +-
 .../security/oauth2/provider/ClientRegistrationException.java | 2 +-
 .../security/oauth2/provider/ClientRegistrationService.java   | 2 +-
 .../security/oauth2/provider/CompositeTokenGranter.java       | 2 +-
 .../oauth2/provider/DefaultSecurityContextAccessor.java       | 2 +-
 .../security/oauth2/provider/NoSuchClientException.java       | 2 +-
 .../security/oauth2/provider/OAuth2RequestFactory.java        | 2 +-
 .../security/oauth2/provider/SecurityContextAccessor.java     | 2 +-
 .../security/oauth2/provider/TokenGranter.java                | 2 +-
 .../security/oauth2/provider/approval/Approval.java           | 2 +-
 .../security/oauth2/provider/approval/ApprovalStore.java      | 2 +-
 .../provider/approval/ApprovalStoreUserApprovalHandler.java   | 2 +-
 .../oauth2/provider/approval/DefaultUserApprovalHandler.java  | 2 +-
 .../oauth2/provider/approval/InMemoryApprovalStore.java       | 2 +-
 .../security/oauth2/provider/approval/JdbcApprovalStore.java  | 2 +-
 .../security/oauth2/provider/approval/TokenApprovalStore.java | 2 +-
 .../provider/approval/TokenStoreUserApprovalHandler.java      | 2 +-
 .../oauth2/provider/authentication/BearerTokenExtractor.java  | 2 +-
 .../provider/authentication/OAuth2AuthenticationDetails.java  | 2 +-
 .../authentication/OAuth2AuthenticationDetailsSource.java     | 2 +-
 .../provider/authentication/OAuth2AuthenticationManager.java  | 2 +-
 .../authentication/OAuth2AuthenticationProcessingFilter.java  | 2 +-
 .../oauth2/provider/authentication/TokenExtractor.java        | 2 +-
 .../provider/client/ClientCredentialsTokenEndpointFilter.java | 2 +-
 .../oauth2/provider/client/ClientCredentialsTokenGranter.java | 2 +-
 .../provider/client/ClientDetailsUserDetailsService.java      | 2 +-
 .../oauth2/provider/client/InMemoryClientDetailsService.java  | 2 +-
 .../oauth2/provider/client/JdbcClientDetailsService.java      | 2 +-
 .../oauth2/provider/code/AuthorizationCodeTokenGranter.java   | 2 +-
 .../security/oauth2/provider/endpoint/AbstractEndpoint.java   | 2 +-
 .../oauth2/provider/endpoint/AuthorizationEndpoint.java       | 2 +-
 .../security/oauth2/provider/endpoint/CheckTokenEndpoint.java | 2 +-
 .../oauth2/provider/endpoint/DefaultRedirectResolver.java     | 2 +-
 .../security/oauth2/provider/endpoint/FrameworkEndpoint.java  | 2 +-
 .../provider/endpoint/FrameworkEndpointHandlerMapping.java    | 2 +-
 .../security/oauth2/provider/endpoint/TokenEndpoint.java      | 2 +-
 .../provider/endpoint/TokenEndpointAuthenticationFilter.java  | 2 +-
 .../error/AbstractOAuth2SecurityExceptionHandler.java         | 2 +-
 .../oauth2/provider/error/DefaultOAuth2ExceptionRenderer.java | 2 +-
 .../provider/error/DefaultWebResponseExceptionTranslator.java | 2 +-
 .../oauth2/provider/error/OAuth2AccessDeniedHandler.java      | 2 +-
 .../oauth2/provider/error/OAuth2AuthenticationEntryPoint.java | 2 +-
 .../oauth2/provider/error/OAuth2ExceptionRenderer.java        | 2 +-
 .../oauth2/provider/error/WebResponseExceptionTranslator.java | 2 +-
 .../oauth2/provider/expression/OAuth2ExpressionParser.java    | 2 +-
 .../oauth2/provider/expression/OAuth2ExpressionUtils.java     | 2 +-
 .../provider/expression/OAuth2SecurityExpressionMethods.java  | 2 +-
 .../expression/OAuth2WebSecurityExpressionHandler.java        | 2 +-
 .../oauth2/provider/implicit/ImplicitTokenGranter.java        | 2 +-
 .../oauth2/provider/implicit/ImplicitTokenRequest.java        | 2 +-
 .../provider/password/ResourceOwnerPasswordTokenGranter.java  | 2 +-
 .../security/oauth2/provider/refresh/RefreshTokenGranter.java | 2 +-
 .../oauth2/provider/request/DefaultOAuth2RequestFactory.java  | 2 +-
 .../security/oauth2/provider/token/AbstractTokenGranter.java  | 2 +-
 .../oauth2/provider/token/AuthenticationKeyGenerator.java     | 2 +-
 .../provider/token/AuthorizationServerTokenServices.java      | 2 +-
 .../security/oauth2/provider/token/ConsumerTokenServices.java | 2 +-
 .../provider/token/DefaultAuthenticationKeyGenerator.java     | 2 +-
 .../security/oauth2/provider/token/DefaultTokenServices.java  | 2 +-
 .../security/oauth2/provider/token/TokenEnhancer.java         | 2 +-
 .../security/oauth2/provider/token/TokenEnhancerChain.java    | 2 +-
 .../provider/token/store/DelegatingJwtClaimsSetVerifier.java  | 2 +-
 .../oauth2/provider/token/store/IssuerClaimVerifier.java      | 2 +-
 .../oauth2/provider/token/store/JwtClaimsSetVerifier.java     | 2 +-
 .../security/oauth2/provider/token/store/JwtTokenStore.java   | 2 +-
 .../oauth2/provider/token/store/KeyStoreKeyFactory.java       | 2 +-
 .../provider/token/store/jwk/EllipticCurveJwkDefinition.java  | 2 +-
 .../oauth2/provider/token/store/jwk/JwkAttributes.java        | 2 +-
 .../oauth2/provider/token/store/jwk/JwkDefinition.java        | 2 +-
 .../oauth2/provider/token/store/jwk/JwkDefinitionSource.java  | 2 +-
 .../oauth2/provider/token/store/jwk/JwkException.java         | 2 +-
 .../oauth2/provider/token/store/jwk/JwkSetConverter.java      | 2 +-
 .../oauth2/provider/token/store/jwk/JwkTokenStore.java        | 2 +-
 .../token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java  | 2 +-
 .../oauth2/provider/token/store/jwk/JwtHeaderConverter.java   | 2 +-
 .../oauth2/provider/token/store/jwk/RsaJwkDefinition.java     | 2 +-
 .../security/oauth2/provider/vote/ScopeVoter.java             | 2 +-
 .../org/springframework/security/oauth2/AdhocTestSuite.java   | 2 +-
 .../oauth2/client/DefaultOAuth2RequestAuthenticatorTests.java | 2 +-
 .../oauth2/client/discovery/ProviderDiscoveryClientTest.java  | 2 +-
 .../OAuth2ClientAuthenticationProcessingFilterTests.java      | 2 +-
 .../security/oauth2/client/http/OAuth2ErrorHandlerTests.java  | 2 +-
 .../oauth2/client/token/AccessTokenProviderChainTests.java    | 2 +-
 .../oauth2/client/token/OAuth2AccessTokenSupportTests.java    | 2 +-
 .../grant/code/AuthorizationCodeAccessTokenProviderTests.java | 2 +-
 ...thorizationCodeAccessTokenProviderWithConversionTests.java | 2 +-
 .../grant/code/AuthorizationCodeResourceDetailsTests.java     | 2 +-
 .../grant/implicit/ImplicitAccessTokenProviderTests.java      | 2 +-
 .../ResourceOwnerPasswordAccessTokenProviderTests.java        | 2 +-
 .../oauth2/common/BaseOAuth2AccessTokenJacksonTest.java       | 2 +-
 .../oauth2/common/DefaultOAuth2SerializationServiceTests.java | 2 +-
 .../security/oauth2/common/JsonSerializationTests.java        | 2 +-
 .../common/OAuth2AccessTokenJackson1DeserializerTests.java    | 2 +-
 .../common/OAuth2AccessTokenJackson2DeserializerTests.java    | 2 +-
 .../common/exception/OAuth2ExceptionDeserializerTests.java    | 2 +-
 .../exception/OAuth2ExceptionJackson2DeserializerTests.java   | 2 +-
 .../common/exception/OAuth2ExceptionSerializerTests.java      | 2 +-
 .../annotation/AuthorizationServerConfigurationTests.java     | 2 +-
 .../oauth2/config/annotation/ClientConfigurationTests.java    | 2 +-
 .../annotation/Gh501EnableAuthorizationServerTests.java       | 2 +-
 .../annotation/Gh808EnableAuthorizationServerTests.java       | 2 +-
 .../config/annotation/ResourceServerConfigurationTests.java   | 2 +-
 .../config/annotation/TokenServicesMultipleBeansTests.java    | 2 +-
 .../xml/AuthorizationServerBeanDefinitionParserTests.java     | 2 +-
 ...izationServerClientCredentialsPasswordInvalidXmlTests.java | 2 +-
 ...orizationServerClientCredentialsPasswordValidXmlTests.java | 2 +-
 .../config/xml/InvalidResourceBeanDefinitionParserTests.java  | 2 +-
 .../config/xml/ResourceServerBeanDefinitionParserTests.java   | 2 +-
 .../http/converter/jaxb/BaseJaxbMessageConverterTest.java     | 2 +-
 .../jaxb/JaxbOAuth2AccessTokenMessageConverterTests.java      | 2 +-
 .../jaxb/JaxbOAuth2ExceptionMessageConverterTests.java        | 2 +-
 .../security/oauth2/provider/AuthorizationRequestTests.java   | 2 +-
 .../security/oauth2/provider/OAuth2RequestTests.java          | 2 +-
 .../oauth2/provider/approval/AbstractTestApprovalStore.java   | 2 +-
 .../provider/approval/DefaultUserApprovalHandlerTests.java    | 2 +-
 .../oauth2/provider/approval/InMemoryApprovalStoreTests.java  | 2 +-
 .../oauth2/provider/approval/JdbcApprovalStoreTests.java      | 2 +-
 .../oauth2/provider/approval/TokenApprovalStoreTests.java     | 2 +-
 .../provider/approval/TokenStoreUserApprovalHandlerTests.java | 2 +-
 .../authentication/OAuth2AuthenticationDetailsTests.java      | 2 +-
 .../authentication/OAuth2AuthenticationManagerTests.java      | 2 +-
 .../OAuth2AuthenticationProcessingFilterTests.java            | 2 +-
 .../oauth2/provider/client/BaseClientDetailsTests.java        | 2 +-
 .../client/ClientCredentialsTokenEndpointFilterTests.java     | 2 +-
 .../provider/client/ClientDetailsUserDetailsServiceTests.java | 2 +-
 .../provider/code/AuthorizationCodeTokenGranterTests.java     | 2 +-
 .../oauth2/provider/endpoint/AuthorizationEndpointTests.java  | 2 +-
 .../oauth2/provider/endpoint/CheckTokenEndpointTest.java      | 2 +-
 .../provider/endpoint/DefaultRedirectResolverTests.java       | 2 +-
 .../provider/endpoint/ExactMatchRedirectResolverTests.java    | 2 +-
 .../endpoint/FrameworkEndpointHandlerMappingTests.java        | 2 +-
 .../endpoint/TokenEndpointAuthenticationFilterTests.java      | 2 +-
 .../security/oauth2/provider/endpoint/TokenEndpointTests.java | 2 +-
 .../provider/endpoint/WhitelabelApprovalEndpointTests.java    | 2 +-
 .../provider/endpoint/WhitelabelErrorEndpointTests.java       | 2 +-
 .../error/DefaultWebResponseExceptionTranslatorTests.java     | 2 +-
 .../oauth2/provider/error/OAuth2AccessDeniedHandlerTests.java | 2 +-
 .../provider/error/OAuth2AuthenticationEntryPointTests.java   | 2 +-
 .../OAuth2MethodSecurityExpressionHandlerTests.java           | 2 +-
 .../expression/OAuth2SecurityExpressionMethodsTests.java      | 2 +-
 .../expression/OAuth2WebSecurityExpressionHandlerTests.java   | 2 +-
 .../provider/implicit/InMemoryImplicitGrantServiceTests.java  | 2 +-
 .../password/ResourceOwnerPasswordTokenGranterTests.java      | 2 +-
 .../request/DefaultAuthorizationRequestFactoryTests.java      | 2 +-
 .../provider/request/DefaultOAuth2RequestValidatorTests.java  | 2 +-
 .../security/oauth2/provider/test/OAuth2RequestTests.java     | 2 +-
 .../provider/token/AbstractDefaultTokenServicesTests.java     | 2 +-
 .../provider/token/DefaultAccessTokenConverterTests.java      | 2 +-
 .../provider/token/DefaultAuthenticationKeyGeneratorTest.java | 2 +-
 .../token/DefaultTokenServicesAuthoritiesChangeTests.java     | 2 +-
 .../oauth2/provider/token/RemoteTokenServicesTest.java        | 2 +-
 .../provider/token/TokenServicesWithTokenEnhancerTests.java   | 2 +-
 .../oauth2/provider/token/store/IssuerClaimVerifierTest.java  | 2 +-
 .../oauth2/provider/token/store/TokenStoreBaseTests.java      | 2 +-
 .../provider/token/store/jwk/JwkDefinitionSourceITest.java    | 2 +-
 .../provider/token/store/jwk/JwkDefinitionSourceTest.java     | 2 +-
 .../oauth2/provider/token/store/jwk/JwkDefinitionTest.java    | 2 +-
 .../oauth2/provider/token/store/jwk/JwkSetConverterTest.java  | 2 +-
 .../oauth2/provider/token/store/jwk/JwkTokenStoreITest.java   | 2 +-
 .../oauth2/provider/token/store/jwk/JwkTokenStoreTest.java    | 2 +-
 .../store/jwk/JwkVerifyingJwtAccessTokenConverterTest.java    | 2 +-
 .../provider/token/store/jwk/JwtHeaderConverterTest.java      | 2 +-
 .../security/oauth2/provider/token/store/jwk/JwtTestUtil.java | 2 +-
 .../oauth2/provider/token/store/jwk/RsaJwkDefinitionTest.java | 2 +-
 .../provider/token/store/redis/RedisTokenStoreMockTests.java  | 2 +-
 .../security/oauth2/provider/vote/ScopeVoterTests.java        | 2 +-
 .../src/test/java/demo/AuthorizationCodeProviderTests.java    | 2 +-
 .../approval/src/test/java/demo/ProtectedResourceTests.java   | 2 +-
 .../client/src/test/java/client/CombinedApplication.java      | 2 +-
 .../common/AbstractAuthorizationCodeProviderTests.java        | 2 +-
 .../common/AbstractEmptyAuthorizationCodeProviderTests.java   | 2 +-
 .../main/java/sparklr/common/AbstractIntegrationTests.java    | 2 +-
 .../java/sparklr/common/AbstractProtectedResourceTests.java   | 2 +-
 .../custom-grant/src/main/java/demo/CustomTokenGranter.java   | 2 +-
 .../custom-grant/src/test/java/demo/AdHocTests.java           | 2 +-
 .../src/test/java/demo/AuthorizationCodeProviderTests.java    | 2 +-
 .../src/test/java/demo/ProtectedResourceTests.java            | 2 +-
 tests/annotation/form/src/test/java/demo/AdHocTests.java      | 2 +-
 .../src/test/java/demo/AuthorizationCodeProviderTests.java    | 2 +-
 .../form/src/test/java/demo/ProtectedResourceTests.java       | 2 +-
 .../src/test/java/demo/AuthorizationCodeProviderTests.java    | 2 +-
 tests/annotation/jaxb/src/test/java/demo/Converters.java      | 2 +-
 .../jaxb/src/test/java/demo/ProtectedResourceTests.java       | 2 +-
 tests/annotation/jdbc/src/test/java/demo/AdHocTests.java      | 2 +-
 .../src/test/java/demo/AuthorizationCodeProviderTests.java    | 2 +-
 .../jdbc/src/test/java/demo/ProtectedResourceTests.java       | 2 +-
 tests/annotation/jpa/src/test/java/demo/AdHocTests.java       | 2 +-
 .../test/java/demo/AuthorizationCodeProviderCookieTests.java  | 2 +-
 .../src/test/java/demo/AuthorizationCodeProviderTests.java    | 2 +-
 .../jpa/src/test/java/demo/ProtectedResourceTests.java        | 2 +-
 .../src/test/java/demo/AuthorizationCodeProviderTests.java    | 2 +-
 .../jwt/src/test/java/demo/ProtectedResourceTests.java        | 2 +-
 .../src/test/java/demo/AuthorizationCodeProviderTests.java    | 2 +-
 .../mappings/src/test/java/demo/ProtectedResourceTests.java   | 2 +-
 .../src/test/java/demo/AuthorizationCodeProviderTests.java    | 2 +-
 .../multi/src/test/java/demo/ProtectedResourceTests.java      | 2 +-
 .../resource/src/test/java/demo/ProtectedResourceTests.java   | 2 +-
 .../test/java/demo/AuthorizationCodeProviderCookieTests.java  | 2 +-
 .../src/test/java/demo/AuthorizationCodeProviderTests.java    | 2 +-
 .../ssl/src/test/java/demo/ProtectedResourceTests.java        | 2 +-
 tests/annotation/vanilla/src/test/java/demo/AdHocTests.java   | 2 +-
 .../test/java/demo/AuthorizationCodeProviderCookieTests.java  | 2 +-
 .../src/test/java/demo/AuthorizationCodeProviderTests.java    | 2 +-
 .../vanilla/src/test/java/demo/ProtectedResourceTests.java    | 2 +-
 .../src/test/java/demo/AuthorizationCodeProviderTests.java    | 2 +-
 .../approval/src/test/java/demo/ProtectedResourceTests.java   | 2 +-
 .../xml/client/src/test/java/client/CombinedApplication.java  | 2 +-
 .../common/AbstractAuthorizationCodeProviderTests.java        | 2 +-
 .../main/java/sparklr/common/AbstractIntegrationTests.java    | 2 +-
 .../java/sparklr/common/AbstractProtectedResourceTests.java   | 2 +-
 .../src/test/java/demo/AuthorizationCodeProviderTests.java    | 2 +-
 tests/xml/form/src/test/java/demo/ProtectedResourceTests.java | 2 +-
 tests/xml/jdbc/src/test/java/demo/AdHocTests.java             | 2 +-
 .../src/test/java/demo/AuthorizationCodeProviderTests.java    | 2 +-
 tests/xml/jdbc/src/test/java/demo/ProtectedResourceTests.java | 2 +-
 .../src/test/java/demo/AuthorizationCodeProviderTests.java    | 2 +-
 tests/xml/jwt/src/test/java/demo/ProtectedResourceTests.java  | 2 +-
 .../src/test/java/demo/AuthorizationCodeProviderTests.java    | 2 +-
 .../mappings/src/test/java/demo/ProtectedResourceTests.java   | 2 +-
 .../src/test/java/demo/AuthorizationCodeProviderTests.java    | 2 +-
 .../vanilla/src/test/java/demo/ProtectedResourceTests.java    | 2 +-
 449 files changed, 451 insertions(+), 451 deletions(-)

diff --git a/license.txt b/license.txt
index 261eeb9e9..20e4bd856 100755
--- a/license.txt
+++ b/license.txt
@@ -1,6 +1,6 @@
                                  Apache License
                            Version 2.0, January 2004
-                        http://www.apache.org/licenses/
+                        https://www.apache.org/licenses/
 
