Merge pull request #22839 from rwinch

* pr/22839:
  Polish "Add nohttp to build"
  Add nohttp to build
  BeanDefinitionParserDelegate uses http://www.springframework.org/schema/
  Fix http URLs

Closes gh-22839

build.gradle

@@ -4,6 +4,7 @@ buildscript {
 	}
 	dependencies {
 		classpath("io.spring.gradle:propdeps-plugin:0.0.9.RELEASE")
+		classpath("io.spring.nohttp:nohttp-gradle:0.0.3.RELEASE")
 		classpath("org.asciidoctor:asciidoctorj-pdf:1.5.0-alpha.16")
 	}
 }
@@ -252,9 +253,21 @@ configure(rootProject) {
 	description = "Spring Framework"
 
 	apply plugin: "groovy"
+	apply plugin: "io.spring.nohttp"
 	apply from: "${gradleScriptDir}/jdiff.gradle"
 	apply from: "${gradleScriptDir}/docs.gradle"
 
+	nohttp {
+		source.exclude "**/test-output/**"
+		whitelistFile = project.file("src/nohttp/whitelist.lines")
+		def projectDirURI = project.projectDir.toURI()
+		allprojects.forEach { p ->
+			def outURI = p.file("out").toURI()
+			def pattern = projectDirURI.relativize(outURI).path + "**"
+			source.exclude pattern
+		}
+	}
+
 	dependencyManagement {
 		imports {
 			mavenBom "io.projectreactor:reactor-bom:${reactorVersion}"

spring-beans/src/main/java/org/springframework/beans/factory/xml/BeanDefinitionParserDelegate.java

@@ -1406,7 +1406,7 @@ public class BeanDefinitionParserDelegate {
 					return decorated;
 				}
 			}
-			else if (namespaceUri.startsWith("http://www.springframework.org/")) {
+			else if (namespaceUri.startsWith("http://www.springframework.org/schema/")) {
 				error("Unable to locate Spring NamespaceHandler for XML schema namespace [" + namespaceUri + "]", node);
 			}
 			else {

spring-test/src/main/java/org/springframework/test/web/servlet/htmlunit/HostRequestMatcher.java

@@ -41,11 +41,11 @@ import com.gargoylesoftware.htmlunit.WebRequest;
  * <p>Alternatively, one can also specify the port. For example, the following would match
  * any request to the host {@code "code.jquery.com"} with the port of {@code 80}.
  *
- * <pre class="code">WebRequestMatcher cdnMatcher = new HostMatcher("code.jquery.com:80");</pre>
+ * <pre class="code">WebRequestMatcher cdnMatcher = new HostMatcher("code.jquery.example:80");</pre>
  *
- * <p>The above {@code cdnMatcher} would match {@code "http://code.jquery.com/jquery.js"}
+ * <p>The above {@code cdnMatcher} would match {@code "http://code.jquery.example/jquery.js"}
- * which has a default port of {@code 80} and {@code "http://code.jquery.com:80/jquery.js"}.
+ * which has a default port of {@code 80} and {@code "http://code.jquery.example:80/jquery.js"}.
- * However, it would not match {@code "https://code.jquery.com/jquery.js"}
+ * However, it would not match {@code "https://code.jquery.example/jquery.js"}
  * which has a default port of {@code 443}.
  *
  * @author Rob Winch

spring-test/src/test/java/org/springframework/test/web/client/match/MockRestRequestMatchersTests.java

@@ -42,30 +42,30 @@ public class MockRestRequestMatchersTests {
 
 	@Test
 	public void requestTo() throws Exception {
-		this.request.setURI(new URI("http://www.foo.com/bar"));
+		this.request.setURI(new URI("http://www.foo.example/bar"));
 
-		MockRestRequestMatchers.requestTo("http://www.foo.com/bar").match(this.request);
+		MockRestRequestMatchers.requestTo("http://www.foo.example/bar").match(this.request);
 	}
 
 	@Test  // SPR-15819
 	public void requestToUriTemplate() throws Exception {
-		this.request.setURI(new URI("http://www.foo.com/bar"));
+		this.request.setURI(new URI("http://www.foo.example/bar"));
 
-		MockRestRequestMatchers.requestToUriTemplate("http://www.foo.com/{bar}", "bar").match(this.request);
+		MockRestRequestMatchers.requestToUriTemplate("http://www.foo.example/{bar}", "bar").match(this.request);
 	}
 
 	@Test
 	public void requestToNoMatch() throws Exception {
-		this.request.setURI(new URI("http://www.foo.com/bar"));
+		this.request.setURI(new URI("http://www.foo.example/bar"));
 
 		assertThatThrownBy(
-			() -> MockRestRequestMatchers.requestTo("http://www.foo.com/wrong").match(this.request))
+			() -> MockRestRequestMatchers.requestTo("http://www.foo.example/wrong").match(this.request))
 				.isInstanceOf(AssertionError.class);
 	}
 
 	@Test
 	public void requestToContains() throws Exception {
-		this.request.setURI(new URI("http://www.foo.com/bar"));
+		this.request.setURI(new URI("http://www.foo.example/bar"));
 
 		MockRestRequestMatchers.requestTo(containsString("bar")).match(this.request);
 	}
@@ -157,14 +157,14 @@ public class MockRestRequestMatchersTests {
 
 	@Test
 	public void queryParam() throws Exception {
-		this.request.setURI(new URI("http://www.foo.com/a?foo=bar&foo=baz"));
+		this.request.setURI(new URI("http://www.foo.example/a?foo=bar&foo=baz"));
 
 		MockRestRequestMatchers.queryParam("foo", "bar", "baz").match(this.request);
 	}
 
 	@Test
 	public void queryParamMissing() throws Exception {
-		this.request.setURI(new URI("http://www.foo.com/a"));
+		this.request.setURI(new URI("http://www.foo.example/a"));
 
 		assertThatThrownBy(() -> MockRestRequestMatchers.queryParam("foo", "bar").match(this.request))
 			.isInstanceOf(AssertionError.class)
@@ -173,7 +173,7 @@ public class MockRestRequestMatchersTests {
 
 	@Test
 	public void queryParamMissingValue() throws Exception {
-		this.request.setURI(new URI("http://www.foo.com/a?foo=bar&foo=baz"));
+		this.request.setURI(new URI("http://www.foo.example/a?foo=bar&foo=baz"));
 
 		assertThatThrownBy(() -> MockRestRequestMatchers.queryParam("foo", "bad").match(this.request))
 			.isInstanceOf(AssertionError.class)
@@ -182,14 +182,14 @@ public class MockRestRequestMatchersTests {
 
 	@Test
 	public void queryParamContains() throws Exception {
-		this.request.setURI(new URI("http://www.foo.com/a?foo=bar&foo=baz"));
+		this.request.setURI(new URI("http://www.foo.example/a?foo=bar&foo=baz"));
 
 		MockRestRequestMatchers.queryParam("foo", containsString("ba")).match(this.request);
 	}
 
 	@Test
 	public void queryParamContainsWithMissingValue() throws Exception {
-		this.request.setURI(new URI("http://www.foo.com/a?foo=bar&foo=baz"));
+		this.request.setURI(new URI("http://www.foo.example/a?foo=bar&foo=baz"));
 
 		assertThatThrownBy(() -> MockRestRequestMatchers.queryParam("foo", containsString("bx")).match(this.request))
 			.isInstanceOf(AssertionError.class)

spring-test/src/test/java/org/springframework/test/web/servlet/htmlunit/HostRequestMatcherTests.java

@@ -31,14 +31,14 @@ public class HostRequestMatcherTests extends AbstractWebRequestMatcherTests {
 	public void localhost() throws Exception {
 		WebRequestMatcher matcher = new HostRequestMatcher("localhost");
 		assertMatches(matcher, "http://localhost/jquery-1.11.0.min.js");
-		assertDoesNotMatch(matcher, "http://example.com/jquery-1.11.0.min.js");
+		assertDoesNotMatch(matcher, "http://company.example/jquery-1.11.0.min.js");
 	}
 
 	@Test
 	public void multipleHosts() throws Exception {
 		WebRequestMatcher matcher = new HostRequestMatcher("localhost", "example.com");
 		assertMatches(matcher, "http://localhost/jquery-1.11.0.min.js");
-		assertMatches(matcher, "http://example.com/jquery-1.11.0.min.js");
+		assertMatches(matcher, "https://example.com/jquery-1.11.0.min.js");
 	}
 
 	@Test

spring-test/src/test/java/org/springframework/test/web/servlet/htmlunit/HtmlUnitRequestBuilderTests.java

@@ -71,7 +71,7 @@ public class HtmlUnitRequestBuilderTests {
 
 	@Before
 	public void setup() throws Exception {
-		webRequest = new WebRequest(new URL("http://example.com:80/test/this/here"));
+		webRequest = new WebRequest(new URL("https://example.com/test/this/here"));
 		webRequest.setHttpMethod(HttpMethod.GET);
 		requestBuilder = new HtmlUnitRequestBuilder(sessions, webClient, webRequest);
 	}
@@ -174,7 +174,7 @@ public class HtmlUnitRequestBuilderTests {
 
 	@Test
 	public void buildRequestContextPathUsesNoFirstSegmentWithDefault() throws MalformedURLException {
-		webRequest.setUrl(new URL("http://example.com/"));
+		webRequest.setUrl(new URL("https://example.com/"));
 		String contextPath = requestBuilder.buildRequest(servletContext).getContextPath();
 
 		assertThat(contextPath).isEqualTo("");
@@ -342,7 +342,8 @@ public class HtmlUnitRequestBuilderTests {
 	}
 
