opensourceyouthprogramming
diff --git a/‎CODE_OF_CONDUCT.adoc
+2-2 b/‎CODE_OF_CONDUCT.adoc
+2-2
diff --git a/‎CONTRIBUTING.adoc
+7-7 b/‎CONTRIBUTING.adoc
+7-7
diff --git a/‎spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/reactive/CloudFoundryWebFluxEndpointIntegrationTests.java
+3-3 b/‎spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/reactive/CloudFoundryWebFluxEndpointIntegrationTests.java
+3-3
diff --git a/‎spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/reactive/ReactiveCloudFoundryActuatorAutoConfigurationTests.java
+11-11 b/‎spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/reactive/ReactiveCloudFoundryActuatorAutoConfigurationTests.java
+11-11
diff --git a/‎spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/reactive/ReactiveCloudFoundrySecurityInterceptorTests.java
+1-1 b/‎spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/reactive/ReactiveCloudFoundrySecurityInterceptorTests.java
+1-1
diff --git a/‎spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/reactive/ReactiveCloudFoundrySecurityServiceTests.java
+1-1 b/‎spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/reactive/ReactiveCloudFoundrySecurityServiceTests.java
+1-1
diff --git a/‎spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/reactive/ReactiveTokenValidatorTests.java
+1-1 b/‎spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/reactive/ReactiveTokenValidatorTests.java
+1-1
diff --git a/‎spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/CloudFoundryActuatorAutoConfigurationTests.java
+9-9 b/‎spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/CloudFoundryActuatorAutoConfigurationTests.java
+9-9
diff --git a/‎spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/CloudFoundryMvcWebEndpointIntegrationTests.java
+3-3 b/‎spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/CloudFoundryMvcWebEndpointIntegrationTests.java
+3-3
diff --git a/‎spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/CloudFoundrySecurityInterceptorTests.java
+1-1 b/‎spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/CloudFoundrySecurityInterceptorTests.java
+1-1
diff --git a/‎spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/CloudFoundrySecurityServiceTests.java
+4-4 b/‎spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/CloudFoundrySecurityServiceTests.java
+4-4
diff --git a/‎spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/TokenValidatorTests.java
+1-1 b/‎spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/TokenValidatorTests.java
+1-1
diff --git a/‎spring-boot-project/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/web/LinkTests.java
+3-3 b/‎spring-boot-project/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/web/LinkTests.java
+3-3
@@ -40,5 +40,5 @@ appropriate to the circumstances. Maintainers are obligated to maintain confiden
 with regard to the reporter of an incident.
 
 This Code of Conduct is adapted from the
-http://contributor-covenant.org[Contributor Covenant], version 1.3.0, available at
-http://contributor-covenant.org/version/1/3/0/[contributor-covenant.org/version/1/3/0/]
+https://contributor-covenant.org[Contributor Covenant], version 1.3.0, available at
+https://contributor-covenant.org/version/1/3/0/[contributor-covenant.org/version/1/3/0/]
@@ -66,7 +66,7 @@ added after the original pull request but before a merge.
 * A few unit tests would help a lot as well -- someone has to do it.
 * If no-one else is using your branch, please rebase it against the current master (or
   other target branch in the main project).
-* When writing a commit message please follow http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html[these conventions],
+* When writing a commit message please follow https://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html[these conventions],
   if you are fixing an existing issue please add `Fixes gh-XXXX` at the end of the commit
   message (where `XXXX` is the issue number).
 
@@ -75,15 +75,15 @@ added after the original pull request but before a merge.
 == Working with the Code
 If you don't have an IDE preference we would recommend that you use
 https://spring.io/tools/sts[Spring Tools Suite] or
-http://eclipse.org[Eclipse] when working with the code. We use the
-http://eclipse.org/m2e/[M2Eclipse] eclipse plugin for maven support. Other IDEs and tools
+https://eclipse.org[Eclipse] when working with the code. We use the
+https://eclipse.org/m2e/[M2Eclipse] eclipse plugin for maven support. Other IDEs and tools
 should also work without issue.
 