    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
 
@@ -192,7 +192,7 @@
    you may not use this file except in compliance with the License.
    You may obtain a copy of the License at
 
-       http://www.apache.org/licenses/LICENSE-2.0
+       https://www.apache.org/licenses/LICENSE-2.0
 
    Unless required by applicable law or agreed to in writing, software
    distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/samples/oauth/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/impl/PhotoServiceImpl.java b/samples/oauth/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/impl/PhotoServiceImpl.java
index f803497ed..6b96f61e3 100644
--- a/samples/oauth/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/impl/PhotoServiceImpl.java
+++ b/samples/oauth/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/impl/PhotoServiceImpl.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/config/MethodSecurityConfig.java b/samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/config/MethodSecurityConfig.java
index bb396e9cc..fe085e267 100644
--- a/samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/config/MethodSecurityConfig.java
+++ b/samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/config/MethodSecurityConfig.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/config/OAuth2ServerConfig.java b/samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/config/OAuth2ServerConfig.java
index 15744c4ef..42e638ade 100644
--- a/samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/config/OAuth2ServerConfig.java
+++ b/samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/config/OAuth2ServerConfig.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/config/ServletInitializer.java b/samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/config/ServletInitializer.java
index ca0a61a91..1712f799c 100644
--- a/samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/config/ServletInitializer.java
+++ b/samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/config/ServletInitializer.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/oauth/SparklrUserApprovalHandler.java b/samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/oauth/SparklrUserApprovalHandler.java
index 6ce4802b6..f9a79e655 100644
--- a/samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/oauth/SparklrUserApprovalHandler.java
+++ b/samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/oauth/SparklrUserApprovalHandler.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/samples/oauth2/sparklr/src/test/java/org/springframework/security/oauth2/provider/AuthorizationCodeProviderTests.java b/samples/oauth2/sparklr/src/test/java/org/springframework/security/oauth2/provider/AuthorizationCodeProviderTests.java
index 12c54f673..2f986c809 100755
--- a/samples/oauth2/sparklr/src/test/java/org/springframework/security/oauth2/provider/AuthorizationCodeProviderTests.java
+++ b/samples/oauth2/sparklr/src/test/java/org/springframework/security/oauth2/provider/AuthorizationCodeProviderTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/samples/oauth2/sparklr/src/test/java/org/springframework/security/samples/config/ApplicationConfigurationTests.java b/samples/oauth2/sparklr/src/test/java/org/springframework/security/samples/config/ApplicationConfigurationTests.java
index c0ebc612e..fe6d2ee91 100644
--- a/samples/oauth2/sparklr/src/test/java/org/springframework/security/samples/config/ApplicationConfigurationTests.java
+++ b/samples/oauth2/sparklr/src/test/java/org/springframework/security/samples/config/ApplicationConfigurationTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/samples/oauth2/tonr/src/main/java/org/springframework/security/oauth/examples/config/ServletInitializer.java b/samples/oauth2/tonr/src/main/java/org/springframework/security/oauth/examples/config/ServletInitializer.java
index 9dfd544eb..73b2be0ba 100644
--- a/samples/oauth2/tonr/src/main/java/org/springframework/security/oauth/examples/config/ServletInitializer.java
+++ b/samples/oauth2/tonr/src/main/java/org/springframework/security/oauth/examples/config/ServletInitializer.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/samples/oauth2/tonr/src/main/java/org/springframework/security/oauth/examples/tonr/converter/AccessTokenRequestConverter.java b/samples/oauth2/tonr/src/main/java/org/springframework/security/oauth/examples/tonr/converter/AccessTokenRequestConverter.java
index 4dd475bde..56056fbb9 100644
--- a/samples/oauth2/tonr/src/main/java/org/springframework/security/oauth/examples/tonr/converter/AccessTokenRequestConverter.java
+++ b/samples/oauth2/tonr/src/main/java/org/springframework/security/oauth/examples/tonr/converter/AccessTokenRequestConverter.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/samples/oauth2/tonr/src/test/java/org/springframework/security/samples/config/AdHocTests.java b/samples/oauth2/tonr/src/test/java/org/springframework/security/samples/config/AdHocTests.java
index f9fd93b8b..8133a76db 100644
--- a/samples/oauth2/tonr/src/test/java/org/springframework/security/samples/config/AdHocTests.java
+++ b/samples/oauth2/tonr/src/test/java/org/springframework/security/samples/config/AdHocTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/samples/oauth2/tonr/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java b/samples/oauth2/tonr/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
index 3b68447f1..b08ee85a3 100644
--- a/samples/oauth2/tonr/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
+++ b/samples/oauth2/tonr/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/AlgorithmMetadata.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/AlgorithmMetadata.java
index d4d72867d..029e563f3 100644
--- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/AlgorithmMetadata.java
+++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/AlgorithmMetadata.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/BinaryFormat.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/BinaryFormat.java
index aaded18a0..1ca933a7f 100644
--- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/BinaryFormat.java
+++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/BinaryFormat.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/Jwt.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/Jwt.java
index be3b253ef..97b67af47 100644
--- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/Jwt.java
+++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/Jwt.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/JwtAlgorithms.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/JwtAlgorithms.java
index 6d837c6e7..cba16c5d0 100644
--- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/JwtAlgorithms.java
+++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/JwtAlgorithms.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/JwtHelper.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/JwtHelper.java
index b239a68e8..b2d192155 100644
--- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/JwtHelper.java
+++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/JwtHelper.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/codec/Codecs.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/codec/Codecs.java
index a654e52a5..d2f63894e 100644
--- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/codec/Codecs.java
+++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/codec/Codecs.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/cipher/CipherMetadata.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/cipher/CipherMetadata.java
index c8edfce77..5e9d107f7 100644
--- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/cipher/CipherMetadata.java
+++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/cipher/CipherMetadata.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/EllipticCurveKeyHelper.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/EllipticCurveKeyHelper.java
index f9b88f411..485d06a95 100644
--- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/EllipticCurveKeyHelper.java
+++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/EllipticCurveKeyHelper.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/EllipticCurveSignatureHelper.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/EllipticCurveSignatureHelper.java
index d1ee99dde..8d6b911ed 100644
--- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/EllipticCurveSignatureHelper.java
+++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/EllipticCurveSignatureHelper.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/EllipticCurveVerifier.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/EllipticCurveVerifier.java
index 00e525829..38c7bffb9 100644
--- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/EllipticCurveVerifier.java
+++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/EllipticCurveVerifier.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/InvalidSignatureException.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/InvalidSignatureException.java
index 15095325c..be63ca705 100644
--- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/InvalidSignatureException.java
+++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/InvalidSignatureException.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/MacSigner.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/MacSigner.java
index 71f75bbef..2f6c0add2 100644
--- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/MacSigner.java
+++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/MacSigner.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/RsaKeyHelper.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/RsaKeyHelper.java
index 41f36e47e..f15862a5e 100644
--- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/RsaKeyHelper.java
+++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/RsaKeyHelper.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/RsaSigner.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/RsaSigner.java
index bbd6b240a..04ed3cff5 100644
--- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/RsaSigner.java
+++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/RsaSigner.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/RsaVerifier.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/RsaVerifier.java
index faa562e1c..dc3944d21 100644
--- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/RsaVerifier.java
+++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/RsaVerifier.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/SignatureVerifier.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/SignatureVerifier.java
index 4a3371676..a74fc6c88 100644
--- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/SignatureVerifier.java
+++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/SignatureVerifier.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/Signer.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/Signer.java
index 2c5d98bda..5067e8b6f 100644
--- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/Signer.java
+++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/Signer.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/SignerVerifier.java b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/SignerVerifier.java
index 00c52b713..3e5307438 100644
--- a/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/SignerVerifier.java
+++ b/spring-security-jwt/src/main/java/org/springframework/security/jwt/crypto/sign/SignerVerifier.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-jwt/src/test/java/org/springframework/security/jwt/JwtSpecData.java b/spring-security-jwt/src/test/java/org/springframework/security/jwt/JwtSpecData.java
index a5fc71707..99139ee12 100644
--- a/spring-security-jwt/src/test/java/org/springframework/security/jwt/JwtSpecData.java
+++ b/spring-security-jwt/src/test/java/org/springframework/security/jwt/JwtSpecData.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-jwt/src/test/java/org/springframework/security/jwt/JwtTests.java b/spring-security-jwt/src/test/java/org/springframework/security/jwt/JwtTests.java
index 1cdc5793e..1a5eb20cc 100644
--- a/spring-security-jwt/src/test/java/org/springframework/security/jwt/JwtTests.java
+++ b/spring-security-jwt/src/test/java/org/springframework/security/jwt/JwtTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-jwt/src/test/java/org/springframework/security/jwt/RubyJwtIntegrationTests.java b/spring-security-jwt/src/test/java/org/springframework/security/jwt/RubyJwtIntegrationTests.java
index dd2f3bd74..6aa3b406a 100644
--- a/spring-security-jwt/src/test/java/org/springframework/security/jwt/RubyJwtIntegrationTests.java
+++ b/spring-security-jwt/src/test/java/org/springframework/security/jwt/RubyJwtIntegrationTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-jwt/src/test/java/org/springframework/security/jwt/crypto/cipher/RsaTestKeyData.java b/spring-security-jwt/src/test/java/org/springframework/security/jwt/crypto/cipher/RsaTestKeyData.java
index b37d29504..b0901127d 100644
--- a/spring-security-jwt/src/test/java/org/springframework/security/jwt/crypto/cipher/RsaTestKeyData.java
+++ b/spring-security-jwt/src/test/java/org/springframework/security/jwt/crypto/cipher/RsaTestKeyData.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-jwt/src/test/java/org/springframework/security/jwt/crypto/sign/EllipticCurveVerifierTests.java b/spring-security-jwt/src/test/java/org/springframework/security/jwt/crypto/sign/EllipticCurveVerifierTests.java
index f4e581757..718c9016d 100644
--- a/spring-security-jwt/src/test/java/org/springframework/security/jwt/crypto/sign/EllipticCurveVerifierTests.java
+++ b/spring-security-jwt/src/test/java/org/springframework/security/jwt/crypto/sign/EllipticCurveVerifierTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-jwt/src/test/java/org/springframework/security/jwt/crypto/sign/RsaSigningTests.java b/spring-security-jwt/src/test/java/org/springframework/security/jwt/crypto/sign/RsaSigningTests.java
index 363dee8ef..27e8dbb46 100644
--- a/spring-security-jwt/src/test/java/org/springframework/security/jwt/crypto/sign/RsaSigningTests.java
+++ b/spring-security-jwt/src/test/java/org/springframework/security/jwt/crypto/sign/RsaSigningTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthCodec.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthCodec.java
index 44ee7fc3b..0e917b772 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthCodec.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthCodec.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthConsumerParameter.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthConsumerParameter.java
index c485601d5..91127a909 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthConsumerParameter.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthConsumerParameter.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthException.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthException.java
index 7fc06de64..fc6e727a5 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthException.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthException.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthProviderParameter.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthProviderParameter.java
index 30ce020ab..fdcd0ceae 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthProviderParameter.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/OAuthProviderParameter.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/CoreOAuthSignatureMethodFactory.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/CoreOAuthSignatureMethodFactory.java
index 07f4e0758..0e736d7b1 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/CoreOAuthSignatureMethodFactory.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/CoreOAuthSignatureMethodFactory.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/HMAC_SHA1SignatureMethod.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/HMAC_SHA1SignatureMethod.java
index 88e78edab..6fb680f6b 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/HMAC_SHA1SignatureMethod.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/HMAC_SHA1SignatureMethod.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/InvalidSignatureException.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/InvalidSignatureException.java
index de5196961..260bee365 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/InvalidSignatureException.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/InvalidSignatureException.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/OAuthSignatureMethod.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/OAuthSignatureMethod.java
index 01c85c3e2..348684003 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/OAuthSignatureMethod.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/OAuthSignatureMethod.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/OAuthSignatureMethodFactory.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/OAuthSignatureMethodFactory.java
index a26a88a80..00f015391 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/OAuthSignatureMethodFactory.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/OAuthSignatureMethodFactory.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/PlainTextSignatureMethod.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/PlainTextSignatureMethod.java
index 4b9be8946..31e6eae7d 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/PlainTextSignatureMethod.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/PlainTextSignatureMethod.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/RSAKeySecret.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/RSAKeySecret.java
index 0f0da404f..21b49bcd1 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/RSAKeySecret.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/RSAKeySecret.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/RSA_SHA1SignatureMethod.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/RSA_SHA1SignatureMethod.java
index 27a63419f..0c6a6cec9 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/RSA_SHA1SignatureMethod.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/RSA_SHA1SignatureMethod.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SharedConsumerSecret.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SharedConsumerSecret.java
index 62423232e..9d0c07229 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SharedConsumerSecret.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SharedConsumerSecret.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SharedConsumerSecretImpl.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SharedConsumerSecretImpl.java
index dbde015ee..dff207c00 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SharedConsumerSecretImpl.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SharedConsumerSecretImpl.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SignatureSecret.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SignatureSecret.java
index b695d5e9c..8110de2a9 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SignatureSecret.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SignatureSecret.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SignatureSecretEditor.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SignatureSecretEditor.java
index 64695177b..7702c508d 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SignatureSecretEditor.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/SignatureSecretEditor.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/UnsupportedSignatureMethodException.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/UnsupportedSignatureMethodException.java
index 422955590..88f1a4782 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/UnsupportedSignatureMethodException.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/common/signature/UnsupportedSignatureMethodException.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ConsumerDetailsFactoryBean.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ConsumerDetailsFactoryBean.java
index 433904ccc..b3220e3e7 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ConsumerDetailsFactoryBean.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ConsumerDetailsFactoryBean.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ConsumerServiceBeanDefinitionParser.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ConsumerServiceBeanDefinitionParser.java
index de91a6097..d8cfba0d1 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ConsumerServiceBeanDefinitionParser.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ConsumerServiceBeanDefinitionParser.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ExpressionHandlerBeanDefinitionParser.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ExpressionHandlerBeanDefinitionParser.java
index 333fa1607..30e4118ac 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ExpressionHandlerBeanDefinitionParser.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ExpressionHandlerBeanDefinitionParser.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/OAuthConsumerBeanDefinitionParser.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/OAuthConsumerBeanDefinitionParser.java
index 025c3eeb0..004fc87d5 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/OAuthConsumerBeanDefinitionParser.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/OAuthConsumerBeanDefinitionParser.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/OAuthProviderBeanDefinitionParser.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/OAuthProviderBeanDefinitionParser.java
index dcb201c3e..5a1873e8c 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/OAuthProviderBeanDefinitionParser.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/OAuthProviderBeanDefinitionParser.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/OAuthSecurityNamespaceHandler.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/OAuthSecurityNamespaceHandler.java
index e92a268ea..91cdaba92 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/OAuthSecurityNamespaceHandler.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/OAuthSecurityNamespaceHandler.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ProtectedResourceDetailsBeanDefinitionParser.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ProtectedResourceDetailsBeanDefinitionParser.java
index c12d19820..ac4cdb905 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ProtectedResourceDetailsBeanDefinitionParser.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ProtectedResourceDetailsBeanDefinitionParser.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/TokenServiceBeanDefinitionParser.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/TokenServiceBeanDefinitionParser.java
index 84c9095f9..784a69790 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/TokenServiceBeanDefinitionParser.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/TokenServiceBeanDefinitionParser.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/VerifierServiceBeanDefinitionParser.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/VerifierServiceBeanDefinitionParser.java
index b22bec73d..8f85b150a 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/VerifierServiceBeanDefinitionParser.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/config/VerifierServiceBeanDefinitionParser.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/BaseProtectedResourceDetails.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/BaseProtectedResourceDetails.java
index 8687c8de3..7a35df339 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/BaseProtectedResourceDetails.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/BaseProtectedResourceDetails.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/InMemoryProtectedResourceDetailsService.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/InMemoryProtectedResourceDetailsService.java
index 7b0ca51fe..3d50987c2 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/InMemoryProtectedResourceDetailsService.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/InMemoryProtectedResourceDetailsService.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/InvalidOAuthRealmException.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/InvalidOAuthRealmException.java
index ffc5536c7..4dfd1c010 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/InvalidOAuthRealmException.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/InvalidOAuthRealmException.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthConsumerSupport.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthConsumerSupport.java
index 38c3dd851..fda9d13b5 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthConsumerSupport.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthConsumerSupport.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthConsumerToken.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthConsumerToken.java
index 4ab2ecaaf..6472e24f5 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthConsumerToken.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthConsumerToken.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthRequestFailedException.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthRequestFailedException.java
index ed92ba098..1e914cb36 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthRequestFailedException.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/OAuthRequestFailedException.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/ProtectedResourceDetails.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/ProtectedResourceDetails.java
index f52181a6a..9e8ac672d 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/ProtectedResourceDetails.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/ProtectedResourceDetails.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/ProtectedResourceDetailsService.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/ProtectedResourceDetailsService.java
index edd28ae21..f690fc042 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/ProtectedResourceDetailsService.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/ProtectedResourceDetailsService.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/UnverifiedRequestTokenException.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/UnverifiedRequestTokenException.java
index cf0a54262..876f8c674 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/UnverifiedRequestTokenException.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/UnverifiedRequestTokenException.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/client/CoreOAuthConsumerSupport.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/client/CoreOAuthConsumerSupport.java
index 36ab3b822..ddb718629 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/client/CoreOAuthConsumerSupport.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/client/CoreOAuthConsumerSupport.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/filter/OAuthConsumerContextFilter.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/filter/OAuthConsumerContextFilter.java
index 8fb413a1a..776750baa 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/filter/OAuthConsumerContextFilter.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/filter/OAuthConsumerContextFilter.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/filter/OAuthConsumerProcessingFilter.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/filter/OAuthConsumerProcessingFilter.java
index d8aa8d900..4a38aeecb 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/filter/OAuthConsumerProcessingFilter.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/filter/OAuthConsumerProcessingFilter.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/DefaultOAuthURLStreamHandlerFactory.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/DefaultOAuthURLStreamHandlerFactory.java
index eb415be7b..b7b242900 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/DefaultOAuthURLStreamHandlerFactory.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/DefaultOAuthURLStreamHandlerFactory.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/OAuthOverHttpURLStreamHandler.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/OAuthOverHttpURLStreamHandler.java
index 5ce53d96b..321d27fea 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/OAuthOverHttpURLStreamHandler.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/OAuthOverHttpURLStreamHandler.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/OAuthOverHttpsURLStreamHandler.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/OAuthOverHttpsURLStreamHandler.java
index de6bbbbd1..1f1dc3159 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/OAuthOverHttpsURLStreamHandler.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/OAuthOverHttpsURLStreamHandler.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/OAuthURLStreamHandlerFactory.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/OAuthURLStreamHandlerFactory.java
index 507088b1a..022d4719b 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/OAuthURLStreamHandlerFactory.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/net/OAuthURLStreamHandlerFactory.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/nonce/NonceFactory.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/nonce/NonceFactory.java
index 82ff87a52..fa8315175 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/nonce/NonceFactory.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/nonce/NonceFactory.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/nonce/UUIDNonceFactory.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/nonce/UUIDNonceFactory.java
index 028a47319..ca22d5dca 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/nonce/UUIDNonceFactory.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/nonce/UUIDNonceFactory.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/token/HttpSessionBasedTokenServices.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/token/HttpSessionBasedTokenServices.java
index abfa1ce74..5cd4d987d 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/token/HttpSessionBasedTokenServices.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/token/HttpSessionBasedTokenServices.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/token/OAuthConsumerTokenServices.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/token/OAuthConsumerTokenServices.java
index 854c205e7..a97c11a8b 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/token/OAuthConsumerTokenServices.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/consumer/token/OAuthConsumerTokenServices.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/BaseConsumerDetails.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/BaseConsumerDetails.java
index 250172ff9..2f4a402ef 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/BaseConsumerDetails.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/BaseConsumerDetails.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerAuthentication.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerAuthentication.java
index 6d5e37fce..3246e7e63 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerAuthentication.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerAuthentication.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerCredentials.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerCredentials.java
index 5afe5324d..48b983954 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerCredentials.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerCredentials.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerDetails.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerDetails.java
index c90a1baf6..9756f19fa 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerDetails.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerDetails.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerDetailsService.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerDetailsService.java
index a67415592..41c52a421 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerDetailsService.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ConsumerDetailsService.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ExtraTrustConsumerDetails.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ExtraTrustConsumerDetails.java