 	@Test
-	public void buildRequestLocalPort() {
+	public void buildRequestLocalPort() throws Exception {
+		webRequest.setUrl(new URL("http://localhost:80/test/this/here"));
 		MockHttpServletRequest actualRequest = requestBuilder.buildRequest(servletContext);
 
 		assertThat(actualRequest.getLocalPort()).isEqualTo(80);
@@ -599,6 +600,7 @@ public class HtmlUnitRequestBuilderTests {
 
 	@Test
 	public void buildRequestRemotePort() throws Exception {
+		webRequest.setUrl(new URL("http://localhost:80/test/this/here"));
 		MockHttpServletRequest actualRequest = requestBuilder.buildRequest(servletContext);
 
 		assertThat(actualRequest.getRemotePort()).isEqualTo(80);
@@ -615,7 +617,7 @@ public class HtmlUnitRequestBuilderTests {
 
 	@Test
 	public void buildRequestRemotePort80WithDefault() throws Exception {
-		webRequest.setUrl(new URL("http://example.com/"));
+		webRequest.setUrl(new URL("http://company.example/"));
 
 		MockHttpServletRequest actualRequest = requestBuilder.buildRequest(servletContext);
 
@@ -647,11 +649,12 @@ public class HtmlUnitRequestBuilderTests {
 	@Test
 	public void buildRequestUrl() {
 		String uri = requestBuilder.buildRequest(servletContext).getRequestURL().toString();
-		assertThat(uri).isEqualTo("http://example.com/test/this/here");
+		assertThat(uri).isEqualTo("https://example.com/test/this/here");
 	}
 
 	@Test
 	public void buildRequestSchemeHttp() throws Exception {
+		webRequest.setUrl(new URL("http://localhost:80/test/this/here"));
 		MockHttpServletRequest actualRequest = requestBuilder.buildRequest(servletContext);
 
 		assertThat(actualRequest.getScheme()).isEqualTo("http");
@@ -674,6 +677,7 @@ public class HtmlUnitRequestBuilderTests {
 
 	@Test
 	public void buildRequestServerPort() throws Exception {
+		webRequest.setUrl(new URL("http://localhost:80/test/this/here"));
 		MockHttpServletRequest actualRequest = requestBuilder.buildRequest(servletContext);
 
 		assertThat(actualRequest.getServerPort()).isEqualTo(80);

spring-test/src/test/java/org/springframework/test/web/servlet/htmlunit/MockMvcConnectionBuilderSupportTests.java

@@ -108,13 +108,13 @@ public class MockMvcConnectionBuilderSupportTests {
 
 		assertMockMvcUsed(conn, "http://localhost/");
 		assertMockMvcUsed(conn, "https://example.com/");
-		assertMockMvcNotUsed(conn, "http://other.com/");
+		assertMockMvcNotUsed(conn, "http://other.example/");
 	}
 
 	@Test
 	public void mockMvcAlwaysUseMockMvc() throws Exception {
 		WebConnection conn = this.builder.alwaysUseMockMvc().createConnection(this.client);
-		assertMockMvcUsed(conn, "http://other.com/");
+		assertMockMvcUsed(conn, "http://other.example/");
 	}
 
 	@Test

spring-test/src/test/java/org/springframework/test/web/servlet/htmlunit/MockWebResponseBuilderTests.java

@@ -50,7 +50,7 @@ public class MockWebResponseBuilderTests {
 
 	@Before
 	public void setup() throws Exception {
-		this.webRequest = new WebRequest(new URL("http://example.com:80/test/this/here"));
+		this.webRequest = new WebRequest(new URL("http://company.example:80/test/this/here"));
 		this.responseBuilder = new MockWebResponseBuilder(System.currentTimeMillis(), this.webRequest, this.response);
 	}
 
@@ -66,7 +66,7 @@ public class MockWebResponseBuilderTests {
 	@Test
 	public void constructorWithNullResponse() throws Exception {
 		assertThatIllegalArgumentException().isThrownBy(() ->
-				new MockWebResponseBuilder(0L, new WebRequest(new URL("http://example.com:80/test/this/here")), null));
+				new MockWebResponseBuilder(0L, new WebRequest(new URL("http://company.example:80/test/this/here")), null));
 	}
 
 

spring-web/src/test/java/org/springframework/http/server/ServletServerHttpRequestTests.java

@@ -81,18 +81,22 @@ public class ServletServerHttpRequestTests {
 
 	@Test  // SPR-16414
 	public void getUriWithQueryParam() throws URISyntaxException {
+		mockRequest.setScheme("https");
+		mockRequest.setServerPort(443);
 		mockRequest.setServerName("example.com");
 		mockRequest.setRequestURI("/path");
 		mockRequest.setQueryString("query=foo");
-		assertThat(request.getURI()).isEqualTo(new URI("http://example.com/path?query=foo"));
+		assertThat(request.getURI()).isEqualTo(new URI("https://example.com/path?query=foo"));
 	}
 
 	@Test  // SPR-16414
 	public void getUriWithMalformedQueryParam() throws URISyntaxException {
+		mockRequest.setScheme("https");
+		mockRequest.setServerPort(443);
 		mockRequest.setServerName("example.com");
 		mockRequest.setRequestURI("/path");
 		mockRequest.setQueryString("query=foo%%x");
-		assertThat(request.getURI()).isEqualTo(new URI("http://example.com/path"));
+		assertThat(request.getURI()).isEqualTo(new URI("https://example.com/path"));
 	}
 
 	@Test  // SPR-13876

spring-web/src/test/java/org/springframework/web/cors/DefaultCorsProcessorTests.java

@@ -50,7 +50,7 @@ public class DefaultCorsProcessorTests {
 	public void setup() {
 		this.request = new MockHttpServletRequest();
 		this.request.setRequestURI("/test.html");
-		this.request.setServerName("domain1.com");
+		this.request.setServerName("domain1.example");
 		this.conf = new CorsConfiguration();
 		this.response = new MockHttpServletResponse();
 		this.response.setStatus(HttpServletResponse.SC_OK);
@@ -71,7 +71,7 @@ public class DefaultCorsProcessorTests {
 	@Test
 	public void sameOriginRequest() throws Exception {
 		this.request.setMethod(HttpMethod.GET.name());
-		this.request.addHeader(HttpHeaders.ORIGIN, "http://domain1.com");
+		this.request.addHeader(HttpHeaders.ORIGIN, "http://domain1.example");
 
 		this.processor.processRequest(this.conf, this.request, this.response);
 		assertThat(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)).isFalse();
@@ -124,7 +124,7 @@ public class DefaultCorsProcessorTests {
 		this.request.addHeader(HttpHeaders.ORIGIN, "https://domain2.com");
 		this.conf.addAllowedOrigin("https://domain1.com");
 		this.conf.addAllowedOrigin("https://domain2.com");
-		this.conf.addAllowedOrigin("http://domain3.com");
+		this.conf.addAllowedOrigin("http://domain3.example");
 		this.conf.setAllowCredentials(true);
 
 		this.processor.processRequest(this.conf, this.request, this.response);
@@ -296,7 +296,7 @@ public class DefaultCorsProcessorTests {
 		this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Header1");
 		this.conf.addAllowedOrigin("https://domain1.com");
 		this.conf.addAllowedOrigin("https://domain2.com");
-		this.conf.addAllowedOrigin("http://domain3.com");
+		this.conf.addAllowedOrigin("http://domain3.example");
 		this.conf.addAllowedHeader("Header1");
 		this.conf.setAllowCredentials(true);
 
@@ -318,7 +318,7 @@ public class DefaultCorsProcessorTests {
 		this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Header1");
 		this.conf.addAllowedOrigin("https://domain1.com");
 		this.conf.addAllowedOrigin("*");
-		this.conf.addAllowedOrigin("http://domain3.com");
+		this.conf.addAllowedOrigin("http://domain3.example");
 		this.conf.addAllowedHeader("Header1");
 		this.conf.setAllowCredentials(true);
 

spring-web/src/test/java/org/springframework/web/cors/reactive/CorsUtilsTests.java

@@ -39,7 +39,7 @@ public class CorsUtilsTests {
 
 	@Test
 	public void isCorsRequest() {
-		ServerHttpRequest request = get("http://domain.com/").header(HttpHeaders.ORIGIN, "https://domain.com").build();
+		ServerHttpRequest request = get("http://domain.example/").header(HttpHeaders.ORIGIN, "https://domain.com").build();
 		assertThat(CorsUtils.isCorsRequest(request)).isTrue();
 	}
 
@@ -69,32 +69,32 @@ public class CorsUtilsTests {
 
 	@Test  // SPR-16262
 	public void isSameOriginWithXForwardedHeaders() {
-		String server = "mydomain1.com";
+		String server = "mydomain1.example";
-		testWithXForwardedHeaders(server, -1, "https", null, -1, "https://mydomain1.com");
+		testWithXForwardedHeaders(server, -1, "https", null, -1, "https://mydomain1.example");
-		testWithXForwardedHeaders(server, 123, "https", null, -1, "https://mydomain1.com");
+		testWithXForwardedHeaders(server, 123, "https", null, -1, "https://mydomain1.example");
-		testWithXForwardedHeaders(server, -1, "https", "mydomain2.com", -1, "https://mydomain2.com");
+		testWithXForwardedHeaders(server, -1, "https", "mydomain2.example", -1, "https://mydomain2.example");
-		testWithXForwardedHeaders(server, 123, "https", "mydomain2.com", -1, "https://mydomain2.com");
+		testWithXForwardedHeaders(server, 123, "https", "mydomain2.example", -1, "https://mydomain2.example");
-		testWithXForwardedHeaders(server, -1, "https", "mydomain2.com", 456, "https://mydomain2.com:456");
+		testWithXForwardedHeaders(server, -1, "https", "mydomain2.example", 456, "https://mydomain2.example:456");
-		testWithXForwardedHeaders(server, 123, "https", "mydomain2.com", 456, "https://mydomain2.com:456");
+		testWithXForwardedHeaders(server, 123, "https", "mydomain2.example", 456, "https://mydomain2.example:456");
 	}
 
