Merge pull request #16320 from Spring Operator

* gh-16320:
  Polish "Use HTTPS for external links wherever possible"
  Use HTTPS for external links wherever possible

Closes gh-16320

Author: wilkinsona

spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/metrics/web/client/WebClientMetricsConfigurationTests.java

@@ -108,7 +108,7 @@ private MeterRegistry getInitializedMeterRegistry(
 		WebClient webClient = mockWebClient(context.getBean(WebClient.Builder.class));
 		MeterRegistry registry = context.getBean(MeterRegistry.class);
 		for (int i = 0; i < 3; i++) {
-			webClient.get().uri("http://example.org/projects/" + i).exchange()
+			webClient.get().uri("https://example.org/projects/" + i).exchange()
 					.block(Duration.ofSeconds(30));
 		}
 		return registry;
@@ -117,7 +117,7 @@ private MeterRegistry getInitializedMeterRegistry(
 	private void validateWebClient(WebClient.Builder builder, MeterRegistry registry) {
 		WebClient webClient = mockWebClient(builder);
 		assertThat(registry.find("http.client.requests").meter()).isNull();
-		webClient.get().uri("http://example.org/projects/{project}", "spring-boot")
+		webClient.get().uri("https://example.org/projects/{project}", "spring-boot")
 				.exchange().block(Duration.ofSeconds(30));
 		assertThat(registry.find("http.client.requests")
 				.tags("uri", "/projects/{project}").meter()).isNotNull();

spring-boot-project/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/metrics/web/reactive/client/DefaultWebClientExchangeTagsProviderTests.java

@@ -53,9 +53,9 @@ public class DefaultWebClientExchangeTagsProviderTests {
 	public void setup() {
 		this.request = ClientRequest
 				.create(HttpMethod.GET,
-						URI.create("http://example.org/projects/spring-boot"))
+						URI.create("https://example.org/projects/spring-boot"))
 				.attribute(URI_TEMPLATE_ATTRIBUTE,
-						"http://example.org/projects/{project}")
+						"https://example.org/projects/{project}")
 				.build();
 		this.response = mock(ClientResponse.class);
 		given(this.response.statusCode()).willReturn(HttpStatus.OK);
@@ -72,7 +72,7 @@ public void tagsShouldBePopulated() {
 	@Test
 	public void tagsWhenNoUriTemplateShouldProvideUriPath() {
 		ClientRequest request = ClientRequest.create(HttpMethod.GET,
-				URI.create("http://example.org/projects/spring-boot")).build();
+				URI.create("https://example.org/projects/spring-boot")).build();
 		Iterable<Tag> tags = this.tagsProvider.tags(request, this.response, null);
 		assertThat(tags).containsExactlyInAnyOrder(Tag.of("method", "GET"),
 				Tag.of("uri", "/projects/spring-boot"),

spring-boot-project/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/metrics/web/reactive/client/MetricsWebClientFilterFunctionTests.java