index 8c82ae5d3..4e5cd0d4c 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ExtraTrustConsumerDetails.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ExtraTrustConsumerDetails.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/InMemoryConsumerDetailsService.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/InMemoryConsumerDetailsService.java
index 4a153a0a9..f8dc7cbd0 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/InMemoryConsumerDetailsService.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/InMemoryConsumerDetailsService.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/InvalidOAuthParametersException.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/InvalidOAuthParametersException.java
index 8c8a93f05..de4753471 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/InvalidOAuthParametersException.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/InvalidOAuthParametersException.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthAuthenticationDetails.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthAuthenticationDetails.java
index 66843bcaa..58ee7ee59 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthAuthenticationDetails.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthAuthenticationDetails.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthProcessingFilterEntryPoint.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthProcessingFilterEntryPoint.java
index 3de65b479..8125ad077 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthProcessingFilterEntryPoint.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthProcessingFilterEntryPoint.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthProviderSupport.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthProviderSupport.java
index f5b2af59e..c44e0a177 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthProviderSupport.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthProviderSupport.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthVersionUnsupportedException.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthVersionUnsupportedException.java
index d715ac562..ea6a20eca 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthVersionUnsupportedException.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/OAuthVersionUnsupportedException.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ResourceSpecificConsumerDetails.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ResourceSpecificConsumerDetails.java
index 0cffc2c05..0622281dc 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ResourceSpecificConsumerDetails.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/ResourceSpecificConsumerDetails.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerKeysAllowed.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerKeysAllowed.java
index 8a95c59f6..8d77626bf 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerKeysAllowed.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerKeysAllowed.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerRolesAllowed.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerRolesAllowed.java
index 8ed5bb49e..31ffbb298 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerRolesAllowed.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerRolesAllowed.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerSecurityConfig.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerSecurityConfig.java
index 0fcd5869a..e6ad3e9b1 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerSecurityConfig.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerSecurityConfig.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerSecurityMetadataSource.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerSecurityMetadataSource.java
index 2744a95da..8fcd6fe40 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerSecurityMetadataSource.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerSecurityMetadataSource.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerSecurityVoter.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerSecurityVoter.java
index ffc53105b..fc26ba7c1 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerSecurityVoter.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/ConsumerSecurityVoter.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/DenyAllConsumers.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/DenyAllConsumers.java
index 7b9709c82..667c097ab 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/DenyAllConsumers.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/DenyAllConsumers.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/PermitAllConsumers.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/PermitAllConsumers.java
index 99f8acc4f..859c105ee 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/PermitAllConsumers.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/attributes/PermitAllConsumers.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/AccessTokenProcessingFilter.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/AccessTokenProcessingFilter.java
index 0a9bf8c42..a35eddd76 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/AccessTokenProcessingFilter.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/AccessTokenProcessingFilter.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/CoreOAuthProviderSupport.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/CoreOAuthProviderSupport.java
index b46b989aa..93cbb612b 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/CoreOAuthProviderSupport.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/CoreOAuthProviderSupport.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/OAuthProviderProcessingFilter.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/OAuthProviderProcessingFilter.java
index 8b6055584..e317593c8 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/OAuthProviderProcessingFilter.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/OAuthProviderProcessingFilter.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/ProtectedResourceProcessingFilter.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/ProtectedResourceProcessingFilter.java
index cf7e5b5e0..9c75e1aa6 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/ProtectedResourceProcessingFilter.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/ProtectedResourceProcessingFilter.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/UnauthenticatedRequestTokenProcessingFilter.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/UnauthenticatedRequestTokenProcessingFilter.java
index 3ac546d0d..f8df77f16 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/UnauthenticatedRequestTokenProcessingFilter.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/UnauthenticatedRequestTokenProcessingFilter.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/UserAuthorizationProcessingFilter.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/UserAuthorizationProcessingFilter.java
index 3e8b81e48..ecff6e192 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/UserAuthorizationProcessingFilter.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/UserAuthorizationProcessingFilter.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/UserAuthorizationSuccessfulAuthenticationHandler.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/UserAuthorizationSuccessfulAuthenticationHandler.java
index 0135a396a..c5558783f 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/UserAuthorizationSuccessfulAuthenticationHandler.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/UserAuthorizationSuccessfulAuthenticationHandler.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/ExpiringTimestampNonceServices.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/ExpiringTimestampNonceServices.java
index bfaf53972..8e3cf38e1 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/ExpiringTimestampNonceServices.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/ExpiringTimestampNonceServices.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/InMemoryNonceServices.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/InMemoryNonceServices.java
index dce75709e..a4e726949 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/InMemoryNonceServices.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/InMemoryNonceServices.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/NonceAlreadyUsedException.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/NonceAlreadyUsedException.java
index a3d180bf3..0a8d7845c 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/NonceAlreadyUsedException.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/NonceAlreadyUsedException.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/NullNonceServices.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/NullNonceServices.java
index 0b2719f07..084ad767c 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/NullNonceServices.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/NullNonceServices.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/OAuthNonceServices.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/OAuthNonceServices.java
index 91611fc62..2c5710bf6 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/OAuthNonceServices.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/nonce/OAuthNonceServices.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/ExpiredOAuthTokenException.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/ExpiredOAuthTokenException.java
index 37222ba5c..c29acbff0 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/ExpiredOAuthTokenException.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/ExpiredOAuthTokenException.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/InMemoryProviderTokenServices.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/InMemoryProviderTokenServices.java
index f68b2e420..f35ced78c 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/InMemoryProviderTokenServices.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/InMemoryProviderTokenServices.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/InMemorySelfCleaningProviderTokenServices.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/InMemorySelfCleaningProviderTokenServices.java
index 3142eaf9b..7a8ce4bf6 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/InMemorySelfCleaningProviderTokenServices.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/InMemorySelfCleaningProviderTokenServices.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/InvalidOAuthTokenException.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/InvalidOAuthTokenException.java
index 113ea14f3..b9984615a 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/InvalidOAuthTokenException.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/InvalidOAuthTokenException.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthAccessProviderToken.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthAccessProviderToken.java
index 858ae43e6..c37038a8d 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthAccessProviderToken.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthAccessProviderToken.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthProviderToken.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthProviderToken.java
index 15b0f3922..71cf6596b 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthProviderToken.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthProviderToken.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthProviderTokenImpl.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthProviderTokenImpl.java
index 8a5c24a86..b8244dc39 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthProviderTokenImpl.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthProviderTokenImpl.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthProviderTokenServices.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthProviderTokenServices.java
index b345a9bbd..4dff7d643 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthProviderTokenServices.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/OAuthProviderTokenServices.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/RandomValueProviderTokenServices.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/RandomValueProviderTokenServices.java
index 8ae12b88f..6d8e4df96 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/RandomValueProviderTokenServices.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/token/RandomValueProviderTokenServices.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/verifier/VerificationFailedException.java b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/verifier/VerificationFailedException.java
index 90d78788e..2c8a04a88 100644
--- a/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/verifier/VerificationFailedException.java
+++ b/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/verifier/VerificationFailedException.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/test/java/net/oauth/signature/GoogleCodeCompatibilityTests.java b/spring-security-oauth/src/test/java/net/oauth/signature/GoogleCodeCompatibilityTests.java
index e8c8b3a3e..ffb90bc58 100644
--- a/spring-security-oauth/src/test/java/net/oauth/signature/GoogleCodeCompatibilityTests.java
+++ b/spring-security-oauth/src/test/java/net/oauth/signature/GoogleCodeCompatibilityTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/test/java/org/springframework/security/oauth/common/OAuthCodecTests.java b/spring-security-oauth/src/test/java/org/springframework/security/oauth/common/OAuthCodecTests.java
index 06c870332..cc55abddf 100644
--- a/spring-security-oauth/src/test/java/org/springframework/security/oauth/common/OAuthCodecTests.java
+++ b/spring-security-oauth/src/test/java/org/springframework/security/oauth/common/OAuthCodecTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/test/java/org/springframework/security/oauth/common/signature/CoreOAuthSignatureMethodFactoryTests.java b/spring-security-oauth/src/test/java/org/springframework/security/oauth/common/signature/CoreOAuthSignatureMethodFactoryTests.java
index 90c0b9be0..107277d77 100644
--- a/spring-security-oauth/src/test/java/org/springframework/security/oauth/common/signature/CoreOAuthSignatureMethodFactoryTests.java
+++ b/spring-security-oauth/src/test/java/org/springframework/security/oauth/common/signature/CoreOAuthSignatureMethodFactoryTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/test/java/org/springframework/security/oauth/common/signature/HMAC_SHA1SignatureMethodTests.java b/spring-security-oauth/src/test/java/org/springframework/security/oauth/common/signature/HMAC_SHA1SignatureMethodTests.java
index 293cad1d6..0ebf3994b 100644
--- a/spring-security-oauth/src/test/java/org/springframework/security/oauth/common/signature/HMAC_SHA1SignatureMethodTests.java
+++ b/spring-security-oauth/src/test/java/org/springframework/security/oauth/common/signature/HMAC_SHA1SignatureMethodTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/test/java/org/springframework/security/oauth/common/signature/PlainTextSignatureMethodTests.java b/spring-security-oauth/src/test/java/org/springframework/security/oauth/common/signature/PlainTextSignatureMethodTests.java
index 08927a001..fdcc840f5 100644
--- a/spring-security-oauth/src/test/java/org/springframework/security/oauth/common/signature/PlainTextSignatureMethodTests.java
+++ b/spring-security-oauth/src/test/java/org/springframework/security/oauth/common/signature/PlainTextSignatureMethodTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/test/java/org/springframework/security/oauth/common/signature/RSA_SHA1SignatureMethodTests.java b/spring-security-oauth/src/test/java/org/springframework/security/oauth/common/signature/RSA_SHA1SignatureMethodTests.java
index 8b8c77570..e68dd10ad 100644
--- a/spring-security-oauth/src/test/java/org/springframework/security/oauth/common/signature/RSA_SHA1SignatureMethodTests.java
+++ b/spring-security-oauth/src/test/java/org/springframework/security/oauth/common/signature/RSA_SHA1SignatureMethodTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/test/java/org/springframework/security/oauth/config/AuthorizationServerBeanDefinitionParserTests.java b/spring-security-oauth/src/test/java/org/springframework/security/oauth/config/AuthorizationServerBeanDefinitionParserTests.java
index d2000dd4d..322a0bad2 100644
--- a/spring-security-oauth/src/test/java/org/springframework/security/oauth/config/AuthorizationServerBeanDefinitionParserTests.java
+++ b/spring-security-oauth/src/test/java/org/springframework/security/oauth/config/AuthorizationServerBeanDefinitionParserTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/test/java/org/springframework/security/oauth/consumer/client/CoreOAuthConsumerSupportTests.java b/spring-security-oauth/src/test/java/org/springframework/security/oauth/consumer/client/CoreOAuthConsumerSupportTests.java
index 08673d126..f4b391848 100644
--- a/spring-security-oauth/src/test/java/org/springframework/security/oauth/consumer/client/CoreOAuthConsumerSupportTests.java
+++ b/spring-security-oauth/src/test/java/org/springframework/security/oauth/consumer/client/CoreOAuthConsumerSupportTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/test/java/org/springframework/security/oauth/consumer/rememberme/HttpSessionOAuthRememberMeServicesTests.java b/spring-security-oauth/src/test/java/org/springframework/security/oauth/consumer/rememberme/HttpSessionOAuthRememberMeServicesTests.java
index 9beba686b..b20fa8e57 100644
--- a/spring-security-oauth/src/test/java/org/springframework/security/oauth/consumer/rememberme/HttpSessionOAuthRememberMeServicesTests.java
+++ b/spring-security-oauth/src/test/java/org/springframework/security/oauth/consumer/rememberme/HttpSessionOAuthRememberMeServicesTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/test/java/org/springframework/security/oauth/provider/CoreOAuthProviderSupportTests.java b/spring-security-oauth/src/test/java/org/springframework/security/oauth/provider/CoreOAuthProviderSupportTests.java
index 451e42aaf..919d59dd9 100644
--- a/spring-security-oauth/src/test/java/org/springframework/security/oauth/provider/CoreOAuthProviderSupportTests.java
+++ b/spring-security-oauth/src/test/java/org/springframework/security/oauth/provider/CoreOAuthProviderSupportTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/test/java/org/springframework/security/oauth/provider/filter/AccessTokenProcessingFilterTests.java b/spring-security-oauth/src/test/java/org/springframework/security/oauth/provider/filter/AccessTokenProcessingFilterTests.java
index 0360eecfb..5199c30fe 100644
--- a/spring-security-oauth/src/test/java/org/springframework/security/oauth/provider/filter/AccessTokenProcessingFilterTests.java
+++ b/spring-security-oauth/src/test/java/org/springframework/security/oauth/provider/filter/AccessTokenProcessingFilterTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/test/java/org/springframework/security/oauth/provider/filter/OAuthProcessingFilterTests.java b/spring-security-oauth/src/test/java/org/springframework/security/oauth/provider/filter/OAuthProcessingFilterTests.java
index ab0a9ac90..b164b14bb 100644
--- a/spring-security-oauth/src/test/java/org/springframework/security/oauth/provider/filter/OAuthProcessingFilterTests.java
+++ b/spring-security-oauth/src/test/java/org/springframework/security/oauth/provider/filter/OAuthProcessingFilterTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/test/java/org/springframework/security/oauth/provider/filter/OAuthUserAuthorizationProcessingFilterTests.java b/spring-security-oauth/src/test/java/org/springframework/security/oauth/provider/filter/OAuthUserAuthorizationProcessingFilterTests.java
index 76d57d0e0..ff967daed 100644
--- a/spring-security-oauth/src/test/java/org/springframework/security/oauth/provider/filter/OAuthUserAuthorizationProcessingFilterTests.java
+++ b/spring-security-oauth/src/test/java/org/springframework/security/oauth/provider/filter/OAuthUserAuthorizationProcessingFilterTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/test/java/org/springframework/security/oauth/provider/filter/ProtectedResourceProcessingFilterTests.java b/spring-security-oauth/src/test/java/org/springframework/security/oauth/provider/filter/ProtectedResourceProcessingFilterTests.java
index 4f8f4cc30..8fc88f830 100644
--- a/spring-security-oauth/src/test/java/org/springframework/security/oauth/provider/filter/ProtectedResourceProcessingFilterTests.java
+++ b/spring-security-oauth/src/test/java/org/springframework/security/oauth/provider/filter/ProtectedResourceProcessingFilterTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/test/java/org/springframework/security/oauth/provider/filter/UnauthenticatedRequestTokenProcessingFilterTests.java b/spring-security-oauth/src/test/java/org/springframework/security/oauth/provider/filter/UnauthenticatedRequestTokenProcessingFilterTests.java
index c6d27c93d..fb3fc1ac3 100644
--- a/spring-security-oauth/src/test/java/org/springframework/security/oauth/provider/filter/UnauthenticatedRequestTokenProcessingFilterTests.java
+++ b/spring-security-oauth/src/test/java/org/springframework/security/oauth/provider/filter/UnauthenticatedRequestTokenProcessingFilterTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth/src/test/java/org/springframework/security/oauth/provider/filter/UserAuthorizationSuccessfulAuthenticationHandlerTests.java b/spring-security-oauth/src/test/java/org/springframework/security/oauth/provider/filter/UserAuthorizationSuccessfulAuthenticationHandlerTests.java
index 6924e6b4d..16f8b2359 100644
--- a/spring-security-oauth/src/test/java/org/springframework/security/oauth/provider/filter/UserAuthorizationSuccessfulAuthenticationHandlerTests.java
+++ b/spring-security-oauth/src/test/java/org/springframework/security/oauth/provider/filter/UserAuthorizationSuccessfulAuthenticationHandlerTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/DefaultOAuth2RequestAuthenticator.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/DefaultOAuth2RequestAuthenticator.java
index 92d5125f2..a6114b9fe 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/DefaultOAuth2RequestAuthenticator.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/DefaultOAuth2RequestAuthenticator.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2ClientContext.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2ClientContext.java
index de2b27876..9af13b874 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2ClientContext.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2ClientContext.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RequestAuthenticator.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RequestAuthenticator.java
index 222e85836..6b668bd6b 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RequestAuthenticator.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RequestAuthenticator.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RestOperations.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RestOperations.java
index 1abea6d81..8a3967f7e 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RestOperations.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/OAuth2RestOperations.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/discovery/ProviderConfiguration.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/discovery/ProviderConfiguration.java
index 7cde6f8c9..e95a7c793 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/discovery/ProviderConfiguration.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/discovery/ProviderConfiguration.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/discovery/ProviderDiscoveryClient.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/discovery/ProviderDiscoveryClient.java
index fc2ecbe22..10c8a9d4d 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/discovery/ProviderDiscoveryClient.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/discovery/ProviderDiscoveryClient.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/OAuth2ClientAuthenticationProcessingFilter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/OAuth2ClientAuthenticationProcessingFilter.java
index b616712ce..aeb8f477e 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/OAuth2ClientAuthenticationProcessingFilter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/OAuth2ClientAuthenticationProcessingFilter.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/state/DefaultStateKeyGenerator.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/state/DefaultStateKeyGenerator.java
index 569007200..94af21a2c 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/state/DefaultStateKeyGenerator.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/state/DefaultStateKeyGenerator.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/state/StateKeyGenerator.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/state/StateKeyGenerator.java
index 58fc0638c..81cbd9511 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/state/StateKeyGenerator.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/state/StateKeyGenerator.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorHandler.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorHandler.java
index af510e2ae..8b2b42038 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorHandler.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorHandler.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/resource/UserApprovalRequiredException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/resource/UserApprovalRequiredException.java
index 144f9f399..f885264d8 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/resource/UserApprovalRequiredException.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/resource/UserApprovalRequiredException.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/BeforeOAuth2Context.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/BeforeOAuth2Context.java
index f190be6ea..1fa2fbdd3 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/BeforeOAuth2Context.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/BeforeOAuth2Context.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/OAuth2ContextConfiguration.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/OAuth2ContextConfiguration.java
index f09930fa3..e4bf56ed4 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/OAuth2ContextConfiguration.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/OAuth2ContextConfiguration.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/OAuth2ContextSetup.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/OAuth2ContextSetup.java
index 83529d7e6..f9c932ed8 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/OAuth2ContextSetup.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/OAuth2ContextSetup.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/RestTemplateHolder.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/RestTemplateHolder.java
index aa5a863cd..c14aabf5f 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/RestTemplateHolder.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/RestTemplateHolder.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/TestAccounts.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/TestAccounts.java
index e7ca361d0..782532ce7 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/TestAccounts.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/test/TestAccounts.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenProvider.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenProvider.java
index 025e36f55..bd3e3a382 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenProvider.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenProvider.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChain.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChain.java
index 5564db383..86e5abc0e 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChain.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChain.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenRequest.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenRequest.java
index cd7ead483..85d0c2a67 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenRequest.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/AccessTokenRequest.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/ClientKeyGenerator.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/ClientKeyGenerator.java
index 9d8eb0fd0..58f376277 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/ClientKeyGenerator.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/ClientKeyGenerator.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/ClientTokenServices.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/ClientTokenServices.java
index 95811454b..0aef5cc19 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/ClientTokenServices.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/ClientTokenServices.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultAccessTokenRequest.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultAccessTokenRequest.java
index 90c445af1..72a8f21af 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultAccessTokenRequest.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultAccessTokenRequest.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultClientKeyGenerator.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultClientKeyGenerator.java
index 5d5264983..b473d77c2 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultClientKeyGenerator.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultClientKeyGenerator.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultRequestEnhancer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultRequestEnhancer.java
index f2356ae01..09ca76bd7 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultRequestEnhancer.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/DefaultRequestEnhancer.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/RequestEnhancer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/RequestEnhancer.java
index bb1a153b8..b6442bb1b 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/RequestEnhancer.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/RequestEnhancer.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/auth/ClientAuthenticationHandler.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/auth/ClientAuthenticationHandler.java
index 800130dca..b62669fda 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/auth/ClientAuthenticationHandler.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/auth/ClientAuthenticationHandler.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeAccessTokenProvider.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeAccessTokenProvider.java
index 37743c624..8a6ea6390 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeAccessTokenProvider.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeAccessTokenProvider.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
@@ -20,7 +20,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/password/ResourceOwnerPasswordResourceDetails.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/password/ResourceOwnerPasswordResourceDetails.java
index b20155e8b..54fde4247 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/password/ResourceOwnerPasswordResourceDetails.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/grant/password/ResourceOwnerPasswordResourceDetails.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/AuthenticationScheme.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/AuthenticationScheme.java
index f4d75d22b..86b6e30e6 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/AuthenticationScheme.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/AuthenticationScheme.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/ExpiringOAuth2RefreshToken.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/ExpiringOAuth2RefreshToken.java
index abeb44b90..d69672935 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/ExpiringOAuth2RefreshToken.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/ExpiringOAuth2RefreshToken.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessToken.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessToken.java
