Use HTTPS for external links wherever possible

See gh-16318

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/cloudfoundry/CloudFoundryActuatorAutoConfigurationTests.java

@@ -115,7 +115,7 @@ public class CloudFoundryActuatorAutoConfigurationTests {
 				"cloudFoundrySecurityService");
 		String cloudControllerUrl = (String) ReflectionTestUtils
 				.getField(interceptorSecurityService, "cloudControllerUrl");
-		assertThat(cloudControllerUrl).isEqualTo("http://my-cloud-controller.com");
+		assertThat(cloudControllerUrl).isEqualTo("https://my-cloud-controller.com");
 	}
 
 	@Test
@@ -189,7 +189,7 @@ public class CloudFoundryActuatorAutoConfigurationTests {
 	private CloudFoundryEndpointHandlerMapping getHandlerMapping() {
 		EnvironmentTestUtils.addEnvironment(this.context, "VCAP_APPLICATION:---",
 				"vcap.application.application_id:my-app-id",
-				"vcap.application.cf_api:http://my-cloud-controller.com");
+				"vcap.application.cf_api:https://my-cloud-controller.com");
 		this.context.refresh();
 		return this.context.getBean("cloudFoundryEndpointHandlerMapping",
 				CloudFoundryEndpointHandlerMapping.class);

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/cloudfoundry/CloudFoundrySecurityInterceptorTests.java

@@ -74,7 +74,7 @@ public class CloudFoundrySecurityInterceptorTests {
 	@Test
 	public void preHandleWhenRequestIsPreFlightShouldReturnTrue() throws Exception {
 		this.request.setMethod("OPTIONS");
-		this.request.addHeader(HttpHeaders.ORIGIN, "http://example.com");
+		this.request.addHeader(HttpHeaders.ORIGIN, "https://example.com");
 		this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
 		boolean preHandle = this.interceptor.preHandle(this.request, this.response,
 				this.handlerMethod);

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/cloudfoundry/CloudFoundrySecurityServiceTests.java

@@ -50,12 +50,12 @@ public class CloudFoundrySecurityServiceTests {
 	@Rule
 	public ExpectedException thrown = ExpectedException.none();
 
-	private static final String CLOUD_CONTROLLER = "http://my-cloud-controller.com";
+	private static final String CLOUD_CONTROLLER = "https://my-cloud-controller.com";
 
 	private static final String CLOUD_CONTROLLER_PERMISSIONS = CLOUD_CONTROLLER
 			+ "/v2/apps/my-app-id/permissions";
 
-	private static final String UAA_URL = "http://my-uaa.com";
+	private static final String UAA_URL = "https://my-uaa.com";
 
 	private CloudFoundrySecurityService securityService;
 
@@ -152,7 +152,7 @@ public class CloudFoundrySecurityServiceTests {
 	public void fetchTokenKeysWhenSuccessfulShouldReturnListOfKeysFromUAA()
 			throws Exception {
 		this.server.expect(requestTo(CLOUD_CONTROLLER + "/info"))
-				.andRespond(withSuccess("{\"token_endpoint\":\"http://my-uaa.com\"}",
+				.andRespond(withSuccess("{\"token_endpoint\":\"https://my-uaa.com\"}",
 						MediaType.APPLICATION_JSON));
 		String tokenKeyValue = "-----BEGIN PUBLIC KEY-----\n"
 				+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0m59l2u9iDnMbrXHfqkO\n"

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/cloudfoundry/TokenValidatorTests.java

@@ -182,7 +182,7 @@ public class TokenValidatorTests {
 	@Test
 	public void validateTokenWhenIssuerIsNotValidShouldThrowException() throws Exception {
 		given(this.securityService.fetchTokenKeys()).willReturn(VALID_KEYS);
-		given(this.securityService.getUaaUrl()).willReturn("http://other-uaa.com");
+		given(this.securityService.getUaaUrl()).willReturn("https://other-uaa.com");
 		String header = "{ \"alg\": \"RS256\",  \"kid\": \"valid-key\", \"typ\": \"JWT\", \"scope\": [\"actuator.read\"]}";
 		String claims = "{ \"exp\": 2147483647, \"iss\": \"http://localhost:8080/uaa/oauth/token\"}";
 		this.thrown