@@ -71,7 +71,7 @@ public void setup() {
 	@Test
 	public void filterShouldRecordTimer() {
 		ClientRequest request = ClientRequest.create(HttpMethod.GET,
-				URI.create("http://example.com/projects/spring-boot")).build();
+				URI.create("https://example.com/projects/spring-boot")).build();
 		given(this.response.statusCode()).willReturn(HttpStatus.OK);
 		this.filterFunction.filter(request, this.exchange).block(Duration.ofSeconds(30));
 		assertThat(this.registry.get("http.client.requests")
@@ -83,7 +83,7 @@ public void filterShouldRecordTimer() {
 	public void filterWhenUriTemplatePresentShouldRecordTimer() {
 		ClientRequest request = ClientRequest
 				.create(HttpMethod.GET,
-						URI.create("http://example.com/projects/spring-boot"))
+						URI.create("https://example.com/projects/spring-boot"))
 				.attribute(URI_TEMPLATE_ATTRIBUTE, "/projects/{project}").build();
 		given(this.response.statusCode()).willReturn(HttpStatus.OK);
 		this.filterFunction.filter(request, this.exchange).block(Duration.ofSeconds(30));
@@ -95,7 +95,7 @@ public void filterWhenUriTemplatePresentShouldRecordTimer() {
 	@Test
 	public void filterWhenIoExceptionThrownShouldRecordTimer() {
 		ClientRequest request = ClientRequest.create(HttpMethod.GET,
-				URI.create("http://example.com/projects/spring-boot")).build();
+				URI.create("https://example.com/projects/spring-boot")).build();
 		ExchangeFunction errorExchange = (r) -> Mono.error(new IOException());
 		this.filterFunction.filter(request, errorExchange)
 				.onErrorResume(IOException.class, (t) -> Mono.empty())
@@ -110,7 +110,7 @@ public void filterWhenIoExceptionThrownShouldRecordTimer() {
 	@Test
 	public void filterWhenExceptionThrownShouldRecordTimer() {
 		ClientRequest request = ClientRequest.create(HttpMethod.GET,
-				URI.create("http://example.com/projects/spring-boot")).build();
+				URI.create("https://example.com/projects/spring-boot")).build();
 		ExchangeFunction exchange = (r) -> Mono.error(new IllegalArgumentException());
 		this.filterFunction.filter(request, exchange)
 				.onErrorResume(IllegalArgumentException.class, (t) -> Mono.empty())
@@ -124,7 +124,7 @@ public void filterWhenExceptionThrownShouldRecordTimer() {
 	@Test
 	public void filterWhenExceptionAndRetryShouldNotCumulateRecordTime() {
 		ClientRequest request = ClientRequest.create(HttpMethod.GET,
-				URI.create("http://example.com/projects/spring-boot")).build();
+				URI.create("https://example.com/projects/spring-boot")).build();
 		ExchangeFunction exchange = (r) -> Mono.error(new IllegalArgumentException())
 				.delaySubscription(Duration.ofMillis(300)).cast(ClientResponse.class);
 		this.filterFunction.filter(request, exchange).retry(1)

spring-boot-project/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/metrics/web/reactive/client/WebClientExchangeTagsTests.java

@@ -51,9 +51,9 @@ public class WebClientExchangeTagsTests {
 	public void setup() {
 		this.request = ClientRequest
 				.create(HttpMethod.GET,
-						URI.create("http://example.org/projects/spring-boot"))
+						URI.create("https://example.org/projects/spring-boot"))
 				.attribute(URI_TEMPLATE_ATTRIBUTE,
-						"http://example.org/projects/{project}")
+						"https://example.org/projects/{project}")
 				.build();
 		this.response = mock(ClientResponse.class);
 		given(this.response.statusCode()).willReturn(HttpStatus.OK);
@@ -75,7 +75,7 @@ public void uriWhenAbsoluteTemplateIsAvailableShouldReturnTemplate() {
 	public void uriWhenRelativeTemplateIsAvailableShouldReturnTemplate() {
 		this.request = ClientRequest
 				.create(HttpMethod.GET,
-						URI.create("http://example.org/projects/spring-boot"))
+						URI.create("https://example.org/projects/spring-boot"))
 				.attribute(URI_TEMPLATE_ATTRIBUTE, "/projects/{project}").build();
 		assertThat(WebClientExchangeTags.uri(this.request))
 				.isEqualTo(Tag.of("uri", "/projects/{project}"));
@@ -84,7 +84,7 @@ public void uriWhenRelativeTemplateIsAvailableShouldReturnTemplate() {
 	@Test
 	public void uriWhenTemplateIsMissingShouldReturnPath() {
 		this.request = ClientRequest.create(HttpMethod.GET,
-				URI.create("http://example.org/projects/spring-boot")).build();
+				URI.create("https://example.org/projects/spring-boot")).build();
 		assertThat(WebClientExchangeTags.uri(this.request))
 				.isEqualTo(Tag.of("uri", "/projects/spring-boot"));
 	}

spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapterTests.java

@@ -271,23 +271,23 @@ public void oidcProviderConfigurationWithCustomConfigurationOverridesProviderDef
 		assertThat(adapted.getClientName()).isEqualTo(issuer);
 		assertThat(adapted.getScopes()).containsOnly("user");
 		assertThat(adapted.getRedirectUriTemplate())
-				.isEqualTo("http://example.com/redirect");
+				.isEqualTo("https://example.com/redirect");
 		assertThat(providerDetails.getAuthorizationUri())
-				.isEqualTo("http://example.com/auth");
-		assertThat(providerDetails.getTokenUri()).isEqualTo("http://example.com/token");
-		assertThat(providerDetails.getJwkSetUri()).isEqualTo("http://example.com/jwk");
+				.isEqualTo("https://example.com/auth");
+		assertThat(providerDetails.getTokenUri()).isEqualTo("https://example.com/token");
+		assertThat(providerDetails.getJwkSetUri()).isEqualTo("https://example.com/jwk");
 		UserInfoEndpoint userInfoEndpoint = providerDetails.getUserInfoEndpoint();
-		assertThat(userInfoEndpoint.getUri()).isEqualTo("http://example.com/info");
+		assertThat(userInfoEndpoint.getUri()).isEqualTo("https://example.com/info");
 		assertThat(userInfoEndpoint.getUserNameAttributeName()).isEqualTo("sub");
 	}
 
 	private Provider createProvider() {
 		Provider provider = new Provider();
-		provider.setAuthorizationUri("http://example.com/auth");
-		provider.setTokenUri("http://example.com/token");
-		provider.setUserInfoUri("http://example.com/info");
+		provider.setAuthorizationUri("https://example.com/auth");
+		provider.setTokenUri("https://example.com/token");
+		provider.setUserInfoUri("https://example.com/info");
 		provider.setUserNameAttribute("sub");
-		provider.setJwkSetUri("http://example.com/jwk");
+		provider.setJwkSetUri("https://example.com/jwk");
 		return provider;
 	}
 
@@ -297,7 +297,7 @@ private OAuth2ClientProperties.Registration createRegistration(String provider)
 		registration.setClientId("clientId");
 		registration.setClientSecret("clientSecret");
 		registration.setClientAuthenticationMethod("post");
-		registration.setRedirectUri("http://example.com/redirect");
+		registration.setRedirectUri("https://example.com/redirect");
 		registration.setScope(Collections.singleton("user"));
 		registration.setAuthorizationGrantType("authorization_code");
 		return registration;

spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/reactive/ReactiveOAuth2ClientAutoConfigurationTests.java

@@ -168,7 +168,8 @@ static class ReactiveClientRepositoryConfiguration {
 		@Bean
 		public ReactiveClientRegistrationRepository clientRegistrationRepository() {
 			List<ClientRegistration> registrations = new ArrayList<>();
-			registrations.add(getClientRegistration("first", "http://user-info-uri.com"));
+			registrations
+					.add(getClientRegistration("first", "https://user-info-uri.com"));
 			registrations.add(getClientRegistration("second", "http://other-user-info"));
 			return new InMemoryReactiveClientRegistrationRepository(registrations);
 		}
@@ -180,9 +181,9 @@ private ClientRegistration getClientRegistration(String id, String userInfoUri)
 					org.springframework.security.oauth2.core.ClientAuthenticationMethod.BASIC)
 					.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
 					.scope("read").clientSecret("secret")
-					.redirectUriTemplate("http://redirect-uri.com")
-					.authorizationUri("http://authorization-uri.com")
-					.tokenUri("http://token-uri.com").userInfoUri(userInfoUri)
+					.redirectUriTemplate("https://redirect-uri.com")
+					.authorizationUri("https://authorization-uri.com")
+					.tokenUri("https://token-uri.com").userInfoUri(userInfoUri)
 					.userNameAttributeName("login");
 			return builder.build();
 		}

spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/reactive/ReactiveOAuth2ResourceServerAutoConfigurationTests.java

