automated code formatting and cleanup

2017-03-21 13:36:20 -04:00 · 2017-03-21 13:36:20 -04:00 · 32ce21b5cd
parent b6cf8fe22b
commit 32ce21b5cd
248 changed files with 3974 additions and 4093 deletions
--- a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java
+++ b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java
@ -16,6 +16,8 @@
 *******************************************************************************/
 package org.mitre.oauth2.introspectingfilter;
 import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_BASIC;
 import java.io.IOException;
 import java.net.URI;
 import java.util.Calendar;
@ -54,8 +56,6 @@ import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
 import com.nimbusds.jose.util.Base64;
 import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_BASIC;
 /**
 * This ResourceServerTokenServices implementation introspects incoming tokens at a
 * server's introspection endpoint URL and passes an Authentication object along
--- a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/IntrospectionAuthorityGranter.java
+++ b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/IntrospectionAuthorityGranter.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.oauth2.introspectingfilter.service;
--- a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/IntrospectionConfigurationService.java
+++ b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/IntrospectionConfigurationService.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.oauth2.introspectingfilter.service;
--- a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/JWTParsingIntrospectionConfigurationService.java
+++ b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/JWTParsingIntrospectionConfigurationService.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.oauth2.introspectingfilter.service.impl;
@ -32,11 +32,11 @@ import com.nimbusds.jwt.JWT;
 import com.nimbusds.jwt.JWTParser;
 /**
- * 
+ *
 * Parses the incoming accesstoken as a JWT and determines the issuer based on
 * the "iss" field inside the JWT. Uses the ServerConfigurationService to determine
 * the introspection URL for that issuer.
- * 
+ *
 * @author jricher
 *
 */
--- a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/ScopeBasedIntrospectionAuthoritiesGranter.java
+++ b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/ScopeBasedIntrospectionAuthoritiesGranter.java
@ -34,7 +34,7 @@ import com.google.gson.JsonObject;
 *
 */
 public class ScopeBasedIntrospectionAuthoritiesGranter implements IntrospectionAuthorityGranter {
-	
+
 	private List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_API");
 	/* (non-Javadoc)
@ -43,7 +43,7 @@ public class ScopeBasedIntrospectionAuthoritiesGranter implements IntrospectionA
 	@Override
 	public List<GrantedAuthority> getAuthorities(JsonObject introspectionResponse) {
 		List<GrantedAuthority> auth = new ArrayList<>(getAuthorities());
-		
+
 		if (introspectionResponse.has("scope") && introspectionResponse.get("scope").isJsonPrimitive()) {
 			String scopeString = introspectionResponse.get("scope").getAsString();
 			Set<String> scopes = OAuth2Utils.parseParameterList(scopeString);
@ -51,7 +51,7 @@ public class ScopeBasedIntrospectionAuthoritiesGranter implements IntrospectionA
 				auth.add(new SimpleGrantedAuthority("OAUTH_SCOPE_" + scope));
 			}
 		}
-		
+
 		return auth;
 	}
--- a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/SimpleIntrospectionAuthorityGranter.java
+++ b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/SimpleIntrospectionAuthorityGranter.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.oauth2.introspectingfilter.service.impl;
@ -28,9 +28,9 @@ import org.springframework.security.core.authority.AuthorityUtils;
 import com.google.gson.JsonObject;
 /**
- * 
+ *
 * Grants the same set of authorities no matter what's passed in.
- * 
+ *
 * @author jricher
 *
 */
--- a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/StaticIntrospectionConfigurationService.java
+++ b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/StaticIntrospectionConfigurationService.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.oauth2.introspectingfilter.service.impl;
@ -23,10 +23,10 @@ import org.mitre.oauth2.introspectingfilter.service.IntrospectionConfigurationSe
 import org.mitre.oauth2.model.RegisteredClient;
 /**
- * 
+ *
 * Always provides the (configured) IntrospectionURL and RegisteredClient regardless
 * of token. Useful for talking to a single, trusted authorization server.
- * 
+ *
 * @author jricher
 *
 */
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/AuthorizationEndpointException.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/AuthorizationEndpointException.java
@ -7,9 +7,9 @@ public class AuthorizationEndpointException extends AuthenticationServiceExcepti
 	private static final long serialVersionUID = 6953119789654778380L;
 	private String error;
-	
+
 	private String errorDescription;
-	
+
 	private String errorURI;
 	public AuthorizationEndpointException(String error, String errorDescription, String errorURI) {
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/NamedAdminAuthoritiesMapper.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/NamedAdminAuthoritiesMapper.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.client;
@ -34,13 +34,13 @@ import com.nimbusds.jwt.JWT;
 import com.nimbusds.jwt.JWTClaimsSet;
 /**
- * 
+ *
 * Simple mapper that adds ROLE_USER to the authorities map for all queries,
 * plus adds ROLE_ADMIN if the subject and issuer pair are found in the
 * configurable "admins" set.
- * 
+ *
 * @author jricher
- * 
+ *
 */
 public class NamedAdminAuthoritiesMapper implements OIDCAuthoritiesMapper {
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java
@ -88,9 +88,9 @@ import com.nimbusds.jwt.SignedJWT;
 /**
 * OpenID Connect Authentication Filter class
- * 
+ *
 * @author nemonik, jricher
- * 
+ *
 */
 public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
@ -169,9 +169,9 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 	/*
 	 * This is the main entry point for the filter.
-	 * 
+	 *
 	 * (non-Javadoc)
-	 * 
+	 *
 	 * @see org.springframework.security.web.authentication.
 	 * AbstractAuthenticationProcessingFilter
 	 * #attemptAuthentication(javax.servlet.http.HttpServletRequest,
@ -204,7 +204,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 	/**
 	 * Initiate an Authorization request
-	 * 
+	 *
 	 * @param request
 	 *            The request from which to extract parameters and perform the
 	 *            authentication
@ -270,7 +270,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 			String state = createState(session);
 			Map<String, String> options = authOptions.getOptions(serverConfig, clientConfig, request);
-			
+
 			// if we're using PKCE, handle the challenge here
 			if (clientConfig.getCodeChallengeMethod() != null) {
 				String codeVerifier = createCodeVerifier(session);
@ -287,7 +287,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 						e.printStackTrace();
 					}
-					
+
 				}
 			}
@ -330,7 +330,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 		form.add("grant_type", "authorization_code");
 		form.add("code", authorizationCode);
 		form.setAll(authOptions.getTokenOptions(serverConfig, clientConfig, request));
-		
+
 		String codeVerifier = getStoredCodeVerifier(session);
 		if (codeVerifier != null) {
 			form.add("code_verifier", codeVerifier);
@ -345,11 +345,11 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 		if(httpClient == null) {
 			httpClient = HttpClientBuilder.create()
-										  .useSystemProperties()
+					.useSystemProperties()
-										  .setDefaultRequestConfig(RequestConfig.custom()
+					.setDefaultRequestConfig(RequestConfig.custom()
-																				.setSocketTimeout(httpSocketTimeout)
+							.setSocketTimeout(httpSocketTimeout)
-																				.build())
+							.build())
-										  .build();
+					.build();
 		}
 		HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient);
@ -634,7 +634,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 	/**
 	 * Handle Authorization Endpoint error
-	 * 
+	 *
 	 * @param request
 	 *            The request from which to extract parameters and handle the
 	 *            error
@ -708,7 +708,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 	protected static String getStoredState(HttpSession session) {
 		return getStoredSessionString(session, STATE_SESSION_VARIABLE);
 	}
-	
+
 	/**
 	 * Create a random code challenge and store it in the session
 	 * @param session
@ -719,7 +719,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 		session.setAttribute(CODE_VERIFIER_SESSION_VARIABLE, challenge);
 		return challenge;
 	}
-	
+
 	/**
 	 * Retrieve the stored challenge from our session
 	 * @param session
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationProvider.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationProvider.java
@ -34,7 +34,7 @@ import com.nimbusds.jwt.JWT;
 /**
 * @author nemonik, Justin Richer
- * 
+ *
 */
 public class OIDCAuthenticationProvider implements AuthenticationProvider {
@ -46,7 +46,7 @@ public class OIDCAuthenticationProvider implements AuthenticationProvider {
 	/*
 	 * (non-Javadoc)
-	 * 
+	 *
 	 * @see org.springframework.security.authentication.AuthenticationProvider#
 	 * authenticate(org.springframework.security.core.Authentication)
 	 */
@ -86,7 +86,7 @@ public class OIDCAuthenticationProvider implements AuthenticationProvider {
 	/**
 	 * Override this function to return a different kind of Authentication, processes the authorities differently,
 	 * or do post-processing based on the UserInfo object.
-	 * 
+	 *
 	 * @param token
 	 * @param authorities
 	 * @param userInfo
@ -115,7 +115,7 @@ public class OIDCAuthenticationProvider implements AuthenticationProvider {
 	/*
 	 * (non-Javadoc)
-	 * 
+	 *
 	 * @see
 	 * org.springframework.security.authentication.AuthenticationProvider#supports
 	 * (java.lang.Class)
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/StaticPrefixTargetLinkURIChecker.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/StaticPrefixTargetLinkURIChecker.java
@ -19,7 +19,7 @@ package org.mitre.openid.connect.client;
 /**
 * Simple target URI checker, checks whether the string in question starts
 * with a configured prefix. Returns "/" if the match fails.
- * 
+ *
 * @author jricher
 *
 */
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/SubjectIssuerGrantedAuthority.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/SubjectIssuerGrantedAuthority.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.client;
@ -24,9 +24,9 @@ import org.springframework.security.core.GrantedAuthority;
 import com.google.common.base.Strings;
 /**
- * 
+ *
 * Simple authority representing a user at an issuer.
- * 
+ *
 * @author jricher
 *
 */
@ -51,9 +51,9 @@ public class SubjectIssuerGrantedAuthority implements GrantedAuthority {
 	/**
 	 * Returns a string formed by concatenating the subject with the issuer, separated by _ and prepended with OIDC_
-	 * 
+	 *
 	 * For example, the user "bob" from issuer "http://id.example.com/" would return the authority string of:
-	 * 
+	 *
 	 * OIDC_bob_http://id.example.com/
 	 */
 	@Override
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/TargetLinkURIChecker.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/TargetLinkURIChecker.java
@ -20,7 +20,7 @@ public interface TargetLinkURIChecker {
 	/**
 	 * Check the parameter to make sure that it's a valid deep-link into this application.
-	 * 
+	 *
 	 * @param target
 	 * @return
 	 */
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/UserInfoFetcher.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/UserInfoFetcher.java
@ -60,7 +60,7 @@ public class UserInfoFetcher {
 	private static final Logger logger = LoggerFactory.getLogger(UserInfoFetcher.class);
 	private LoadingCache<PendingOIDCAuthenticationToken, UserInfo> cache;
-	
+
 	public UserInfoFetcher() {
 		this(HttpClientBuilder.create().useSystemProperties().build());
 	}
@ -71,7 +71,7 @@ public class UserInfoFetcher {
 				.maximumSize(100)
 				.build(new UserInfoLoader(httpClient));
 	}
-	
+
 	public UserInfo loadUserInfo(final PendingOIDCAuthenticationToken token) {
 		try {
 			return cache.get(token);
@ -81,8 +81,8 @@ public class UserInfoFetcher {
 		}
 	}
-	
+
-	
+
 	private class UserInfoLoader extends CacheLoader<PendingOIDCAuthenticationToken, UserInfo> {
 		private HttpComponentsClientHttpRequestFactory factory;
@ -90,22 +90,23 @@ public class UserInfoFetcher {
 			this.factory = new HttpComponentsClientHttpRequestFactory(httpClient);
 		}
 		@Override
 		public UserInfo load(final PendingOIDCAuthenticationToken token) throws URISyntaxException {
-	
+
 			ServerConfiguration serverConfiguration = token.getServerConfiguration();
-	
+
 			if (serverConfiguration == null) {
 				logger.warn("No server configuration found.");
 				return null;
 			}
-	
+
 			if (Strings.isNullOrEmpty(serverConfiguration.getUserInfoUri())) {
 				logger.warn("No userinfo endpoint, not fetching.");
 				return null;
 			}
-	
+
 			String userInfoString = null;
-	
+
 			if (serverConfiguration.getUserInfoTokenMethod() == null || serverConfiguration.getUserInfoTokenMethod().equals(UserInfoTokenMethod.HEADER)) {
 				RestTemplate restTemplate = new RestTemplate(factory) {
@ -145,7 +146,7 @@ public class UserInfoFetcher {
 				// didn't get anything throw exception
 				throw new IllegalArgumentException("Unable to load user info");
 			}
-	
+
 		}
 	}
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/ClientKeyPublisherMapping.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/ClientKeyPublisherMapping.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.client.keypublisher;
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/JwkViewResolver.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/JwkViewResolver.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.client.keypublisher;
@ -26,9 +26,9 @@ import org.springframework.web.servlet.View;
 import org.springframework.web.servlet.ViewResolver;
 /**
- * 
+ *
 * Simple view resolver to map JWK view names to appropriate beans
- * 
+ *
 * @author jricher
 *
 */
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/model/IssuerServiceResponse.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/model/IssuerServiceResponse.java
@ -15,14 +15,14 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.client.model;
 /**
- * 
+ *
 * Data container to facilitate returns from the IssuerService API.