 
 
 === Building from Source
-Spring Boot source can be build from the command line using
-http://maven.apache.org/run-maven/index.html[Apache Maven] on JDK 1.8 or above.
+Spring Boot source can be built from the command line using
+https://maven.apache.org/run-maven/index.html[Apache Maven] on JDK 1.8 or above.
 We include '`Maven Wrapper`' scripts (`./mvnw` or `mvnw.bat`) that you can run rather
 than needing to install Maven locally.
 
@@ -148,7 +148,7 @@ Spring Boot includes a `.setup` files which can be used with the Eclipse Install
 provision a new environment. To use the installer:
 
 * Download and run the latest Eclipse Installer from
-  http://www.eclipse.org/downloads/[eclipse.org/downloads/] (under "Get Eclipse").
+  https://www.eclipse.org/downloads/[eclipse.org/downloads/] (under "Get Eclipse").
 * Switch to "Advanced Mode" using the drop down menu on the right.
 * Select "`Eclipse IDE for Java Developers`" under "`Eclipse.org`" as the product to
   install and click "`next`".
@@ -170,7 +170,7 @@ easier to navigate.
 
 ==== Manual Installation with M2Eclipse
 If you prefer to install Eclipse yourself you should use the
-http://eclipse.org/m2e/[M2Eclipse] eclipse plugin. If you don't already have m2eclipse
+https://eclipse.org/m2e/[M2Eclipse] eclipse plugin. If you don't already have m2eclipse
 installed it is available from the "Eclipse marketplace".
 
 Spring Boot includes project specific source formatting settings, in order to have these
 
@@ -112,9 +112,9 @@ public void responseToOptionsRequestIncludesCorsHeaders() {
 		this.contextRunner.run(withWebTestClient((client) -> client.options()
 				.uri("/cfApplication/test").accept(MediaType.APPLICATION_JSON)
 				.header("Access-Control-Request-Method", "POST")
-				.header("Origin", "http://example.com").exchange().expectStatus().isOk()
+				.header("Origin", "https://example.com").exchange().expectStatus().isOk()
 				.expectHeader()
-				.valueEquals("Access-Control-Allow-Origin", "http://example.com")
+				.valueEquals("Access-Control-Allow-Origin", "https://example.com")
 				.expectHeader().valueEquals("Access-Control-Allow-Methods", "GET,POST")));
 	}
 
@@ -203,7 +203,7 @@ public CloudFoundryWebFluxEndpointHandlerMapping cloudFoundryWebEndpointServletH
 				EndpointMediaTypes endpointMediaTypes,
 				CloudFoundrySecurityInterceptor interceptor) {
 			CorsConfiguration corsConfiguration = new CorsConfiguration();
-			corsConfiguration.setAllowedOrigins(Arrays.asList("http://example.com"));
+			corsConfiguration.setAllowedOrigins(Arrays.asList("https://example.com"));
 			corsConfiguration.setAllowedMethods(Arrays.asList("GET", "POST"));
 			return new CloudFoundryWebFluxEndpointHandlerMapping(
 					new EndpointMapping("/cfApplication"),
 