 	@Test  // SPR-16262
 	public void isSameOriginWithForwardedHeader() {
-		String server = "mydomain1.com";
+		String server = "mydomain1.example";
-		testWithForwardedHeader(server, -1, "proto=https", "https://mydomain1.com");
+		testWithForwardedHeader(server, -1, "proto=https", "https://mydomain1.example");
-		testWithForwardedHeader(server, 123, "proto=https", "https://mydomain1.com");
+		testWithForwardedHeader(server, 123, "proto=https", "https://mydomain1.example");
-		testWithForwardedHeader(server, -1, "proto=https; host=mydomain2.com", "https://mydomain2.com");
+		testWithForwardedHeader(server, -1, "proto=https; host=mydomain2.example", "https://mydomain2.example");
-		testWithForwardedHeader(server, 123, "proto=https; host=mydomain2.com", "https://mydomain2.com");
+		testWithForwardedHeader(server, 123, "proto=https; host=mydomain2.example", "https://mydomain2.example");
-		testWithForwardedHeader(server, -1, "proto=https; host=mydomain2.com:456", "https://mydomain2.com:456");
+		testWithForwardedHeader(server, -1, "proto=https; host=mydomain2.example:456", "https://mydomain2.example:456");
-		testWithForwardedHeader(server, 123, "proto=https; host=mydomain2.com:456", "https://mydomain2.com:456");
+		testWithForwardedHeader(server, 123, "proto=https; host=mydomain2.example:456", "https://mydomain2.example:456");
 	}
 
 	@Test  // SPR-16362
 	@SuppressWarnings("deprecation")
 	public void isSameOriginWithDifferentSchemes() {
 		MockServerHttpRequest request = MockServerHttpRequest
-				.get("http://mydomain1.com")
+				.get("http://mydomain1.example")
-				.header(HttpHeaders.ORIGIN, "https://mydomain1.com")
+				.header(HttpHeaders.ORIGIN, "https://mydomain1.example")
 				.build();
 		assertThat(CorsUtils.isSameOrigin(request)).isFalse();
 	}

spring-web/src/test/java/org/springframework/web/cors/reactive/DefaultCorsProcessorTests.java

@@ -58,7 +58,7 @@ public class DefaultCorsProcessorTests {
 	@Test
 	public void requestWithoutOriginHeader() throws Exception {
 		MockServerHttpRequest request = MockServerHttpRequest
-				.method(HttpMethod.GET, "http://domain1.com/test.html")
+				.method(HttpMethod.GET, "http://domain1.example/test.html")
 				.build();
 		ServerWebExchange exchange = MockServerWebExchange.from(request);
 		this.processor.process(this.conf, exchange);
@@ -73,8 +73,8 @@ public class DefaultCorsProcessorTests {
 	@Test
 	public void sameOriginRequest() throws Exception {
 		MockServerHttpRequest request = MockServerHttpRequest
-				.method(HttpMethod.GET, "http://domain1.com/test.html")
+				.method(HttpMethod.GET, "http://domain1.example/test.html")
-				.header(HttpHeaders.ORIGIN, "http://domain1.com")
+				.header(HttpHeaders.ORIGIN, "http://domain1.example")
 				.build();
 		ServerWebExchange exchange = MockServerWebExchange.from(request);
 		this.processor.process(this.conf, exchange);
@@ -129,7 +129,7 @@ public class DefaultCorsProcessorTests {
 		ServerWebExchange exchange = actualRequest();
 		this.conf.addAllowedOrigin("https://domain1.com");
 		this.conf.addAllowedOrigin("https://domain2.com");
-		this.conf.addAllowedOrigin("http://domain3.com");
+		this.conf.addAllowedOrigin("http://domain3.example");
 		this.conf.setAllowCredentials(true);
 		this.processor.process(this.conf, exchange);
 
@@ -306,7 +306,7 @@ public class DefaultCorsProcessorTests {
 
 		this.conf.addAllowedOrigin("https://domain1.com");
 		this.conf.addAllowedOrigin("https://domain2.com");
-		this.conf.addAllowedOrigin("http://domain3.com");
+		this.conf.addAllowedOrigin("http://domain3.example");
 		this.conf.addAllowedHeader("Header1");
 		this.conf.setAllowCredentials(true);
 
@@ -330,7 +330,7 @@ public class DefaultCorsProcessorTests {
 
 		this.conf.addAllowedOrigin("https://domain1.com");
 		this.conf.addAllowedOrigin("*");
-		this.conf.addAllowedOrigin("http://domain3.com");
+		this.conf.addAllowedOrigin("http://domain3.example");
 		this.conf.addAllowedHeader("Header1");
 		this.conf.setAllowCredentials(true);
 

spring-web/src/test/java/org/springframework/web/filter/ForwardedHeaderFilterTests.java

@@ -313,7 +313,7 @@ public class ForwardedHeaderFilterTests {
 	public void forwardedRequestWithServletForward() throws Exception {
 		this.request.setRequestURI("/foo");
 		this.request.addHeader(X_FORWARDED_PROTO, "https");
-		this.request.addHeader(X_FORWARDED_HOST, "www.mycompany.com");
+		this.request.addHeader(X_FORWARDED_HOST, "www.mycompany.example");
 		this.request.addHeader(X_FORWARDED_PORT, "443");
 
 		this.filter.doFilter(this.request, new MockHttpServletResponse(), this.filterChain);
@@ -328,7 +328,7 @@ public class ForwardedHeaderFilterTests {
 
 		assertThat(actual).isNotNull();
 		assertThat(actual.getRequestURI()).isEqualTo("/bar");
-		assertThat(actual.getRequestURL().toString()).isEqualTo("https://www.mycompany.com/bar");
+		assertThat(actual.getRequestURL().toString()).isEqualTo("https://www.mycompany.example/bar");
 	}
 
 	@Test
@@ -440,7 +440,7 @@ public class ForwardedHeaderFilterTests {
 		this.request.addHeader(X_FORWARDED_HOST, "example.com");
 		this.request.addHeader(X_FORWARDED_PORT, "443");
 
-		String location = "http://example.org/foo/bar";
+		String location = "http://company.example/foo/bar";
 		String redirectedUrl = sendRedirect(location);
 		assertThat(redirectedUrl).isEqualTo(location);
 	}

spring-web/src/test/java/org/springframework/web/util/DefaultUriBuilderFactoryTests.java

@@ -49,31 +49,31 @@ public class DefaultUriBuilderFactoryTests {
 
 	@Test
 	public void baseUri() {
-		DefaultUriBuilderFactory factory = new DefaultUriBuilderFactory("https://foo.com/v1?id=123");
+		DefaultUriBuilderFactory factory = new DefaultUriBuilderFactory("https://foo.example/v1?id=123");
 		URI uri = factory.uriString("/bar").port(8080).build();
-		assertThat(uri.toString()).isEqualTo("https://foo.com:8080/v1/bar?id=123");
+		assertThat(uri.toString()).isEqualTo("https://foo.example:8080/v1/bar?id=123");
 	}
 
 	@Test
 	public void baseUriWithFullOverride() {
-		DefaultUriBuilderFactory factory = new DefaultUriBuilderFactory("https://foo.com/v1?id=123");
+		DefaultUriBuilderFactory factory = new DefaultUriBuilderFactory("https://foo.example/v1?id=123");
 		URI uri = factory.uriString("https://example.com/1/2").build();
 		assertThat(uri.toString()).as("Use of host should case baseUri to be completely ignored").isEqualTo("https://example.com/1/2");
 	}
 
 	@Test
 	public void baseUriWithPathOverride() {
-		DefaultUriBuilderFactory factory = new DefaultUriBuilderFactory("https://foo.com/v1");
+		DefaultUriBuilderFactory factory = new DefaultUriBuilderFactory("https://foo.example/v1");
 		URI uri = factory.builder().replacePath("/baz").build();
-		assertThat(uri.toString()).isEqualTo("https://foo.com/baz");
+		assertThat(uri.toString()).isEqualTo("https://foo.example/baz");
 	}
 
 	@Test
 	public void defaultUriVars() {
 		DefaultUriBuilderFactory factory = new DefaultUriBuilderFactory("https://{host}/v1");
-		factory.setDefaultUriVariables(singletonMap("host", "foo.com"));
+		factory.setDefaultUriVariables(singletonMap("host", "foo.example"));
 		URI uri = factory.uriString("/{id}").build(singletonMap("id", "123"));
-		assertThat(uri.toString()).isEqualTo("https://foo.com/v1/123");
+		assertThat(uri.toString()).isEqualTo("https://foo.example/v1/123");
 	}
 
 	@Test
@@ -87,9 +87,9 @@ public class DefaultUriBuilderFactoryTests {
 	@Test
 	public void defaultUriVarsWithEmptyVarArg() {
 		DefaultUriBuilderFactory factory = new DefaultUriBuilderFactory("https://{host}/v1");
-		factory.setDefaultUriVariables(singletonMap("host", "foo.com"));
+		factory.setDefaultUriVariables(singletonMap("host", "foo.example"));
 		URI uri = factory.uriString("/bar").build();
-		assertThat(uri.toString()).as("Expected delegation to build(Map) method").isEqualTo("https://foo.com/v1/bar");
+		assertThat(uri.toString()).as("Expected delegation to build(Map) method").isEqualTo("https://foo.example/v1/bar");
 	}
 