- * 
+ *
 * @author jricher
 *
 */
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestOptionsService.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestOptionsService.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.client.service;
@ -27,11 +27,11 @@ import org.mitre.oauth2.model.RegisteredClient;
 import org.mitre.openid.connect.config.ServerConfiguration;
 /**
- * 
+ *
 * This service provides any extra options that need to be passed to the authentication request,
 * either through the authorization endpoint (getOptions) or the token endpoint (getTokenOptions).
 * These options may depend on the server configuration, client configuration, or HTTP request.
- * 
+ *
 * @author jricher
 *
 */
@ -39,7 +39,7 @@ public interface AuthRequestOptionsService {
 	/**
 	 * The set of options needed at the authorization endpoint.
-	 * 
+	 *
 	 * @param server
 	 * @param client
 	 * @param request
@ -49,7 +49,7 @@ public interface AuthRequestOptionsService {
 	/**
 	 * The set of options needed at the token endpoint.
-	 * 
+	 *
 	 * @param server
 	 * @param client
 	 * @param request
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestUrlBuilder.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestUrlBuilder.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.client.service;
@ -26,7 +26,7 @@ import org.mitre.openid.connect.config.ServerConfiguration;
 /**
 * Builds a URL string to the IdP's authorization endpoint.
- * 
+ *
 * @author jricher
 *
 */
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/ClientConfigurationService.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/ClientConfigurationService.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.client.service;
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/IssuerService.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/IssuerService.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.client.service;
@ -24,9 +24,9 @@ import javax.servlet.http.HttpServletRequest;
 import org.mitre.openid.connect.client.model.IssuerServiceResponse;
 /**
- * 
+ *
 * Gets an issuer for the given request. Might do dynamic discovery, or might be statically configured.
- * 
+ *
 * @author jricher
 *
 */
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/RegisteredClientService.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/RegisteredClientService.java
@ -15,12 +15,10 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.client.service;
 import java.util.List;
 import org.mitre.oauth2.model.RegisteredClient;
 /**
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/ServerConfigurationService.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/ServerConfigurationService.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.client.service;
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.client.service.impl;
@ -164,10 +164,10 @@ public class DynamicRegistrationClientConfigurationService implements ClientConf
 	/**
 	 * Loader class that fetches the client information.
-	 * 
+	 *
 	 * If a client has been registered (ie, it's known to the RegisteredClientService), then this
 	 * will fetch the client's configuration from the server.
-	 * 
+	 *
 	 * @author jricher
 	 *
 	 */
@ -203,12 +203,12 @@ public class DynamicRegistrationClientConfigurationService implements ClientConf
 				try {
 					String registered = restTemplate.postForObject(serverConfig.getRegistrationEndpointUri(), entity, String.class);
-	
+
 					RegisteredClient client = ClientDetailsEntityJsonProcessor.parseRegistered(registered);
-	
+
 					// save this client for later
 					registeredClientService.save(serverConfig.getIssuer(), client);
-	
+
 					return client;
 				} catch (RestClientException rce) {
 					throw new InvalidClientException("Error registering client with server");
@ -227,9 +227,9 @@ public class DynamicRegistrationClientConfigurationService implements ClientConf
 					try {
 						String registered = restTemplate.exchange(knownClient.getRegistrationClientUri(), HttpMethod.GET, entity, String.class).getBody();
 						// TODO: handle HTTP errors
-	
+
 						RegisteredClient client = ClientDetailsEntityJsonProcessor.parseRegistered(registered);
-	
+
 						return client;
 					} catch (RestClientException rce) {
 						throw new InvalidClientException("Error loading previously registered client information from server");
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicServerConfigurationService.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicServerConfigurationService.java
@ -15,10 +15,17 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.client.service.impl;
 import static org.mitre.util.JsonUtils.getAsBoolean;
 import static org.mitre.util.JsonUtils.getAsEncryptionMethodList;
 import static org.mitre.util.JsonUtils.getAsJweAlgorithmList;
 import static org.mitre.util.JsonUtils.getAsJwsAlgorithmList;
 import static org.mitre.util.JsonUtils.getAsString;
 import static org.mitre.util.JsonUtils.getAsStringList;
 import java.util.HashSet;
 import java.util.Set;
 import java.util.concurrent.ExecutionException;
@ -41,17 +48,10 @@ import com.google.gson.JsonElement;
 import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
 import static org.mitre.util.JsonUtils.getAsBoolean;
 import static org.mitre.util.JsonUtils.getAsEncryptionMethodList;
 import static org.mitre.util.JsonUtils.getAsJweAlgorithmList;
 import static org.mitre.util.JsonUtils.getAsJwsAlgorithmList;
 import static org.mitre.util.JsonUtils.getAsString;
 import static org.mitre.util.JsonUtils.getAsStringList;
 /**
- * 
+ *
 * Dynamically fetches OpenID Connect server configurations based on the issuer. Caches the server configurations.
- * 
+ *
 * @author jricher
 *
 */
@ -133,9 +133,9 @@ public class DynamicServerConfigurationService implements ServerConfigurationSer
 		private HttpComponentsClientHttpRequestFactory httpFactory;
 		private JsonParser parser = new JsonParser();
-        OpenIDConnectServiceConfigurationFetcher(HttpClient httpClient) {
+		OpenIDConnectServiceConfigurationFetcher(HttpClient httpClient) {
-            this.httpFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
+			this.httpFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
-        }
+		}
 		@Override
 		public ServerConfiguration load(String issuer) throws Exception {
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/EncryptedAuthRequestUrlBuilder.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/EncryptedAuthRequestUrlBuilder.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.client.service.impl;
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridClientConfigurationService.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridClientConfigurationService.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.client.service.impl;
@ -31,12 +31,12 @@ import org.mitre.openid.connect.config.ServerConfiguration;
 * Houses both a static client configuration and a dynamic client configuration
 * service in one object. Checks the static service first, then falls through to
 * the dynamic service.
- * 
+ *
 * Provides configuration passthrough for the template, registered client service, whitelist,
 * and blacklist for the dynamic service, and to the static service's client map.
- * 
+ *
 * @author jricher
- * 
+ *
 */
 public class HybridClientConfigurationService implements ClientConfigurationService {
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridIssuerService.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridIssuerService.java
@ -26,11 +26,11 @@ import org.mitre.openid.connect.client.service.IssuerService;
 import com.google.common.collect.Sets;
 /**
- * 
+ *
 * Issuer service that tries to parse input from the inputs from a third-party
 * account chooser service (if possible), but falls back to webfinger discovery
 * if not.
- * 
+ *
 * @author jricher
 *
 */
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridServerConfigurationService.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridServerConfigurationService.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.client.service.impl;
@ -29,11 +29,11 @@ import org.mitre.openid.connect.config.ServerConfiguration;
 * Houses both a static server configuration and a dynamic server configuration
 * service in one object. Checks the static service first, then falls through to
 * the dynamic service.
- * 
+ *
 * Provides configuration passthrough to the dynamic service's whitelist and blacklist,
 * and to the static service's server map.
- * 
+ *
- * 
+ *
 * @author jricher
 *
 */
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/InMemoryRegisteredClientService.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/InMemoryRegisteredClientService.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.client.service.impl;
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/JsonFileRegisteredClientService.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/JsonFileRegisteredClientService.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.client.service.impl;
@ -55,20 +55,20 @@ public class JsonFileRegisteredClientService implements RegisteredClientService
 	private static final Logger logger = LoggerFactory.getLogger(JsonFileRegisteredClientService.class);
 	private Gson gson = new GsonBuilder()
-	.registerTypeAdapter(RegisteredClient.class, new JsonSerializer<RegisteredClient>() {
+			.registerTypeAdapter(RegisteredClient.class, new JsonSerializer<RegisteredClient>() {
-		@Override
+				@Override
-		public JsonElement serialize(RegisteredClient src, Type typeOfSrc, JsonSerializationContext context) {
+				public JsonElement serialize(RegisteredClient src, Type typeOfSrc, JsonSerializationContext context) {
-			return ClientDetailsEntityJsonProcessor.serialize(src);
+					return ClientDetailsEntityJsonProcessor.serialize(src);
-		}
+				}
-	})
+			})
-	.registerTypeAdapter(RegisteredClient.class, new JsonDeserializer<RegisteredClient>() {
+			.registerTypeAdapter(RegisteredClient.class, new JsonDeserializer<RegisteredClient>() {
-		@Override
+				@Override
-		public RegisteredClient deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
+				public RegisteredClient deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
-			return ClientDetailsEntityJsonProcessor.parseRegistered(json);
+					return ClientDetailsEntityJsonProcessor.parseRegistered(json);
-		}
+				}
-	})
+			})
-	.setPrettyPrinting()
+			.setPrettyPrinting()
-	.create();
+			.create();
 	private File file;
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/PlainAuthRequestUrlBuilder.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/PlainAuthRequestUrlBuilder.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.client.service.impl;
@ -33,9 +33,9 @@ import com.google.common.base.Joiner;
 import com.google.common.base.Strings;
 /**
- * 
+ *
 * Builds an auth request redirect URI with normal query parameters.
- * 
+ *
 * @author jricher
 *
 */
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/SignedAuthRequestUrlBuilder.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/SignedAuthRequestUrlBuilder.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.client.service.impl;
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticAuthRequestOptionsService.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticAuthRequestOptionsService.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.client.service.impl;
@ -29,9 +29,9 @@ import org.mitre.openid.connect.client.service.AuthRequestOptionsService;
 import org.mitre.openid.connect.config.ServerConfiguration;
 /**
- * 
+ *
 * Always returns the same set of options.
- * 
+ *
 * @author jricher
 *
 */
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticClientConfigurationService.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticClientConfigurationService.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.client.service.impl;
@ -29,9 +29,9 @@ import org.mitre.openid.connect.config.ServerConfiguration;
 /**
 * Client configuration service that holds a static map from issuer URL to a ClientDetails object to use at that issuer.
- * 
+ *
 * Designed to be configured as a bean.
- * 
+ *
 * @author jricher
 *
 */
@ -56,7 +56,7 @@ public class StaticClientConfigurationService implements ClientConfigurationServ
 	/**
 	 * Get the client configured for this issuer
-	 * 
+	 *
 	 * @see org.mitre.openid.connect.client.service.ClientConfigurationService#getClientConfiguration(java.lang.String)
 	 */
 	@Override
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticServerConfigurationService.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticServerConfigurationService.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.client.service.impl;
@ -28,7 +28,7 @@ import org.mitre.openid.connect.config.ServerConfiguration;
 /**
 * Statically configured server configuration service that maps issuer URLs to server configurations to use at that issuer.