index 0d2ea97ca..44959a85d 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessToken.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessToken.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson1Deserializer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson1Deserializer.java
index 68bbf55e9..66037bbc9 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson1Deserializer.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson1Deserializer.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson1Serializer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson1Serializer.java
index 2f2768a32..1fd3fe777 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson1Serializer.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson1Serializer.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2Deserializer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2Deserializer.java
index 608422d1f..9254d851f 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2Deserializer.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2Deserializer.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2Serializer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2Serializer.java
index f006e3998..60632949b 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2Serializer.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2Serializer.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2RefreshToken.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2RefreshToken.java
index 9283b5e9a..2caf151e7 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2RefreshToken.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2RefreshToken.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/InvalidTokenException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/InvalidTokenException.java
index 527fdced8..555cc4a7c 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/InvalidTokenException.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/InvalidTokenException.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson1Deserializer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson1Deserializer.java
index c9f4b68ab..a32e4e521 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson1Deserializer.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson1Deserializer.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson1Serializer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson1Serializer.java
index 091068177..c97d16ec2 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson1Serializer.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson1Serializer.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson2Deserializer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson2Deserializer.java
index 92a32aba6..516f39f41 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson2Deserializer.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson2Deserializer.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson2Serializer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson2Serializer.java
index cacc95408..e8a7a5ad2 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson2Serializer.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/exceptions/OAuth2ExceptionJackson2Serializer.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/DefaultJdbcListFactory.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/DefaultJdbcListFactory.java
index e05362f77..37347befe 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/DefaultJdbcListFactory.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/DefaultJdbcListFactory.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/Jackson2JsonParser.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/Jackson2JsonParser.java
index e755a9bdf..e8ca0adfb 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/Jackson2JsonParser.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/Jackson2JsonParser.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JacksonJsonParser.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JacksonJsonParser.java
index de8605c17..a79502e52 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JacksonJsonParser.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JacksonJsonParser.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JdbcListFactory.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JdbcListFactory.java
index 1a58e4ef9..fb7492b60 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JdbcListFactory.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JdbcListFactory.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonParser.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonParser.java
index 386cefd72..c2905ca5c 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonParser.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonParser.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonParserFactory.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonParserFactory.java
index 775a84379..2ec9aa2da 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonParserFactory.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonParserFactory.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/OAuth2Utils.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/OAuth2Utils.java
index 181333022..4c22f34b3 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/OAuth2Utils.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/OAuth2Utils.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/ProxyCreator.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/ProxyCreator.java
index d99622c15..b842648c7 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/ProxyCreator.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/ProxyCreator.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/builders/ClientDetailsServiceBuilder.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/builders/ClientDetailsServiceBuilder.java
index 6e5d72985..a47b3608c 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/builders/ClientDetailsServiceBuilder.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/builders/ClientDetailsServiceBuilder.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/builders/InMemoryClientDetailsServiceBuilder.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/builders/InMemoryClientDetailsServiceBuilder.java
index da19dde33..8c6f37c3a 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/builders/InMemoryClientDetailsServiceBuilder.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/builders/InMemoryClientDetailsServiceBuilder.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/builders/JdbcClientDetailsServiceBuilder.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/builders/JdbcClientDetailsServiceBuilder.java
index a0e90f0fd..4a9d26a87 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/builders/JdbcClientDetailsServiceBuilder.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/builders/JdbcClientDetailsServiceBuilder.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/configuration/ClientDetailsServiceConfiguration.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/configuration/ClientDetailsServiceConfiguration.java
index a7319d4d6..d7ad2e699 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/configuration/ClientDetailsServiceConfiguration.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/configuration/ClientDetailsServiceConfiguration.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/configurers/ClientDetailsServiceConfigurer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/configurers/ClientDetailsServiceConfigurer.java
index 398666a4d..e1ec33053 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/configurers/ClientDetailsServiceConfigurer.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/configurers/ClientDetailsServiceConfigurer.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerConfigurer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerConfigurer.java
index 56d9d2876..f81dfc06c 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerConfigurer.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerConfigurer.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerConfigurerAdapter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerConfigurerAdapter.java
index 147573b3e..4e8342ac1 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerConfigurerAdapter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerConfigurerAdapter.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerEndpointsConfiguration.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerEndpointsConfiguration.java
index b2bc71674..aa32758a5 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerEndpointsConfiguration.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerEndpointsConfiguration.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerSecurityConfiguration.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerSecurityConfiguration.java
index 231e1ec8b..cc7601d03 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerSecurityConfiguration.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerSecurityConfiguration.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/EnableAuthorizationServer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/EnableAuthorizationServer.java
index bed46e8a3..1b4415269 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/EnableAuthorizationServer.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/EnableAuthorizationServer.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/EnableOAuth2Client.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/EnableOAuth2Client.java
index b19b31858..3bac72c3c 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/EnableOAuth2Client.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/EnableOAuth2Client.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/EnableResourceServer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/EnableResourceServer.java
index efaa1ce48..52c532833 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/EnableResourceServer.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/EnableResourceServer.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/OAuth2ClientConfiguration.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/OAuth2ClientConfiguration.java
index a5815fd19..b79985202 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/OAuth2ClientConfiguration.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/OAuth2ClientConfiguration.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfiguration.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfiguration.java
index da4779d1f..1833fab9f 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfiguration.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfiguration.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfigurer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfigurer.java
index b8f8d4d8f..d2a60f747 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfigurer.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfigurer.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfigurerAdapter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfigurerAdapter.java
index 1ab229281..2cf23e139 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfigurerAdapter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfigurerAdapter.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerEndpointsConfigurer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerEndpointsConfigurer.java
index 64ee6d76e..9bb56fa2a 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerEndpointsConfigurer.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerEndpointsConfigurer.java
@@ -5,7 +5,7 @@
  * use this file except in compliance with the License. You may obtain a copy of
  * the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerSecurityConfigurer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerSecurityConfigurer.java
index 7c34c2e3d..80b5d9cd3 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerSecurityConfigurer.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerSecurityConfigurer.java
@@ -5,7 +5,7 @@
  * use this file except in compliance with the License. You may obtain a copy of
  * the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/ResourceServerSecurityConfigurer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/ResourceServerSecurityConfigurer.java
index 4f26247b6..7251e85da 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/ResourceServerSecurityConfigurer.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/ResourceServerSecurityConfigurer.java
@@ -5,7 +5,7 @@
  * use this file except in compliance with the License. You may obtain a copy of
  * the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/AuthorizationServerBeanDefinitionParser.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/AuthorizationServerBeanDefinitionParser.java
index 391d74a8c..61047191d 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/AuthorizationServerBeanDefinitionParser.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/AuthorizationServerBeanDefinitionParser.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ClientBeanDefinitionParser.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ClientBeanDefinitionParser.java
index 347fe7099..d8034750c 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ClientBeanDefinitionParser.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ClientBeanDefinitionParser.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ClientDetailsServiceBeanDefinitionParser.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ClientDetailsServiceBeanDefinitionParser.java
index 5d9ec4af8..21fe53fe6 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ClientDetailsServiceBeanDefinitionParser.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ClientDetailsServiceBeanDefinitionParser.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ExpressionHandlerBeanDefinitionParser.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ExpressionHandlerBeanDefinitionParser.java
index 6edfbedda..9b8f9e7f7 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ExpressionHandlerBeanDefinitionParser.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ExpressionHandlerBeanDefinitionParser.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/OAuth2ClientContextFactoryBean.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/OAuth2ClientContextFactoryBean.java
index 3663b8c05..8b8d702c9 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/OAuth2ClientContextFactoryBean.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/OAuth2ClientContextFactoryBean.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/OAuth2SecurityNamespaceHandler.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/OAuth2SecurityNamespaceHandler.java
index f7632dcdb..01210ba8b 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/OAuth2SecurityNamespaceHandler.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/OAuth2SecurityNamespaceHandler.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ProviderBeanDefinitionParser.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ProviderBeanDefinitionParser.java
index 1550d3845..364c16013 100755
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ProviderBeanDefinitionParser.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ProviderBeanDefinitionParser.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ResourceBeanDefinitionParser.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ResourceBeanDefinitionParser.java
index d992c8aac..23c9fc62b 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ResourceBeanDefinitionParser.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ResourceBeanDefinitionParser.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ResourceServerBeanDefinitionParser.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ResourceServerBeanDefinitionParser.java
index 8301b596a..d7d261e1e 100755
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ResourceServerBeanDefinitionParser.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ResourceServerBeanDefinitionParser.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/RestTemplateBeanDefinitionParser.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/RestTemplateBeanDefinitionParser.java
index 41bb2a291..c4aeca280 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/RestTemplateBeanDefinitionParser.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/RestTemplateBeanDefinitionParser.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/WebExpressionHandlerBeanDefinitionParser.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/WebExpressionHandlerBeanDefinitionParser.java
index 17b364f56..dff530bb3 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/WebExpressionHandlerBeanDefinitionParser.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/WebExpressionHandlerBeanDefinitionParser.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/FormOAuth2AccessTokenMessageConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/FormOAuth2AccessTokenMessageConverter.java
index 6d27ee68c..f64ea48b0 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/FormOAuth2AccessTokenMessageConverter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/FormOAuth2AccessTokenMessageConverter.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/FormOAuth2ExceptionHttpMessageConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/FormOAuth2ExceptionHttpMessageConverter.java
index d66a13880..d81a0ecf7 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/FormOAuth2ExceptionHttpMessageConverter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/FormOAuth2ExceptionHttpMessageConverter.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/jaxb/AbstractJaxbMessageConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/jaxb/AbstractJaxbMessageConverter.java
index fb2666dac..5bc7c0191 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/jaxb/AbstractJaxbMessageConverter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/jaxb/AbstractJaxbMessageConverter.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2AccessToken.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2AccessToken.java
index 1cbabd251..1df8ab8a0 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2AccessToken.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2AccessToken.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2AccessTokenMessageConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2AccessTokenMessageConverter.java
index 07d898077..be71dafae 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2AccessTokenMessageConverter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2AccessTokenMessageConverter.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2Exception.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2Exception.java
index ca4f3fdd2..75dfa02bf 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2Exception.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2Exception.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2ExceptionMessageConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2ExceptionMessageConverter.java
index f78313852..72ae1cd6f 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2ExceptionMessageConverter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2ExceptionMessageConverter.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/BaseRequest.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/BaseRequest.java
index 7fd7f28d5..47e869cca 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/BaseRequest.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/BaseRequest.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientAlreadyExistsException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientAlreadyExistsException.java
index eae256046..b7875f603 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientAlreadyExistsException.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientAlreadyExistsException.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientDetailsService.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientDetailsService.java
index e08aa3540..f9e4166b9 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientDetailsService.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientDetailsService.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientRegistrationException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientRegistrationException.java
index aa32bf437..731577ee5 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientRegistrationException.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientRegistrationException.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientRegistrationService.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientRegistrationService.java
index 4515539cf..a388c1b5b 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientRegistrationService.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/ClientRegistrationService.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/CompositeTokenGranter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/CompositeTokenGranter.java
index 0148e580c..fab6fbf89 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/CompositeTokenGranter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/CompositeTokenGranter.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/DefaultSecurityContextAccessor.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/DefaultSecurityContextAccessor.java
index 0bab78276..46915dc66 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/DefaultSecurityContextAccessor.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/DefaultSecurityContextAccessor.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/NoSuchClientException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/NoSuchClientException.java
index ba68dee61..0083d4d51 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/NoSuchClientException.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/NoSuchClientException.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/OAuth2RequestFactory.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/OAuth2RequestFactory.java
index d98418ab2..278b25b0c 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/OAuth2RequestFactory.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/OAuth2RequestFactory.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/SecurityContextAccessor.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/SecurityContextAccessor.java
index 26862cc64..cd6522724 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/SecurityContextAccessor.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/SecurityContextAccessor.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/TokenGranter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/TokenGranter.java
index 51b34f3f4..fcd9ef1f8 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/TokenGranter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/TokenGranter.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/Approval.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/Approval.java
index ffb7bd13a..27bbf8262 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/Approval.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/Approval.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/ApprovalStore.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/ApprovalStore.java
index 2f6063310..88209e612 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/ApprovalStore.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/ApprovalStore.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/ApprovalStoreUserApprovalHandler.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/ApprovalStoreUserApprovalHandler.java
index a250c3283..33804a776 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/ApprovalStoreUserApprovalHandler.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/ApprovalStoreUserApprovalHandler.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/DefaultUserApprovalHandler.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/DefaultUserApprovalHandler.java
index 4233b6796..2344627f5 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/DefaultUserApprovalHandler.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/DefaultUserApprovalHandler.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/InMemoryApprovalStore.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/InMemoryApprovalStore.java
index ef7e69009..b70818196 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/InMemoryApprovalStore.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/InMemoryApprovalStore.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/JdbcApprovalStore.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/JdbcApprovalStore.java
index bc3325afe..d200e22ee 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/JdbcApprovalStore.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/JdbcApprovalStore.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/TokenApprovalStore.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/TokenApprovalStore.java
index cf1cc2e5f..e9f0ebb30 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/TokenApprovalStore.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/TokenApprovalStore.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/TokenStoreUserApprovalHandler.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/TokenStoreUserApprovalHandler.java
index 4f995a4d1..ad69f0d10 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/TokenStoreUserApprovalHandler.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/approval/TokenStoreUserApprovalHandler.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/BearerTokenExtractor.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/BearerTokenExtractor.java
index bc2b76c29..4d224556d 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/BearerTokenExtractor.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/BearerTokenExtractor.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationDetails.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationDetails.java
index e2adb379b..d7a14ce8e 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationDetails.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationDetails.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationDetailsSource.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationDetailsSource.java
index 4dad52034..880c374e0 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationDetailsSource.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationDetailsSource.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationManager.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationManager.java
index b02b6375b..f81470cda 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationManager.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationManager.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationProcessingFilter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationProcessingFilter.java
index 65278c005..cc27d8d26 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationProcessingFilter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationProcessingFilter.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/TokenExtractor.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/TokenExtractor.java
index 8d8506a67..d0864e6c4 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/TokenExtractor.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/authentication/TokenExtractor.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/ClientCredentialsTokenEndpointFilter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/ClientCredentialsTokenEndpointFilter.java
index f032642eb..22d3d57b9 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/ClientCredentialsTokenEndpointFilter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/ClientCredentialsTokenEndpointFilter.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/ClientCredentialsTokenGranter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/ClientCredentialsTokenGranter.java
index 6583e255d..2ddfff51d 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/ClientCredentialsTokenGranter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/ClientCredentialsTokenGranter.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/ClientDetailsUserDetailsService.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/ClientDetailsUserDetailsService.java
index d088c4f64..ed49f6845 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/ClientDetailsUserDetailsService.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/ClientDetailsUserDetailsService.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/InMemoryClientDetailsService.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/InMemoryClientDetailsService.java
index 763d9a0bb..bc519b5bb 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/InMemoryClientDetailsService.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/InMemoryClientDetailsService.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/JdbcClientDetailsService.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/JdbcClientDetailsService.java
index f503b9d2d..d4a4ef465 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/JdbcClientDetailsService.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/client/JdbcClientDetailsService.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/code/AuthorizationCodeTokenGranter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/code/AuthorizationCodeTokenGranter.java
index c76ed6d5d..c7be47b54 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/code/AuthorizationCodeTokenGranter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/code/AuthorizationCodeTokenGranter.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/AbstractEndpoint.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/AbstractEndpoint.java
index 3d7587f68..d50da6219 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/AbstractEndpoint.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/AbstractEndpoint.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/AuthorizationEndpoint.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/AuthorizationEndpoint.java
index 43b5fc9ca..62966e7ac 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/AuthorizationEndpoint.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/AuthorizationEndpoint.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/CheckTokenEndpoint.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/CheckTokenEndpoint.java
index 75c978731..3e33b9da5 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/CheckTokenEndpoint.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/CheckTokenEndpoint.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolver.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolver.java
index 9f12b27f1..714bc191c 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolver.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolver.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/FrameworkEndpoint.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/FrameworkEndpoint.java
index ea5759aa1..17e953f2b 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/FrameworkEndpoint.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/FrameworkEndpoint.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/FrameworkEndpointHandlerMapping.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/FrameworkEndpointHandlerMapping.java
index ed12a5b78..a3cebb978 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/FrameworkEndpointHandlerMapping.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/FrameworkEndpointHandlerMapping.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpoint.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpoint.java
index 2fb806176..8472f7420 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpoint.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpoint.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java
index f01295986..1b7723d59 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/AbstractOAuth2SecurityExceptionHandler.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/AbstractOAuth2SecurityExceptionHandler.java
