Polish URL Cleanup

Fixes: gh-6628

Author: rwinch

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java

@@ -174,7 +174,7 @@ public void resolveWhenAuthorizationRequestIncludesPort80ThenExpandedRedirectUri
 		String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId();
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setScheme("http");
-		request.setServerName("example.com");
+		request.setServerName("localhost");
 		request.setServerPort(80);
 		request.setServletPath(requestUri);
 
@@ -183,7 +183,7 @@ public void resolveWhenAuthorizationRequestIncludesPort80ThenExpandedRedirectUri
 				.matches("https://example.com/login/oauth/authorize\\?" +
 						"response_type=code&client_id=client-id&" +
 						"scope=read:user&state=.{15,}&" +
-						"redirect_uri=https://example.com/login/oauth2/code/registration-id");
+						"redirect_uri=http://localhost/login/oauth2/code/registration-id");
 	}
 
 	@Test

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java

@@ -308,7 +308,7 @@ public void doFilterWhenAuthorizationResponseHasDefaultPort80ThenRedirectUriMatc
 		String state = "state";
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setScheme("http");
-		request.setServerName("example.com");
+		request.setServerName("localhost");
 		request.setServerPort(80);
 		request.setServletPath(requestUri);
 		request.addParameter(OAuth2ParameterNames.CODE, "code");
@@ -329,7 +329,7 @@ public void doFilterWhenAuthorizationResponseHasDefaultPort80ThenRedirectUriMatc
 		OAuth2AuthorizationRequest authorizationRequest = authentication.getAuthorizationExchange().getAuthorizationRequest();
 		OAuth2AuthorizationResponse authorizationResponse = authentication.getAuthorizationExchange().getAuthorizationResponse();
 
-		String expectedRedirectUri = "https://example.com/login/oauth2/code/registration-id-2";
+		String expectedRedirectUri = "http://localhost/login/oauth2/code/registration-id-2";
 		assertThat(authorizationRequest.getRedirectUri()).isEqualTo(expectedRedirectUri);
 		assertThat(authorizationResponse.getRedirectUri()).isEqualTo(expectedRedirectUri);
 	}

web/src/test/java/org/springframework/security/web/FilterInvocationTests.java

@@ -45,7 +45,7 @@ public void testGettersAndStringMethods() {
 		MockHttpServletRequest request = new MockHttpServletRequest(null, null);
 		request.setServletPath("/HelloWorld");
 		request.setPathInfo("/some/more/segments.html");
-		request.setServerName("www.example.com");
+		request.setServerName("localhost");
 		request.setScheme("http");
 		request.setServerPort(80);
 		request.setContextPath("/mycontext");
@@ -61,7 +61,7 @@ public void testGettersAndStringMethods() {
 		assertThat(fi.getChain()).isEqualTo(chain);
 		assertThat(fi.getRequestUrl()).isEqualTo("/HelloWorld/some/more/segments.html");
 		assertThat(fi.toString()).isEqualTo("FilterInvocation: URL: /HelloWorld/some/more/segments.html");
-		assertThat(fi.getFullRequestUrl()).isEqualTo("https://www.example.com/mycontext/HelloWorld/some/more/segments.html");
+		assertThat(fi.getFullRequestUrl()).isEqualTo("http://localhost/mycontext/HelloWorld/some/more/segments.html");
 	}
 
 	@Test(expected = IllegalArgumentException.class)
@@ -91,7 +91,7 @@ public void testStringMethodsWithAQueryString() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setQueryString("foo=bar");
 		request.setServletPath("/HelloWorld");
-		request.setServerName("www.example.com");
+		request.setServerName("localhost");
 		request.setScheme("http");
 		request.setServerPort(80);
 		request.setContextPath("/mycontext");
@@ -102,14 +102,14 @@ public void testStringMethodsWithAQueryString() {
 				mock(FilterChain.class));
 		assertThat(fi.getRequestUrl()).isEqualTo("/HelloWorld?foo=bar");
 		assertThat(fi.toString()).isEqualTo("FilterInvocation: URL: /HelloWorld?foo=bar");
-		assertThat(fi.getFullRequestUrl()).isEqualTo("https://www.example.com/mycontext/HelloWorld?foo=bar");
+		assertThat(fi.getFullRequestUrl()).isEqualTo("http://localhost/mycontext/HelloWorld?foo=bar");
 	}
 