- * 
+ *
 * @author jricher
 *
 */
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticSingleIssuerService.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticSingleIssuerService.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.client.service.impl;
@ -51,7 +51,7 @@ public class StaticSingleIssuerService implements IssuerService {
 	/**
 	 * Always returns the configured issuer URL
-	 * 
+	 *
 	 * @see org.mitre.openid.connect.client.service.IssuerService#getIssuer(javax.servlet.http.HttpServletRequest)
 	 */
 	@Override
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/ThirdPartyIssuerService.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/ThirdPartyIssuerService.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.client.service.impl;
@ -34,9 +34,9 @@ import org.springframework.security.authentication.AuthenticationServiceExceptio
 import com.google.common.base.Strings;
 /**
- * 
+ *
 * Determines the issuer using an account chooser or other third-party-initiated login
- * 
+ *
 * @author jricher
 *
 */
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/WebfingerIssuerService.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/WebfingerIssuerService.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.client.service.impl;
@ -74,7 +74,7 @@ public class WebfingerIssuerService implements IssuerService {
 			this.issuer = issuer;
 		}
 	}
-	
+
 	private Set<String> whitelist = new HashSet<>();
 	private Set<String> blacklist = new HashSet<>();
@ -118,7 +118,7 @@ public class WebfingerIssuerService implements IssuerService {
 				if (blacklist.contains(lr.issuer)) {
 					throw new AuthenticationServiceException("Issuer was in blacklist: " + lr.issuer);
 				}
-				
+
 				return new IssuerServiceResponse(lr.issuer, lr.loginHint, request.getParameter("target_link_uri"));
 			} catch (UncheckedExecutionException | ExecutionException e) {
 				logger.warn("Issue fetching issuer for user input: " + identifier + ": " + e.getMessage());
@ -218,7 +218,7 @@ public class WebfingerIssuerService implements IssuerService {
 		public LoadingResult load(String identifier) throws Exception {
 			UriComponents key = WebfingerURLNormalizer.normalizeResource(identifier);
-			
+
 			RestTemplate restTemplate = new RestTemplate(httpFactory);
 			// construct the URL to go to
@ -268,7 +268,7 @@ public class WebfingerIssuerService implements IssuerService {
 								// we found the issuer, return it
 								String href = linkObj.get("href").getAsString();
-								
+
 								if (identifier.equals(href)
 										|| identifier.startsWith("http")) {
 									// try to avoid sending a URL as the login hint
--- a/openid-connect-client/src/test/java/org/mitre/oauth2/introspectingfilter/service/impl/TestScopeBasedIntrospectionAuthoritiesGranter.java
+++ b/openid-connect-client/src/test/java/org/mitre/oauth2/introspectingfilter/service/impl/TestScopeBasedIntrospectionAuthoritiesGranter.java
@ -38,7 +38,7 @@ public class TestScopeBasedIntrospectionAuthoritiesGranter {
 	private JsonObject introspectionResponse;
 	private ScopeBasedIntrospectionAuthoritiesGranter granter = new ScopeBasedIntrospectionAuthoritiesGranter();
-	
+
 	/**
 	 * @throws java.lang.Exception
 	 */
@ -53,16 +53,16 @@ public class TestScopeBasedIntrospectionAuthoritiesGranter {
 	@Test
 	public void testGetAuthoritiesJsonObject_withScopes() {
 		introspectionResponse.addProperty("scope", "foo bar baz batman");
-		
+
 		List<GrantedAuthority> expected = new ArrayList<>();
 		expected.add(new SimpleGrantedAuthority("ROLE_API"));
 		expected.add(new SimpleGrantedAuthority("OAUTH_SCOPE_foo"));
 		expected.add(new SimpleGrantedAuthority("OAUTH_SCOPE_bar"));
 		expected.add(new SimpleGrantedAuthority("OAUTH_SCOPE_baz"));
 		expected.add(new SimpleGrantedAuthority("OAUTH_SCOPE_batman"));
-		
+
 		List<GrantedAuthority> authorities = granter.getAuthorities(introspectionResponse);
-		
+
 		assertTrue(authorities.containsAll(expected));
 		assertTrue(expected.containsAll(authorities));
 	}
@ -72,12 +72,12 @@ public class TestScopeBasedIntrospectionAuthoritiesGranter {
 	 */
 	@Test
 	public void testGetAuthoritiesJsonObject_withoutScopes() {
-		
+
 		List<GrantedAuthority> expected = new ArrayList<>();
 		expected.add(new SimpleGrantedAuthority("ROLE_API"));
-		
+
 		List<GrantedAuthority> authorities = granter.getAuthorities(introspectionResponse);
-		
+
 		assertTrue(authorities.containsAll(expected));
 		assertTrue(expected.containsAll(authorities));
 	}
--- a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/TestOIDCAuthenticationFilter.java
+++ b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/TestOIDCAuthenticationFilter.java
@ -1,11 +1,5 @@
 package org.mitre.openid.connect.client;
 import static org.hamcrest.CoreMatchers.instanceOf;
 import static org.hamcrest.CoreMatchers.is;
 import static org.junit.Assert.assertThat;
 import static org.junit.Assert.fail;
 import static org.mockito.Mockito.mock;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@ -13,13 +7,21 @@ import org.junit.Test;
 import org.mockito.Mockito;
 import org.springframework.security.authentication.AuthenticationServiceException;
 import static org.hamcrest.CoreMatchers.instanceOf;
 import static org.hamcrest.CoreMatchers.is;
 import static org.mockito.Mockito.mock;
 import static org.junit.Assert.assertThat;
 import static org.junit.Assert.fail;
 public class TestOIDCAuthenticationFilter {
 	private OIDCAuthenticationFilter filter = new OIDCAuthenticationFilter();
-	
+
 	@Test
 	public void attemptAuthentication_error() throws Exception {
-		
+
 		HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
 		Mockito.when(request.getParameter("error")).thenReturn("Error");
 		Mockito.when(request.getParameter("error_description")).thenReturn("Description");
@ -27,13 +29,13 @@ public class TestOIDCAuthenticationFilter {
 		try {
 			filter.attemptAuthentication(request, mock(HttpServletResponse.class));
-			
+
 			fail("AuthorizationEndpointException expected.");
 		}
 		catch (AuthorizationEndpointException exception) {
 			assertThat(exception.getMessage(),
 					is("Error from Authorization Endpoint: Error Description http://example.com"));
-			
+
 			assertThat(exception.getError(), is("Error"));
 			assertThat(exception.getErrorDescription(), is("Description"));
 			assertThat(exception.getErrorURI(), is("http://example.com"));
--- a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestSignedAuthRequestUrlBuilder.java
+++ b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestSignedAuthRequestUrlBuilder.java
@ -52,7 +52,7 @@ import static org.junit.Assert.fail;
 /**
 * @author wkim
- * 
+ *
 */
 public class TestSignedAuthRequestUrlBuilder {
--- a/openid-connect-common/src/main/java/org/mitre/data/AbstractPageOperationTemplate.java
+++ b/openid-connect-common/src/main/java/org/mitre/data/AbstractPageOperationTemplate.java
@ -1,12 +1,12 @@
 package org.mitre.data;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.Set;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 /**
 * Abstract class for performing an operation on a potentially large
 * number of items by paging through the items in discreet chunks.
@ -16,162 +16,162 @@ import java.util.Set;
 */
 public abstract class AbstractPageOperationTemplate<T> {
-    private static final Logger logger = LoggerFactory.getLogger(AbstractPageOperationTemplate.class);
+	private static final Logger logger = LoggerFactory.getLogger(AbstractPageOperationTemplate.class);
-    private static int DEFAULT_MAX_PAGES = 1000;
+	private static int DEFAULT_MAX_PAGES = 1000;
-    private static long DEFAULT_MAX_TIME_MILLIS = 600000L; //10 Minutes
+	private static long DEFAULT_MAX_TIME_MILLIS = 600000L; //10 Minutes
-    /**
+	/**
-     * int specifying the maximum number of
+	 * int specifying the maximum number of
-     * pages which should be fetched before
+	 * pages which should be fetched before
-     * execution should terminate
+	 * execution should terminate
-     */
+	 */
-    private int maxPages;
+	private int maxPages;
-    /**
+	/**
-     * long specifying the maximum execution time
+	 * long specifying the maximum execution time
-     * in milliseconds
+	 * in milliseconds
-     */
+	 */
-    private long maxTime;
+	private long maxTime;
-    /**
+	/**
-     * boolean specifying whether or not Exceptions
+	 * boolean specifying whether or not Exceptions
-     * incurred performing the operation should be
+	 * incurred performing the operation should be
-     * swallowed during execution default true.
+	 * swallowed during execution default true.
-     */
+	 */
-    private boolean swallowExceptions = true;
+	private boolean swallowExceptions = true;
-    
+
-    /**
+	/**
-     * String that is used for logging in final tallies.
+	 * String that is used for logging in final tallies.
-     */
+	 */
-    private String operationName = "";
+	private String operationName = "";
-    /**
+	/**
-     * default constructor which sets the value of
+	 * default constructor which sets the value of
-     * maxPages and maxTime to DEFAULT_MAX_PAGES and
+	 * maxPages and maxTime to DEFAULT_MAX_PAGES and
-     * DEFAULT_MAX_TIME_MILLIS respectively
+	 * DEFAULT_MAX_TIME_MILLIS respectively
-     */
+	 */
-    public AbstractPageOperationTemplate(String operationName){
+	public AbstractPageOperationTemplate(String operationName){
-        this(DEFAULT_MAX_PAGES, DEFAULT_MAX_TIME_MILLIS, operationName);
+		this(DEFAULT_MAX_PAGES, DEFAULT_MAX_TIME_MILLIS, operationName);
-    }
+	}
-    /**
+	/**
-     * Instantiates a new AbstractPageOperationTemplate with the
+	 * Instantiates a new AbstractPageOperationTemplate with the
-     * given maxPages and maxTime
+	 * given maxPages and maxTime
-     *
+	 *
-     * @param maxPages the maximum number of pages to fetch.
+	 * @param maxPages the maximum number of pages to fetch.
-     * @param maxTime the maximum execution time.
+	 * @param maxTime the maximum execution time.
-     */
+	 */
-    public AbstractPageOperationTemplate(int maxPages, long maxTime, String operationName){
+	public AbstractPageOperationTemplate(int maxPages, long maxTime, String operationName){
-        this.maxPages = maxPages;
+		this.maxPages = maxPages;
-        this.maxTime = maxTime;
+		this.maxTime = maxTime;
-        this.operationName = operationName;
+		this.operationName = operationName;
-    }
+	}
-    /**
+	/**
-     * Execute the operation on each member of a page of results
+	 * Execute the operation on each member of a page of results
-     * retrieved through the fetch method. the method will execute
+	 * retrieved through the fetch method. the method will execute
-     * until either the maxPages or maxTime limit is reached or until
+	 * until either the maxPages or maxTime limit is reached or until
-     * the fetch method returns no more results. Exceptions thrown
+	 * the fetch method returns no more results. Exceptions thrown
-     * performing the operation on the item will be swallowed if the
+	 * performing the operation on the item will be swallowed if the
-     * swallowException (default true) field is set true.
+	 * swallowException (default true) field is set true.