index 8d1c71b14..748a0af8a 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/AbstractOAuth2SecurityExceptionHandler.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/AbstractOAuth2SecurityExceptionHandler.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/DefaultOAuth2ExceptionRenderer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/DefaultOAuth2ExceptionRenderer.java
index 917ea5675..9fca8a568 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/DefaultOAuth2ExceptionRenderer.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/DefaultOAuth2ExceptionRenderer.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/DefaultWebResponseExceptionTranslator.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/DefaultWebResponseExceptionTranslator.java
index ee866ccae..a9327fb0f 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/DefaultWebResponseExceptionTranslator.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/DefaultWebResponseExceptionTranslator.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/OAuth2AccessDeniedHandler.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/OAuth2AccessDeniedHandler.java
index 404c0b957..f6867f2e0 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/OAuth2AccessDeniedHandler.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/OAuth2AccessDeniedHandler.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/OAuth2AuthenticationEntryPoint.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/OAuth2AuthenticationEntryPoint.java
index 02f1071be..ce3570d2f 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/OAuth2AuthenticationEntryPoint.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/OAuth2AuthenticationEntryPoint.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/OAuth2ExceptionRenderer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/OAuth2ExceptionRenderer.java
index db17479a4..72b5bcd95 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/OAuth2ExceptionRenderer.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/OAuth2ExceptionRenderer.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/WebResponseExceptionTranslator.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/WebResponseExceptionTranslator.java
index 1a52e89b3..7b7bc664d 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/WebResponseExceptionTranslator.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/error/WebResponseExceptionTranslator.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2ExpressionParser.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2ExpressionParser.java
index 861411969..a1f897fce 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2ExpressionParser.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2ExpressionParser.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2ExpressionUtils.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2ExpressionUtils.java
index 600847150..b516a9b27 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2ExpressionUtils.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2ExpressionUtils.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2SecurityExpressionMethods.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2SecurityExpressionMethods.java
index 3a56698cd..0c88491be 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2SecurityExpressionMethods.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2SecurityExpressionMethods.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2WebSecurityExpressionHandler.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2WebSecurityExpressionHandler.java
index f4e458373..cea72d5a3 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2WebSecurityExpressionHandler.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/expression/OAuth2WebSecurityExpressionHandler.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/implicit/ImplicitTokenGranter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/implicit/ImplicitTokenGranter.java
index 209bfc2a6..04ab21883 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/implicit/ImplicitTokenGranter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/implicit/ImplicitTokenGranter.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/implicit/ImplicitTokenRequest.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/implicit/ImplicitTokenRequest.java
index b7e967f74..66094ee27 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/implicit/ImplicitTokenRequest.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/implicit/ImplicitTokenRequest.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/password/ResourceOwnerPasswordTokenGranter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/password/ResourceOwnerPasswordTokenGranter.java
index c996f1d30..34a502ed7 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/password/ResourceOwnerPasswordTokenGranter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/password/ResourceOwnerPasswordTokenGranter.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/refresh/RefreshTokenGranter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/refresh/RefreshTokenGranter.java
index 55327ed86..c5081ade7 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/refresh/RefreshTokenGranter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/refresh/RefreshTokenGranter.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/request/DefaultOAuth2RequestFactory.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/request/DefaultOAuth2RequestFactory.java
index 17e9afcd3..8f81294ff 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/request/DefaultOAuth2RequestFactory.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/request/DefaultOAuth2RequestFactory.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/AbstractTokenGranter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/AbstractTokenGranter.java
index 5c13db131..bbe5b8a30 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/AbstractTokenGranter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/AbstractTokenGranter.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/AuthenticationKeyGenerator.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/AuthenticationKeyGenerator.java
index 8e90b4c51..dcb80754e 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/AuthenticationKeyGenerator.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/AuthenticationKeyGenerator.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/AuthorizationServerTokenServices.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/AuthorizationServerTokenServices.java
index 13549ea70..26e3013d6 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/AuthorizationServerTokenServices.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/AuthorizationServerTokenServices.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/ConsumerTokenServices.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/ConsumerTokenServices.java
index 68dbb019a..1e3de255d 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/ConsumerTokenServices.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/ConsumerTokenServices.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAuthenticationKeyGenerator.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAuthenticationKeyGenerator.java
index ebc766846..3b98fd347 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAuthenticationKeyGenerator.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultAuthenticationKeyGenerator.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java
index fe3cb09a2..16f7a4914 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/DefaultTokenServices.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/TokenEnhancer.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/TokenEnhancer.java
index 6da146dfa..fd248d3ca 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/TokenEnhancer.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/TokenEnhancer.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/TokenEnhancerChain.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/TokenEnhancerChain.java
index d5dc50c4f..f34cb76d5 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/TokenEnhancerChain.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/TokenEnhancerChain.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/DelegatingJwtClaimsSetVerifier.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/DelegatingJwtClaimsSetVerifier.java
index 7182fc70f..3a8fab70c 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/DelegatingJwtClaimsSetVerifier.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/DelegatingJwtClaimsSetVerifier.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/IssuerClaimVerifier.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/IssuerClaimVerifier.java
index 6f5936c8d..7203283d1 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/IssuerClaimVerifier.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/IssuerClaimVerifier.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtClaimsSetVerifier.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtClaimsSetVerifier.java
index 20fe97d42..e686220cd 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtClaimsSetVerifier.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtClaimsSetVerifier.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtTokenStore.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtTokenStore.java
index 489df3f24..4f8ddd9c9 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtTokenStore.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtTokenStore.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/KeyStoreKeyFactory.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/KeyStoreKeyFactory.java
index 8eda6ef2a..2f43064b6 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/KeyStoreKeyFactory.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/KeyStoreKeyFactory.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/EllipticCurveJwkDefinition.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/EllipticCurveJwkDefinition.java
index 241d0526f..5b259ee79 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/EllipticCurveJwkDefinition.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/EllipticCurveJwkDefinition.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkAttributes.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkAttributes.java
index b5a2b3338..931397668 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkAttributes.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkAttributes.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinition.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinition.java
index 95e37a217..eb19ba2e3 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinition.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinition.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java
index c60d29866..94879e7a5 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkException.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkException.java
index 1d3211dfb..1e15ae2c8 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkException.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkException.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java
index 2962e977a..d23683cf6 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverter.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java
index 05c2285e9..92a8e0f9c 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStore.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java
index 717876de9..3f2a6ebc3 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverter.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverter.java
index 3083c3b92..cc435012d 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverter.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/RsaJwkDefinition.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/RsaJwkDefinition.java
index 41655c7af..141cadb97 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/RsaJwkDefinition.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/jwk/RsaJwkDefinition.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/vote/ScopeVoter.java b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/vote/ScopeVoter.java
index 6198ecce3..7328c5f67 100644
--- a/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/vote/ScopeVoter.java
+++ b/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/vote/ScopeVoter.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/AdhocTestSuite.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/AdhocTestSuite.java
index 4838bace2..91b80aa64 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/AdhocTestSuite.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/AdhocTestSuite.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/DefaultOAuth2RequestAuthenticatorTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/DefaultOAuth2RequestAuthenticatorTests.java
index eb0311ec1..6ca39d0ec 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/DefaultOAuth2RequestAuthenticatorTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/DefaultOAuth2RequestAuthenticatorTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/discovery/ProviderDiscoveryClientTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/discovery/ProviderDiscoveryClientTest.java
index c3c8603ab..4a8b89e54 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/discovery/ProviderDiscoveryClientTest.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/discovery/ProviderDiscoveryClientTest.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/filter/OAuth2ClientAuthenticationProcessingFilterTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/filter/OAuth2ClientAuthenticationProcessingFilterTests.java
index 1b84f709d..b37e46f43 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/filter/OAuth2ClientAuthenticationProcessingFilterTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/filter/OAuth2ClientAuthenticationProcessingFilterTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorHandlerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorHandlerTests.java
index 4cd63d393..4f42c5dbf 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorHandlerTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorHandlerTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChainTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChainTests.java
index 9c5847b96..5b9e08035 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChainTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/AccessTokenProviderChainTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/OAuth2AccessTokenSupportTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/OAuth2AccessTokenSupportTests.java
index 783df39e0..93e63e43f 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/OAuth2AccessTokenSupportTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/OAuth2AccessTokenSupportTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeAccessTokenProviderTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeAccessTokenProviderTests.java
index deeacc458..988cfe939 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeAccessTokenProviderTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeAccessTokenProviderTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeAccessTokenProviderWithConversionTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeAccessTokenProviderWithConversionTests.java
index bf09ee61e..2c21fb3dc 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeAccessTokenProviderWithConversionTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeAccessTokenProviderWithConversionTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeResourceDetailsTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeResourceDetailsTests.java
index 6bde16be9..2bec0d021 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeResourceDetailsTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeResourceDetailsTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/grant/implicit/ImplicitAccessTokenProviderTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/grant/implicit/ImplicitAccessTokenProviderTests.java
index a23b32aae..207172a06 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/grant/implicit/ImplicitAccessTokenProviderTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/grant/implicit/ImplicitAccessTokenProviderTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/grant/password/ResourceOwnerPasswordAccessTokenProviderTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/grant/password/ResourceOwnerPasswordAccessTokenProviderTests.java
index e6499ef6e..72df46099 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/grant/password/ResourceOwnerPasswordAccessTokenProviderTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/client/token/grant/password/ResourceOwnerPasswordAccessTokenProviderTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/BaseOAuth2AccessTokenJacksonTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/BaseOAuth2AccessTokenJacksonTest.java
index 752a250fb..93a277c4f 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/BaseOAuth2AccessTokenJacksonTest.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/BaseOAuth2AccessTokenJacksonTest.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/DefaultOAuth2SerializationServiceTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/DefaultOAuth2SerializationServiceTests.java
index da50f0930..9ab676c68 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/DefaultOAuth2SerializationServiceTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/DefaultOAuth2SerializationServiceTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/JsonSerializationTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/JsonSerializationTests.java
index 9c50fc5ce..15168df0b 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/JsonSerializationTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/JsonSerializationTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson1DeserializerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson1DeserializerTests.java
index 7d5ca3fc4..ff855f5d3 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson1DeserializerTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson1DeserializerTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2DeserializerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2DeserializerTests.java
index 937d895b3..fbd43158a 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2DeserializerTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/OAuth2AccessTokenJackson2DeserializerTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionDeserializerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionDeserializerTests.java
index 9e4f4c242..573e38fc7 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionDeserializerTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionDeserializerTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionJackson2DeserializerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionJackson2DeserializerTests.java
index bb872494e..3e14b01fa 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionJackson2DeserializerTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionJackson2DeserializerTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionSerializerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionSerializerTests.java
index bae47cba3..0e88364ea 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionSerializerTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/exception/OAuth2ExceptionSerializerTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/AuthorizationServerConfigurationTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/AuthorizationServerConfigurationTests.java
index 75bc1a0d3..1e63ddd3c 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/AuthorizationServerConfigurationTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/AuthorizationServerConfigurationTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/ClientConfigurationTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/ClientConfigurationTests.java
index 3419b272e..a976c77ff 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/ClientConfigurationTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/ClientConfigurationTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/Gh501EnableAuthorizationServerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/Gh501EnableAuthorizationServerTests.java
index a4da13677..e3aa6a4ed 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/Gh501EnableAuthorizationServerTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/Gh501EnableAuthorizationServerTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/Gh808EnableAuthorizationServerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/Gh808EnableAuthorizationServerTests.java
index 7f0f6e239..c6383f903 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/Gh808EnableAuthorizationServerTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/Gh808EnableAuthorizationServerTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/ResourceServerConfigurationTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/ResourceServerConfigurationTests.java
index fb826eec1..013252f2e 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/ResourceServerConfigurationTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/ResourceServerConfigurationTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/TokenServicesMultipleBeansTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/TokenServicesMultipleBeansTests.java
index d38593d54..83b798f89 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/TokenServicesMultipleBeansTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/annotation/TokenServicesMultipleBeansTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/AuthorizationServerBeanDefinitionParserTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/AuthorizationServerBeanDefinitionParserTests.java
index 25431ad8d..452458cec 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/AuthorizationServerBeanDefinitionParserTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/AuthorizationServerBeanDefinitionParserTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/AuthorizationServerClientCredentialsPasswordInvalidXmlTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/AuthorizationServerClientCredentialsPasswordInvalidXmlTests.java
index 2dd1a329e..cd9fc3b44 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/AuthorizationServerClientCredentialsPasswordInvalidXmlTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/AuthorizationServerClientCredentialsPasswordInvalidXmlTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/AuthorizationServerClientCredentialsPasswordValidXmlTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/AuthorizationServerClientCredentialsPasswordValidXmlTests.java
index fba5fa40c..6008f8d83 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/AuthorizationServerClientCredentialsPasswordValidXmlTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/AuthorizationServerClientCredentialsPasswordValidXmlTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/InvalidResourceBeanDefinitionParserTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/InvalidResourceBeanDefinitionParserTests.java
index 460925c8f..323fc83da 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/InvalidResourceBeanDefinitionParserTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/InvalidResourceBeanDefinitionParserTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/ResourceServerBeanDefinitionParserTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/ResourceServerBeanDefinitionParserTests.java
index e70a1030a..cfae87560 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/ResourceServerBeanDefinitionParserTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/config/xml/ResourceServerBeanDefinitionParserTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/http/converter/jaxb/BaseJaxbMessageConverterTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/http/converter/jaxb/BaseJaxbMessageConverterTest.java
index cf52a5bae..9342b5564 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/http/converter/jaxb/BaseJaxbMessageConverterTest.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/http/converter/jaxb/BaseJaxbMessageConverterTest.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2AccessTokenMessageConverterTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2AccessTokenMessageConverterTests.java
index 9e7b71e21..f2a8e17e2 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2AccessTokenMessageConverterTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2AccessTokenMessageConverterTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2ExceptionMessageConverterTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2ExceptionMessageConverterTests.java
index 243cd92d9..bc146c02a 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2ExceptionMessageConverterTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/http/converter/jaxb/JaxbOAuth2ExceptionMessageConverterTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/AuthorizationRequestTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/AuthorizationRequestTests.java
index dd1363216..0f1ae75e3 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/AuthorizationRequestTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/AuthorizationRequestTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/OAuth2RequestTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/OAuth2RequestTests.java
index 63b09d34e..1462e82af 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/OAuth2RequestTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/OAuth2RequestTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/approval/AbstractTestApprovalStore.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/approval/AbstractTestApprovalStore.java
index 68124cb0f..034b25563 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/approval/AbstractTestApprovalStore.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/approval/AbstractTestApprovalStore.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/approval/DefaultUserApprovalHandlerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/approval/DefaultUserApprovalHandlerTests.java
index 90bfbdf14..f1cb3c2bd 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/approval/DefaultUserApprovalHandlerTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/approval/DefaultUserApprovalHandlerTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/approval/InMemoryApprovalStoreTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/approval/InMemoryApprovalStoreTests.java
index af74be060..730dc47fd 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/approval/InMemoryApprovalStoreTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/approval/InMemoryApprovalStoreTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/approval/JdbcApprovalStoreTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/approval/JdbcApprovalStoreTests.java
index a0b6eabeb..f202d9be1 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/approval/JdbcApprovalStoreTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/approval/JdbcApprovalStoreTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/approval/TokenApprovalStoreTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/approval/TokenApprovalStoreTests.java
index d136b380d..81dce821a 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/approval/TokenApprovalStoreTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/approval/TokenApprovalStoreTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/approval/TokenStoreUserApprovalHandlerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/approval/TokenStoreUserApprovalHandlerTests.java
index 70552058c..c52b0d9f6 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/approval/TokenStoreUserApprovalHandlerTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/approval/TokenStoreUserApprovalHandlerTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationDetailsTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationDetailsTests.java
index 658c958ee..3674c6e45 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationDetailsTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationDetailsTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationManagerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationManagerTests.java
index 4dc6bcdfc..9ba7107cc 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationManagerTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationManagerTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationProcessingFilterTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationProcessingFilterTests.java
index d3b34b51f..e77bceea7 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationProcessingFilterTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationProcessingFilterTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/client/BaseClientDetailsTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/client/BaseClientDetailsTests.java
index d80e9b773..6e215a8cf 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/client/BaseClientDetailsTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/client/BaseClientDetailsTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/client/ClientCredentialsTokenEndpointFilterTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/client/ClientCredentialsTokenEndpointFilterTests.java
index 36fe64ed8..cc3054244 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/client/ClientCredentialsTokenEndpointFilterTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/client/ClientCredentialsTokenEndpointFilterTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/client/ClientDetailsUserDetailsServiceTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/client/ClientDetailsUserDetailsServiceTests.java
index ede103a46..aa4878bce 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/client/ClientDetailsUserDetailsServiceTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/client/ClientDetailsUserDetailsServiceTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/code/AuthorizationCodeTokenGranterTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/code/AuthorizationCodeTokenGranterTests.java
index 429cefa0a..4d9a0eece 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/code/AuthorizationCodeTokenGranterTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/code/AuthorizationCodeTokenGranterTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/AuthorizationEndpointTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/AuthorizationEndpointTests.java
index e42a8c838..78b091b61 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/AuthorizationEndpointTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/AuthorizationEndpointTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/CheckTokenEndpointTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/CheckTokenEndpointTest.java
index 5c7dfd093..34618717d 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/CheckTokenEndpointTest.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/CheckTokenEndpointTest.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolverTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolverTests.java
index b65967280..105f9fd5c 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolverTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/DefaultRedirectResolverTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/ExactMatchRedirectResolverTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/ExactMatchRedirectResolverTests.java
index 1e387efa3..a7238112b 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/ExactMatchRedirectResolverTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/ExactMatchRedirectResolverTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/FrameworkEndpointHandlerMappingTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/FrameworkEndpointHandlerMappingTests.java
index e3b89090c..8f83ebc19 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/FrameworkEndpointHandlerMappingTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/FrameworkEndpointHandlerMappingTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpointAuthenticationFilterTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpointAuthenticationFilterTests.java
index 954b1b5d9..154dbb5b8 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpointAuthenticationFilterTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpointAuthenticationFilterTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpointTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpointTests.java
index ed98ad138..27f4c9dc7 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpointTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpointTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/WhitelabelApprovalEndpointTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/WhitelabelApprovalEndpointTests.java
index b37b75306..f4c408dc7 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/WhitelabelApprovalEndpointTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/WhitelabelApprovalEndpointTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/WhitelabelErrorEndpointTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/WhitelabelErrorEndpointTests.java
index 722ec5e0c..f97741a20 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/WhitelabelErrorEndpointTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/endpoint/WhitelabelErrorEndpointTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/error/DefaultWebResponseExceptionTranslatorTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/error/DefaultWebResponseExceptionTranslatorTests.java
index a761308fc..89ed1bc08 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/error/DefaultWebResponseExceptionTranslatorTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/error/DefaultWebResponseExceptionTranslatorTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/error/OAuth2AccessDeniedHandlerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/error/OAuth2AccessDeniedHandlerTests.java
index b03239049..021e534b8 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/error/OAuth2AccessDeniedHandlerTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/error/OAuth2AccessDeniedHandlerTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/error/OAuth2AuthenticationEntryPointTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/error/OAuth2AuthenticationEntryPointTests.java
index cba776763..71d708188 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/error/OAuth2AuthenticationEntryPointTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/error/OAuth2AuthenticationEntryPointTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/expression/OAuth2MethodSecurityExpressionHandlerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/expression/OAuth2MethodSecurityExpressionHandlerTests.java
index a5f6eddc2..5caf36640 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/expression/OAuth2MethodSecurityExpressionHandlerTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/expression/OAuth2MethodSecurityExpressionHandlerTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/expression/OAuth2SecurityExpressionMethodsTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/expression/OAuth2SecurityExpressionMethodsTests.java
index 87e400d6f..3a34da46b 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/expression/OAuth2SecurityExpressionMethodsTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/expression/OAuth2SecurityExpressionMethodsTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/expression/OAuth2WebSecurityExpressionHandlerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/expression/OAuth2WebSecurityExpressionHandlerTests.java
index d866755e3..55acf56e7 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/expression/OAuth2WebSecurityExpressionHandlerTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/expression/OAuth2WebSecurityExpressionHandlerTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/implicit/InMemoryImplicitGrantServiceTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/implicit/InMemoryImplicitGrantServiceTests.java
index 15852a7aa..74490bcc8 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/implicit/InMemoryImplicitGrantServiceTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/implicit/InMemoryImplicitGrantServiceTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/password/ResourceOwnerPasswordTokenGranterTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/password/ResourceOwnerPasswordTokenGranterTests.java
index 160669744..0e7cfcdee 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/password/ResourceOwnerPasswordTokenGranterTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/password/ResourceOwnerPasswordTokenGranterTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/request/DefaultAuthorizationRequestFactoryTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/request/DefaultAuthorizationRequestFactoryTests.java
index 61daf0520..1909b8b53 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/request/DefaultAuthorizationRequestFactoryTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/request/DefaultAuthorizationRequestFactoryTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/request/DefaultOAuth2RequestValidatorTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/request/DefaultOAuth2RequestValidatorTests.java
index f485055d4..482009c07 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/request/DefaultOAuth2RequestValidatorTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/request/DefaultOAuth2RequestValidatorTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/test/OAuth2RequestTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/test/OAuth2RequestTests.java
index 886efe82d..edfcd2bd9 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/test/OAuth2RequestTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/test/OAuth2RequestTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/AbstractDefaultTokenServicesTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/AbstractDefaultTokenServicesTests.java
index f5c071437..61b356122 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/AbstractDefaultTokenServicesTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/AbstractDefaultTokenServicesTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverterTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverterTests.java
index 75758d1c9..059a28e66 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverterTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultAccessTokenConverterTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultAuthenticationKeyGeneratorTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultAuthenticationKeyGeneratorTest.java
index 09ffcfbbc..d66cd1b59 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultAuthenticationKeyGeneratorTest.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultAuthenticationKeyGeneratorTest.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultTokenServicesAuthoritiesChangeTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultTokenServicesAuthoritiesChangeTests.java
index 48edeb1c2..e650c5210 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultTokenServicesAuthoritiesChangeTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/DefaultTokenServicesAuthoritiesChangeTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/RemoteTokenServicesTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/RemoteTokenServicesTest.java
index 5d156fbeb..0a88a279e 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/RemoteTokenServicesTest.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/RemoteTokenServicesTest.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/TokenServicesWithTokenEnhancerTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/TokenServicesWithTokenEnhancerTests.java
index 680653077..999bd3dea 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/TokenServicesWithTokenEnhancerTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/TokenServicesWithTokenEnhancerTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/IssuerClaimVerifierTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/IssuerClaimVerifierTest.java
index 7e340be62..aef5706b8 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/IssuerClaimVerifierTest.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/IssuerClaimVerifierTest.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/TokenStoreBaseTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/TokenStoreBaseTests.java
index 4872da3e7..15a21e0d0 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/TokenStoreBaseTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/TokenStoreBaseTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceITest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceITest.java
index fa4daca28..e08ace32b 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceITest.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceITest.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceTest.java
index ae3f2d36c..e0556619c 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceTest.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSourceTest.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionTest.java
index a6ad3d2b2..66660b65f 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionTest.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionTest.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverterTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverterTest.java
index df1620318..6591efa25 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverterTest.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkSetConverterTest.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreITest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreITest.java
index 082edecaf..370fb7a28 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreITest.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreITest.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreTest.java
index e1b2cdbf8..1817582fd 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreTest.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkTokenStoreTest.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverterTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverterTest.java
index 8cf44e8e4..c67c54c3e 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverterTest.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwkVerifyingJwtAccessTokenConverterTest.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverterTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverterTest.java
index 890729a87..f15422876 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverterTest.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtHeaderConverterTest.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtTestUtil.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtTestUtil.java
index 5aab5d5e9..4b8b97c30 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtTestUtil.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/JwtTestUtil.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/RsaJwkDefinitionTest.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/RsaJwkDefinitionTest.java
index 72ca34d3c..96712e452 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/RsaJwkDefinitionTest.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/jwk/RsaJwkDefinitionTest.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreMockTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreMockTests.java
index 149643aa0..738f0f1c2 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreMockTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStoreMockTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/vote/ScopeVoterTests.java b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/vote/ScopeVoterTests.java
index e54397109..a1b522122 100644
--- a/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/vote/ScopeVoterTests.java
+++ b/spring-security-oauth2/src/test/java/org/springframework/security/oauth2/provider/vote/ScopeVoterTests.java
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/tests/annotation/approval/src/test/java/demo/AuthorizationCodeProviderTests.java b/tests/annotation/approval/src/test/java/demo/AuthorizationCodeProviderTests.java
index 2f3ddf7e7..2ecdcf333 100755
--- a/tests/annotation/approval/src/test/java/demo/AuthorizationCodeProviderTests.java
+++ b/tests/annotation/approval/src/test/java/demo/AuthorizationCodeProviderTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/approval/src/test/java/demo/ProtectedResourceTests.java b/tests/annotation/approval/src/test/java/demo/ProtectedResourceTests.java
index 302b30f96..be5dc3b8b 100644
--- a/tests/annotation/approval/src/test/java/demo/ProtectedResourceTests.java
+++ b/tests/annotation/approval/src/test/java/demo/ProtectedResourceTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/client/src/test/java/client/CombinedApplication.java b/tests/annotation/client/src/test/java/client/CombinedApplication.java
index 107fd1a5b..1a6887f42 100644
--- a/tests/annotation/client/src/test/java/client/CombinedApplication.java
+++ b/tests/annotation/client/src/test/java/client/CombinedApplication.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/common/src/main/java/sparklr/common/AbstractAuthorizationCodeProviderTests.java b/tests/annotation/common/src/main/java/sparklr/common/AbstractAuthorizationCodeProviderTests.java
index 8420fc311..5343e0805 100755
--- a/tests/annotation/common/src/main/java/sparklr/common/AbstractAuthorizationCodeProviderTests.java
+++ b/tests/annotation/common/src/main/java/sparklr/common/AbstractAuthorizationCodeProviderTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/common/src/main/java/sparklr/common/AbstractEmptyAuthorizationCodeProviderTests.java b/tests/annotation/common/src/main/java/sparklr/common/AbstractEmptyAuthorizationCodeProviderTests.java
index 1459a9817..bd8a04a59 100644
--- a/tests/annotation/common/src/main/java/sparklr/common/AbstractEmptyAuthorizationCodeProviderTests.java
+++ b/tests/annotation/common/src/main/java/sparklr/common/AbstractEmptyAuthorizationCodeProviderTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/common/src/main/java/sparklr/common/AbstractIntegrationTests.java b/tests/annotation/common/src/main/java/sparklr/common/AbstractIntegrationTests.java
index 023566427..c5129b5c4 100644
--- a/tests/annotation/common/src/main/java/sparklr/common/AbstractIntegrationTests.java
+++ b/tests/annotation/common/src/main/java/sparklr/common/AbstractIntegrationTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/common/src/main/java/sparklr/common/AbstractProtectedResourceTests.java b/tests/annotation/common/src/main/java/sparklr/common/AbstractProtectedResourceTests.java
index 7e37f24d9..dd29cc9e1 100644
--- a/tests/annotation/common/src/main/java/sparklr/common/AbstractProtectedResourceTests.java
+++ b/tests/annotation/common/src/main/java/sparklr/common/AbstractProtectedResourceTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/custom-grant/src/main/java/demo/CustomTokenGranter.java b/tests/annotation/custom-grant/src/main/java/demo/CustomTokenGranter.java
index cab7c0417..c61aa898c 100644
--- a/tests/annotation/custom-grant/src/main/java/demo/CustomTokenGranter.java
+++ b/tests/annotation/custom-grant/src/main/java/demo/CustomTokenGranter.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/custom-grant/src/test/java/demo/AdHocTests.java b/tests/annotation/custom-grant/src/test/java/demo/AdHocTests.java
index ee518795d..b82adb62d 100644
--- a/tests/annotation/custom-grant/src/test/java/demo/AdHocTests.java
+++ b/tests/annotation/custom-grant/src/test/java/demo/AdHocTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/custom-grant/src/test/java/demo/AuthorizationCodeProviderTests.java b/tests/annotation/custom-grant/src/test/java/demo/AuthorizationCodeProviderTests.java
index 34cdef81b..f56a2522a 100755
--- a/tests/annotation/custom-grant/src/test/java/demo/AuthorizationCodeProviderTests.java
+++ b/tests/annotation/custom-grant/src/test/java/demo/AuthorizationCodeProviderTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/custom-grant/src/test/java/demo/ProtectedResourceTests.java b/tests/annotation/custom-grant/src/test/java/demo/ProtectedResourceTests.java
index 302b30f96..be5dc3b8b 100644
--- a/tests/annotation/custom-grant/src/test/java/demo/ProtectedResourceTests.java
+++ b/tests/annotation/custom-grant/src/test/java/demo/ProtectedResourceTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/form/src/test/java/demo/AdHocTests.java b/tests/annotation/form/src/test/java/demo/AdHocTests.java
index e5bfeca13..fa3a8f21c 100644
--- a/tests/annotation/form/src/test/java/demo/AdHocTests.java
+++ b/tests/annotation/form/src/test/java/demo/AdHocTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/form/src/test/java/demo/AuthorizationCodeProviderTests.java b/tests/annotation/form/src/test/java/demo/AuthorizationCodeProviderTests.java
index 2ef50fde6..529bacd06 100755
--- a/tests/annotation/form/src/test/java/demo/AuthorizationCodeProviderTests.java
+++ b/tests/annotation/form/src/test/java/demo/AuthorizationCodeProviderTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/form/src/test/java/demo/ProtectedResourceTests.java b/tests/annotation/form/src/test/java/demo/ProtectedResourceTests.java
index 302b30f96..be5dc3b8b 100644
--- a/tests/annotation/form/src/test/java/demo/ProtectedResourceTests.java
+++ b/tests/annotation/form/src/test/java/demo/ProtectedResourceTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/jaxb/src/test/java/demo/AuthorizationCodeProviderTests.java b/tests/annotation/jaxb/src/test/java/demo/AuthorizationCodeProviderTests.java
index 0333fa789..083436112 100755
--- a/tests/annotation/jaxb/src/test/java/demo/AuthorizationCodeProviderTests.java
+++ b/tests/annotation/jaxb/src/test/java/demo/AuthorizationCodeProviderTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/jaxb/src/test/java/demo/Converters.java b/tests/annotation/jaxb/src/test/java/demo/Converters.java
index e3d61a8f2..2b7542431 100644
--- a/tests/annotation/jaxb/src/test/java/demo/Converters.java
+++ b/tests/annotation/jaxb/src/test/java/demo/Converters.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/jaxb/src/test/java/demo/ProtectedResourceTests.java b/tests/annotation/jaxb/src/test/java/demo/ProtectedResourceTests.java
index 0a539c5f4..e23874743 100644
--- a/tests/annotation/jaxb/src/test/java/demo/ProtectedResourceTests.java
+++ b/tests/annotation/jaxb/src/test/java/demo/ProtectedResourceTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/jdbc/src/test/java/demo/AdHocTests.java b/tests/annotation/jdbc/src/test/java/demo/AdHocTests.java
index a7d0087ca..7e52aa7b5 100644
--- a/tests/annotation/jdbc/src/test/java/demo/AdHocTests.java
+++ b/tests/annotation/jdbc/src/test/java/demo/AdHocTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/jdbc/src/test/java/demo/AuthorizationCodeProviderTests.java b/tests/annotation/jdbc/src/test/java/demo/AuthorizationCodeProviderTests.java
index 27a0a1c4e..19d4492b7 100755
--- a/tests/annotation/jdbc/src/test/java/demo/AuthorizationCodeProviderTests.java
+++ b/tests/annotation/jdbc/src/test/java/demo/AuthorizationCodeProviderTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/jdbc/src/test/java/demo/ProtectedResourceTests.java b/tests/annotation/jdbc/src/test/java/demo/ProtectedResourceTests.java
index 0e2acc8d9..2eb25a2cf 100644
--- a/tests/annotation/jdbc/src/test/java/demo/ProtectedResourceTests.java
+++ b/tests/annotation/jdbc/src/test/java/demo/ProtectedResourceTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/jpa/src/test/java/demo/AdHocTests.java b/tests/annotation/jpa/src/test/java/demo/AdHocTests.java
index f3f947369..7ba4feea0 100644
--- a/tests/annotation/jpa/src/test/java/demo/AdHocTests.java
+++ b/tests/annotation/jpa/src/test/java/demo/AdHocTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/jpa/src/test/java/demo/AuthorizationCodeProviderCookieTests.java b/tests/annotation/jpa/src/test/java/demo/AuthorizationCodeProviderCookieTests.java
index 26d88d46a..b7394bfc2 100644
--- a/tests/annotation/jpa/src/test/java/demo/AuthorizationCodeProviderCookieTests.java
+++ b/tests/annotation/jpa/src/test/java/demo/AuthorizationCodeProviderCookieTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/jpa/src/test/java/demo/AuthorizationCodeProviderTests.java b/tests/annotation/jpa/src/test/java/demo/AuthorizationCodeProviderTests.java
index 34cdef81b..f56a2522a 100755
--- a/tests/annotation/jpa/src/test/java/demo/AuthorizationCodeProviderTests.java
+++ b/tests/annotation/jpa/src/test/java/demo/AuthorizationCodeProviderTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/jpa/src/test/java/demo/ProtectedResourceTests.java b/tests/annotation/jpa/src/test/java/demo/ProtectedResourceTests.java
index 302b30f96..be5dc3b8b 100644
--- a/tests/annotation/jpa/src/test/java/demo/ProtectedResourceTests.java
+++ b/tests/annotation/jpa/src/test/java/demo/ProtectedResourceTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/jwt/src/test/java/demo/AuthorizationCodeProviderTests.java b/tests/annotation/jwt/src/test/java/demo/AuthorizationCodeProviderTests.java
index 2ef50fde6..529bacd06 100755
--- a/tests/annotation/jwt/src/test/java/demo/AuthorizationCodeProviderTests.java
+++ b/tests/annotation/jwt/src/test/java/demo/AuthorizationCodeProviderTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/jwt/src/test/java/demo/ProtectedResourceTests.java b/tests/annotation/jwt/src/test/java/demo/ProtectedResourceTests.java
index 302b30f96..be5dc3b8b 100644
--- a/tests/annotation/jwt/src/test/java/demo/ProtectedResourceTests.java
+++ b/tests/annotation/jwt/src/test/java/demo/ProtectedResourceTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/mappings/src/test/java/demo/AuthorizationCodeProviderTests.java b/tests/annotation/mappings/src/test/java/demo/AuthorizationCodeProviderTests.java
index 5fba9cfe0..2fc343dc5 100755
--- a/tests/annotation/mappings/src/test/java/demo/AuthorizationCodeProviderTests.java
+++ b/tests/annotation/mappings/src/test/java/demo/AuthorizationCodeProviderTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/mappings/src/test/java/demo/ProtectedResourceTests.java b/tests/annotation/mappings/src/test/java/demo/ProtectedResourceTests.java
index 4f5e357cc..f7ef5432c 100644
--- a/tests/annotation/mappings/src/test/java/demo/ProtectedResourceTests.java
+++ b/tests/annotation/mappings/src/test/java/demo/ProtectedResourceTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/multi/src/test/java/demo/AuthorizationCodeProviderTests.java b/tests/annotation/multi/src/test/java/demo/AuthorizationCodeProviderTests.java
index 2ef50fde6..529bacd06 100755
--- a/tests/annotation/multi/src/test/java/demo/AuthorizationCodeProviderTests.java
+++ b/tests/annotation/multi/src/test/java/demo/AuthorizationCodeProviderTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/multi/src/test/java/demo/ProtectedResourceTests.java b/tests/annotation/multi/src/test/java/demo/ProtectedResourceTests.java
index bf1dfd35f..89190be29 100644
--- a/tests/annotation/multi/src/test/java/demo/ProtectedResourceTests.java
+++ b/tests/annotation/multi/src/test/java/demo/ProtectedResourceTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/resource/src/test/java/demo/ProtectedResourceTests.java b/tests/annotation/resource/src/test/java/demo/ProtectedResourceTests.java
index 302b30f96..be5dc3b8b 100644
--- a/tests/annotation/resource/src/test/java/demo/ProtectedResourceTests.java
+++ b/tests/annotation/resource/src/test/java/demo/ProtectedResourceTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/ssl/src/test/java/demo/AuthorizationCodeProviderCookieTests.java b/tests/annotation/ssl/src/test/java/demo/AuthorizationCodeProviderCookieTests.java
index 7b614e004..c3cc8b30a 100644
--- a/tests/annotation/ssl/src/test/java/demo/AuthorizationCodeProviderCookieTests.java
+++ b/tests/annotation/ssl/src/test/java/demo/AuthorizationCodeProviderCookieTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/ssl/src/test/java/demo/AuthorizationCodeProviderTests.java b/tests/annotation/ssl/src/test/java/demo/AuthorizationCodeProviderTests.java
index 49a38d4ab..2a14e7d5e 100755
--- a/tests/annotation/ssl/src/test/java/demo/AuthorizationCodeProviderTests.java
+++ b/tests/annotation/ssl/src/test/java/demo/AuthorizationCodeProviderTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/ssl/src/test/java/demo/ProtectedResourceTests.java b/tests/annotation/ssl/src/test/java/demo/ProtectedResourceTests.java
index c752cbe12..e43d004e3 100644
--- a/tests/annotation/ssl/src/test/java/demo/ProtectedResourceTests.java
+++ b/tests/annotation/ssl/src/test/java/demo/ProtectedResourceTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/vanilla/src/test/java/demo/AdHocTests.java b/tests/annotation/vanilla/src/test/java/demo/AdHocTests.java
index f3f947369..7ba4feea0 100644
--- a/tests/annotation/vanilla/src/test/java/demo/AdHocTests.java
+++ b/tests/annotation/vanilla/src/test/java/demo/AdHocTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/vanilla/src/test/java/demo/AuthorizationCodeProviderCookieTests.java b/tests/annotation/vanilla/src/test/java/demo/AuthorizationCodeProviderCookieTests.java
index 26d88d46a..b7394bfc2 100644
--- a/tests/annotation/vanilla/src/test/java/demo/AuthorizationCodeProviderCookieTests.java
+++ b/tests/annotation/vanilla/src/test/java/demo/AuthorizationCodeProviderCookieTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/vanilla/src/test/java/demo/AuthorizationCodeProviderTests.java b/tests/annotation/vanilla/src/test/java/demo/AuthorizationCodeProviderTests.java
index 34cdef81b..f56a2522a 100755
--- a/tests/annotation/vanilla/src/test/java/demo/AuthorizationCodeProviderTests.java
+++ b/tests/annotation/vanilla/src/test/java/demo/AuthorizationCodeProviderTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/annotation/vanilla/src/test/java/demo/ProtectedResourceTests.java b/tests/annotation/vanilla/src/test/java/demo/ProtectedResourceTests.java
index 302b30f96..be5dc3b8b 100644
--- a/tests/annotation/vanilla/src/test/java/demo/ProtectedResourceTests.java
+++ b/tests/annotation/vanilla/src/test/java/demo/ProtectedResourceTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/xml/approval/src/test/java/demo/AuthorizationCodeProviderTests.java b/tests/xml/approval/src/test/java/demo/AuthorizationCodeProviderTests.java
index f336430f4..97f5ae1f5 100755
--- a/tests/xml/approval/src/test/java/demo/AuthorizationCodeProviderTests.java
+++ b/tests/xml/approval/src/test/java/demo/AuthorizationCodeProviderTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/xml/approval/src/test/java/demo/ProtectedResourceTests.java b/tests/xml/approval/src/test/java/demo/ProtectedResourceTests.java
index c752cbe12..e43d004e3 100644
--- a/tests/xml/approval/src/test/java/demo/ProtectedResourceTests.java
+++ b/tests/xml/approval/src/test/java/demo/ProtectedResourceTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/xml/client/src/test/java/client/CombinedApplication.java b/tests/xml/client/src/test/java/client/CombinedApplication.java
index 9c612f760..294565e1f 100644
--- a/tests/xml/client/src/test/java/client/CombinedApplication.java
+++ b/tests/xml/client/src/test/java/client/CombinedApplication.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/xml/common/src/main/java/sparklr/common/AbstractAuthorizationCodeProviderTests.java b/tests/xml/common/src/main/java/sparklr/common/AbstractAuthorizationCodeProviderTests.java
index 548978c72..8769d6ee2 100755
--- a/tests/xml/common/src/main/java/sparklr/common/AbstractAuthorizationCodeProviderTests.java
+++ b/tests/xml/common/src/main/java/sparklr/common/AbstractAuthorizationCodeProviderTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/xml/common/src/main/java/sparklr/common/AbstractIntegrationTests.java b/tests/xml/common/src/main/java/sparklr/common/AbstractIntegrationTests.java
index ac2f12db7..b44539912 100644
--- a/tests/xml/common/src/main/java/sparklr/common/AbstractIntegrationTests.java
+++ b/tests/xml/common/src/main/java/sparklr/common/AbstractIntegrationTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/xml/common/src/main/java/sparklr/common/AbstractProtectedResourceTests.java b/tests/xml/common/src/main/java/sparklr/common/AbstractProtectedResourceTests.java
index e267f4430..2e49192df 100644
--- a/tests/xml/common/src/main/java/sparklr/common/AbstractProtectedResourceTests.java
+++ b/tests/xml/common/src/main/java/sparklr/common/AbstractProtectedResourceTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/xml/form/src/test/java/demo/AuthorizationCodeProviderTests.java b/tests/xml/form/src/test/java/demo/AuthorizationCodeProviderTests.java
index 632098bf1..8ae483f92 100755
--- a/tests/xml/form/src/test/java/demo/AuthorizationCodeProviderTests.java
+++ b/tests/xml/form/src/test/java/demo/AuthorizationCodeProviderTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/xml/form/src/test/java/demo/ProtectedResourceTests.java b/tests/xml/form/src/test/java/demo/ProtectedResourceTests.java
index c752cbe12..e43d004e3 100644
--- a/tests/xml/form/src/test/java/demo/ProtectedResourceTests.java
+++ b/tests/xml/form/src/test/java/demo/ProtectedResourceTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/xml/jdbc/src/test/java/demo/AdHocTests.java b/tests/xml/jdbc/src/test/java/demo/AdHocTests.java
index a7d0087ca..7e52aa7b5 100644
--- a/tests/xml/jdbc/src/test/java/demo/AdHocTests.java
+++ b/tests/xml/jdbc/src/test/java/demo/AdHocTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/xml/jdbc/src/test/java/demo/AuthorizationCodeProviderTests.java b/tests/xml/jdbc/src/test/java/demo/AuthorizationCodeProviderTests.java
index 32cb5606d..8f1993b56 100755
--- a/tests/xml/jdbc/src/test/java/demo/AuthorizationCodeProviderTests.java
+++ b/tests/xml/jdbc/src/test/java/demo/AuthorizationCodeProviderTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/xml/jdbc/src/test/java/demo/ProtectedResourceTests.java b/tests/xml/jdbc/src/test/java/demo/ProtectedResourceTests.java
index c752cbe12..e43d004e3 100644
--- a/tests/xml/jdbc/src/test/java/demo/ProtectedResourceTests.java
+++ b/tests/xml/jdbc/src/test/java/demo/ProtectedResourceTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/xml/jwt/src/test/java/demo/AuthorizationCodeProviderTests.java b/tests/xml/jwt/src/test/java/demo/AuthorizationCodeProviderTests.java
index 632098bf1..8ae483f92 100755
--- a/tests/xml/jwt/src/test/java/demo/AuthorizationCodeProviderTests.java
+++ b/tests/xml/jwt/src/test/java/demo/AuthorizationCodeProviderTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/xml/jwt/src/test/java/demo/ProtectedResourceTests.java b/tests/xml/jwt/src/test/java/demo/ProtectedResourceTests.java
index c752cbe12..e43d004e3 100644
--- a/tests/xml/jwt/src/test/java/demo/ProtectedResourceTests.java
+++ b/tests/xml/jwt/src/test/java/demo/ProtectedResourceTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/xml/mappings/src/test/java/demo/AuthorizationCodeProviderTests.java b/tests/xml/mappings/src/test/java/demo/AuthorizationCodeProviderTests.java
index 36e02d25f..34075877a 100755
--- a/tests/xml/mappings/src/test/java/demo/AuthorizationCodeProviderTests.java
+++ b/tests/xml/mappings/src/test/java/demo/AuthorizationCodeProviderTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/xml/mappings/src/test/java/demo/ProtectedResourceTests.java b/tests/xml/mappings/src/test/java/demo/ProtectedResourceTests.java
index 743d9158b..fad494589 100644
--- a/tests/xml/mappings/src/test/java/demo/ProtectedResourceTests.java
+++ b/tests/xml/mappings/src/test/java/demo/ProtectedResourceTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/xml/vanilla/src/test/java/demo/AuthorizationCodeProviderTests.java b/tests/xml/vanilla/src/test/java/demo/AuthorizationCodeProviderTests.java
index 632098bf1..8ae483f92 100755
--- a/tests/xml/vanilla/src/test/java/demo/AuthorizationCodeProviderTests.java
+++ b/tests/xml/vanilla/src/test/java/demo/AuthorizationCodeProviderTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * 
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
diff --git a/tests/xml/vanilla/src/test/java/demo/ProtectedResourceTests.java b/tests/xml/vanilla/src/test/java/demo/ProtectedResourceTests.java
index c752cbe12..e43d004e3 100644
--- a/tests/xml/vanilla/src/test/java/demo/ProtectedResourceTests.java
+++ b/tests/xml/vanilla/src/test/java/demo/ProtectedResourceTests.java
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the