 	@Test
 	public void testStringMethodsWithoutAnyQueryString() {
 		MockHttpServletRequest request = new MockHttpServletRequest(null, null);
 		request.setServletPath("/HelloWorld");
-		request.setServerName("www.example.com");
+		request.setServerName("localhost");
 		request.setScheme("http");
 		request.setServerPort(80);
 		request.setContextPath("/mycontext");
@@ -120,7 +120,7 @@ public void testStringMethodsWithoutAnyQueryString() {
 				mock(FilterChain.class));
 		assertThat(fi.getRequestUrl()).isEqualTo("/HelloWorld");
 		assertThat(fi.toString()).isEqualTo("FilterInvocation: URL: /HelloWorld");
-		assertThat(fi.getFullRequestUrl()).isEqualTo("https://www.example.com/mycontext/HelloWorld");
+		assertThat(fi.getFullRequestUrl()).isEqualTo("http://localhost/mycontext/HelloWorld");
 	}
 
 	@Test(expected = UnsupportedOperationException.class)

web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java

@@ -86,7 +86,7 @@ public void testAccessDeniedWhenAnonymous() throws Exception {
 		request.setServletPath("/secure/page.html");
 		request.setServerPort(80);
 		request.setScheme("http");
-		request.setServerName("www.example.com");
+		request.setServerName("localhost");
 		request.setContextPath("/mycontext");
 		request.setRequestURI("/mycontext/secure/page.html");
 
@@ -109,7 +109,7 @@ public void testAccessDeniedWhenAnonymous() throws Exception {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		filter.doFilter(request, response, fc);
 		assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/login.jsp");
-		assertThat(getSavedRequestUrl(request)).isEqualTo("https://www.example.com/mycontext/secure/page.html");
+		assertThat(getSavedRequestUrl(request)).isEqualTo("http://localhost/mycontext/secure/page.html");
 	}
 
 	@Test
@@ -119,7 +119,7 @@ public void testAccessDeniedWithRememberMe() throws Exception {
 		request.setServletPath("/secure/page.html");
 		request.setServerPort(80);
 		request.setScheme("http");
-		request.setServerName("www.example.com");
+		request.setServerName("localhost");
 		request.setContextPath("/mycontext");
 		request.setRequestURI("/mycontext/secure/page.html");
 
@@ -139,7 +139,7 @@ public void testAccessDeniedWithRememberMe() throws Exception {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		filter.doFilter(request, response, fc);
 		assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/login.jsp");
-		assertThat(getSavedRequestUrl(request)).isEqualTo("https://www.example.com/mycontext/secure/page.html");
+		assertThat(getSavedRequestUrl(request)).isEqualTo("http://localhost/mycontext/secure/page.html");
 	}
 
 
@@ -210,7 +210,7 @@ public void redirectedToLoginFormAndSessionShowsOriginalTargetWhenAuthentication
 		request.setServletPath("/secure/page.html");
 		request.setServerPort(80);
 		request.setScheme("http");
-		request.setServerName("www.example.com");
+		request.setServerName("localhost");
 		request.setContextPath("/mycontext");
 		request.setRequestURI("/mycontext/secure/page.html");
 
@@ -225,7 +225,7 @@ public void redirectedToLoginFormAndSessionShowsOriginalTargetWhenAuthentication
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		filter.doFilter(request, response, fc);
 		assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/login.jsp");
-		assertThat(getSavedRequestUrl(request)).isEqualTo("https://www.example.com/mycontext/secure/page.html");
+		assertThat(getSavedRequestUrl(request)).isEqualTo("http://localhost/mycontext/secure/page.html");
 	}
 
 	@Test
@@ -236,7 +236,7 @@ public void redirectedToLoginFormAndSessionShowsOriginalTargetWithExoticPortWhen
 		request.setServletPath("/secure/page.html");
 		request.setServerPort(8080);
 		request.setScheme("http");
-		request.setServerName("www.example.com");
+		request.setServerName("localhost");
 		request.setContextPath("/mycontext");
 		request.setRequestURI("/mycontext/secure/page.html");
 
@@ -254,7 +254,7 @@ public void redirectedToLoginFormAndSessionShowsOriginalTargetWithExoticPortWhen
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		filter.doFilter(request, response, fc);
 		assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/login.jsp");
-		assertThat(getSavedRequestUrl(request)).isEqualTo("https://www.example.com:8080/mycontext/secure/page.html");
+		assertThat(getSavedRequestUrl(request)).isEqualTo("http://localhost:8080/mycontext/secure/page.html");
 	}
 
 	@Test(expected = IllegalArgumentException.class)

web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java

@@ -96,15 +96,15 @@ public void testNormalOperation() throws Exception {
 
 		ep.commence(request, response);
 		assertThat(response.getRedirectedUrl()).isEqualTo(
-				"https://www.example.com/bigWebApp/hello/pathInfo.html?open=true");
+				"http://www.example.com/bigWebApp/hello/pathInfo.html?open=true");
 	}
 