 	@Test

spring-web/src/test/java/org/springframework/web/util/WebUtilsTests.java

@@ -92,41 +92,41 @@ public class WebUtilsTests {
 	@Test
 	public void isValidOrigin() {
 		List<String> allowed = Collections.emptyList();
-		assertThat(checkValidOrigin("mydomain1.com", -1, "http://mydomain1.com", allowed)).isTrue();
+		assertThat(checkValidOrigin("mydomain1.example", -1, "http://mydomain1.example", allowed)).isTrue();
-		assertThat(checkValidOrigin("mydomain1.com", -1, "http://mydomain2.com", allowed)).isFalse();
+		assertThat(checkValidOrigin("mydomain1.example", -1, "http://mydomain2.example", allowed)).isFalse();
 
 		allowed = Collections.singletonList("*");
-		assertThat(checkValidOrigin("mydomain1.com", -1, "http://mydomain2.com", allowed)).isTrue();
+		assertThat(checkValidOrigin("mydomain1.example", -1, "http://mydomain2.example", allowed)).isTrue();
 
-		allowed = Collections.singletonList("http://mydomain1.com");
+		allowed = Collections.singletonList("http://mydomain1.example");
-		assertThat(checkValidOrigin("mydomain2.com", -1, "http://mydomain1.com", allowed)).isTrue();
+		assertThat(checkValidOrigin("mydomain2.example", -1, "http://mydomain1.example", allowed)).isTrue();
-		assertThat(checkValidOrigin("mydomain2.com", -1, "http://mydomain3.com", allowed)).isFalse();
+		assertThat(checkValidOrigin("mydomain2.example", -1, "http://mydomain3.example", allowed)).isFalse();
 	}
 
 	@Test
 	public void isSameOrigin() {
-		assertThat(checkSameOrigin("http", "mydomain1.com", -1, "http://mydomain1.com")).isTrue();
+		assertThat(checkSameOrigin("http", "mydomain1.example", -1, "http://mydomain1.example")).isTrue();
-		assertThat(checkSameOrigin("http", "mydomain1.com", -1, "http://mydomain1.com:80")).isTrue();
+		assertThat(checkSameOrigin("http", "mydomain1.example", -1, "http://mydomain1.example:80")).isTrue();
-		assertThat(checkSameOrigin("https", "mydomain1.com", 443, "https://mydomain1.com")).isTrue();
+		assertThat(checkSameOrigin("https", "mydomain1.example", 443, "https://mydomain1.example")).isTrue();
-		assertThat(checkSameOrigin("https", "mydomain1.com", 443, "https://mydomain1.com:443")).isTrue();
+		assertThat(checkSameOrigin("https", "mydomain1.example", 443, "https://mydomain1.example:443")).isTrue();
-		assertThat(checkSameOrigin("http", "mydomain1.com", 123, "http://mydomain1.com:123")).isTrue();
+		assertThat(checkSameOrigin("http", "mydomain1.example", 123, "http://mydomain1.example:123")).isTrue();
-		assertThat(checkSameOrigin("ws", "mydomain1.com", -1, "ws://mydomain1.com")).isTrue();
+		assertThat(checkSameOrigin("ws", "mydomain1.example", -1, "ws://mydomain1.example")).isTrue();
-		assertThat(checkSameOrigin("wss", "mydomain1.com", 443, "wss://mydomain1.com")).isTrue();
+		assertThat(checkSameOrigin("wss", "mydomain1.example", 443, "wss://mydomain1.example")).isTrue();
-
+
-		assertThat(checkSameOrigin("http", "mydomain1.com", -1, "http://mydomain2.com")).isFalse();
+		assertThat(checkSameOrigin("http", "mydomain1.example", -1, "http://mydomain2.example")).isFalse();
-		assertThat(checkSameOrigin("http", "mydomain1.com", -1, "https://mydomain1.com")).isFalse();
+		assertThat(checkSameOrigin("http", "mydomain1.example", -1, "https://mydomain1.example")).isFalse();
-		assertThat(checkSameOrigin("http", "mydomain1.com", -1, "invalid-origin")).isFalse();
+		assertThat(checkSameOrigin("http", "mydomain1.example", -1, "invalid-origin")).isFalse();
-		assertThat(checkSameOrigin("https", "mydomain1.com", -1, "http://mydomain1.com")).isFalse();
+		assertThat(checkSameOrigin("https", "mydomain1.example", -1, "http://mydomain1.example")).isFalse();
 
 		// Handling of invalid origins as described in SPR-13478
-		assertThat(checkSameOrigin("http", "mydomain1.com", -1, "http://mydomain1.com/")).isTrue();
+		assertThat(checkSameOrigin("http", "mydomain1.example", -1, "http://mydomain1.example/")).isTrue();
-		assertThat(checkSameOrigin("http", "mydomain1.com", -1, "http://mydomain1.com:80/")).isTrue();
+		assertThat(checkSameOrigin("http", "mydomain1.example", -1, "http://mydomain1.example:80/")).isTrue();
-		assertThat(checkSameOrigin("http", "mydomain1.com", -1, "http://mydomain1.com/path")).isTrue();
+		assertThat(checkSameOrigin("http", "mydomain1.example", -1, "http://mydomain1.example/path")).isTrue();
-		assertThat(checkSameOrigin("http", "mydomain1.com", -1, "http://mydomain1.com:80/path")).isTrue();
+		assertThat(checkSameOrigin("http", "mydomain1.example", -1, "http://mydomain1.example:80/path")).isTrue();
-		assertThat(checkSameOrigin("http", "mydomain2.com", -1, "http://mydomain1.com/")).isFalse();
+		assertThat(checkSameOrigin("http", "mydomain2.example", -1, "http://mydomain1.example/")).isFalse();
-		assertThat(checkSameOrigin("http", "mydomain2.com", -1, "http://mydomain1.com:80/")).isFalse();
+		assertThat(checkSameOrigin("http", "mydomain2.example", -1, "http://mydomain1.example:80/")).isFalse();
-		assertThat(checkSameOrigin("http", "mydomain2.com", -1, "http://mydomain1.com/path")).isFalse();
+		assertThat(checkSameOrigin("http", "mydomain2.example", -1, "http://mydomain1.example/path")).isFalse();
-		assertThat(checkSameOrigin("http", "mydomain2.com", -1, "http://mydomain1.com:80/path")).isFalse();
+		assertThat(checkSameOrigin("http", "mydomain2.example", -1, "http://mydomain1.example:80/path")).isFalse();
 
 		// Handling of IPv6 hosts as described in SPR-13525
 		assertThat(checkSameOrigin("http", "[::1]", -1, "http://[::1]")).isTrue();
@@ -144,24 +144,24 @@ public class WebUtilsTests {
 
 	@Test  // SPR-16262
 	public void isSameOriginWithXForwardedHeaders() throws Exception {
-		String server = "mydomain1.com";
+		String server = "mydomain1.example";
-		testWithXForwardedHeaders(server, -1, "https", null, -1, "https://mydomain1.com");
+		testWithXForwardedHeaders(server, -1, "https", null, -1, "https://mydomain1.example");
-		testWithXForwardedHeaders(server, 123, "https", null, -1, "https://mydomain1.com");
+		testWithXForwardedHeaders(server, 123, "https", null, -1, "https://mydomain1.example");
-		testWithXForwardedHeaders(server, -1, "https", "mydomain2.com", -1, "https://mydomain2.com");
+		testWithXForwardedHeaders(server, -1, "https", "mydomain2.example", -1, "https://mydomain2.example");
-		testWithXForwardedHeaders(server, 123, "https", "mydomain2.com", -1, "https://mydomain2.com");
+		testWithXForwardedHeaders(server, 123, "https", "mydomain2.example", -1, "https://mydomain2.example");
-		testWithXForwardedHeaders(server, -1, "https", "mydomain2.com", 456, "https://mydomain2.com:456");
+		testWithXForwardedHeaders(server, -1, "https", "mydomain2.example", 456, "https://mydomain2.example:456");
-		testWithXForwardedHeaders(server, 123, "https", "mydomain2.com", 456, "https://mydomain2.com:456");
+		testWithXForwardedHeaders(server, 123, "https", "mydomain2.example", 456, "https://mydomain2.example:456");
 	}
 
 	@Test  // SPR-16262
 	public void isSameOriginWithForwardedHeader() throws Exception {
-		String server = "mydomain1.com";
+		String server = "mydomain1.example";
-		testWithForwardedHeader(server, -1, "proto=https", "https://mydomain1.com");
+		testWithForwardedHeader(server, -1, "proto=https", "https://mydomain1.example");
-		testWithForwardedHeader(server, 123, "proto=https", "https://mydomain1.com");
+		testWithForwardedHeader(server, 123, "proto=https", "https://mydomain1.example");
-		testWithForwardedHeader(server, -1, "proto=https; host=mydomain2.com", "https://mydomain2.com");
+		testWithForwardedHeader(server, -1, "proto=https; host=mydomain2.example", "https://mydomain2.example");
-		testWithForwardedHeader(server, 123, "proto=https; host=mydomain2.com", "https://mydomain2.com");
+		testWithForwardedHeader(server, 123, "proto=https; host=mydomain2.example", "https://mydomain2.example");
-		testWithForwardedHeader(server, -1, "proto=https; host=mydomain2.com:456", "https://mydomain2.com:456");
+		testWithForwardedHeader(server, -1, "proto=https; host=mydomain2.example:456", "https://mydomain2.example:456");
-		testWithForwardedHeader(server, 123, "proto=https; host=mydomain2.com:456", "https://mydomain2.com:456");
+		testWithForwardedHeader(server, 123, "proto=https; host=mydomain2.example:456", "https://mydomain2.example:456");
 	}
 