@@ -99,7 +99,7 @@ public void cloudFoundryPlatformActive() {
 		this.contextRunner
 				.withPropertyValues("VCAP_APPLICATION:---",
 						"vcap.application.application_id:my-app-id",
-						"vcap.application.cf_api:http://my-cloud-controller.com")
+						"vcap.application.cf_api:https://my-cloud-controller.com")
 				.run((context) -> {
 					CloudFoundryWebFluxEndpointHandlerMapping handlerMapping = getHandlerMapping(
 							context);
@@ -123,7 +123,7 @@ public void cloudfoundryapplicationProducesActuatorMediaType() {
 		this.contextRunner
 				.withPropertyValues("VCAP_APPLICATION:---",
 						"vcap.application.application_id:my-app-id",
-						"vcap.application.cf_api:http://my-cloud-controller.com")
+						"vcap.application.cf_api:https://my-cloud-controller.com")
 				.run((context) -> {
 					WebTestClient webTestClient = WebTestClient
 							.bindToApplicationContext(context).build();
@@ -137,7 +137,7 @@ public void cloudFoundryPlatformActiveSetsApplicationId() {
 		this.contextRunner
 				.withPropertyValues("VCAP_APPLICATION:---",
 						"vcap.application.application_id:my-app-id",
-						"vcap.application.cf_api:http://my-cloud-controller.com")
+						"vcap.application.cf_api:https://my-cloud-controller.com")
 				.run((context) -> {
 					CloudFoundryWebFluxEndpointHandlerMapping handlerMapping = getHandlerMapping(
 							context);
@@ -154,7 +154,7 @@ public void cloudFoundryPlatformActiveSetsCloudControllerUrl() {
 		this.contextRunner
 				.withPropertyValues("VCAP_APPLICATION:---",
 						"vcap.application.application_id:my-app-id",
-						"vcap.application.cf_api:http://my-cloud-controller.com")
+						"vcap.application.cf_api:https://my-cloud-controller.com")
 				.run((context) -> {
 					CloudFoundryWebFluxEndpointHandlerMapping handlerMapping = getHandlerMapping(
 							context);
@@ -165,7 +165,7 @@ public void cloudFoundryPlatformActiveSetsCloudControllerUrl() {
 					String cloudControllerUrl = (String) ReflectionTestUtils
 							.getField(interceptorSecurityService, "cloudControllerUrl");
 					assertThat(cloudControllerUrl)
-							.isEqualTo("http://my-cloud-controller.com");
+							.isEqualTo("https://my-cloud-controller.com");
 				});
 	}
 
@@ -190,7 +190,7 @@ public void cloudFoundryPathsIgnoredBySpringSecurity() {
 		this.contextRunner
 				.withPropertyValues("VCAP_APPLICATION:---",
 						"vcap.application.application_id:my-app-id",
-						"vcap.application.cf_api:http://my-cloud-controller.com")
+						"vcap.application.cf_api:https://my-cloud-controller.com")
 				.run((context) -> {
 					WebFilterChainProxy chainProxy = context
 							.getBean(WebFilterChainProxy.class);
@@ -237,7 +237,7 @@ public void allEndpointsAvailableUnderCloudFoundryWithoutEnablingWebIncludes() {
 		this.contextRunner.withUserConfiguration(TestConfiguration.class)
 				.withPropertyValues("VCAP_APPLICATION:---",
 						"vcap.application.application_id:my-app-id",
-						"vcap.application.cf_api:http://my-cloud-controller.com")
+						"vcap.application.cf_api:https://my-cloud-controller.com")
 				.run((context) -> {
 					CloudFoundryWebFluxEndpointHandlerMapping handlerMapping = getHandlerMapping(
 							context);
@@ -255,7 +255,7 @@ public void endpointPathCustomizationIsNotApplied() {
 		this.contextRunner.withUserConfiguration(TestConfiguration.class)
 				.withPropertyValues("VCAP_APPLICATION:---",
 						"vcap.application.application_id:my-app-id",
-						"vcap.application.cf_api:http://my-cloud-controller.com")
+						"vcap.application.cf_api:https://my-cloud-controller.com")
 				.run((context) -> {
 					CloudFoundryWebFluxEndpointHandlerMapping handlerMapping = getHandlerMapping(
 							context);
@@ -279,7 +279,7 @@ public void healthEndpointInvokerShouldBeCloudFoundryWebExtension() {
 						AutoConfigurations.of(HealthEndpointAutoConfiguration.class))
 				.withPropertyValues("VCAP_APPLICATION:---",
 						"vcap.application.application_id:my-app-id",
-						"vcap.application.cf_api:http://my-cloud-controller.com")
+						"vcap.application.cf_api:https://my-cloud-controller.com")
 				.run((context) -> {
 					Collection<ExposableWebEndpoint> endpoints = getHandlerMapping(
 							context).getEndpoints();
@@ -302,7 +302,7 @@ public void skipSslValidation() {
 						AutoConfigurations.of(HealthEndpointAutoConfiguration.class))
 				.withPropertyValues("VCAP_APPLICATION:---",
 						"vcap.application.application_id:my-app-id",
-						"vcap.application.cf_api:http://my-cloud-controller.com",
+						"vcap.application.cf_api:https://my-cloud-controller.com",
 						"management.cloudfoundry.skip-ssl-validation:true")
 				.run((context) -> {
 					CloudFoundryWebFluxEndpointHandlerMapping handlerMapping = getHandlerMapping(
@@ -325,7 +325,7 @@ public void sslValidationNotSkippedByDefault() {
 						AutoConfigurations.of(HealthEndpointAutoConfiguration.class))
 				.withPropertyValues("VCAP_APPLICATION:---",
 						"vcap.application.application_id:my-app-id",
-						"vcap.application.cf_api:http://my-cloud-controller.com")
+						"vcap.application.cf_api:https://my-cloud-controller.com")
 				.run((context) -> {
 					CloudFoundryWebFluxEndpointHandlerMapping handlerMapping = getHandlerMapping(
 							context);
 