-     */
+	 */
-    public void execute(){
+	public void execute(){
-        logger.debug("[" + getOperationName() +  "] Starting execution of paged operation. maximum time: " + maxTime + ", maximum pages: " + maxPages);
+		logger.debug("[" + getOperationName() +  "] Starting execution of paged operation. maximum time: " + maxTime + ", maximum pages: " + maxPages);
-        long startTime = System.currentTimeMillis();
+		long startTime = System.currentTimeMillis();
-        long executionTime = 0;
+		long executionTime = 0;
-        int i = 0;
+		int i = 0;
-        int exceptionsSwallowedCount = 0;
+		int exceptionsSwallowedCount = 0;
-        int operationsCompleted = 0;
+		int operationsCompleted = 0;
-        Set<String> exceptionsSwallowedClasses = new HashSet<String>();
+		Set<String> exceptionsSwallowedClasses = new HashSet<String>();
-        while (i< maxPages && executionTime < maxTime){
+		while (i< maxPages && executionTime < maxTime){
-            Collection<T> page = fetchPage();
+			Collection<T> page = fetchPage();
-            if(page == null || page.size() == 0){
+			if(page == null || page.size() == 0){
-                break;
+				break;
-            }
+			}
-            for (T item : page) {
+			for (T item : page) {
-                try {
+				try {
-                    doOperation(item);
+					doOperation(item);
-                    operationsCompleted++;
+					operationsCompleted++;
-                } catch (Exception e){
+				} catch (Exception e){
-                    if(swallowExceptions){
+					if(swallowExceptions){
-                        exceptionsSwallowedCount++;
+						exceptionsSwallowedCount++;
-                        exceptionsSwallowedClasses.add(e.getClass().getName());
+						exceptionsSwallowedClasses.add(e.getClass().getName());
-                        logger.debug("Swallowing exception " + e.getMessage(), e);
+						logger.debug("Swallowing exception " + e.getMessage(), e);
-                    } else {
+					} else {
-                        logger.debug("Rethrowing exception " + e.getMessage());
+						logger.debug("Rethrowing exception " + e.getMessage());
-                        throw e;
+						throw e;
-                    }
+					}
-                }
+				}
-            }
+			}
-            i++;
+			i++;
-            executionTime = System.currentTimeMillis() - startTime;
+			executionTime = System.currentTimeMillis() - startTime;
-        }
+		}
-        finalReport(operationsCompleted, exceptionsSwallowedCount, exceptionsSwallowedClasses);
+		finalReport(operationsCompleted, exceptionsSwallowedCount, exceptionsSwallowedClasses);
-    }
+	}
-    /**
+	/**
-     * method responsible for fetching
+	 * method responsible for fetching
-     * a page of items.
+	 * a page of items.
-     *
+	 *
-     * @return the collection of items
+	 * @return the collection of items
-     */
+	 */
-    public abstract Collection<T> fetchPage();
+	public abstract Collection<T> fetchPage();
-    /**
+	/**
-     * method responsible for performing desired
+	 * method responsible for performing desired
-     * operation on a fetched page item.
+	 * operation on a fetched page item.
-     *
+	 *
-     * @param item the item
+	 * @param item the item
-     */
+	 */
-    protected abstract void doOperation(T item);
+	protected abstract void doOperation(T item);
    /**
     * Method responsible for final report of progress.
     * @return
     */
    protected void finalReport(int operationsCompleted, int exceptionsSwallowedCount, Set<String> exceptionsSwallowedClasses) {
    	if (operationsCompleted > 0 || exceptionsSwallowedCount > 0) {
    		logger.info("[" + getOperationName() +  "] Paged operation run: completed " + operationsCompleted + "; swallowed " + exceptionsSwallowedCount + " exceptions");
    	}
    	for(String className:  exceptionsSwallowedClasses) {
    		logger.warn("[" + getOperationName() +  "] Paged operation swallowed at least one exception of type " + className);
    	}
    }
-    public int getMaxPages() {
+	/**
-        return maxPages;
+	 * Method responsible for final report of progress.
-    }
+	 * @return
 	 */
 	protected void finalReport(int operationsCompleted, int exceptionsSwallowedCount, Set<String> exceptionsSwallowedClasses) {
 		if (operationsCompleted > 0 || exceptionsSwallowedCount > 0) {
 			logger.info("[" + getOperationName() +  "] Paged operation run: completed " + operationsCompleted + "; swallowed " + exceptionsSwallowedCount + " exceptions");
 		}
 		for(String className:  exceptionsSwallowedClasses) {
 			logger.warn("[" + getOperationName() +  "] Paged operation swallowed at least one exception of type " + className);
 		}
 	}
-    public void setMaxPages(int maxPages) {
+	public int getMaxPages() {
-        this.maxPages = maxPages;
+		return maxPages;
-    }
+	}
-    public long getMaxTime() {
+	public void setMaxPages(int maxPages) {
-        return maxTime;
+		this.maxPages = maxPages;
-    }
+	}
-    public void setMaxTime(long maxTime) {
+	public long getMaxTime() {
-        this.maxTime = maxTime;
+		return maxTime;
-    }
+	}
-    public boolean isSwallowExceptions() {
+	public void setMaxTime(long maxTime) {
-        return swallowExceptions;
+		this.maxTime = maxTime;
-    }
+	}
-    public void setSwallowExceptions(boolean swallowExceptions) {
+	public boolean isSwallowExceptions() {
-        this.swallowExceptions = swallowExceptions;
+		return swallowExceptions;
-    }
+	}
 	public void setSwallowExceptions(boolean swallowExceptions) {
 		this.swallowExceptions = swallowExceptions;
 	}
 	/**
--- a/openid-connect-common/src/main/java/org/mitre/data/DefaultPageCriteria.java
+++ b/openid-connect-common/src/main/java/org/mitre/data/DefaultPageCriteria.java
@ -8,28 +8,28 @@ package org.mitre.data;
 */
 public class DefaultPageCriteria implements PageCriteria {
-    private static final int DEFAULT_PAGE_NUMBER = 0;
+	private static final int DEFAULT_PAGE_NUMBER = 0;
-    private static final int DEFAULT_PAGE_SIZE = 100;
+	private static final int DEFAULT_PAGE_SIZE = 100;
-    private int pageNumber;
+	private int pageNumber;
-    private int pageSize;
+	private int pageSize;
-    public DefaultPageCriteria(){
+	public DefaultPageCriteria(){
-        this(DEFAULT_PAGE_NUMBER, DEFAULT_PAGE_SIZE);
+		this(DEFAULT_PAGE_NUMBER, DEFAULT_PAGE_SIZE);
-    }
+	}
-    public DefaultPageCriteria(int pageNumber, int pageSize) {
+	public DefaultPageCriteria(int pageNumber, int pageSize) {
-        this.pageNumber = pageNumber;
+		this.pageNumber = pageNumber;
-        this.pageSize = pageSize;
+		this.pageSize = pageSize;
-    }
+	}
-    @Override
+	@Override
-    public int getPageNumber() {
+	public int getPageNumber() {
-        return pageNumber;
+		return pageNumber;
-    }
+	}
-    @Override
+	@Override
-    public int getPageSize() {
+	public int getPageSize() {
-        return pageSize;
+		return pageSize;
-    }
+	}
 }
--- a/openid-connect-common/src/main/java/org/mitre/data/PageCriteria.java
+++ b/openid-connect-common/src/main/java/org/mitre/data/PageCriteria.java
@ -8,6 +8,6 @@ package org.mitre.data;
 */
 public interface PageCriteria {
-    public int getPageNumber();
+	public int getPageNumber();
-    public int getPageSize();
+	public int getPageSize();
 }
--- a/openid-connect-common/src/main/java/org/mitre/discovery/util/WebfingerURLNormalizer.java
+++ b/openid-connect-common/src/main/java/org/mitre/discovery/util/WebfingerURLNormalizer.java
@ -29,7 +29,7 @@ import com.google.common.base.Strings;
 /**
 * Provides utility methods for normalizing and parsing URIs for use with Webfinger Discovery.
- * 
+ *
 * @author wkim
 *
 */
--- a/openid-connect-common/src/main/java/org/mitre/jose/keystore/JWKSetKeyStore.java
+++ b/openid-connect-common/src/main/java/org/mitre/jose/keystore/JWKSetKeyStore.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.jose.keystore;
--- a/openid-connect-common/src/main/java/org/mitre/jwt/assertion/AssertionValidator.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/assertion/AssertionValidator.java
@ -26,5 +26,5 @@ import com.nimbusds.jwt.JWT;
 public interface AssertionValidator {
 	public boolean isValid(JWT assertion);
-	
+
 }
--- a/openid-connect-common/src/main/java/org/mitre/jwt/assertion/impl/NullAssertionValidator.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/assertion/impl/NullAssertionValidator.java
@ -23,7 +23,7 @@ import com.nimbusds.jwt.JWT;
 /**
 * Reject all assertions passed in.
- * 
+ *
 * @author jricher
 *
 */
--- a/openid-connect-common/src/main/java/org/mitre/jwt/assertion/impl/SelfAssertionValidator.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/assertion/impl/SelfAssertionValidator.java
@ -33,7 +33,7 @@ import com.nimbusds.jwt.SignedJWT;
 /**
 * Validates all assertions generated by this server
- * 
+ *
 * @author jricher
 *
 */
@ -43,17 +43,17 @@ public class SelfAssertionValidator implements AssertionValidator {
 	@Autowired
 	private ConfigurationPropertiesBean config;
-	
+
 	@Autowired
 	private JWTSigningAndValidationService jwtService;
-	
+
 	@Override
 	public boolean isValid(JWT assertion) {
 		if (!(assertion instanceof SignedJWT)) {
 			// unsigned assertion
 			return false;
 		}
-		
+
 		JWTClaimsSet claims;
 		try {
 			claims = assertion.getJWTClaimsSet();
@ -61,17 +61,17 @@ public class SelfAssertionValidator implements AssertionValidator {
 			logger.debug("Invalid assertion claims");
 			return false;
 		}
-		
+
 		if (Strings.isNullOrEmpty(claims.getIssuer())) {
 			logger.debug("No issuer for assertion, rejecting");
 			return false;
 		}
-		
+
 		if (claims.getIssuer().equals(config.getIssuer())) {
 			logger.debug("Issuer is not the same as this server, rejecting");
 			return false;
 		}
-		
+
 		if (jwtService.validateSignature((SignedJWT) assertion)) {
 			return true;
 		} else {
--- a/openid-connect-common/src/main/java/org/mitre/jwt/assertion/impl/WhitelistedIssuerAssertionValidator.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/assertion/impl/WhitelistedIssuerAssertionValidator.java
@ -41,12 +41,12 @@ import com.nimbusds.jwt.SignedJWT;
 public class WhitelistedIssuerAssertionValidator implements AssertionValidator {
 	private static Logger logger = LoggerFactory.getLogger(WhitelistedIssuerAssertionValidator.class);
-	
+
 	/**
 	 * Map of issuer -> JWKSetUri
 	 */
 	private Map<String, String> whitelist = new HashMap<>();
-	
+
 	/**
 	 * @return the whitelist
 	 */
@ -63,15 +63,15 @@ public class WhitelistedIssuerAssertionValidator implements AssertionValidator {
 	@Autowired
 	private JWKSetCacheService jwkCache;
-	
+
 	@Override
 	public boolean isValid(JWT assertion) {
-		
+
 		if (!(assertion instanceof SignedJWT)) {
 			// unsigned assertion
 			return false;
 		}
-		
+
 		JWTClaimsSet claims;
 		try {
 			claims = assertion.getJWTClaimsSet();
@ -79,21 +79,21 @@ public class WhitelistedIssuerAssertionValidator implements AssertionValidator {
 			logger.debug("Invalid assertion claims");
 			return false;
 		}
-		
+
 		if (Strings.isNullOrEmpty(claims.getIssuer())) {
 			logger.debug("No issuer for assertion, rejecting");
 			return false;
 		}
-		
+
 		if (!whitelist.containsKey(claims.getIssuer())) {
 			logger.debug("Issuer is not in whitelist, rejecting");
 			return false;
 		}
-		
+
 		String jwksUri = whitelist.get(claims.getIssuer());
-		
+
 		JWTSigningAndValidationService validator = jwkCache.getValidator(jwksUri);
-		
+
 		if (validator.validateSignature((SignedJWT) assertion)) {
 			return true;
 		} else {
--- a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/impl/DefaultJWTEncryptionAndDecryptionService.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/impl/DefaultJWTEncryptionAndDecryptionService.java
@ -45,7 +45,6 @@ import com.nimbusds.jose.crypto.ECDHEncrypter;
 import com.nimbusds.jose.crypto.RSADecrypter;
 import com.nimbusds.jose.crypto.RSAEncrypter;
 import com.nimbusds.jose.crypto.bc.BouncyCastleProviderSingleton;
 import com.nimbusds.jose.jca.JCAContext;
 import com.nimbusds.jose.jwk.ECKey;
 import com.nimbusds.jose.jwk.JWK;
 import com.nimbusds.jose.jwk.OctetSequenceKey;
@ -80,7 +79,7 @@ public class DefaultJWTEncryptionAndDecryptionService implements JWTEncryptionAn
 	/**
 	 * Build this service based on the keys given. All public keys will be used to make encrypters,
 	 * all private keys will be used to make decrypters.