 

spring-webflux/src/test/java/org/springframework/web/reactive/resource/AppCacheManifestTransformerTests.java

@@ -107,13 +107,13 @@ public class AppCacheManifestTransformerTests {
 
 		assertThat(content).as("not rewrite external resources")
 				.contains("//example.org/style.css")
-				.contains("http://example.org/image.png");
+				.contains("https://example.org/image.png");
 
 		// Not the same hash as Spring MVC
 		// Hash is computed from links, and not from the linked content
 
 		assertThat(content).as("generate fingerprint")
-				.contains("# Hash: 8eefc904df3bd46537fa7bdbbc5ab9fb");
+				.contains("# Hash: d4437f1d7ae9530ab3ae71d5375b46ff");
 	}
 
 	private Resource getResource(String filePath) {

spring-webflux/src/test/java/org/springframework/web/reactive/result/view/RedirectViewTests.java

@@ -97,13 +97,13 @@ public class RedirectViewTests {
 
 		assertThat(view.isRemoteHost("https://url.somewhere.com")).isFalse();
 		assertThat(view.isRemoteHost("/path")).isFalse();
-		assertThat(view.isRemoteHost("http://url.somewhereelse.com")).isFalse();
+		assertThat(view.isRemoteHost("http://somewhereelse.example")).isFalse();
 
 		view.setHosts("url.somewhere.com");
 
 		assertThat(view.isRemoteHost("https://url.somewhere.com")).isFalse();
 		assertThat(view.isRemoteHost("/path")).isFalse();
-		assertThat(view.isRemoteHost("http://url.somewhereelse.com")).isTrue();
+		assertThat(view.isRemoteHost("http://somewhereelse.example")).isTrue();
 	}
 
 	@Test

spring-webflux/src/test/resources/org/springframework/web/reactive/resource/test/test.appcache

@@ -11,7 +11,7 @@ NETWORK:
 
 CACHE:
 js/bar.js
-http://example.org/image.png
+https://example.org/image.png
 
 FALLBACK:
 /main /static.html

spring-webmvc/src/main/java/org/springframework/web/servlet/support/ServletUriComponentsBuilder.java

@@ -191,12 +191,12 @@ public class ServletUriComponentsBuilder extends UriComponentsBuilder {
 	 * requestURI}. This method must be invoked before any calls to {@link #path(String)}
 	 * or {@link #pathSegment(String...)}.
 	 * <pre>
-	 * GET http://www.foo.com/rest/books/6.json
+	 * GET http://www.foo.example/rest/books/6.json
 	 *
 	 * ServletUriComponentsBuilder builder = ServletUriComponentsBuilder.fromRequestUri(this.request);
 	 * String ext = builder.removePathExtension();
 	 * String uri = builder.path("/pages/1.{ext}").buildAndExpand(ext).toUriString();
-	 * assertEquals("http://www.foo.com/rest/books/6/pages/1.json", result);
+	 * assertEquals("http://www.foo.example/rest/books/6/pages/1.json", result);
 	 * </pre>
 	 * @return the removed path extension for possible re-use, or {@code null}
 	 * @since 4.0

spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/CrossOriginTests.java

@@ -211,7 +211,7 @@ public class CrossOriginTests {
 		CorsConfiguration config = getCorsConfiguration(chain, false);
 		assertThat(config).isNotNull();
 		assertThat(config.getAllowedMethods().toArray()).isEqualTo(new String[] {"GET"});
-		assertThat(config.getAllowedOrigins().toArray()).isEqualTo(new String[] {"http://www.foo.com/"});
+		assertThat(config.getAllowedOrigins().toArray()).isEqualTo(new String[] {"http://www.foo.example/"});
 		assertThat((boolean) config.getAllowCredentials()).isTrue();
 	}
 
@@ -224,7 +224,7 @@ public class CrossOriginTests {
 		CorsConfiguration config = getCorsConfiguration(chain, false);
 		assertThat(config).isNotNull();
 		assertThat(config.getAllowedMethods().toArray()).isEqualTo(new String[] {"GET"});
-		assertThat(config.getAllowedOrigins().toArray()).isEqualTo(new String[] {"http://www.foo.com/"});
+		assertThat(config.getAllowedOrigins().toArray()).isEqualTo(new String[] {"http://www.foo.example/"});
 		assertThat((boolean) config.getAllowCredentials()).isTrue();
 	}
 
@@ -418,7 +418,7 @@ public class CrossOriginTests {
 
 
 	@Controller
-	@ComposedCrossOrigin(origins = "http://www.foo.com/", allowCredentials = "true")
+	@ComposedCrossOrigin(origins = "http://www.foo.example/", allowCredentials = "true")
 	private static class ClassLevelMappingWithComposedAnnotation {
 
 		@RequestMapping(path = "/foo", method = RequestMethod.GET)
@@ -431,7 +431,7 @@ public class CrossOriginTests {
 	private static class MethodLevelMappingWithComposedAnnotation {
 
 		@RequestMapping(path = "/foo", method = RequestMethod.GET)
-		@ComposedCrossOrigin(origins = "http://www.foo.com/", allowCredentials = "true")
+		@ComposedCrossOrigin(origins = "http://www.foo.example/", allowCredentials = "true")
 		public void foo() {
 		}
 	}

spring-webmvc/src/test/java/org/springframework/web/servlet/resource/AppCacheManifestTransformerTests.java

@@ -109,10 +109,10 @@ public class AppCacheManifestTransformerTests {
 
 		assertThat(content).as("not rewrite external resources")
 				.contains("//example.org/style.css")
-				.contains("http://example.org/image.png");
+				.contains("https://example.org/image.png");
 
 		assertThat(content).as("generate fingerprint")
-				.contains("# Hash: 4bf0338bcbeb0a5b3a4ec9ed8864107d");
+				.contains("# Hash: 65ebc023e50b2b731fcace2871f0dae3");
 	}
 
 	private Resource getResource(String filePath) {

spring-webmvc/src/test/java/org/springframework/web/servlet/view/RedirectViewTests.java

@@ -208,13 +208,13 @@ public class RedirectViewTests {
 
 		assertThat(rv.isRemoteHost("https://url.somewhere.com")).isFalse();
 		assertThat(rv.isRemoteHost("/path")).isFalse();
-		assertThat(rv.isRemoteHost("http://url.somewhereelse.com")).isFalse();
+		assertThat(rv.isRemoteHost("http://somewhereelse.example")).isFalse();
 
 		rv.setHosts(new String[] {"url.somewhere.com"});
 
 		assertThat(rv.isRemoteHost("https://url.somewhere.com")).isFalse();
 		assertThat(rv.isRemoteHost("/path")).isFalse();
-		assertThat(rv.isRemoteHost("http://url.somewhereelse.com")).isTrue();
+		assertThat(rv.isRemoteHost("http://somewhereelse.example")).isTrue();
 
 	}
 

spring-webmvc/src/test/resources/org/springframework/web/servlet/resource/test/test.appcache

@@ -11,7 +11,7 @@ NETWORK:
 
 CACHE:
 js/bar.js
-http://example.org/image.png
+https://example.org/image.png
 
 FALLBACK:
 /main /static.html

spring-websocket/src/test/java/org/springframework/web/socket/config/HandlersBeanDefinitionParserTests.java

@@ -226,8 +226,8 @@ public class HandlersBeanDefinitionParserTests {
 		List<HandshakeInterceptor> interceptors = transportService.getHandshakeInterceptors();
 		assertThat(interceptors).extracting("class").containsExactly(OriginHandshakeInterceptor.class);
 		assertThat(transportService.shouldSuppressCors()).isTrue();
-		assertThat(transportService.getAllowedOrigins().contains("https://mydomain1.com")).isTrue();
+		assertThat(transportService.getAllowedOrigins().contains("https://mydomain1.example")).isTrue();
-		assertThat(transportService.getAllowedOrigins().contains("https://mydomain2.com")).isTrue();
+		assertThat(transportService.getAllowedOrigins().contains("https://mydomain2.example")).isTrue();
 	}
 
 

spring-websocket/src/test/java/org/springframework/web/socket/config/annotation/WebSocketHandlerRegistrationTests.java

@@ -115,7 +115,7 @@ public class WebSocketHandlerRegistrationTests {
 		WebSocketHandler handler = new TextWebSocketHandler();
 		HttpSessionHandshakeInterceptor interceptor = new HttpSessionHandshakeInterceptor();
 
-		this.registration.addHandler(handler, "/foo").addInterceptors(interceptor).setAllowedOrigins("https://mydomain1.com");
+		this.registration.addHandler(handler, "/foo").addInterceptors(interceptor).setAllowedOrigins("https://mydomain1.example");
 
 		List<Mapping> mappings = this.registration.getMappings();
 		assertThat(mappings.size()).isEqualTo(1);
@@ -136,7 +136,7 @@ public class WebSocketHandlerRegistrationTests {
 
 		this.registration.addHandler(handler, "/foo")
 				.addInterceptors(interceptor)
-				.setAllowedOrigins("https://mydomain1.com")
+				.setAllowedOrigins("https://mydomain1.example")
 				.withSockJS();
 
 		this.registration.getSockJsServiceRegistration().setTaskScheduler(this.taskScheduler);
@@ -148,7 +148,7 @@ public class WebSocketHandlerRegistrationTests {
 		assertThat(mapping.webSocketHandler).isEqualTo(handler);
 		assertThat(mapping.path).isEqualTo("/foo/**");
 		assertThat(mapping.sockJsService).isNotNull();
-		assertThat(mapping.sockJsService.getAllowedOrigins().contains("https://mydomain1.com")).isTrue();
+		assertThat(mapping.sockJsService.getAllowedOrigins().contains("https://mydomain1.example")).isTrue();
 		List<HandshakeInterceptor> interceptors = mapping.sockJsService.getHandshakeInterceptors();
 		assertThat(interceptors.get(0)).isEqualTo(interceptor);
 		assertThat(interceptors.get(1).getClass()).isEqualTo(OriginHandshakeInterceptor.class);

spring-websocket/src/test/java/org/springframework/web/socket/server/support/OriginHandshakeInterceptorTests.java