@@ -80,7 +80,7 @@ public void cleanup() throws Exception {
 	@Test
 	public void autoConfigurationShouldConfigureResourceServer() {
 		this.contextRunner.withPropertyValues(
-				"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://jwk-set-uri.com")
+				"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://jwk-set-uri.com")
 				.run((context) -> {
 					assertThat(context.getBean(ReactiveJwtDecoder.class))
 							.isInstanceOf(NimbusReactiveJwtDecoder.class);
@@ -110,8 +110,8 @@ public void autoConfigurationShouldConfigureResourceServerUsingOidcIssuerUri()
 	@Test
 	public void autoConfigurationWhenBothSetUriAndIssuerUriPresentShouldUseSetUri() {
 		this.contextRunner.withPropertyValues(
-				"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://jwk-set-uri.com",
-				"spring.security.oauth2.resourceserver.jwt.issuer-uri=http://jwk-oidc-issuer-location.com")
+				"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://jwk-set-uri.com",
+				"spring.security.oauth2.resourceserver.jwt.issuer-uri=https://jwk-oidc-issuer-location.com")
 				.run((context) -> {
 					assertThat(context.getBean(ReactiveJwtDecoder.class))
 							.isInstanceOf(NimbusReactiveJwtDecoder.class);
@@ -130,23 +130,23 @@ public void autoConfigurationWhenJwkSetUriNullShouldNotFail() {
 	@Test
 	public void jwtDecoderBeanIsConditionalOnMissingBean() {
 		this.contextRunner.withPropertyValues(
-				"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://jwk-set-uri.com")
+				"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://jwk-set-uri.com")
 				.withUserConfiguration(JwtDecoderConfig.class)
 				.run((this::assertFilterConfiguredWithJwtAuthenticationManager));
 	}
 
 	@Test
 	public void jwtDecoderByIssuerUriBeanIsConditionalOnMissingBean() {
 		this.contextRunner.withPropertyValues(
-				"spring.security.oauth2.resourceserver.jwt.issuer-uri=http://jwk-oidc-issuer-location.com")
+				"spring.security.oauth2.resourceserver.jwt.issuer-uri=https://jwk-oidc-issuer-location.com")
 				.withUserConfiguration(JwtDecoderConfig.class)
 				.run((this::assertFilterConfiguredWithJwtAuthenticationManager));
 	}
 
 	@Test
 	public void autoConfigurationShouldBeConditionalOnBearerTokenAuthenticationTokenClass() {
 		this.contextRunner.withPropertyValues(
-				"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://jwk-set-uri.com")
+				"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://jwk-set-uri.com")
 				.withUserConfiguration(JwtDecoderConfig.class)
 				.withClassLoader(
 						new FilteredClassLoader(BearerTokenAuthenticationToken.class))
@@ -157,7 +157,7 @@ public void autoConfigurationShouldBeConditionalOnBearerTokenAuthenticationToken
 	@Test
 	public void autoConfigurationShouldBeConditionalOnReactiveJwtDecoderClass() {
 		this.contextRunner.withPropertyValues(
-				"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://jwk-set-uri.com")
+				"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://jwk-set-uri.com")
 				.withUserConfiguration(JwtDecoderConfig.class)
 				.withClassLoader(new FilteredClassLoader(ReactiveJwtDecoder.class))
 				.run((context) -> assertThat(context)
@@ -167,7 +167,7 @@ public void autoConfigurationShouldBeConditionalOnReactiveJwtDecoderClass() {
 	@Test
 	public void autoConfigurationWhenSecurityWebFilterChainConfigPresentShouldNotAddOne() {
 		this.contextRunner.withPropertyValues(
-				"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://jwk-set-uri.com")
+				"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://jwk-set-uri.com")
 				.withUserConfiguration(SecurityWebFilterChainConfig.class)
 				.run((context) -> {
 					assertThat(context).hasSingleBean(SecurityWebFilterChain.class);

spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfigurationTests.java

@@ -75,7 +75,7 @@ public void cleanup() throws Exception {
 	@Test
 	public void autoConfigurationShouldConfigureResourceServer() {
 		this.contextRunner.withPropertyValues(
-				"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://jwk-set-uri.com")
+				"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://jwk-set-uri.com")
 				.run((context) -> {
 					assertThat(context.getBean(JwtDecoder.class))
 							.isInstanceOf(NimbusJwtDecoderJwkSupport.class);
@@ -105,8 +105,8 @@ public void autoConfigurationShouldConfigureResourceServerUsingOidcIssuerUri()
 	@Test
 	public void autoConfigurationWhenBothSetUriAndIssuerUriPresentShouldUseSetUri() {
 		this.contextRunner.withPropertyValues(
-				"spring.security.oauth2.resourceserver.jwt.issuer-uri=http://issuer-uri.com",
-				"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://jwk-set-uri.com")
+				"spring.security.oauth2.resourceserver.jwt.issuer-uri=https://issuer-uri.com",
+				"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://jwk-set-uri.com")
 				.run((context) -> {
 					assertThat(context.getBean(JwtDecoder.class))
 							.isInstanceOf(NimbusJwtDecoderJwkSupport.class);
@@ -126,23 +126,23 @@ public void autoConfigurationWhenJwkSetUriNullShouldNotFail() {
 	@Test
 	public void jwtDecoderByJwkSetUriIsConditionalOnMissingBean() {
 		this.contextRunner.withPropertyValues(
-				"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://jwk-set-uri.com")
+				"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://jwk-set-uri.com")
 				.withUserConfiguration(JwtDecoderConfig.class)
 				.run((context) -> assertThat(getBearerTokenFilter(context)).isNotNull());
 	}
 
 	@Test
 	public void jwtDecoderByOidcIssuerUriIsConditionalOnMissingBean() {
 		this.contextRunner.withPropertyValues(
-				"spring.security.oauth2.resourceserver.jwt.issuer-uri=http://jwk-oidc-issuer-location.com")
+				"spring.security.oauth2.resourceserver.jwt.issuer-uri=https://jwk-oidc-issuer-location.com")
 				.withUserConfiguration(JwtDecoderConfig.class)
 				.run((context) -> assertThat(getBearerTokenFilter(context)).isNotNull());
 	}
 
 	@Test
 	public void autoConfigurationShouldBeConditionalOnJwtAuthenticationTokenClass() {
 		this.contextRunner.withPropertyValues(
-				"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://jwk-set-uri.com")
+				"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://jwk-set-uri.com")
 				.withUserConfiguration(JwtDecoderConfig.class)
 				.withClassLoader(new FilteredClassLoader(JwtAuthenticationToken.class))
 				.run((context) -> assertThat(getBearerTokenFilter(context)).isNull());
@@ -151,7 +151,7 @@ public void autoConfigurationShouldBeConditionalOnJwtAuthenticationTokenClass()
 	@Test
 	public void autoConfigurationShouldBeConditionalOnJwtDecoderClass() {
 		this.contextRunner.withPropertyValues(
-				"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://jwk-set-uri.com")
+				"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://jwk-set-uri.com")
 				.withUserConfiguration(JwtDecoderConfig.class)
 				.withClassLoader(new FilteredClassLoader(JwtDecoder.class))
 				.run((context) -> assertThat(getBearerTokenFilter(context)).isNull());

spring-boot-project/spring-boot-docs/src/main/asciidoc/howto.adoc

@@ -768,7 +768,7 @@ additional dependency.
 Spring Boot manages the version for the
 `io.netty:netty-tcnative-boringssl-static` "uber jar", containing native libraries for
 all platforms. Developers can choose to import only the required dependencies using
-a classifier (see http://netty.io/wiki/forked-tomcat-native.html[the Netty official
+a classifier (see https://netty.io/wiki/forked-tomcat-native.html[the Netty official
 documentation]).
 
 

spring-boot-project/spring-boot-docs/src/main/asciidoc/production-ready-features.adoc

@@ -1514,7 +1514,7 @@ using the following property:
 
 [source,properties,indent=0]
 ----
-	management.metrics.export.elastic.host=http://elastic.example.com:8086
+	management.metrics.export.elastic.host=https://elastic.example.com:8086
 ----
 
 
@@ -1636,7 +1636,7 @@ server] to use can be provided using:
 
 [source,properties,indent=0]
 ----
-	management.metrics.export.kairos.uri=http://kairosdb.example.com:8080/api/v1/datapoints
+	management.metrics.export.kairos.uri=https://kairosdb.example.com:8080/api/v1/datapoints
 ----