@@ -61,7 +61,7 @@ public void setup() {
 	@Test
 	public void preHandleWhenRequestIsPreFlightShouldBeOk() {
 		MockServerWebExchange request = MockServerWebExchange.from(MockServerHttpRequest
-				.options("/a").header(HttpHeaders.ORIGIN, "http://example.com")
+				.options("/a").header(HttpHeaders.ORIGIN, "https://example.com")
 				.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET").build());
 		StepVerifier.create(this.interceptor.preHandle(request, "/a")).consumeNextWith(
 				(response) -> assertThat(response.getStatus()).isEqualTo(HttpStatus.OK))
 
@@ -46,7 +46,7 @@ public class ReactiveCloudFoundrySecurityServiceTests {
 	private static final String CLOUD_CONTROLLER_PERMISSIONS = CLOUD_CONTROLLER
 			+ "/v2/apps/my-app-id/permissions";
 
-	private static final String UAA_URL = "http://my-cloud-controller.com/uaa";
+	private static final String UAA_URL = "https://my-cloud-controller.com/uaa";
 
 	private ReactiveCloudFoundrySecurityService securityService;
 
 
@@ -255,7 +255,7 @@ public void validateTokenWhenExpiredShouldThrowException() throws Exception {
 	public void validateTokenWhenIssuerIsNotValidShouldThrowException() throws Exception {
 		given(this.securityService.fetchTokenKeys()).willReturn(Mono.just(VALID_KEYS));
 		given(this.securityService.getUaaUrl())
-				.willReturn(Mono.just("http://other-uaa.com"));
+				.willReturn(Mono.just("https://other-uaa.com"));
 		String header = "{ \"alg\": \"RS256\",  \"kid\": \"valid-key\", \"typ\": \"JWT\", \"scope\": [\"actuator.read\"]}";
 		String claims = "{ \"exp\": 2147483647, \"iss\": \"http://localhost:8080/uaa/oauth/token\", \"scope\": [\"foo.bar\"]}";
 		StepVerifier
 
@@ -85,7 +85,7 @@ public void cloudFoundryPlatformActive() {
 		this.contextRunner
 				.withPropertyValues("VCAP_APPLICATION:---",
 						"vcap.application.application_id:my-app-id",
-						"vcap.application.cf_api:http://my-cloud-controller.com")
+						"vcap.application.cf_api:https://my-cloud-controller.com")
 				.run((context) -> {
 					CloudFoundryWebEndpointServletHandlerMapping handlerMapping = getHandlerMapping(
 							context);
@@ -109,7 +109,7 @@ public void cloudfoundryapplicationProducesActuatorMediaType() throws Exception
 		this.contextRunner
 				.withPropertyValues("VCAP_APPLICATION:---",
 						"vcap.application.application_id:my-app-id",
-						"vcap.application.cf_api:http://my-cloud-controller.com")
+						"vcap.application.cf_api:https://my-cloud-controller.com")
 				.run((context) -> {
 					MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(context).build();
 					mockMvc.perform(get("/cloudfoundryapplication"))
@@ -123,7 +123,7 @@ public void cloudFoundryPlatformActiveSetsApplicationId() {
 		this.contextRunner
 				.withPropertyValues("VCAP_APPLICATION:---",
 						"vcap.application.application_id:my-app-id",
-						"vcap.application.cf_api:http://my-cloud-controller.com")
+						"vcap.application.cf_api:https://my-cloud-controller.com")
 				.run((context) -> {
 					CloudFoundryWebEndpointServletHandlerMapping handlerMapping = getHandlerMapping(
 							context);
@@ -140,7 +140,7 @@ public void cloudFoundryPlatformActiveSetsCloudControllerUrl() {
 		this.contextRunner
 				.withPropertyValues("VCAP_APPLICATION:---",
 						"vcap.application.application_id:my-app-id",
-						"vcap.application.cf_api:http://my-cloud-controller.com")
+						"vcap.application.cf_api:https://my-cloud-controller.com")
 				.run((context) -> {
 					CloudFoundryWebEndpointServletHandlerMapping handlerMapping = getHandlerMapping(
 							context);
@@ -151,7 +151,7 @@ public void cloudFoundryPlatformActiveSetsCloudControllerUrl() {
 					String cloudControllerUrl = (String) ReflectionTestUtils
 							.getField(interceptorSecurityService, "cloudControllerUrl");
 					assertThat(cloudControllerUrl)
-							.isEqualTo("http://my-cloud-controller.com");
+							.isEqualTo("https://my-cloud-controller.com");
 				});
 	}
 