@@ -53,8 +53,8 @@ public class OriginHandshakeInterceptorTests extends AbstractHttpRequestTests {
 
 	@Test
 	public void originValueMatch() throws Exception {
-		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain1.com");
+		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain1.example");
-		List<String> allowed = Collections.singletonList("https://mydomain1.com");
+		List<String> allowed = Collections.singletonList("https://mydomain1.example");
 		OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(allowed);
 		assertThat(interceptor.beforeHandshake(request, response, wsHandler, attributes)).isTrue();
 		assertThat(HttpStatus.FORBIDDEN.value()).isNotEqualTo((long) servletResponse.getStatus());
@@ -62,8 +62,8 @@ public class OriginHandshakeInterceptorTests extends AbstractHttpRequestTests {
 
 	@Test
 	public void originValueNoMatch() throws Exception {
-		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain1.com");
+		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain1.example");
-		List<String> allowed = Collections.singletonList("https://mydomain2.com");
+		List<String> allowed = Collections.singletonList("https://mydomain2.example");
 		OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(allowed);
 		assertThat(interceptor.beforeHandshake(request, response, wsHandler, attributes)).isFalse();
 		assertThat(HttpStatus.FORBIDDEN.value()).isEqualTo(servletResponse.getStatus());
@@ -71,8 +71,8 @@ public class OriginHandshakeInterceptorTests extends AbstractHttpRequestTests {
 
 	@Test
 	public void originListMatch() throws Exception {
-		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain2.com");
+		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain2.example");
-		List<String> allowed = Arrays.asList("https://mydomain1.com", "https://mydomain2.com", "http://mydomain3.com");
+		List<String> allowed = Arrays.asList("https://mydomain1.example", "https://mydomain2.example", "http://mydomain3.example");
 		OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(allowed);
 		assertThat(interceptor.beforeHandshake(request, response, wsHandler, attributes)).isTrue();
 		assertThat(HttpStatus.FORBIDDEN.value()).isNotEqualTo((long) servletResponse.getStatus());
@@ -80,8 +80,8 @@ public class OriginHandshakeInterceptorTests extends AbstractHttpRequestTests {
 
 	@Test
 	public void originListNoMatch() throws Exception {
-		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://www.mydomain4.com/");
+		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://www.mydomain4.example/");
-		List<String> allowed = Arrays.asList("https://mydomain1.com", "https://mydomain2.com", "http://mydomain3.com");
+		List<String> allowed = Arrays.asList("https://mydomain1.example", "https://mydomain2.example", "http://mydomain3.example");
 		OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(allowed);
 		assertThat(interceptor.beforeHandshake(request, response, wsHandler, attributes)).isFalse();
 		assertThat(HttpStatus.FORBIDDEN.value()).isEqualTo(servletResponse.getStatus());
@@ -89,10 +89,10 @@ public class OriginHandshakeInterceptorTests extends AbstractHttpRequestTests {
 
 	@Test
 	public void originNoMatchWithNullHostileCollection() throws Exception {
-		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://www.mydomain4.com/");
+		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://www.mydomain4.example/");
 		OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor();
 		Set<String> allowedOrigins = new ConcurrentSkipListSet<>();
-		allowedOrigins.add("https://mydomain1.com");
+		allowedOrigins.add("https://mydomain1.example");
 		interceptor.setAllowedOrigins(allowedOrigins);
 		assertThat(interceptor.beforeHandshake(request, response, wsHandler, attributes)).isFalse();
 		assertThat(HttpStatus.FORBIDDEN.value()).isEqualTo(servletResponse.getStatus());
@@ -100,7 +100,7 @@ public class OriginHandshakeInterceptorTests extends AbstractHttpRequestTests {
 
 	@Test
 	public void originMatchAll() throws Exception {
-		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain1.com");
+		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain1.example");
 		OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor();
 		interceptor.setAllowedOrigins(Collections.singletonList("*"));
 		assertThat(interceptor.beforeHandshake(request, response, wsHandler, attributes)).isTrue();
@@ -109,8 +109,8 @@ public class OriginHandshakeInterceptorTests extends AbstractHttpRequestTests {
 
 	@Test
 	public void sameOriginMatchWithEmptyAllowedOrigins() throws Exception {
-		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.com");
+		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.example");
-		this.servletRequest.setServerName("mydomain2.com");
+		this.servletRequest.setServerName("mydomain2.example");
 		OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(Collections.emptyList());
 		assertThat(interceptor.beforeHandshake(request, response, wsHandler, attributes)).isTrue();
 		assertThat(HttpStatus.FORBIDDEN.value()).isNotEqualTo((long) servletResponse.getStatus());
@@ -118,17 +118,17 @@ public class OriginHandshakeInterceptorTests extends AbstractHttpRequestTests {
 
 	@Test
 	public void sameOriginMatchWithAllowedOrigins() throws Exception {
-		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.com");
+		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.example");
-		this.servletRequest.setServerName("mydomain2.com");
+		this.servletRequest.setServerName("mydomain2.example");
-		OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(Arrays.asList("http://mydomain1.com"));
+		OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(Arrays.asList("http://mydomain1.example"));
 		assertThat(interceptor.beforeHandshake(request, response, wsHandler, attributes)).isTrue();
 		assertThat(HttpStatus.FORBIDDEN.value()).isNotEqualTo((long) servletResponse.getStatus());
 	}
 
 	@Test
 	public void sameOriginNoMatch() throws Exception {
-		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain3.com");
+		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain3.example");
-		this.servletRequest.setServerName("mydomain2.com");
+		this.servletRequest.setServerName("mydomain2.example");
 		OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(Collections.emptyList());
 		assertThat(interceptor.beforeHandshake(request, response, wsHandler, attributes)).isFalse();
 		assertThat(HttpStatus.FORBIDDEN.value()).isEqualTo(servletResponse.getStatus());

spring-websocket/src/test/java/org/springframework/web/socket/sockjs/support/SockJsServiceTests.java

@@ -105,7 +105,7 @@ public class SockJsServiceTests extends AbstractHttpRequestTests {
 		body = this.servletResponse.getContentAsString();
 		assertThat(body.substring(body.indexOf(','))).isEqualTo(",\"origins\":[\"*:*\"],\"cookie_needed\":false,\"websocket\":false}");
 
-		this.service.setAllowedOrigins(Collections.singletonList("https://mydomain1.com"));
+		this.service.setAllowedOrigins(Collections.singletonList("https://mydomain1.example"));
 		resetResponseAndHandleRequest("GET", "/echo/info", HttpStatus.OK);
 		assertThat(this.servletResponse.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)).isNull();
 		assertThat(this.servletResponse.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS)).isNull();
@@ -114,8 +114,8 @@ public class SockJsServiceTests extends AbstractHttpRequestTests {
 
 	@Test  // SPR-12226 and SPR-12660
 	public void handleInfoGetWithOrigin() throws IOException {
-		this.servletRequest.setServerName("mydomain2.com");
+		this.servletRequest.setServerName("mydomain2.example");
-		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.com");
+		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.example");
 		resetResponseAndHandleRequest("GET", "/echo/info", HttpStatus.OK);
 
 		assertThat(this.servletResponse.getContentType()).isEqualTo("application/json;charset=UTF-8");
@@ -125,17 +125,17 @@ public class SockJsServiceTests extends AbstractHttpRequestTests {
 		assertThat(body.substring(0, body.indexOf(':'))).isEqualTo("{\"entropy\"");
 		assertThat(body.substring(body.indexOf(','))).isEqualTo(",\"origins\":[\"*:*\"],\"cookie_needed\":true,\"websocket\":true}");
 
-		this.service.setAllowedOrigins(Collections.singletonList("http://mydomain1.com"));
+		this.service.setAllowedOrigins(Collections.singletonList("http://mydomain1.example"));
 		resetResponseAndHandleRequest("GET", "/echo/info", HttpStatus.OK);
 
-		this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.com", "http://mydomain2.com", "http://mydomain3.com"));
+		this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.example", "http://mydomain2.example", "http://mydomain3.example"));
 		resetResponseAndHandleRequest("GET", "/echo/info", HttpStatus.OK);
 
 		this.service.setAllowedOrigins(Collections.singletonList("*"));
 		resetResponseAndHandleRequest("GET", "/echo/info", HttpStatus.OK);
 
 		this.servletRequest.setServerName("mydomain3.com");
-		this.service.setAllowedOrigins(Collections.singletonList("http://mydomain1.com"));
+		this.service.setAllowedOrigins(Collections.singletonList("http://mydomain1.example"));
 		resetResponseAndHandleRequest("GET", "/echo/info", HttpStatus.FORBIDDEN);
 	}
 
@@ -168,25 +168,25 @@ public class SockJsServiceTests extends AbstractHttpRequestTests {
 		resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.NO_CONTENT);
 		assertThat(this.service.getCorsConfiguration(this.servletRequest)).isNull();
 