From 835919b2b89e5b62ac8f1b3b288be85c72947349 Mon Sep 17 00:00:00 2001
From: Spring Operator 
Date: Tue, 19 Mar 2019 22:50:21 -0500
Subject: [PATCH 198/345] URL Cleanup

This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).

These URLs were unable to be fixed. Please review them to see if they can be manually resolved.

* http://junit.sourceforge.net/javadoc/ (200) with 1 occurrences could not be migrated:
   ([https](https://junit.sourceforge.net/javadoc/) result AnnotatedConnectException).
* http://oauth.gmodules.com/gadgets/oauthcallback (200) with 1 occurrences could not be migrated:
   ([https](https://oauth.gmodules.com/gadgets/oauthcallback) result SSLHandshakeException).
* http://somewhere.com (403) with 8 occurrences could not be migrated:
   ([https](https://somewhere.com) result ConnectTimeoutException).

These URLs were fixed, but the https status was not OK. However, the https status was the same as the http request or http redirected to an https URL, so they were migrated. Your review is recommended.

* http://picasaweb.google.com/stoicflame/HawaiiBeach (404) with 8 occurrences migrated to:
  /109190140453754943808/HawaiiBeach?gsessionid=SApB7ihRtbUnXPMYlCx4O2myoa0iD-E9 ([https](https://picasaweb.google.com/stoicflame/HawaiiBeach) result IllegalArgumentException).
* http://picasaweb.google.com/stoicflame/TheHeatonHome?authkey=aEgk9ZZkNoY (404) with 2 occurrences migrated to:
  /109190140453754943808/TheHeatonHome?authkey=aEgk9ZZkNoY&gsessionid=1ct-z3jGjEC8oXohyjDG7FXpwPazlGXo ([https](https://picasaweb.google.com/stoicflame/TheHeatonHome?authkey=aEgk9ZZkNoY) result IllegalArgumentException).
* http://picasaweb.google.com/stoicflame (404) with 2 occurrences migrated to:
  /109190140453754943808?gsessionid=clr7rfNSarvEV15l85q1khMqSj8oDwqx ([https](https://picasaweb.google.com/stoicflame) result IllegalArgumentException).
* http://mycompany.com (302) with 1 occurrences migrated to:
  https://secure.mycompany.com ([https](https://mycompany.com) result ConnectTimeoutException).
* http://tools.ietf.org/html/draft-ietf-oauth-v2 (301) with 1 occurrences migrated to:
  https://tools.ietf.org/html/draft-ietf-oauth-v2 ([https](https://tools.ietf.org/html/draft-ietf-oauth-v2) result ReadTimeoutException).
* http://anywhere (UnknownHostException) with 5 occurrences migrated to:
  https://anywhere ([https](https://anywhere) result UnknownHostException).
* http://anywhere?key=value (UnknownHostException) with 5 occurrences migrated to:
  https://anywhere?key=value ([https](https://anywhere?key=value) result UnknownHostException).
* http://schemas.google.com/g/2005 (UnknownHostException) with 22 occurrences migrated to:
  https://schemas.google.com/g/2005 ([https](https://schemas.google.com/g/2005) result UnknownHostException).
* http://schemas.google.com/photos/2007 (UnknownHostException) with 33 occurrences migrated to:
  https://schemas.google.com/photos/2007 ([https](https://schemas.google.com/photos/2007) result UnknownHostException).
* http://schemas.google.com/photos/exif/2007 (UnknownHostException) with 1 occurrences migrated to:
  https://schemas.google.com/photos/exif/2007 ([https](https://schemas.google.com/photos/exif/2007) result UnknownHostException).
* http://a9.com/-/spec/opensearchrss/1.0/ (301) with 1 occurrences migrated to:
  https://a9.com/-/spec/opensearchrss/1.0/ ([https](https://a9.com/-/spec/opensearchrss/1.0/) result 404).
* http://code.google.com/apis/accounts/docs/OAuth_ref.html-- (404) with 1 occurrences migrated to:
  https://code.google.com/apis/accounts/docs/OAuth_ref.html-- ([https](https://code.google.com/apis/accounts/docs/OAuth_ref.html--) result 404).
* http://gadget-doc-examples.googlecode.com/svn/trunk/images/new.gif (404) with 1 occurrences migrated to:
  https://gadget-doc-examples.googlecode.com/svn/trunk/images/new.gif ([https](https://gadget-doc-examples.googlecode.com/svn/trunk/images/new.gif) result 404).
* http://gadget-doc-examples.googlecode.com/svn/trunk/opensocial-gadgets/popup.js (404) with 1 occurrences migrated to:
  https://gadget-doc-examples.googlecode.com/svn/trunk/opensocial-gadgets/popup.js ([https](https://gadget-doc-examples.googlecode.com/svn/trunk/opensocial-gadgets/popup.js) result 404).
* http://picasaweb.google.com/lh/photo/1_pPyhAE3IXRe5cb4AagZQ (404) with 1 occurrences migrated to:
  https://picasaweb.google.com/lh/photo/1_pPyhAE3IXRe5cb4AagZQ ([https](https://picasaweb.google.com/lh/photo/1_pPyhAE3IXRe5cb4AagZQ) result 404).
* http://picasaweb.google.com/lh/photo/EpbAByEAotaQekZSdVgZQg (404) with 1 occurrences migrated to:
  https://picasaweb.google.com/lh/photo/EpbAByEAotaQekZSdVgZQg ([https](https://picasaweb.google.com/lh/photo/EpbAByEAotaQekZSdVgZQg) result 404).
* http://picasaweb.google.com/lh/photo/Ioko4Z0cbBD1Dh1B7YubrA (404) with 1 occurrences migrated to:
  https://picasaweb.google.com/lh/photo/Ioko4Z0cbBD1Dh1B7YubrA ([https](https://picasaweb.google.com/lh/photo/Ioko4Z0cbBD1Dh1B7YubrA) result 404).
* http://picasaweb.google.com/lh/photo/U7NcEx5i97pGfjxIhqlYow (404) with 1 occurrences migrated to:
  https://picasaweb.google.com/lh/photo/U7NcEx5i97pGfjxIhqlYow ([https](https://picasaweb.google.com/lh/photo/U7NcEx5i97pGfjxIhqlYow) result 404).
* http://picasaweb.google.com/lh/photo/XpvsZB33FPqLHa527Nc2hQ (404) with 1 occurrences migrated to:
  https://picasaweb.google.com/lh/photo/XpvsZB33FPqLHa527Nc2hQ ([https](https://picasaweb.google.com/lh/photo/XpvsZB33FPqLHa527Nc2hQ) result 404).
* http://picasaweb.google.com/lh/photo/_rJ23c0-ev-GEsuqajvYWg (404) with 1 occurrences migrated to:
  https://picasaweb.google.com/lh/photo/_rJ23c0-ev-GEsuqajvYWg ([https](https://picasaweb.google.com/lh/photo/_rJ23c0-ev-GEsuqajvYWg) result 404).
* http://picasaweb.google.com/lh/photo/b02iZRlngmObhiG-xVwmng (404) with 1 occurrences migrated to:
  https://picasaweb.google.com/lh/photo/b02iZRlngmObhiG-xVwmng ([https](https://picasaweb.google.com/lh/photo/b02iZRlngmObhiG-xVwmng) result 404).
* http://picasaweb.google.com/lh/photo/cyqNMsCJd4KMl9d8thlF9A (404) with 1 occurrences migrated to:
  https://picasaweb.google.com/lh/photo/cyqNMsCJd4KMl9d8thlF9A ([https](https://picasaweb.google.com/lh/photo/cyqNMsCJd4KMl9d8thlF9A) result 404).
* http://picasaweb.google.com/lh/photo/emw168uzsXbckWn6o1NOGw (404) with 1 occurrences migrated to:
  https://picasaweb.google.com/lh/photo/emw168uzsXbckWn6o1NOGw ([https](https://picasaweb.google.com/lh/photo/emw168uzsXbckWn6o1NOGw) result 404).
* http://picasaweb.google.com/lh/photo/zU1hicDzC1JGgsnl6CMtQw (404) with 1 occurrences migrated to:
  https://picasaweb.google.com/lh/photo/zU1hicDzC1JGgsnl6CMtQw ([https](https://picasaweb.google.com/lh/photo/zU1hicDzC1JGgsnl6CMtQw) result 404).
* http://picasaweb.google.com/lh/reportAbuse?uname=stoicflame&aid=5155181789245632497&iid=5155184692643524754 (404) with 1 occurrences migrated to:
  https://picasaweb.google.com/lh/reportAbuse?uname=stoicflame&aid=5155181789245632497&iid=5155184692643524754 ([https](https://picasaweb.google.com/lh/reportAbuse?uname=stoicflame&aid=5155181789245632497&iid=5155184692643524754) result 404).
* http://picasaweb.google.com/lh/reportAbuse?uname=stoicflame&aid=5155181789245632497&iid=5155184993291235490 (404) with 1 occurrences migrated to:
  https://picasaweb.google.com/lh/reportAbuse?uname=stoicflame&aid=5155181789245632497&iid=5155184993291235490 ([https](https://picasaweb.google.com/lh/reportAbuse?uname=stoicflame&aid=5155181789245632497&iid=5155184993291235490) result 404).
* http://picasaweb.google.com/lh/reportAbuse?uname=stoicflame&aid=5155181789245632497&iid=5155185272464109746 (404) with 1 occurrences migrated to:
  https://picasaweb.google.com/lh/reportAbuse?uname=stoicflame&aid=5155181789245632497&iid=5155185272464109746 ([https](https://picasaweb.google.com/lh/reportAbuse?uname=stoicflame&aid=5155181789245632497&iid=5155185272464109746) result 404).
* http://picasaweb.google.com/lh/reportAbuse?uname=stoicflame&aid=5155181789245632497&iid=5155185633241362626 (404) with 1 occurrences migrated to:
  https://picasaweb.google.com/lh/reportAbuse?uname=stoicflame&aid=5155181789245632497&iid=5155185633241362626 ([https](https://picasaweb.google.com/lh/reportAbuse?uname=stoicflame&aid=5155181789245632497&iid=5155185633241362626) result 404).
* http://picasaweb.google.com/lh/reportAbuse?uname=stoicflame&aid=5155181789245632497&iid=5155186024083386578 (404) with 1 occurrences migrated to:
  https://picasaweb.google.com/lh/reportAbuse?uname=stoicflame&aid=5155181789245632497&iid=5155186024083386578 ([https](https://picasaweb.google.com/lh/reportAbuse?uname=stoicflame&aid=5155181789245632497&iid=5155186024083386578) result 404).
* http://picasaweb.google.com/lh/reportAbuse?uname=stoicflame&aid=5155181789245632497&iid=5155186290371358946 (404) with 1 occurrences migrated to:
  https://picasaweb.google.com/lh/reportAbuse?uname=stoicflame&aid=5155181789245632497&iid=5155186290371358946 ([https](https://picasaweb.google.com/lh/reportAbuse?uname=stoicflame&aid=5155181789245632497&iid=5155186290371358946) result 404).
* http://picasaweb.google.com/lh/reportAbuse?uname=stoicflame&aid=5155181789245632497&iid=5155186560954298610 (404) with 1 occurrences migrated to:
  https://picasaweb.google.com/lh/reportAbuse?uname=stoicflame&aid=5155181789245632497&iid=5155186560954298610 ([https](https://picasaweb.google.com/lh/reportAbuse?uname=stoicflame&aid=5155181789245632497&iid=5155186560954298610) result 404).
* http://picasaweb.google.com/lh/reportAbuse?uname=stoicflame&aid=5155181789245632497&iid=5155186870191943938 (404) with 1 occurrences migrated to:
  https://picasaweb.google.com/lh/reportAbuse?uname=stoicflame&aid=5155181789245632497&iid=5155186870191943938 ([https](https://picasaweb.google.com/lh/reportAbuse?uname=stoicflame&aid=5155181789245632497&iid=5155186870191943938) result 404).
* http://picasaweb.google.com/lh/reportAbuse?uname=stoicflame&aid=5381874767712259297&iid=5398207118777306258 (404) with 1 occurrences migrated to:
  https://picasaweb.google.com/lh/reportAbuse?uname=stoicflame&aid=5381874767712259297&iid=5398207118777306258 ([https](https://picasaweb.google.com/lh/reportAbuse?uname=stoicflame&aid=5381874767712259297&iid=5398207118777306258) result 404).
* http://picasaweb.google.com/lh/reportAbuse?uname=stoicflame&aid=5381874767712259297&iid=5416573875289209458 (404) with 1 occurrences migrated to:
  https://picasaweb.google.com/lh/reportAbuse?uname=stoicflame&aid=5381874767712259297&iid=5416573875289209458 ([https](https://picasaweb.google.com/lh/reportAbuse?uname=stoicflame&aid=5381874767712259297&iid=5416573875289209458) result 404).