@@ -160,7 +160,7 @@ public void skipSslValidation() {
 		this.contextRunner
 				.withPropertyValues("VCAP_APPLICATION:---",
 						"vcap.application.application_id:my-app-id",
-						"vcap.application.cf_api:http://my-cloud-controller.com",
+						"vcap.application.cf_api:https://my-cloud-controller.com",
 						"management.cloudfoundry.skip-ssl-validation:true")
 				.run((context) -> {
 					CloudFoundryWebEndpointServletHandlerMapping handlerMapping = getHandlerMapping(
@@ -230,7 +230,7 @@ public void allEndpointsAvailableUnderCloudFoundryWithoutExposeAllOnWeb() {
 		this.contextRunner.withUserConfiguration(TestConfiguration.class)
 				.withPropertyValues("VCAP_APPLICATION:---",
 						"vcap.application.application_id:my-app-id",
-						"vcap.application.cf_api:http://my-cloud-controller.com")
+						"vcap.application.cf_api:https://my-cloud-controller.com")
 				.run((context) -> {
 					CloudFoundryWebEndpointServletHandlerMapping handlerMapping = getHandlerMapping(
 							context);
@@ -248,7 +248,7 @@ public void endpointPathCustomizationIsNotApplied() {
 		this.contextRunner
 				.withPropertyValues("VCAP_APPLICATION:---",
 						"vcap.application.application_id:my-app-id",
-						"vcap.application.cf_api:http://my-cloud-controller.com",
+						"vcap.application.cf_api:https://my-cloud-controller.com",
 						"management.endpoints.web.path-mapping.test=custom")
 				.withUserConfiguration(TestConfiguration.class).run((context) -> {
 					CloudFoundryWebEndpointServletHandlerMapping handlerMapping = getHandlerMapping(
@@ -272,7 +272,7 @@ public void healthEndpointInvokerShouldBeCloudFoundryWebExtension() {
 		this.contextRunner
 				.withPropertyValues("VCAP_APPLICATION:---",
 						"vcap.application.application_id:my-app-id",
-						"vcap.application.cf_api:http://my-cloud-controller.com")
+						"vcap.application.cf_api:https://my-cloud-controller.com")
 				.withConfiguration(
 						AutoConfigurations.of(HealthIndicatorAutoConfiguration.class,
 								HealthEndpointAutoConfiguration.class))
 
@@ -97,9 +97,9 @@ public void responseToOptionsRequestIncludesCorsHeaders() {
 		load(TestEndpointConfiguration.class, (client) -> client.options()
 				.uri("/cfApplication/test").accept(MediaType.APPLICATION_JSON)
 				.header("Access-Control-Request-Method", "POST")
-				.header("Origin", "http://example.com").exchange().expectStatus().isOk()
+				.header("Origin", "https://example.com").exchange().expectStatus().isOk()
 				.expectHeader()
-				.valueEquals("Access-Control-Allow-Origin", "http://example.com")
+				.valueEquals("Access-Control-Allow-Origin", "https://example.com")
 				.expectHeader().valueEquals("Access-Control-Allow-Methods", "GET,POST"));
 	}
 