-		this.service.setAllowedOrigins(Collections.singletonList("https://mydomain1.com"));
+		this.service.setAllowedOrigins(Collections.singletonList("https://mydomain1.example"));
 		resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.NO_CONTENT);
 		assertThat(this.service.getCorsConfiguration(this.servletRequest)).isNull();
 	}
 
 	@Test  // SPR-12226 and SPR-12660
 	public void handleInfoOptionsWithAllowedOrigin() {
-		this.servletRequest.setServerName("mydomain2.com");
+		this.servletRequest.setServerName("mydomain2.example");
-		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.com");
+		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.example");
 		this.servletRequest.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
 		this.servletRequest.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Last-Modified");
 		resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.NO_CONTENT);
 		assertThat(this.service.getCorsConfiguration(this.servletRequest)).isNotNull();
 
-		this.service.setAllowedOrigins(Collections.singletonList("http://mydomain1.com"));
+		this.service.setAllowedOrigins(Collections.singletonList("http://mydomain1.example"));
 		resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.NO_CONTENT);
 		assertThat(this.service.getCorsConfiguration(this.servletRequest)).isNotNull();
 
-		this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.com", "http://mydomain2.com", "http://mydomain3.com"));
+		this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.example", "http://mydomain2.example", "http://mydomain3.example"));
 		resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.NO_CONTENT);
 		assertThat(this.service.getCorsConfiguration(this.servletRequest)).isNotNull();
 
@@ -198,22 +198,22 @@ public class SockJsServiceTests extends AbstractHttpRequestTests {
 	@Test  // SPR-16304
 	public void handleInfoOptionsWithForbiddenOrigin() {
 		this.servletRequest.setServerName("mydomain3.com");
-		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain2.com");
+		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain2.example");
 		this.servletRequest.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
 		this.servletRequest.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Last-Modified");
 		resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.FORBIDDEN);
 		CorsConfiguration corsConfiguration = this.service.getCorsConfiguration(this.servletRequest);
 		assertThat(corsConfiguration.getAllowedOrigins().isEmpty()).isTrue();
 
-		this.service.setAllowedOrigins(Collections.singletonList("https://mydomain1.com"));
+		this.service.setAllowedOrigins(Collections.singletonList("https://mydomain1.example"));
 		resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.FORBIDDEN);
 		corsConfiguration = this.service.getCorsConfiguration(this.servletRequest);
-		assertThat(corsConfiguration.getAllowedOrigins()).isEqualTo(Collections.singletonList("https://mydomain1.com"));
+		assertThat(corsConfiguration.getAllowedOrigins()).isEqualTo(Collections.singletonList("https://mydomain1.example"));
 	}
 
 	@Test  // SPR-12283
 	public void handleInfoOptionsWithOriginAndCorsHeadersDisabled() {
-		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain2.com");
+		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain2.example");
 		this.service.setAllowedOrigins(Collections.singletonList("*"));
 		this.service.setSuppressCors(true);
 
@@ -221,11 +221,11 @@ public class SockJsServiceTests extends AbstractHttpRequestTests {
 		resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.NO_CONTENT);
 		assertThat(this.service.getCorsConfiguration(this.servletRequest)).isNull();
 
-		this.service.setAllowedOrigins(Collections.singletonList("https://mydomain1.com"));
+		this.service.setAllowedOrigins(Collections.singletonList("https://mydomain1.example"));
 		resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.FORBIDDEN);
 		assertThat(this.service.getCorsConfiguration(this.servletRequest)).isNull();
 
-		this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.com", "https://mydomain2.com", "http://mydomain3.com"));
+		this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.example", "https://mydomain2.example", "http://mydomain3.example"));
 		resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.NO_CONTENT);
 		assertThat(this.service.getCorsConfiguration(this.servletRequest)).isNull();
 	}

spring-websocket/src/test/java/org/springframework/web/socket/sockjs/transport/handler/DefaultSockJsServiceTests.java

@@ -164,8 +164,8 @@ public class DefaultSockJsServiceTests extends AbstractHttpRequestTests {
 	public void handleTransportRequestXhrAllowedOriginsMatch() throws Exception {
 		String sockJsPath = sessionUrlPrefix + "xhr";
 		setRequest("POST", sockJsPrefix + sockJsPath);
-		this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.com", "https://mydomain2.com"));
+		this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.example", "https://mydomain2.example"));
-		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain1.com");
+		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain1.example");
 		this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
 
 		assertThat(this.servletResponse.getStatus()).isEqualTo(200);
@@ -175,8 +175,8 @@ public class DefaultSockJsServiceTests extends AbstractHttpRequestTests {
 	public void handleTransportRequestXhrAllowedOriginsNoMatch() throws Exception {
 		String sockJsPath = sessionUrlPrefix + "xhr";
 		setRequest("POST", sockJsPrefix + sockJsPath);
-		this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.com", "https://mydomain2.com"));
+		this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.example", "https://mydomain2.example"));
-		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain3.com");
+		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain3.example");
 		this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
 
 		assertThat(this.servletResponse.getStatus()).isEqualTo(403);
@@ -186,9 +186,9 @@ public class DefaultSockJsServiceTests extends AbstractHttpRequestTests {
 	public void handleTransportRequestXhrSameOrigin() throws Exception {
 		String sockJsPath = sessionUrlPrefix + "xhr";
 		setRequest("POST", sockJsPrefix + sockJsPath);
-		this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.com"));
+		this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.example"));
-		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain1.com");
+		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain1.example");
-		this.servletRequest.setServerName("mydomain2.com");
+		this.servletRequest.setServerName("mydomain2.example");
 		this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
 
 		assertThat(this.servletResponse.getStatus()).isEqualTo(200);
@@ -198,9 +198,9 @@ public class DefaultSockJsServiceTests extends AbstractHttpRequestTests {
 	public void handleInvalidTransportType() throws Exception {
 		String sockJsPath = sessionUrlPrefix + "invalid";
 		setRequest("POST", sockJsPrefix + sockJsPath);
-		this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.com"));
+		this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.example"));
-		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain2.com");
+		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain2.example");
-		this.servletRequest.setServerName("mydomain2.com");
+		this.servletRequest.setServerName("mydomain2.example");
 		this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
 
 		assertThat(this.servletResponse.getStatus()).isEqualTo(404);
@@ -289,17 +289,17 @@ public class DefaultSockJsServiceTests extends AbstractHttpRequestTests {
 		assertThat(this.servletResponse.getStatus()).isNotEqualTo((long) 403);
 
 		resetRequestAndResponse();
-		List<String> allowed = Collections.singletonList("https://mydomain1.com");
+		List<String> allowed = Collections.singletonList("https://mydomain1.example");
 		OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(allowed);
 		wsService.setHandshakeInterceptors(Collections.singletonList(interceptor));
 		setRequest("GET", sockJsPrefix + sockJsPath);
-		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain1.com");
+		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain1.example");
 		wsService.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
 		assertThat(this.servletResponse.getStatus()).isNotEqualTo((long) 403);
 
 		resetRequestAndResponse();
 		setRequest("GET", sockJsPrefix + sockJsPath);
-		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain2.com");
+		this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain2.example");
 		wsService.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
 		assertThat(this.servletResponse.getStatus()).isEqualTo(403);
 	}
@@ -314,7 +314,7 @@ public class DefaultSockJsServiceTests extends AbstractHttpRequestTests {
 
 		resetRequestAndResponse();
 		setRequest("GET", sockJsPrefix + sockJsPath);
-		this.service.setAllowedOrigins(Collections.singletonList("https://mydomain1.com"));
+		this.service.setAllowedOrigins(Collections.singletonList("https://mydomain1.example"));
 		this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
 		assertThat(this.servletResponse.getStatus()).isEqualTo(404);
 		assertThat(this.servletResponse.getHeader("X-Frame-Options")).isNull();

spring-websocket/src/test/resources/org/springframework/web/socket/config/websocket-config-broker-simple.xml

@@ -17,7 +17,7 @@
 			</websocket:decorator-factories>
 		</websocket:transport>
 
-		<websocket:stomp-endpoint path=" /foo,/bar" allowed-origins="https://mydomain1.com,https://mydomain2.com">
+		<websocket:stomp-endpoint path=" /foo,/bar" allowed-origins="https://mydomain1.example,https://mydomain2.example">
 			<websocket:handshake-handler ref="myHandler"/>
 			<websocket:handshake-interceptors>
 				<bean class="org.springframework.web.socket.config.FooTestInterceptor"/>

spring-websocket/src/test/resources/org/springframework/web/socket/config/websocket-config-handlers-attributes.xml

@@ -5,7 +5,7 @@
         http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd
 		http://www.springframework.org/schema/websocket https://www.springframework.org/schema/websocket/spring-websocket.xsd">
 
-	<websocket:handlers order="2" allowed-origins="https://mydomain1.com, https://mydomain2.com">
+	<websocket:handlers order="2" allowed-origins="https://mydomain1.example, https://mydomain2.example">
 		<websocket:mapping path="/foo" handler="fooHandler"/>
 		<websocket:mapping path="/test" handler="testHandler"/>
 		<websocket:handshake-handler ref="testHandshakeHandler"/>

spring-websocket/src/test/resources/org/springframework/web/socket/config/websocket-config-handlers-sockjs-attributes.xml

@@ -5,7 +5,7 @@
         http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd
 		http://www.springframework.org/schema/websocket https://www.springframework.org/schema/websocket/spring-websocket.xsd">
 