-	 * 
+	 *
 	 * @param keys
 	 * @throws NoSuchAlgorithmException
 	 * @throws InvalidKeySpecException
@ -94,7 +93,7 @@ public class DefaultJWTEncryptionAndDecryptionService implements JWTEncryptionAn
 	/**
 	 * Build this service based on the given keystore. All keys must have a key
 	 * id ({@code kid}) field in order to be used.
-	 * 
+	 *
 	 * @param keyStore
 	 * @throws NoSuchAlgorithmException
 	 * @throws InvalidKeySpecException
@ -240,13 +239,13 @@ public class DefaultJWTEncryptionAndDecryptionService implements JWTEncryptionAn
 					logger.warn("No private key for key #" + jwk.getKeyID());
 				}
 			} else if (jwk instanceof ECKey) {
-				
+
 				// build EC Encrypters and decrypters
-				
+
 				ECDHEncrypter encrypter = new ECDHEncrypter((ECKey) jwk);
 				encrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
 				encrypters.put(id, encrypter);
-				
+
 				if (jwk.isPrivate()) { // we can decrypt too
 					ECDHDecrypter decrypter = new ECDHDecrypter((ECKey) jwk);
 					decrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
--- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/JWTSigningAndValidationService.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/JWTSigningAndValidationService.java
@ -34,7 +34,7 @@ public interface JWTSigningAndValidationService {
 	/**
 	 * Checks the signature of the given JWT against all configured signers,
 	 * returns true if at least one of the signers validates it.
-	 * 
+	 *
 	 * @param jwtString
 	 *            the string representation of the JWT as sent on the wire
 	 * @return true if the signature is valid, false if not
@ -45,7 +45,7 @@ public interface JWTSigningAndValidationService {
 	/**
 	 * Called to sign a jwt in place for a client that hasn't registered a preferred signing algorithm.
 	 * Use the default algorithm to sign.
-	 * 
+	 *
 	 * @param jwt the jwt to sign
 	 * @return the signed jwt
 	 * @throws NoSuchAlgorithmException
@ -67,7 +67,7 @@ public interface JWTSigningAndValidationService {
 	/**
 	 * Sign a jwt using the selected algorithm. The algorithm is selected using the String parameter values specified
 	 * in the JWT spec, section 6. I.E., "HS256" means HMAC with SHA-256 and corresponds to our HmacSigner class.
-	 * 
+	 *
 	 * @param jwt the jwt to sign
 	 * @param alg the name of the algorithm to use, as specified in JWS s.6
 	 * @return the signed jwt
--- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/ClientKeyCacheService.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/ClientKeyCacheService.java
@ -39,10 +39,10 @@ import com.nimbusds.jose.JWSAlgorithm;
 import com.nimbusds.jose.jwk.JWKSet;
 /**
- * 
+ *
 * Takes in a client and returns the appropriate validator or encrypter for
 * that client's registered key types.
- * 
+ *
 * @author jricher
 *
 */
--- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJWTSigningAndValidationService.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJWTSigningAndValidationService.java
@ -17,8 +17,6 @@
 package org.mitre.jwt.signer.service.impl;
 import java.security.NoSuchAlgorithmException;
 import java.security.interfaces.ECPrivateKey;
 import java.security.interfaces.ECPublicKey;
 import java.security.spec.InvalidKeySpecException;
 import java.util.Collection;
 import java.util.HashMap;
@ -72,10 +70,10 @@ public class DefaultJWTSigningAndValidationService implements JWTSigningAndValid
 	/**
 	 * Build this service based on the keys given. All public keys will be used
 	 * to make verifiers, all private keys will be used to make signers.
-	 * 
+	 *
 	 * @param keys
 	 *            A map of key identifier to key
-	 * 
+	 *
 	 * @throws InvalidKeySpecException
 	 *             If the keys in the JWKs are not valid
 	 * @throws NoSuchAlgorithmException
@ -89,10 +87,10 @@ public class DefaultJWTSigningAndValidationService implements JWTSigningAndValid
 	/**
 	 * Build this service based on the given keystore. All keys must have a key
 	 * id ({@code kid}) field in order to be used.
-	 * 
+	 *
 	 * @param keyStore
 	 *            the keystore to load all keys from
-	 * 
+	 *
 	 * @throws InvalidKeySpecException
 	 *             If the keys in the JWKs are not valid
 	 * @throws NoSuchAlgorithmException
@ -165,37 +163,37 @@ public class DefaultJWTSigningAndValidationService implements JWTSigningAndValid
 			try {
 				if (jwk instanceof RSAKey) {
 					// build RSA signers & verifiers
-	
+
 					if (jwk.isPrivate()) { // only add the signer if there's a private key
 						RSASSASigner signer = new RSASSASigner((RSAKey) jwk);
 						signers.put(id, signer);
 					}
-	
+
 					RSASSAVerifier verifier = new RSASSAVerifier((RSAKey) jwk);
 					verifiers.put(id, verifier);
-	
+
 				} else if (jwk instanceof ECKey) {
 					// build EC signers & verifiers
-	
+
 					if (jwk.isPrivate()) {
 						ECDSASigner signer = new ECDSASigner((ECKey) jwk);
 						signers.put(id, signer);
 					}
-	
+
 					ECDSAVerifier verifier = new ECDSAVerifier((ECKey) jwk);
 					verifiers.put(id, verifier);
-	
+
 				} else if (jwk instanceof OctetSequenceKey) {
 					// build HMAC signers & verifiers
-	
+
 					if (jwk.isPrivate()) { // technically redundant check because all HMAC keys are private
 						MACSigner signer = new MACSigner((OctetSequenceKey) jwk);
 						signers.put(id, signer);
 					}
-	
+
 					MACVerifier verifier = new MACVerifier((OctetSequenceKey) jwk);
 					verifiers.put(id, verifier);
-	
+
 				} else {
 					logger.warn("Unknown key type: " + jwk);
 				}
--- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JWKSetCacheService.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JWKSetCacheService.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.jwt.signer.service.impl;
@ -43,12 +43,12 @@ import com.google.gson.JsonParseException;
 import com.nimbusds.jose.jwk.JWKSet;
 /**
- * 
+ *
 * Creates a caching map of JOSE signers/validators and encrypters/decryptors
 * keyed on the JWK Set URI. Dynamically loads JWK Sets to create the services.
- * 
+ *
 * @author jricher
- * 
+ *
 */
@Service
 public class JWKSetCacheService {
@ -150,11 +150,11 @@ public class JWKSetCacheService {
 			try {
 				String jsonString = restTemplate.getForObject(key, String.class);
 				JWKSet jwkSet = JWKSet.parse(jsonString);
-	
+
 				JWKSetKeyStore keyStore = new JWKSetKeyStore(jwkSet);
-	
+
 				JWTEncryptionAndDecryptionService service = new DefaultJWTEncryptionAndDecryptionService(keyStore);
-	
+
 				return service;
 			} catch (JsonParseException | RestClientException e) {
 				throw new IllegalArgumentException("Unable to load JWK Set");
--- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/SymmetricKeyJWTValidatorCacheService.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/SymmetricKeyJWTValidatorCacheService.java
@ -41,7 +41,7 @@ import com.nimbusds.jose.util.Base64URL;
 /**
 * Creates and caches symmetrical validators for clients based on client secrets.
- * 
+ *
 * @author jricher
 *
 */
@ -66,7 +66,7 @@ public class SymmetricKeyJWTValidatorCacheService {
 	/**
 	 * Create a symmetric signing and validation service for the given client
-	 * 
+	 *
 	 * @param client
 	 * @return
 	 */
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java
@ -33,7 +33,7 @@ import javax.persistence.Temporal;
 /**
 * Entity class for authorization codes
- * 
+ *
 * @author aanganes
 *
 */
@ -67,7 +67,7 @@ public class AuthorizationCodeEntity {
 	/**
 	 * Create a new AuthorizationCodeEntity with the given code and AuthorizationRequestHolder.
-	 * 
+	 *
 	 * @param code 			the authorization code
 	 * @param authRequest	the AuthoriztionRequestHolder associated with the original code request
 	 */
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.oauth2.model;
@ -57,7 +57,6 @@ import org.mitre.oauth2.model.convert.SimpleGrantedAuthorityStringConverter;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.provider.ClientDetails;
 import com.nimbusds.jose.Algorithm;
 import com.nimbusds.jose.EncryptionMethod;
 import com.nimbusds.jose.JWEAlgorithm;
 import com.nimbusds.jose.JWSAlgorithm;
@ -66,7 +65,7 @@ import com.nimbusds.jwt.JWT;
 /**
 * @author jricher
- * 
+ *
 */
@Entity
@Table(name = "client_details")
@ -151,10 +150,10 @@ public class ClientDetailsEntity implements ClientDetails {
 	/** fields for UMA */
 	private Set<String> claimsRedirectUris;
-	
+
 	/** Software statement **/
 	private JWT softwareStatement;
-	
+
 	/** PKCE **/
 	private PKCEAlgorithm codeChallengeMethod;
@ -239,7 +238,7 @@ public class ClientDetailsEntity implements ClientDetails {
 			return lookup.get(value);
 		}
 	}
-	
+
 	/**
 	 * Create a blank ClientDetailsEntity
 	 */
@ -267,7 +266,7 @@ public class ClientDetailsEntity implements ClientDetails {
 	}
 	/**
-	 * 
+	 *
 	 * @param id the id to set
 	 */
 	public void setId(Long id) {
@ -314,7 +313,7 @@ public class ClientDetailsEntity implements ClientDetails {
 	/**
 	 * Number of seconds ID token is valid for. MUST be a positive integer, can not be null.
-	 * 
+	 *
 	 * @return the idTokenValiditySeconds
 	 */
 	@Basic
@ -367,7 +366,7 @@ public class ClientDetailsEntity implements ClientDetails {
 	}
 	/**
-	 * 
+	 *
 	 */
 	@Override
 	@Transient
@ -580,9 +579,9 @@ public class ClientDetailsEntity implements ClientDetails {
 	/**
 	 * This library does not make use of this field, so it is not
 	 * stored using our persistence layer.
-	 * 
+	 *
 	 * However, it's somehow required by SECOUATH.
-	 * 
+	 *
 	 * @return an empty map
 	 */
 	@Override
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/DeviceCode.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/DeviceCode.java
@ -54,11 +54,11 @@ public class DeviceCode {
 	public static final String QUERY_BY_USER_CODE = "DeviceCode.queryByUserCode";
 	public static final String QUERY_BY_DEVICE_CODE = "DeviceCode.queryByDeviceCode";
 	public static final String QUERY_EXPIRED_BY_DATE = "DeviceCode.queryExpiredByDate";
-	
+
 	public static final String PARAM_USER_CODE = "userCode";
 	public static final String PARAM_DEVICE_CODE = "deviceCode";
 	public static final String PARAM_DATE = "date";
-	
+
 	private Long id;
 	private String deviceCode;
 	private String userCode;
@ -68,11 +68,11 @@ public class DeviceCode {
 	private Map<String, String> requestParameters;
 	private boolean approved;
 	private AuthenticationHolderEntity authenticationHolder;
-	
+
 	public DeviceCode() {
-		
+
 	}
-	
+
 	public DeviceCode(String deviceCode, String userCode, Set<String> scope, String clientId, Map<String, String> params) {
 		this.deviceCode = deviceCode;
 		this.userCode = userCode;
@ -213,7 +213,7 @@ public class DeviceCode {
 	public void setApproved(boolean approved) {
 		this.approved = approved;
 	}
-	
+
 	/**
 	 * The authentication in place when this token was created.