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/AbstractEndpointHandlerMappingTests.java

@@ -75,7 +75,7 @@ public abstract class AbstractEndpointHandlerMappingTests {
 		mapping.setSecurityInterceptor(securityInterceptor);
 		mapping.afterPropertiesSet();
 		MockHttpServletRequest request = request("POST", "/a");
-		request.addHeader("Origin", "http://example.com");
+		request.addHeader("Origin", "https://example.com");
 		assertThat(mapping.getHandler(request).getInterceptors().length).isEqualTo(3);
 		assertThat(mapping.getHandler(request).getInterceptors()[2])
 				.isEqualTo(securityInterceptor);

spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/MultipleResourceServerConfigurationTests.java

@@ -56,7 +56,7 @@ public class MultipleResourceServerConfigurationTests {
 		this.context = new AnnotationConfigWebApplicationContext();
 		this.context.register(DoubleResourceConfiguration.class);
 		EnvironmentTestUtils.addEnvironment(this.context,
-				"security.oauth2.resource.tokenInfoUri:http://example.com",
+				"security.oauth2.resource.tokenInfoUri:https://example.com",
 				"security.oauth2.client.clientId=acme");
 		this.context.refresh();
 		assertThat(this.context

spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfigurationTests.java

@@ -239,7 +239,7 @@ public class ResourceServerTokenServicesConfigurationTests {
 	@Test
 	public void customUserInfoRestTemplateFactory() {
 		EnvironmentTestUtils.addEnvironment(this.environment,
-				"security.oauth2.resource.userInfoUri:http://example.com");
+				"security.oauth2.resource.userInfoUri:https://example.com");
 		this.context = new SpringApplicationBuilder(
 				CustomUserInfoRestTemplateFactory.class, ResourceConfiguration.class)
 						.environment(this.environment).web(false).run();
@@ -420,7 +420,7 @@ public class ResourceServerTokenServicesConfigurationTests {
 
 		@Bean
 		public TokenStore tokenStore() {
-			return new JwkTokenStore("http://my.key-set.uri");
+			return new JwkTokenStore("https://my.key-set.uri");
 		}
 
 	}

spring-boot-docs/src/main/asciidoc/deployment.adoc

@@ -312,7 +312,7 @@ option : AWS Elastic Beanstalk.
 
 
 ==== AWS Elastic Beanstalk
-As described in the official http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_Java.html[Elastic
+As described in the official https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_Java.html[Elastic
 Beanstalk Java guide], there are two main options to deploy a Java application; You can
 either use the "`Tomcat Platform`" or the "`Java SE platform`".
 
@@ -356,7 +356,7 @@ binaries instead, add the following to your `.elasticbeanstalk/config.yml` file:
 ====== Reduce costs by setting the environment type
 By default an Elastic Beanstalk environment is load balanced. The load balancer has a cost
 perspective, to avoid it, set the environment type to "`Single instance`" as described
-http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/environments-create-wizard.html#environments-create-wizard-capacity[in the Amazon documentation].
+https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/environments-create-wizard.html#environments-create-wizard-capacity[in the Amazon documentation].
 Single instance environments can be created using the CLI as well using the following
 command:
 

spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc

@@ -3590,7 +3590,7 @@ persistence for the embedded mode:
 ====
 The Neo4j OGM embedded driver does not provide the Neo4j kernel. Users are expected to
 provide this dependency manually, see
-http://neo4j.com/docs/ogm-manual/current/reference/#reference:getting-started[the documentation]
+https://neo4j.com/docs/ogm-manual/current/reference/#reference:getting-started[the documentation]
 for more details.
 ====
 
@@ -4015,7 +4015,7 @@ If you need to customize connection settings you can use the `spring.ldap.base`
 ==== Spring Data LDAP repositories
 Spring Data includes repository support for LDAP. For complete details of Spring
 Data LDAP, refer to their
-http://docs.spring.io/spring-data/ldap/docs/1.0.x/reference/html/[reference documentation].
+https://docs.spring.io/spring-data/ldap/docs/1.0.x/reference/html/[reference documentation].
 
 You can also inject an auto-configured `LdapTemplate` instance as you would with any
 other Spring Bean.
@@ -4828,7 +4828,7 @@ reached.
 