@@ -202,7 +202,7 @@ public CloudFoundryWebEndpointServletHandlerMapping cloudFoundryWebEndpointServl
 				EndpointMediaTypes endpointMediaTypes,
 				CloudFoundrySecurityInterceptor interceptor) {
 			CorsConfiguration corsConfiguration = new CorsConfiguration();
-			corsConfiguration.setAllowedOrigins(Arrays.asList("http://example.com"));
+			corsConfiguration.setAllowedOrigins(Arrays.asList("https://example.com"));
 			corsConfiguration.setAllowedMethods(Arrays.asList("GET", "POST"));
 			return new CloudFoundryWebEndpointServletHandlerMapping(
 					new EndpointMapping("/cfApplication"),
 
@@ -64,7 +64,7 @@ public void setup() {
 	@Test
 	public void preHandleWhenRequestIsPreFlightShouldReturnTrue() {
 		this.request.setMethod("OPTIONS");
-		this.request.addHeader(HttpHeaders.ORIGIN, "http://example.com");
+		this.request.addHeader(HttpHeaders.ORIGIN, "https://example.com");
 		this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
 		SecurityResponse response = this.interceptor.preHandle(this.request,
 				EndpointId.of("test"));
 
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2018 the original author or authors.
+ * Copyright 2012-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -49,12 +49,12 @@
  */
 public class CloudFoundrySecurityServiceTests {
 
-	private static final String CLOUD_CONTROLLER = "http://my-cloud-controller.com";
+	private static final String CLOUD_CONTROLLER = "https://my-cloud-controller.com";
 
 	private static final String CLOUD_CONTROLLER_PERMISSIONS = CLOUD_CONTROLLER
 			+ "/v2/apps/my-app-id/permissions";
 
-	private static final String UAA_URL = "http://my-uaa.com";
+	private static final String UAA_URL = "https://my-uaa.com";
 
 	private CloudFoundrySecurityService securityService;
 
@@ -148,7 +148,7 @@ public void getAccessLevelWhenCloudControllerIsNotReachableThrowsException() {
 	@Test
 	public void fetchTokenKeysWhenSuccessfulShouldReturnListOfKeysFromUAA() {
 		this.server.expect(requestTo(CLOUD_CONTROLLER + "/info"))
-				.andRespond(withSuccess("{\"token_endpoint\":\"http://my-uaa.com\"}",
+				.andRespond(withSuccess("{\"token_endpoint\":\"https://my-uaa.com\"}",
 						MediaType.APPLICATION_JSON));
 		String tokenKeyValue = "-----BEGIN PUBLIC KEY-----\n"
 				+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0m59l2u9iDnMbrXHfqkO\n"
 
@@ -179,7 +179,7 @@ public void validateTokenWhenExpiredShouldThrowException() throws Exception {
 	@Test
 	public void validateTokenWhenIssuerIsNotValidShouldThrowException() throws Exception {
 		given(this.securityService.fetchTokenKeys()).willReturn(VALID_KEYS);
-		given(this.securityService.getUaaUrl()).willReturn("http://other-uaa.com");
+		given(this.securityService.getUaaUrl()).willReturn("https://other-uaa.com");
 		String header = "{ \"alg\": \"RS256\",  \"kid\": \"valid-key\", \"typ\": \"JWT\", \"scope\": [\"actuator.read\"]}";
 		String claims = "{ \"exp\": 2147483647, \"iss\": \"http://localhost:8080/uaa/oauth/token\"}";
 		assertThatExceptionOfType(CloudFoundryAuthorizationException.class)
 
@@ -36,21 +36,21 @@ public void createWhenHrefIsNullShouldThrowException() {
 
 	@Test
 	public void getHrefShouldReturnHref() {
-		String href = "http://example.com";
+		String href = "https://example.com";
 		Link link = new Link(href);
 		assertThat(link.getHref()).isEqualTo(href);
 	}
 
 	@Test
 	public void isTemplatedWhenContainsPlaceholderShouldReturnTrue() {
-		String href = "http://example.com/{path}";
+		String href = "https://example.com/{path}";
 		Link link = new Link(href);
 		assertThat(link.isTemplated()).isTrue();
 	}
 
 	@Test
 	public void isTemplatedWhenContainsNoPlaceholderShouldReturnFalse() {
-		String href = "http://example.com/path";
+		String href = "https://example.com/path";
 		Link link = new Link(href);
 		assertThat(link.isTemplated()).isFalse();
 	}