These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.

* http://static.springframework.org/spring-security/site/ (301) with 1 occurrences migrated to:
  https://docs.spring.io/spring-security/site/ ([https](https://static.springframework.org/spring-security/site/) result 200).
* http://maven.apache.org/xsd/maven-4.0.0.xsd with 25 occurrences migrated to:
  https://maven.apache.org/xsd/maven-4.0.0.xsd ([https](https://maven.apache.org/xsd/maven-4.0.0.xsd) result 200).
* http://myhost.com with 1 occurrences migrated to:
  https://myhost.com ([https](https://myhost.com) result 200).
* http://oauth.net/ with 1 occurrences migrated to:
  https://oauth.net/ ([https](https://oauth.net/) result 200).
* http://www.springframework.org/schema/beans/spring-beans-3.0.xsd with 12 occurrences migrated to:
  https://www.springframework.org/schema/beans/spring-beans-3.0.xsd ([https](https://www.springframework.org/schema/beans/spring-beans-3.0.xsd) result 200).
* http://www.springframework.org/schema/beans/spring-beans-3.1.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/beans/spring-beans-3.1.xsd ([https](https://www.springframework.org/schema/beans/spring-beans-3.1.xsd) result 200).
* http://www.springframework.org/schema/beans/spring-beans.xsd with 15 occurrences migrated to:
  https://www.springframework.org/schema/beans/spring-beans.xsd ([https](https://www.springframework.org/schema/beans/spring-beans.xsd) result 200).
* http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd ([https](https://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd) result 200).
* http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd ([https](https://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd) result 200).
* http://www.springframework.org/schema/mvc/spring-mvc.xsd with 2 occurrences migrated to:
  https://www.springframework.org/schema/mvc/spring-mvc.xsd ([https](https://www.springframework.org/schema/mvc/spring-mvc.xsd) result 200).
* http://www.springframework.org/schema/security/spring-security-oauth-1.0.xsd with 5 occurrences migrated to:
  https://www.springframework.org/schema/security/spring-security-oauth-1.0.xsd ([https](https://www.springframework.org/schema/security/spring-security-oauth-1.0.xsd) result 200).
* http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd with 2 occurrences migrated to:
  https://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd ([https](https://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd) result 200).
* http://www.springframework.org/schema/security/spring-security-oauth2.xsd with 19 occurrences migrated to:
  https://www.springframework.org/schema/security/spring-security-oauth2.xsd ([https](https://www.springframework.org/schema/security/spring-security-oauth2.xsd) result 200).
* http://www.springframework.org/schema/security/spring-security.xsd with 9 occurrences migrated to:
  https://www.springframework.org/schema/security/spring-security.xsd ([https](https://www.springframework.org/schema/security/spring-security.xsd) result 200).
* http://anywhere.com with 2 occurrences migrated to:
  https://anywhere.com ([https](https://anywhere.com) result 301).
* http://maven.apache.org/maven-v4_0_0.xsd with 10 occurrences migrated to:
  https://maven.apache.org/maven-v4_0_0.xsd ([https](https://maven.apache.org/maven-v4_0_0.xsd) result 301).
* http://springframework.org/ with 1 occurrences migrated to:
  https://springframework.org/ ([https](https://springframework.org/) result 301).
* http://java.sun.com/dtd/web-app_2_3.dtd with 2 occurrences migrated to:
  https://java.sun.com/dtd/web-app_2_3.dtd ([https](https://java.sun.com/dtd/web-app_2_3.dtd) result 302).
* http://java.sun.com/j2ee/1.4/docs/api with 1 occurrences migrated to:
  https://java.sun.com/j2ee/1.4/docs/api ([https](https://java.sun.com/j2ee/1.4/docs/api) result 302).
* http://java.sun.com/j2se/1.5.0/docs/api with 1 occurrences migrated to:
  https://java.sun.com/j2se/1.5.0/docs/api ([https](https://java.sun.com/j2se/1.5.0/docs/api) result 302).
* http://picasaweb.google.com/ with 1 occurrences migrated to:
  https://picasaweb.google.com/ ([https](https://picasaweb.google.com/) result 302).
* http://picasaweb.google.com/s/c/bin/slideshow.swf?host=picasaweb.google.com&RGB=0x000000&feed=https%3A%2F%2Fpicasaweb.google.com%2Fdata%2Ffeed%2Fapi%2Fuser%2Fstoicflame%3Falt%3Drss with 1 occurrences migrated to:
  https://picasaweb.google.com/s/c/bin/slideshow.swf?host=picasaweb.google.com&RGB=0x000000&feed=https%3A%2F%2Fpicasaweb.google.com%2Fdata%2Ffeed%2Fapi%2Fuser%2Fstoicflame%3Falt%3Drss ([https](https://picasaweb.google.com/s/c/bin/slideshow.swf?host=picasaweb.google.com&RGB=0x000000&feed=https%3A%2F%2Fpicasaweb.google.com%2Fdata%2Ffeed%2Fapi%2Fuser%2Fstoicflame%3Falt%3Drss) result 302).
* http://search.yahoo.com/mrss/ with 1 occurrences migrated to:
  https://search.yahoo.com/mrss/ ([https](https://search.yahoo.com/mrss/) result 302).

These URLs were intentionally ignored.

* http://appengine.google.com/ns/1.0 with 1 occurrences
* http://localhost:8080/oauth/authorize with 1 occurrences
* http://localhost:8080/oauth/token with 1 occurrences
* http://localhost:8080/sparklr/oauth/access_token with 1 occurrences
* http://localhost:8080/sparklr/oauth/confirm_access with 1 occurrences
* http://localhost:8080/sparklr/oauth/request_token with 1 occurrences
* http://maven.apache.org/POM/4.0.0 with 70 occurrences
* http://www.springframework.org/schema/beans with 56 occurrences
* http://www.springframework.org/schema/mvc with 8 occurrences
* http://www.springframework.org/schema/security with 18 occurrences
* http://www.springframework.org/schema/security/oauth with 10 occurrences
* http://www.springframework.org/schema/security/oauth2 with 53 occurrences
* http://www.w3.org/2001/XMLSchema-instance with 63 occurrences
* http://www.w3.org/2005/Atom with 1 occurrences

Fixes gh-1628
---
 pom.xml                                       |   6 +-
 samples/oauth/sparklr/pom.xml                 |   2 +-
 .../webapp/WEB-INF/applicationContext.xml     |   6 +-
 .../main/webapp/WEB-INF/spring-servlet.xml    |   4 +-
 .../sparklr/src/main/webapp/WEB-INF/web.xml   |   2 +-
 .../src/main/webapp/sparklr_gadget.xml        |   4 +-
 samples/oauth/tonr/pom.xml                    |   2 +-
 .../main/resources/example_picasa_feed.xml    | 138 +++++++++---------
 .../webapp/WEB-INF/applicationContext.xml     |   8 +-
 .../main/webapp/WEB-INF/spring-servlet.xml    |   4 +-
 .../tonr/src/main/webapp/WEB-INF/web.xml      |   2 +-
 samples/oauth2/sparklr/pom.xml                |   2 +-
 samples/oauth2/tonr/pom.xml                   |   2 +-
 samples/pom.xml                               |   2 +-
 spring-security-jwt/pom.xml                   |   2 +-
 spring-security-oauth/pom.xml                 |   2 +-
 ...erverBeanDefinitionParserTests-context.xml |   6 +-
 ...rviceBeanDefinitionParserTests-context.xml |   6 +-
 ...FilterChainInitializationTests-context.xml |   6 +-
 spring-security-oauth2/pom.xml                |   2 +-
 ...rviceBeanDefinitionParserTests-context.xml |   6 +-
 ...ourceBeanDefinitionParserTests-context.xml |  10 +-
 ...ion-server-check-token-custom-endpoint.xml |   4 +-
 .../xml/authorization-server-check-token.xml  |   4 +-
 ...er-client-credentials-password-invalid.xml |   8 +-
 ...rver-client-credentials-password-valid.xml |   8 +-
 .../xml/authorization-server-custom-grant.xml |   4 +-
 .../xml/authorization-server-disable.xml      |   6 +-
 .../xml/authorization-server-extras.xml       |   4 +-
 .../xml/authorization-server-invalid.xml      |   4 +-
 .../config/xml/authorization-server-types.xml |   6 +-
 .../xml/authorization-server-vanilla.xml      |   4 +-
 .../resource-server-authmanager-context.xml   |   4 +-
 .../config/xml/resource-server-context.xml    |   4 +-
 src/site/site.xml                             |   8 +-
 tests/annotation/approval/pom.xml             |   2 +-
 tests/annotation/client/pom.xml               |   2 +-
 tests/annotation/common/pom.xml               |   2 +-
 .../annotation/custom-authentication/pom.xml  |   2 +-
 tests/annotation/custom-grant/pom.xml         |   2 +-
 tests/annotation/form/pom.xml                 |   2 +-
 tests/annotation/jaxb/pom.xml                 |   2 +-
 tests/annotation/jdbc/pom.xml                 |   2 +-
 tests/annotation/jpa/pom.xml                  |   2 +-
 tests/annotation/jwt/pom.xml                  |   2 +-
 tests/annotation/mappings/pom.xml             |   2 +-
 tests/annotation/multi/pom.xml                |   2 +-
 tests/annotation/pom.xml                      |   2 +-
 tests/annotation/resource/pom.xml             |   2 +-
 tests/annotation/ssl/pom.xml                  |   2 +-
 tests/annotation/vanilla/pom.xml              |   2 +-
 tests/pom.xml                                 |   2 +-
 tests/xml/approval/pom.xml                    |   2 +-
 .../approval/src/main/resources/context.xml   |   8 +-
 tests/xml/client/pom.xml                      |   2 +-
 .../xml/client/src/main/resources/context.xml |   4 +-
 tests/xml/common/pom.xml                      |   2 +-
 tests/xml/form/pom.xml                        |   2 +-
 tests/xml/form/src/main/resources/context.xml |   8 +-
 tests/xml/jdbc/pom.xml                        |   2 +-
 tests/xml/jdbc/src/main/resources/context.xml |   4 +-
 tests/xml/jwt/pom.xml                         |   2 +-
 tests/xml/jwt/src/main/resources/context.xml  |   8 +-
 tests/xml/mappings/pom.xml                    |   2 +-
 .../mappings/src/main/resources/context.xml   |   8 +-
 tests/xml/pom.xml                             |   2 +-
 tests/xml/vanilla/pom.xml                     |   2 +-
 .../vanilla/src/main/resources/context.xml    |   8 +-
 68 files changed, 196 insertions(+), 196 deletions(-)

diff --git a/pom.xml b/pom.xml
index 55efc4792..5caebe627 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,4 +1,4 @@
-
+
   4.0.0
   org.springframework.security.oauth
   spring-security-oauth-parent
@@ -472,8 +472,8 @@
           true
           true
           
-            http://java.sun.com/j2ee/1.4/docs/api
-            http://java.sun.com/j2se/1.5.0/docs/api
+            https://java.sun.com/j2ee/1.4/docs/api
+            https://java.sun.com/j2se/1.5.0/docs/api
             https://jakarta.apache.org/commons/collections/apidocs-COLLECTIONS_3_0/
             https://jakarta.apache.org/commons/dbcp/apidocs/
             https://jakarta.apache.org/commons/fileupload/apidocs/
diff --git a/samples/oauth/sparklr/pom.xml b/samples/oauth/sparklr/pom.xml
index ae43f43aa..eb075133a 100644
--- a/samples/oauth/sparklr/pom.xml
+++ b/samples/oauth/sparklr/pom.xml
@@ -1,4 +1,4 @@
-
+
 
 	4.0.0
 
diff --git a/samples/oauth/sparklr/src/main/webapp/WEB-INF/applicationContext.xml b/samples/oauth/sparklr/src/main/webapp/WEB-INF/applicationContext.xml
index c23317603..f33670c75 100644
--- a/samples/oauth/sparklr/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/samples/oauth/sparklr/src/main/webapp/WEB-INF/applicationContext.xml
@@ -4,9 +4,9 @@
   xmlns:beans="http://www.springframework.org/schema/beans"
   xmlns:oauth="http://www.springframework.org/schema/security/oauth"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-  xsi:schemaLocation="http://www.springframework.org/schema/beans%20http://www.springframework.org/schema/beans/spring-beans.xsd-%20%20%20%20%20%20%20%20%20%20%20%20%20%20http://www.springframework.org/schema/security%20http://www.springframework.org/schema/security/spring-security.xsd-%20%20%20%20%20%20%20%20%20%20%20%20%20%20http://www.springframework.org/schema/security/oauth%20http://www.springframework.org/schema/security/spring-security-oauth-1.0.xsd">
+  xsi:schemaLocation="http://www.springframework.org/schema/beans%20https://www.springframework.org/schema/beans/spring-beans.xsd+%20%20%20%20%20%20%20%20%20%20%20%20%20%20http://www.springframework.org/schema/security%20https://www.springframework.org/schema/security/spring-security.xsd+%20%20%20%20%20%20%20%20%20%20%20%20%20%20http://www.springframework.org/schema/security/oauth%20https://www.springframework.org/schema/security/spring-security-oauth-1.0.xsd">
 
   
     
diff --git a/samples/oauth/sparklr/src/main/webapp/WEB-INF/spring-servlet.xml b/samples/oauth/sparklr/src/main/webapp/WEB-INF/spring-servlet.xml
index 65bcd5a97..b364e2142 100644
--- a/samples/oauth/sparklr/src/main/webapp/WEB-INF/spring-servlet.xml
+++ b/samples/oauth/sparklr/src/main/webapp/WEB-INF/spring-servlet.xml
@@ -2,8 +2,8 @@
 
 
+	xsi:schemaLocation="http://www.springframework.org/schema/mvc%20https://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd+http://www.springframework.org/schema/beans%20https://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
 
 	
 
diff --git a/samples/oauth/sparklr/src/main/webapp/WEB-INF/web.xml b/samples/oauth/sparklr/src/main/webapp/WEB-INF/web.xml
index 8492917b3..31390bf58 100644
--- a/samples/oauth/sparklr/src/main/webapp/WEB-INF/web.xml
+++ b/samples/oauth/sparklr/src/main/webapp/WEB-INF/web.xml
@@ -2,7 +2,7 @@
 
 
+  "https://java.sun.com/dtd/web-app_2_3.dtd">
 
 
 
diff --git a/samples/oauth/sparklr/src/main/webapp/sparklr_gadget.xml b/samples/oauth/sparklr/src/main/webapp/sparklr_gadget.xml
index 3f914b85a..e05842d8b 100644
--- a/samples/oauth/sparklr/src/main/webapp/sparklr_gadget.xml
+++ b/samples/oauth/sparklr/src/main/webapp/sparklr_gadget.xml
@@ -15,7 +15,7 @@
   
-  
+