 	 * @return the authentication
@ -231,5 +231,5 @@ public class DeviceCode {
 		this.authenticationHolder = authenticationHolder;
 	}
-	
+
 }
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.oauth2.model;
@ -41,7 +41,6 @@ import javax.persistence.ManyToOne;
 import javax.persistence.NamedQueries;
 import javax.persistence.NamedQuery;
 import javax.persistence.OneToMany;
 import javax.persistence.OneToOne;
 import javax.persistence.Table;
 import javax.persistence.Temporal;
 import javax.persistence.Transient;
@ -113,9 +112,9 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
 	private Set<String> scope;
 	private Set<Permission> permissions;
-	
+
 	private ApprovedSite approvedSite;
-	
+
 	private Map<String, Object> additionalInformation = new HashMap<>(); // ephemeral map of items to be added to the OAuth token response
 	/**
@ -297,7 +296,7 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
 			name = "access_token_permissions",
 			joinColumns = @JoinColumn(name = "access_token_id"),
 			inverseJoinColumns = @JoinColumn(name = "permission_id")
-	)
+			)
 	public Set<Permission> getPermissions() {
 		return permissions;
 	}
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.oauth2.model;
@ -78,7 +78,7 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
 	private Date expiration;
 	/**
-	 * 
+	 *
 	 */
 	public OAuth2RefreshTokenEntity() {
@ -104,7 +104,7 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
 	/**
 	 * The authentication in place when the original access token was
 	 * created
-	 * 
+	 *
 	 * @return the authentication
 	 */
 	@ManyToOne
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/PKCEAlgorithm.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/PKCEAlgorithm.java
@ -26,8 +26,13 @@ import com.nimbusds.jose.Requirement;
 */
 public final class PKCEAlgorithm extends Algorithm {
 	/**
 	 *
 	 */
 	private static final long serialVersionUID = 7752852583210088925L;
 	public static final PKCEAlgorithm plain = new PKCEAlgorithm("plain", Requirement.REQUIRED);
-	
+
 	public static final PKCEAlgorithm S256 = new PKCEAlgorithm("S256", Requirement.OPTIONAL);
 	public PKCEAlgorithm(String name, Requirement req) {
@ -37,7 +42,7 @@ public final class PKCEAlgorithm extends Algorithm {
 	public PKCEAlgorithm(String name) {
 		super(name, null);
 	}
-	
+
 	public static PKCEAlgorithm parse(final String s) {
 		if (s.equals(plain.getName())) {
 			return plain;
@ -47,7 +52,7 @@ public final class PKCEAlgorithm extends Algorithm {
 			return new PKCEAlgorithm(s);
 		}
 	}
-	
+
-	
+
-	
+
 }
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.oauth2.model;
@ -50,7 +50,7 @@ public class RegisteredClient {
 	private JsonObject src;
 	/**
-	 * 
+	 *
 	 */
 	public RegisteredClient() {
 		this.client = new ClientDetailsEntity();
@ -815,7 +815,7 @@ public class RegisteredClient {
 	public void setSoftwareStatement(JWT softwareStatement) {
 		client.setSoftwareStatement(softwareStatement);
 	}
-	
+
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getCodeChallengeMethod()
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/SavedUserAuthentication.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/SavedUserAuthentication.java
@ -40,7 +40,7 @@ import org.springframework.security.core.GrantedAuthority;
 /**
 * This class stands in for an original Authentication object.
- * 
+ *
 * @author jricher
 *
 */
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.oauth2.model;
@ -28,7 +28,6 @@ import javax.persistence.Id;
 import javax.persistence.NamedQueries;
 import javax.persistence.NamedQuery;
 import javax.persistence.Table;
 import javax.persistence.Transient;
 /**
 * @author jricher
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/SerializableStringConverter.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/SerializableStringConverter.java
@ -30,9 +30,9 @@ import org.slf4j.LoggerFactory;
 * Translates a Serializable object of certain primitive types
 * into a String for storage in the database, for use with the
 * OAuth2Request extensions map.
- * 
+ *
 * This class does allow some extension data to be lost.
- * 
+ *
 * @author jricher
 *
 */
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java
@ -32,5 +32,5 @@ public interface AuthenticationHolderRepository {
 	public List<AuthenticationHolderEntity> getOrphanedAuthenticationHolders();
-    public List<AuthenticationHolderEntity> getOrphanedAuthenticationHolders(PageCriteria pageCriteria);
+	public List<AuthenticationHolderEntity> getOrphanedAuthenticationHolders(PageCriteria pageCriteria);
 }
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java
@ -23,7 +23,7 @@ import org.mitre.oauth2.model.AuthorizationCodeEntity;
 /**
 * Interface for saving and consuming OAuth2 authorization codes as AuthorizationCodeEntitys.
- * 
+ *
 * @author aanganes
 *
 */
@ -31,7 +31,7 @@ public interface AuthorizationCodeRepository {
 	/**
 	 * Save an AuthorizationCodeEntity to the repository
-	 * 
+	 *
 	 * @param authorizationCode the AuthorizationCodeEntity to save
 	 * @return					the saved AuthorizationCodeEntity
 	 */
@ -39,7 +39,7 @@ public interface AuthorizationCodeRepository {
 	/**
 	 * Get an authorization code from the repository by value.
-	 * 
+	 *
 	 * @param code						the authorization code value
 	 * @return							the authentication associated with the code
 	 */
@ -47,7 +47,7 @@ public interface AuthorizationCodeRepository {
 	/**
 	 * Remove an authorization code from the repository
-	 * 
+	 *
 	 * @param authorizationCodeEntity
 	 */
 	public void remove(AuthorizationCodeEntity authorizationCodeEntity);
@ -57,10 +57,10 @@ public interface AuthorizationCodeRepository {
 	 */
 	public Collection<AuthorizationCodeEntity> getExpiredCodes();
-    /**
+	/**
-     * @return A collection of all expired codes, limited by the given
+	 * @return A collection of all expired codes, limited by the given
-     * PageCriteria.
+	 * PageCriteria.
-     */
+	 */
-    public Collection<AuthorizationCodeEntity> getExpiredCodes(PageCriteria pageCriteria);
+	public Collection<AuthorizationCodeEntity> getExpiredCodes(PageCriteria pageCriteria);
 }
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2TokenRepository.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2TokenRepository.java
@ -58,38 +58,38 @@ public interface OAuth2TokenRepository {
 	public Set<OAuth2AccessTokenEntity> getAllExpiredAccessTokens();
-    public Set<OAuth2AccessTokenEntity> getAllExpiredAccessTokens(PageCriteria pageCriteria);
+	public Set<OAuth2AccessTokenEntity> getAllExpiredAccessTokens(PageCriteria pageCriteria);
 	public Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens();
-    public Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens(PageCriteria pageCriteria);
+	public Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens(PageCriteria pageCriteria);
 	public Set<OAuth2AccessTokenEntity> getAccessTokensForResourceSet(ResourceSet rs);
-    /**
+	/**
-     * removes duplicate access tokens.
+	 * removes duplicate access tokens.
-     *
+	 *
-     * @deprecated this method was added to return the remove duplicate access tokens values
+	 * @deprecated this method was added to return the remove duplicate access tokens values
-     * so that {code removeAccessToken(OAuth2AccessTokenEntity o)} would not to fail. the
+	 * so that {code removeAccessToken(OAuth2AccessTokenEntity o)} would not to fail. the
-     * removeAccessToken method has been updated so as it will not fail in the event that an
+	 * removeAccessToken method has been updated so as it will not fail in the event that an
-     * accessToken has been duplicated, so this method is unnecessary.
+	 * accessToken has been duplicated, so this method is unnecessary.
-     *
+	 *
-     */
+	 */
-    @Deprecated
+	@Deprecated
 	public void clearDuplicateAccessTokens();
-    /**
+	/**
-     * removes duplicate refresh tokens.
+	 * removes duplicate refresh tokens.
-     *
+	 *
-     * @deprecated this method was added to return the remove duplicate refresh token value
+	 * @deprecated this method was added to return the remove duplicate refresh token value
-     * so that {code removeRefreshToken(OAuth2RefreshTokenEntity o)} would not to fail. the
+	 * so that {code removeRefreshToken(OAuth2RefreshTokenEntity o)} would not to fail. the
-     * removeRefreshToken method has been updated so as it will not fail in the event that
+	 * removeRefreshToken method has been updated so as it will not fail in the event that
-     * refreshToken has been duplicated, so this method is unnecessary.
+	 * refreshToken has been duplicated, so this method is unnecessary.
-     *
+	 *
-     */
+	 */
-    @Deprecated
+	@Deprecated
 	public void clearDuplicateRefreshTokens();
-	
+
 	public List<OAuth2AccessTokenEntity> getAccessTokensForApprovedSite(ApprovedSite approvedSite);
 }
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/SystemScopeRepository.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/SystemScopeRepository.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.oauth2.repository;
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/impl/DeviceCodeRepository.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/impl/DeviceCodeRepository.java
@ -18,7 +18,6 @@
 package org.mitre.oauth2.repository.impl;
 import java.util.Collection;
 import java.util.Set;
 import org.mitre.oauth2.model.DeviceCode;
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/DeviceCodeService.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/DeviceCodeService.java
@ -24,7 +24,6 @@ import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.DeviceCode;
 import org.springframework.security.oauth2.provider.ClientDetails;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.OAuth2Request;
 /**
 * @author jricher
@ -40,7 +39,7 @@ public interface DeviceCodeService {
 	/**
 	 * @param dc
-	 * @param o2Auth 
+	 * @param o2Auth
 	 */
 	public DeviceCode approveDeviceCode(DeviceCode dc, OAuth2Authentication o2Auth);
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.oauth2.service;
@ -37,12 +37,12 @@ public interface SystemScopeService {
 	public static final String RESOURCE_TOKEN_SCOPE = "resource-token"; // this scope manages client-style protected resources
 	public static final String UMA_PROTECTION_SCOPE = "uma_protection";
 	public static final String UMA_AUTHORIZATION_SCOPE = "uma_authorization";
-	
+
-	public static final Set<SystemScope> reservedScopes = 
+	public static final Set<SystemScope> reservedScopes =
-		Sets.newHashSet(
+			Sets.newHashSet(
-			new SystemScope(REGISTRATION_TOKEN_SCOPE),
+					new SystemScope(REGISTRATION_TOKEN_SCOPE),
-			new SystemScope(RESOURCE_TOKEN_SCOPE)
+					new SystemScope(RESOURCE_TOKEN_SCOPE)
-		);
+					);
 	public Set<SystemScope> getAll();
@ -56,7 +56,7 @@ public interface SystemScopeService {
 	 * Get all the reserved system scopes. These can't be used
 	 * by clients directly, but are instead tied to special system
 	 * tokens like id tokens and registration access tokens.
-	 * 
+	 *
 	 * @return
 	 */
 	public Set<SystemScope> getReserved();
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultClientUserDetailsService.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultClientUserDetailsService.java
@ -39,7 +39,7 @@ import com.google.common.base.Strings;
 /**
 * Shim layer to convert a ClientDetails service into a UserDetails service
- * 
+ *
 * @author AANGANES
 *
 */
@ -53,7 +53,7 @@ public class DefaultClientUserDetailsService implements UserDetailsService {
 	@Autowired
 	private ConfigurationPropertiesBean config;
-	
+
 	@Override
 	public UserDetails loadUserByUsername(String clientId) throws  UsernameNotFoundException {
@ -66,7 +66,7 @@ public class DefaultClientUserDetailsService implements UserDetailsService {
 				if (config.isHeartMode() || // if we're running HEART mode turn off all client secrets
 						(client.getTokenEndpointAuthMethod() != null &&
-							(client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY) ||
+						(client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY) ||
 								client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT)))) {
 					// Issue a random password each time to prevent password auth from being used (or skipped)
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/UriEncodedClientUserDetailsService.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/UriEncodedClientUserDetailsService.java
@ -41,9 +41,9 @@ import com.google.common.base.Strings;
 /**
 * Loads client details based on URI encoding as passed in from basic auth.
- * 
+ *
 *  Should only get called if non-encoded provider fails.