-	<websocket:handlers allowed-origins="https://mydomain1.com, https://mydomain2.com">
+	<websocket:handlers allowed-origins="https://mydomain1.example, https://mydomain2.example">
 		<websocket:mapping path="/test" handler="testHandler"/>
 		<websocket:sockjs name="testSockJsService" scheduler="testTaskScheduler" websocket-enabled="false"
 						  session-cookie-needed="false" stream-bytes-limit="2048" disconnect-delay="256"

src/docs/asciidoc/core/core-appendix.adoc

@@ -714,10 +714,10 @@ to configure `SimpleDateFormat` objects:
 	<!-- myns.xsd (inside package org/springframework/samples/xml) -->
 
 	<?xml version="1.0" encoding="UTF-8"?>
-	<xsd:schema xmlns="http://www.mycompany.com/schema/myns"
+	<xsd:schema xmlns="http://www.mycompany.example/schema/myns"
 			xmlns:xsd="http://www.w3.org/2001/XMLSchema"
 			xmlns:beans="http://www.springframework.org/schema/beans"
-			targetNamespace="http://www.mycompany.com/schema/myns"
+			targetNamespace="http://www.mycompany.example/schema/myns"
 			elementFormDefault="qualified"
 			attributeFormDefault="unqualified">
 
@@ -909,7 +909,7 @@ namespace handler classes. For our example, we need to write the following:
 [literal]
 [subs="verbatim,quotes"]
 ----
-http\://www.mycompany.com/schema/myns=org.springframework.samples.xml.MyNamespaceHandler
+http\://www.mycompany.example/schema/myns=org.springframework.samples.xml.MyNamespaceHandler
 ----
 
 (The `:` character is a valid delimiter in the Java properties format, so
@@ -935,7 +935,7 @@ The following snippet shows the line we need to add for our custom schema:
 [literal]
 [subs="verbatim,quotes"]
 ----
-http\://www.mycompany.com/schema/myns/myns.xsd=org/springframework/samples/xml/myns.xsd
+http\://www.mycompany.example/schema/myns/myns.xsd=org/springframework/samples/xml/myns.xsd
 ----
 
 (Remember that the `:` character must be escaped.)
@@ -959,10 +959,10 @@ in a Spring XML configuration file:
 	<?xml version="1.0" encoding="UTF-8"?>
 	<beans xmlns="http://www.springframework.org/schema/beans"
 		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-		xmlns:myns="http://www.mycompany.com/schema/myns"
+		xmlns:myns="http://www.mycompany.example/schema/myns"
 		xsi:schemaLocation="
 			http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd
-			http://www.mycompany.com/schema/myns http://www.mycompany.com/schema/myns/myns.xsd">
+			http://www.mycompany.example/schema/myns http://www.mycompany.com/schema/myns/myns.xsd">
 
 		<!-- as a top-level bean -->
 		<myns:dateformat id="defaultDateFormat" pattern="yyyy-MM-dd HH:mm" lenient="true"/> <1>
@@ -998,10 +998,10 @@ to satisfy a target of the following configuration:
 	<?xml version="1.0" encoding="UTF-8"?>
 	<beans xmlns="http://www.springframework.org/schema/beans"
 		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-		xmlns:foo="http://www.foo.com/schema/component"
+		xmlns:foo="http://www.foo.example/schema/component"
 		xsi:schemaLocation="
 			http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd
-			http://www.foo.com/schema/component http://www.foo.com/schema/component/component.xsd">
+			http://www.foo.example/schema/component http://www.foo.example/schema/component/component.xsd">
 
 		<foo:component id="bionic-family" name="Bionic-1">
 			<foo:component name="Mother-1">
@@ -1109,9 +1109,9 @@ listing shows:
 ----
 	<?xml version="1.0" encoding="UTF-8" standalone="no"?>
 
-	<xsd:schema xmlns="http://www.foo.com/schema/component"
+	<xsd:schema xmlns="http://www.foo.example/schema/component"
 			xmlns:xsd="http://www.w3.org/2001/XMLSchema"
-			targetNamespace="http://www.foo.com/schema/component"
+			targetNamespace="http://www.foo.example/schema/component"
 			elementFormDefault="qualified"
 			attributeFormDefault="unqualified">
 
@@ -1207,14 +1207,14 @@ by modifying the `META-INF/spring.handlers` and `META-INF/spring.schemas` files,
 [subs="verbatim,quotes"]
 ----
 # in 'META-INF/spring.handlers'
-http\://www.foo.com/schema/component=com.foo.ComponentNamespaceHandler
+http\://www.foo.example/schema/component=com.foo.ComponentNamespaceHandler
 ----
 
 [literal]
 [subs="verbatim,quotes"]
 ----
 # in 'META-INF/spring.schemas'
-http\://www.foo.com/schema/component/component.xsd=com/foo/component.xsd
+http\://www.foo.example/schema/component/component.xsd=com/foo/component.xsd
 ----
 
 
@@ -1275,9 +1275,9 @@ the XSD schema that describes the custom attribute, as follows:
 ----
 	<?xml version="1.0" encoding="UTF-8" standalone="no"?>
 
-	<xsd:schema xmlns="http://www.foo.com/schema/jcache"
+	<xsd:schema xmlns="http://www.foo.example/schema/jcache"
 			xmlns:xsd="http://www.w3.org/2001/XMLSchema"
-			targetNamespace="http://www.foo.com/schema/jcache"
+			targetNamespace="http://www.foo.example/schema/jcache"
 			elementFormDefault="qualified">
 
 		<xsd:attribute name="cache-name" type="xsd:string"/>
@@ -1370,12 +1370,12 @@ by modifying the `META-INF/spring.handlers` and `META-INF/spring.schemas` files,
 [subs="verbatim,quotes"]
 ----
 # in 'META-INF/spring.handlers'
-http\://www.foo.com/schema/jcache=com.foo.JCacheNamespaceHandler
+http\://www.foo.example/schema/jcache=com.foo.JCacheNamespaceHandler
 ----
 
 [literal]
 [subs="verbatim,quotes"]
 ----
 # in 'META-INF/spring.schemas'
-http\://www.foo.com/schema/jcache/jcache.xsd=com/foo/jcache.xsd
+http\://www.foo.example/schema/jcache/jcache.xsd=com/foo/jcache.xsd
 ----

src/docs/asciidoc/integration.adoc

@@ -5650,12 +5650,12 @@ The following example shows the bean definitions for the preceding code:
 [subs="verbatim,quotes"]
 ----
 	<bean id="mailSender" class="org.springframework.mail.javamail.JavaMailSenderImpl">
-		<property name="host" value="mail.mycompany.com"/>
+		<property name="host" value="mail.mycompany.example"/>
 	</bean>
 
 	<!-- this is a template message that we can pre-load with default state -->
 	<bean id="templateMessage" class="org.springframework.mail.SimpleMailMessage">
-		<property name="from" value="customerservice@mycompany.com"/>
+		<property name="from" value="customerservice@mycompany.example"/>
 		<property name="subject" value="Your order"/>
 	</bean>
 
@@ -5702,7 +5702,7 @@ callback interface. In the following example, the `mailSender` property is of ty
 				public void prepare(MimeMessage mimeMessage) throws Exception {
 					mimeMessage.setRecipient(Message.RecipientType.TO,
 							new InternetAddress(order.getCustomer().getEmailAddress()));
-					mimeMessage.setFrom(new InternetAddress("mail@mycompany.com"));
+					mimeMessage.setFrom(new InternetAddress("mail@mycompany.example"));
 					mimeMessage.setText("Dear " + order.getCustomer().getFirstName() + " " +
 							order.getCustomer().getLastName() + ", thanks for your order. " +
 							"Your order number is " + order.getOrderNumber() + ".");

src/nohttp/whitelist.lines

@@ -0,0 +1,17 @@
+^http://[^/]*caucho.com.*
+^http://[^/]*gebish.org.*
+^http://[^/]*groovy-lang.org.*
+^http://[^/]*hsqldb.org.*
+^http://[^/]*sourceforge.net.*
+^http://easymock.org.*
+^http://forum.thymeleaf.org.*
+^http://jotm.objectweb.org.*
+^http://json-b.net/.*
+^http://objenesis.org.*
+^http://reactivex.io.*
+^http://www.beanshell.org.*
+^http://www.doclet.com.*
+^http://www.jensgulden.de.*
+^http://www.mockobjects.com.*
+^http://www.w3.org/2000/xmlns/
+^http://xunitpatterns.com.*

src/test/resources/META-INF/spring.handlers

@@ -1 +1 @@
-http\://www.foo.com/schema/component=com.foo.ComponentNamespaceHandler
+http\://www.foo.example/schema/component=com.foo.ComponentNamespaceHandler

src/test/resources/META-INF/spring.schemas

@@ -1 +1 @@
-http\://www.foo.com/schema/component/component.xsd=com/foo/component.xsd
+http\://www.foo.example/schema/component/component.xsd=com/foo/component.xsd

src/test/resources/com/foo/component-config.xml

@@ -1,10 +1,10 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-      xmlns:foo="http://www.foo.com/schema/component"
+      xmlns:foo="http://www.foo.example/schema/component"
       xsi:schemaLocation="
 http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd
-http://www.foo.com/schema/component http://www.foo.com/schema/component/component.xsd">
+http://www.foo.example/schema/component http://www.foo.example/schema/component/component.xsd">
 
    <foo:component id="bionic-family" name="Bionic-1">
       <foo:component name="Mother-1">

src/test/resources/com/foo/component.xsd

@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 
-<xsd:schema xmlns="http://www.foo.com/schema/component"
+<xsd:schema xmlns="http://www.foo.example/schema/component"
          xmlns:xsd="http://www.w3.org/2001/XMLSchema"
-         targetNamespace="http://www.foo.com/schema/component"
+         targetNamespace="http://www.foo.example/schema/component"
          elementFormDefault="qualified"
          attributeFormDefault="unqualified">