 [[boot-features-kafka]]
 === Apache Kafka Support
-http://kafka.apache.org/[Apache Kafka] is supported by providing auto-configuration of the
+https://kafka.apache.org/[Apache Kafka] is supported by providing auto-configuration of the
 `spring-kafka` project.
 
 Kafka configuration is controlled by external configuration properties in

spring-boot-samples/spring-boot-sample-data-neo4j/README.adoc

@@ -12,5 +12,5 @@ spring.data.neo4j.password=secret
 You can also locally add the embedded driver to embed Neo4j instead. Note
 that Spring Boot does not provide dependency management for that GPL-licensed
 library, see
-http://docs.spring.io/spring-data/neo4j/docs/4.2.x/reference/html/#reference.getting_started.driver[the official documentation]
+https://docs.spring.io/spring-data/neo4j/docs/4.2.x/reference/html/#reference.getting_started.driver[the official documentation]
 for more details.

spring-boot-samples/spring-boot-sample-websocket-jetty93/src/main/resources/static/snake.html

@@ -16,7 +16,7 @@ limitations under the License.
 -->
 
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-		"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+		"https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
 	<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>

spring-boot-starters/README.adoc

@@ -31,7 +31,7 @@ do as they were designed before this was clarified.
 | https://qpid.apache.org/components/jms/[Apache Qpid]
 | https://github.com/amqphub/amqp-10-jms-spring-boot
 
-| http://wicket.apache.org/[Apache Wicket]
+| https://wicket.apache.org/[Apache Wicket]
 | https://github.com/MarcGiffing/wicket-spring-boot
 
 | https://camunda.org/[Camunda BPM]
@@ -82,7 +82,7 @@ do as they were designed before this was clarified.
 | JSF (https://primefaces.org/[PrimeFaces], https://primefaces-extensions.github.io/[PrimeFaces Extensions], https://bootsfaces.net/[BootsFaces], https://github.com/ButterFaces/ButterFaces[ButterFaces], https://omnifaces.org/[OmniFaces], https://angularfaces.net/[AngularFaces], https://javaserverfaces.java.net/[Mojarra] and https://myfaces.apache.org[MyFaces])
 | https://github.com/joinfaces/joinfaces
 
-| http://log4jdbc.brunorozendo.com/[Log4jdbc]
+| https://log4jdbc.brunorozendo.com/[Log4jdbc]
 | https://github.com/candrews/log4jdbc-spring-boot-starter
 
 | https://logback.qos.ch/access.html[Logback-access]
@@ -109,7 +109,7 @@ do as they were designed before this was clarified.
 | https://square.github.io/okhttp/[OkHttp]
 | https://github.com/freefair/okhttp-spring-boot
 
-| http://orika-mapper.github.io/orika-docs/[Orika]
+| https://orika-mapper.github.io/orika-docs/[Orika]
 | https://github.com/akihyro/orika-spring-boot-starter
 
 | https://resteasy.jboss.org/[RESTEasy]
@@ -127,7 +127,7 @@ do as they were designed before this was clarified.
 | https://github.com/StripesFramework/stripes[Stripes]
 | https://github.com/juanpablo-santos/stripes-spring-boot
 
-| http://teiid.org/[Teiid]
+| https://teiid.github.io/teiid.io/[Teiid]
 | https://github.com/teiid/teiid-spring-boot
 
 | https://vaadin.com/[Vaadin]

spring-boot-tools/spring-boot-configuration-processor/src/json-shade/java/org/springframework/boot/configurationprocessor/json/JSONTokener.java

@@ -19,7 +19,7 @@ package org.springframework.boot.configurationprocessor.json;
 // Note: this class was written without inspecting the non-free org.json sourcecode.
 
 /**
- * Parses a JSON (<a href="http://www.ietf.org/rfc/rfc4627.txt">RFC 4627</a>) encoded
+ * Parses a JSON (<a href="https://www.ietf.org/rfc/rfc4627.txt">RFC 4627</a>) encoded
  * string into the corresponding object. Most clients of this class will use only need the
  * {@link #JSONTokener(String) constructor} and {@link #nextValue} method. Example usage:
  * <pre>