- * 
+ *
 * @author AANGANES
 *
 */
@ -57,7 +57,7 @@ public class UriEncodedClientUserDetailsService implements UserDetailsService {
 	@Autowired
 	private ConfigurationPropertiesBean config;
-	
+
 	@Override
 	public UserDetails loadUserByUsername(String clientId) throws  UsernameNotFoundException {
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect;
@ -95,7 +95,7 @@ import static org.mitre.oauth2.model.RegisteredClientFields.USERINFO_SIGNED_RESP
 /**
 * Utility class to handle the parsing and serialization of ClientDetails objects.
- * 
+ *
 * @author jricher
 *
 */
@ -104,11 +104,11 @@ public class ClientDetailsEntityJsonProcessor {
 	private static Logger logger = LoggerFactory.getLogger(ClientDetailsEntityJsonProcessor.class);
 	private static JsonParser parser = new JsonParser();
-	
+
 	/**
-	 * 
+	 *
 	 * Create an unbound ClientDetailsEntity from the given JSON string.
-	 * 
+	 *
 	 * @param jsonString
 	 * @return the entity if successful, null otherwise
 	 */
@ -205,26 +205,26 @@ public class ClientDetailsEntityJsonProcessor {
 			c.setRequestUris(getAsStringSet(o, REQUEST_URIS));
 			c.setClaimsRedirectUris(getAsStringSet(o, CLAIMS_REDIRECT_URIS));
-			
+
 			c.setCodeChallengeMethod(getAsPkceAlgorithm(o, CODE_CHALLENGE_METHOD));
-			
+
 			c.setSoftwareId(getAsString(o, SOFTWARE_ID));
 			c.setSoftwareVersion(getAsString(o, SOFTWARE_VERSION));
-			
+
 			// note that this does not process or validate the software statement, that's handled in other components
 			String softwareStatement = getAsString(o,  SOFTWARE_STATEMENT);
 			if (!Strings.isNullOrEmpty(softwareStatement)) {
 				try {
-						JWT softwareStatementJwt = JWTParser.parse(softwareStatement);
+					JWT softwareStatementJwt = JWTParser.parse(softwareStatement);
-						c.setSoftwareStatement(softwareStatementJwt);
+					c.setSoftwareStatement(softwareStatementJwt);
 				} catch (ParseException e) {
 					logger.warn("Error parsing software statement", e);
 					return null;
 				}
 			}
-			
+
-			
+
-			
+
 			return c;
 		} else {
 			return null;
@ -345,18 +345,18 @@ public class ClientDetailsEntityJsonProcessor {
 			o.addProperty(INITIATE_LOGIN_URI, c.getInitiateLoginUri());
 			o.add(POST_LOGOUT_REDIRECT_URIS, getAsArray(c.getPostLogoutRedirectUris()));
 			o.add(REQUEST_URIS, getAsArray(c.getRequestUris()));
-			
+
 			o.add(CLAIMS_REDIRECT_URIS, getAsArray(c.getClaimsRedirectUris()));
-			
+
 			o.addProperty(CODE_CHALLENGE_METHOD, c.getCodeChallengeMethod() != null ? c.getCodeChallengeMethod().getName() : null);
-			
+
 			o.addProperty(SOFTWARE_ID, c.getSoftwareId());
 			o.addProperty(SOFTWARE_VERSION, c.getSoftwareVersion());
-			
+
 			if (c.getSoftwareStatement() != null) {
 				o.addProperty(SOFTWARE_STATEMENT, c.getSoftwareStatement().serialize());
 			}
-			
+
 			return o;
 		}
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationBeanLocaleResolver.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationBeanLocaleResolver.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.config;
@ -28,13 +28,12 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.i18n.LocaleContext;
 import org.springframework.context.i18n.TimeZoneAwareLocaleContext;
 import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.i18n.AbstractLocaleContextResolver;
 /**
- * 
+ *
 * Resolve the server's locale from the injected ConfigurationPropertiesBean.
- * 
+ *
 * @author jricher
 *
 */
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java
@ -35,7 +35,7 @@ import com.google.gson.Gson;
 * Bean to hold configuration information that must be injected into various parts
 * of our application. Set all of the properties here, and autowire a reference
 * to this bean if you need access to any configuration properties.
- * 
+ *
 * @author AANGANES
 *
 */
@ -49,7 +49,7 @@ public class ConfigurationPropertiesBean {
 	private String issuer;
 	private String topbarTitle;
-	
+
 	private String shortTopbarTitle;
 	private String logoImageUrl;
@ -61,14 +61,14 @@ public class ConfigurationPropertiesBean {
 	private boolean forceHttps = false; // by default we just log a warning for HTTPS deployment
 	private Locale locale = Locale.ENGLISH; // we default to the english translation
-	
+
 	private List<String> languageNamespaces = Lists.newArrayList("messages");
-    private boolean dualClient = false;
+	private boolean dualClient = false;
    private boolean heartMode = false;
-    public ConfigurationPropertiesBean() {
+	private boolean heartMode = false;
 	public ConfigurationPropertiesBean() {
 	}
@ -87,7 +87,7 @@ public class ConfigurationPropertiesBean {
 				logger.warn("\n\n**\n** WARNING: Configured issuer url is not using https scheme.\n**\n\n");
 			}
 		}
-		
+
 		if (languageNamespaces == null || languageNamespaces.isEmpty()) {
 			logger.error("No configured language namespaces! Text rendering will fail!");
 		}
@ -120,14 +120,14 @@ public class ConfigurationPropertiesBean {
 	public void setTopbarTitle(String topbarTitle) {
 		this.topbarTitle = topbarTitle;
 	}
-	
+
 	/**
-	 * @return If shortTopbarTitle is undefined, returns topbarTitle. 
+	 * @return If shortTopbarTitle is undefined, returns topbarTitle.
 	 */
 	public String getShortTopbarTitle() {
 		return shortTopbarTitle == null ? topbarTitle : shortTopbarTitle;
 	}
-	
+
 	public void setShortTopbarTitle(String shortTopbarTitle) {
 		this.shortTopbarTitle = shortTopbarTitle;
 	}
@ -211,37 +211,37 @@ public class ConfigurationPropertiesBean {
 	}
 	/**
-     * @return true if dual client is configured, otherwise false
+	 * @return true if dual client is configured, otherwise false
-     */
+	 */
-    public boolean isDualClient() {
+	public boolean isDualClient() {
-    	if (isHeartMode()) {
+		if (isHeartMode()) {
-    		return false; // HEART mode is incompatible with dual client mode
+			return false; // HEART mode is incompatible with dual client mode
-    	} else {
+		} else {
-    		return dualClient;
+			return dualClient;
-    	}
+		}
-    }
+	}
-    /**
+	/**
-     * @param dualClient the dual client configuration
+	 * @param dualClient the dual client configuration
-     */
+	 */
-    public void setDualClient(boolean dualClient) {
+	public void setDualClient(boolean dualClient) {
-        this.dualClient = dualClient;
+		this.dualClient = dualClient;
-    }
+	}
-    
+
-    /**
+	/**
-     * Get the list of namespaces as a JSON string, for injection into the JavaScript UI
+	 * Get the list of namespaces as a JSON string, for injection into the JavaScript UI
-     * @return
+	 * @return
-     */
+	 */
-    public String getLanguageNamespacesString() {
+	public String getLanguageNamespacesString() {
-    	return new Gson().toJson(getLanguageNamespaces());
+		return new Gson().toJson(getLanguageNamespaces());
-    }
+	}
-    
+
-    /**
+	/**
-     * Get the default namespace (first in the nonempty list)
+	 * Get the default namespace (first in the nonempty list)
-     */
+	 */
-    public String getDefaultLanguageNamespace() {
+	public String getDefaultLanguageNamespace() {
-    	return getLanguageNamespaces().get(0);
+		return getLanguageNamespaces().get(0);
-    }
+	}
 	/**
 	 * @return the heartMode
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/config/JWKSetEditor.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/config/JWKSetEditor.java
@ -25,7 +25,7 @@ import com.nimbusds.jose.jwk.JWKSet;
 /**
 * Allows JWK Set strings to be used in XML configurations.
- * 
+ *
 * @author jricher
 *
 */
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ServerConfiguration.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ServerConfiguration.java
@ -25,16 +25,16 @@ import com.nimbusds.jose.JWSAlgorithm;
 /**
- * 
+ *
 * Container class for a client's view of a server's configuration
- * 
+ *
 * @author nemonik, jricher
- * 
+ *
 */
 public class ServerConfiguration {
 	/*
-	 * 
+	 *
    issuer
        REQUIRED. URL using the https scheme with no query or fragment component that the OP asserts as its Issuer Identifier.
    authorization_endpoint
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/config/UIConfiguration.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/config/UIConfiguration.java
@ -20,9 +20,9 @@ package org.mitre.openid.connect.config;
 import java.util.Set;
 /**
- * 
+ *
 * Bean for UI (front-end) configuration to be read at start-up.