 	@Test
 	public void testNormalOperationWithNullQueryString() throws Exception {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET",
 				"/bigWebApp/hello");
 		request.setScheme("https");
-		request.setServerName("www.example.com");
+		request.setServerName("localhost");
 		request.setServerPort(443);
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -115,7 +115,7 @@ public void testNormalOperationWithNullQueryString() throws Exception {
 
 		ep.commence(request, response);
 		assertThat(response.getRedirectedUrl())
-				.isEqualTo("https://www.example.com/bigWebApp/hello");
+				.isEqualTo("http://localhost/bigWebApp/hello");
 	}
 
 	@Test
@@ -142,7 +142,7 @@ public void testOperationWithNonStandardPort() throws Exception {
 				"/bigWebApp/hello/pathInfo.html");
 		request.setQueryString("open=true");
 		request.setScheme("https");
-		request.setServerName("www.example.com");
+		request.setServerName("localhost");
 		request.setServerPort(9999);
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -158,6 +158,6 @@ public void testOperationWithNonStandardPort() throws Exception {
 
 		ep.commence(request, response);
 		assertThat(response.getRedirectedUrl()).isEqualTo(
-				"https://www.example.com:8888/bigWebApp/hello/pathInfo.html?open=true");
+				"http://localhost:8888/bigWebApp/hello/pathInfo.html?open=true");
 	}
 }

web/src/test/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPointTests.java

@@ -166,14 +166,14 @@ public void testNormalOperation() throws Exception {
 		request.setRequestURI("/some_path");
 		request.setContextPath("/bigWebApp");
 		request.setScheme("http");
-		request.setServerName("www.example.com");
+		request.setServerName("localhost");
 		request.setContextPath("/bigWebApp");
 		request.setServerPort(80);
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
 		ep.commence(request, response, null);
-		assertThat(response.getRedirectedUrl()).isEqualTo("https://www.example.com/bigWebApp/hello");
+		assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/bigWebApp/hello");
 	}
 
 	@Test
@@ -188,7 +188,7 @@ public void testOperationWhenHttpsRequestsButHttpsPortUnknown() throws Exception
 		request.setRequestURI("/some_path");
 		request.setContextPath("/bigWebApp");
 		request.setScheme("http");
-		request.setServerName("www.example.com");
+		request.setServerName("localhost");
 		request.setContextPath("/bigWebApp");
 		request.setServerPort(8888); // NB: Port we can't resolve
 
@@ -198,7 +198,7 @@ public void testOperationWhenHttpsRequestsButHttpsPortUnknown() throws Exception
 
 		// Response doesn't switch to HTTPS, as we didn't know HTTP port 8888 to HTTP port
 		// mapping
-		assertThat(response.getRedirectedUrl()).isEqualTo("https://www.example.com:8888/bigWebApp/hello");
+		assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost:8888/bigWebApp/hello");
 	}
 
 	@Test

web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java

@@ -41,7 +41,7 @@ public void nullRegularExpressionShouldLeadToException() {
 	@Test
 	public void subdomainMatchingRegularExpression() {
 		RegExpAllowFromStrategy strategy = new RegExpAllowFromStrategy(
-				"^http://([a-z0-9]*?\\.)test\\.com");
+				"^https://([a-z0-9]*?\\.)test\\.com");
 		strategy.setAllowFromParameterName("from");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 
@@ -53,15 +53,15 @@ public void subdomainMatchingRegularExpression() {
 		String result2 = strategy.getAllowFromValue(request);
 		assertThat(result2).isEqualTo("https://www.test.com");
 
-		request.setParameter("from", "http://test.foobar.com");
+		request.setParameter("from", "https://test.foobar.com");
 		String result3 = strategy.getAllowFromValue(request);
 		assertThat(result3).isEqualTo("DENY");
 	}
 
 	@Test
 	public void noParameterShouldDeny() {
 		RegExpAllowFromStrategy strategy = new RegExpAllowFromStrategy(
-				"^http://([a-z0-9]*?\\.)test\\.com");
+				"^https://([a-z0-9]*?\\.)test\\.com");
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		String result1 = strategy.getAllowFromValue(request);
 		assertThat(result1).isEqualTo("DENY");

web/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java

@@ -86,7 +86,7 @@ public void writeHttpHeadersWhenNullSchemeThenNoHeaders() {
 
 	@Test
 	public void writeHttpHeadersWhenHttpThenNoHeaders() {
-		exchange = exchange(MockServerHttpRequest.get("https://example.com/"));
+		exchange = exchange(MockServerHttpRequest.get("http://localhost/"));
 
 		hsts.writeHttpHeaders(exchange);