- * 
+ *
 * @author jricher
 *
 */
@ -30,7 +30,7 @@ public class UIConfiguration {
 	private Set<String> jsFiles;
 	private Set<String> templateFiles;
-	
+
 	/**
 	 * @return the jsFiles
 	 */
@ -55,5 +55,5 @@ public class UIConfiguration {
 	public void setTemplateFiles(Set<String> templateFiles) {
 		this.templateFiles = templateFiles;
 	}
-	
+
 }
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/Address.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/Address.java
@ -25,62 +25,62 @@ public interface Address extends Serializable {
 	 * @return
 	 */
 	public Long getId();
-	
+
 	/**
 	 * @return the formatted address
 	 */
 	public String getFormatted();
-	
+
 	/**
 	 * @param formatted the formatted address to set
 	 */
 	public void setFormatted(String formatted);
-	
+
 	/**
 	 * @return the streetAddress
 	 */
 	public String getStreetAddress();
-	
+
 	/**
 	 * @param streetAddress the streetAddress to set
 	 */
 	public void setStreetAddress(String streetAddress);
-	
+
 	/**
 	 * @return the locality
 	 */
 	public String getLocality();
-	
+
 	/**
 	 * @param locality the locality to set
 	 */
 	public void setLocality(String locality);
-	
+
 	/**
 	 * @return the region
 	 */
 	public String getRegion();
-	
+
 	/**
 	 * @param region the region to set
 	 */
 	public void setRegion(String region);
-	
+
 	/**
 	 * @return the postalCode
 	 */
 	public String getPostalCode();
-	
+
 	/**
 	 * @param postalCode the postalCode to set
 	 */
 	public void setPostalCode(String postalCode);
-	
+
 	/**
 	 * @return the country
 	 */
 	public String getCountry();
-	
+
 	/**
 	 * @param country the country to set
 	 */
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java
@ -20,7 +20,6 @@ import java.util.Date;
 import java.util.Set;
 import javax.persistence.Basic;
 import javax.persistence.CascadeType;
 import javax.persistence.CollectionTable;
 import javax.persistence.Column;
 import javax.persistence.ElementCollection;
@ -32,15 +31,10 @@ import javax.persistence.Id;
 import javax.persistence.JoinColumn;
 import javax.persistence.NamedQueries;
 import javax.persistence.NamedQuery;
 import javax.persistence.OneToMany;
 import javax.persistence.Table;
 import javax.persistence.Temporal;
 import javax.persistence.Transient;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import com.google.common.collect.Sets;
@Entity
@Table(name="approved_site")
@NamedQueries({
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/BlacklistedSite.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/BlacklistedSite.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.model;
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/CachedImage.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/CachedImage.java
@ -22,11 +22,11 @@ package org.mitre.openid.connect.model;
 *
 */
 public class CachedImage {
-	
+
 	private byte[] data;
 	private String contentType;
 	private long length;
-	
+
 	/**
 	 * @return the data
 	 */
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ClientStat.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ClientStat.java
@ -38,5 +38,5 @@ public class ClientStat {
 	public void setApprovedSiteCount(Integer count) {
 		this.approvedSiteCount = count;
 	}
-	
+
 }
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultAddress.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultAddress.java
@ -16,8 +16,6 @@
 *******************************************************************************/
 package org.mitre.openid.connect.model;
 import java.io.Serializable;
 import javax.persistence.Basic;
 import javax.persistence.Column;
 import javax.persistence.Entity;
@ -63,6 +61,7 @@ public class DefaultAddress implements Address {
 	/**
 	 * @return the formatted address string
 	 */
 	@Override
 	@Basic
 	@Column(name = "formatted")
 	public String getFormatted() {
@ -71,12 +70,14 @@ public class DefaultAddress implements Address {
 	/**
 	 * @param formatted the formatted address to set
 	 */
 	@Override
 	public void setFormatted(String formatted) {
 		this.formatted = formatted;
 	}
 	/**
 	 * @return the streetAddress
 	 */
 	@Override
 	@Basic
 	@Column(name="street_address")
 	public String getStreetAddress() {
@ -85,12 +86,14 @@ public class DefaultAddress implements Address {
 	/**
 	 * @param streetAddress the streetAddress to set
 	 */
 	@Override
 	public void setStreetAddress(String streetAddress) {
 		this.streetAddress = streetAddress;
 	}
 	/**
 	 * @return the locality
 	 */
 	@Override
 	@Basic
 	@Column(name = "locality")
 	public String getLocality() {
@ -99,12 +102,14 @@ public class DefaultAddress implements Address {
 	/**
 	 * @param locality the locality to set
 	 */
 	@Override
 	public void setLocality(String locality) {
 		this.locality = locality;
 	}
 	/**
 	 * @return the region
 	 */
 	@Override
 	@Basic
 	@Column(name = "region")
 	public String getRegion() {
@ -113,12 +118,14 @@ public class DefaultAddress implements Address {
 	/**
 	 * @param region the region to set
 	 */
 	@Override
 	public void setRegion(String region) {
 		this.region = region;
 	}
 	/**
 	 * @return the postalCode
 	 */
 	@Override
 	@Basic
 	@Column(name="postal_code")
 	public String getPostalCode() {
@ -127,12 +134,14 @@ public class DefaultAddress implements Address {
 	/**
 	 * @param postalCode the postalCode to set
 	 */
 	@Override
 	public void setPostalCode(String postalCode) {
 		this.postalCode = postalCode;
 	}
 	/**
 	 * @return the country
 	 */
 	@Override
 	@Basic
 	@Column(name = "country")
 	public String getCountry() {
@ -141,6 +150,7 @@ public class DefaultAddress implements Address {
 	/**
 	 * @param country the country to set
 	 */
 	@Override
 	public void setCountry(String country) {
 		this.country = country;
 	}
@ -148,6 +158,7 @@ public class DefaultAddress implements Address {
 	/**
 	 * @return the id
 	 */
 	@Override
 	@Id
 	@GeneratedValue(strategy=GenerationType.IDENTITY)
 	@Column(name = "id")
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultUserInfo.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultUserInfo.java
@ -379,7 +379,7 @@ public class DefaultUserInfo implements UserInfo {
 	 */
 	@Override
 	public void setAddress(Address address) {
-		if (address != null) { 
+		if (address != null) {
 			this.address = new DefaultAddress(address);
 		} else {
 			this.address = null;
@ -499,7 +499,7 @@ public class DefaultUserInfo implements UserInfo {
 		ui.setPhoneNumber(nullSafeGetString(obj, "phone_number"));
 		ui.setPhoneNumberVerified(obj.has("phone_number_verified") && obj.get("phone_number_verified").isJsonPrimitive() ? obj.get("phone_number_verified").getAsBoolean() : null);
-		
+
 		if (obj.has("address") && obj.get("address").isJsonObject()) {
 			JsonObject addr = obj.get("address").getAsJsonObject();
 			ui.setAddress(new DefaultAddress());
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/OIDCAuthenticationToken.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/OIDCAuthenticationToken.java
@ -30,9 +30,9 @@ import com.nimbusds.jwt.JWT;
 import com.nimbusds.jwt.JWTParser;
 /**
- * 
+ *
 * @author Michael Walsh, Justin Richer
- * 
+ *
 */
 public class OIDCAuthenticationToken extends AbstractAuthenticationToken {
@ -49,9 +49,9 @@ public class OIDCAuthenticationToken extends AbstractAuthenticationToken {
 	/**
 	 * Constructs OIDCAuthenticationToken with a full set of authorities, marking this as authenticated.
-	 * 
+	 *
 	 * Set to authenticated.
-	 * 
+	 *
 	 * Constructs a Principal out of the subject and issuer.
 	 * @param subject
 	 * @param authorities
@ -78,7 +78,7 @@ public class OIDCAuthenticationToken extends AbstractAuthenticationToken {
 	/*
 	 * (non-Javadoc)
-	 * 
+	 *
 	 * @see org.springframework.security.core.Authentication#getCredentials()
 	 */
 	@Override
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/PairwiseIdentifier.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/PairwiseIdentifier.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.model;
@ -30,9 +30,9 @@ import javax.persistence.NamedQuery;
 import javax.persistence.Table;
 /**
- * 
+ *
 * Holds the generated pairwise identifiers for a user. Can be tied to either a client ID or a sector identifier URL.
- * 
+ *
 * @author jricher
 *
 */
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/PendingOIDCAuthenticationToken.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/PendingOIDCAuthenticationToken.java
@ -33,7 +33,7 @@ import com.nimbusds.jwt.JWTParser;
 /**
 * AuthenticationToken for use as a data shuttle from the filter to the auth provider.
- * 
+ *
 * @author jricher
 *
 */
@ -52,9 +52,9 @@ public class PendingOIDCAuthenticationToken extends AbstractAuthenticationToken
 	/**
 	 * Constructs OIDCAuthenticationToken for use as a data shuttle from the filter to the auth provider.
-	 * 
+	 *
 	 * Set to not-authenticated.
-	 * 
+	 *
 	 * Constructs a Principal out of the subject and issuer.
 	 * @param sub
 	 * @param idToken
@ -80,7 +80,7 @@ public class PendingOIDCAuthenticationToken extends AbstractAuthenticationToken
 	/*
 	 * (non-Javadoc)
-	 * 
+	 *
 	 * @see org.springframework.security.core.Authentication#getCredentials()
 	 */
 	@Override
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/UserInfo.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/UserInfo.java
@ -184,12 +184,12 @@ public interface UserInfo extends Serializable {
 	public void setPhoneNumber(String phoneNumber);
 	/**
-	 * 
+	 *
 	 */
 	public Boolean getPhoneNumberVerified();
 	/**
-	 * 
+	 *
 	 * @param phoneNumberVerified
 	 */
 	public void setPhoneNumberVerified(Boolean phoneNumberVerified);
@ -216,20 +216,20 @@ public interface UserInfo extends Serializable {
 	/**
-	 * 
+	 *
 	 * @return
 	 */
 	public String getBirthdate();
 	/**
-	 * 
+	 *
 	 * @param birthdate
 	 */
 	public void setBirthdate(String birthdate);
 	/**
 	 * Serialize this UserInfo object to JSON.
-	 * 
+	 *
 	 * @return
 	 */
 	public JsonObject toJson();
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/AddressRepository.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/AddressRepository.java
@ -28,7 +28,7 @@ public interface AddressRepository {
 	/**
 	 * Returns the Address for the given id
-	 * 
+	 *
 	 * @param id
 	 *            id the id of the Address
 	 * @return a valid Address if it exists, null otherwise
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/ApprovedSiteRepository.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/ApprovedSiteRepository.java
@ -30,7 +30,7 @@ public interface ApprovedSiteRepository {
 	/**
 	 * Returns the ApprovedSite for the given id
-	 * 
+	 *
 	 * @param id
 	 *            id the id of the ApprovedSite
 	 * @return a valid ApprovedSite if it exists, null otherwise
@ -39,7 +39,7 @@ public interface ApprovedSiteRepository {
 	/**
 	 * Return a collection of all ApprovedSites managed by this repository
-	 * 
+	 *
 	 * @return the ApprovedSite collection, or null
 	 */
 	public Collection<ApprovedSite> getAll();
@ -47,7 +47,7 @@ public interface ApprovedSiteRepository {
 	/**
 	 * Return a collection of ApprovedSite managed by this repository matching the
 	 * provided client ID and user ID
-	 * 
+	 *
 	 * @param clientId
 	 * @param userId
 	 * @return
@ -56,7 +56,7 @@ public interface ApprovedSiteRepository {
 	/**
 	 * Removes the given ApprovedSite from the repository
-	 * 
+	 *
 	 * @param aggregator
 	 *            the ApprovedSite object to remove
 	 */
@ -64,7 +64,7 @@ public interface ApprovedSiteRepository {
 	/**
 	 * Persists an ApprovedSite
-	 * 
+	 *
 	 * @param aggregator
 	 *            valid ApprovedSite instance
 	 * @return the persisted entity
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/BlacklistedSiteRepository.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/BlacklistedSiteRepository.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.repository;
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/PairwiseIdentifierRepository.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/PairwiseIdentifierRepository.java
@ -15,7 +15,7 @@
 * limitations under the License.
 *******************************************************************************/
 /**
- * 
+ *
 */
 package org.mitre.openid.connect.repository;
@ -29,7 +29,7 @@ public interface PairwiseIdentifierRepository {
 	/**
 	 * Get a pairwise identifier by its associated user subject and sector identifier.
-	 * 
+	 *
 	 * @param sub
 	 * @param sectorIdentifierUri
 	 * @return
@ -38,7 +38,7 @@ public interface PairwiseIdentifierRepository {
 	/**
 	 * Save a pairwise identifier to the database.
-	 * 
+	 *
 	 * @param pairwise
 	 */
 	public void save(PairwiseIdentifier pairwise);
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/UserInfoRepository.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/UserInfoRepository.java
@ -20,7 +20,7 @@ import org.mitre.openid.connect.model.UserInfo;
 /**
 * UserInfo repository interface
- * 
+ *
 * @author Michael Joseph Walsh
 *
 */
@ -34,9 +34,9 @@ public interface UserInfoRepository {
 	public UserInfo getByUsername(String username);
 	/**
-	 * 
+	 *
 	 * Get the UserInfo object by its email field
-	 * 
+	 *
 	 * @param email
 	 * @return
 	 */
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/WhitelistedSiteRepository.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/WhitelistedSiteRepository.java
@ -22,22 +22,22 @@ import org.mitre.openid.connect.model.WhitelistedSite;
 /**
 * WhitelistedSite repository interface
- * 
+ *
 * @author Michael Joseph Walsh, aanganes
- * 
+ *
 */
 public interface WhitelistedSiteRepository {
 	/**
 	 * Return a collection of all WhitelistedSite managed by this repository
-	 * 
+	 *
 	 * @return the WhitelistedSite collection, or null
 	 */
 	public Collection<WhitelistedSite> getAll();
 	/**
 	 * Returns the WhitelistedSite for the given id
-	 * 
+	 *
 	 * @param id
 	 *            id the id of the WhitelistedSite
 	 * @return a valid WhitelistedSite if it exists, null otherwise
@ -46,7 +46,7 @@ public interface WhitelistedSiteRepository {
 	/**
 	 * Find a WhitelistedSite by its associated ClientDetails reference
-	 * 
+	 *
 	 * @param client	the Relying Party
 	 * @return			the corresponding WhitelistedSite if one exists for the RP, or null
 	 */
@ -54,7 +54,7 @@ public interface WhitelistedSiteRepository {
 	/**
 	 * Return a collection of the WhitelistedSites created by a given user
-	 * 
+	 *
 	 * @param creator	the id of the admin who may have created some WhitelistedSites
 	 * @return			the collection of corresponding WhitelistedSites, if any, or null
 	 */
@ -62,7 +62,7 @@ public interface WhitelistedSiteRepository {
 	/**
 	 * Removes the given IdToken from the repository
-	 * 
+	 *
 	 * @param whitelistedSite
 	 *            the WhitelistedSite object to remove
 	 */
@ -70,7 +70,7 @@ public interface WhitelistedSiteRepository {
 	/**
 	 * Persists a WhitelistedSite
-	 * 
+	 *
 	 * @param whitelistedSite
 	 * @return
 	 */
--- a/Show More
+++ b/Show More