diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticClientConfigurationService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticClientConfigurationService.java
index df31018047..486c702175 100644
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticClientConfigurationService.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticClientConfigurationService.java
@@ -22,11 +22,10 @@
 
 import java.util.Map;
 
-import javax.annotation.PostConstruct;
-
 import org.mitre.oauth2.model.RegisteredClient;
 import org.mitre.openid.connect.client.service.ClientConfigurationService;
 import org.mitre.openid.connect.config.ServerConfiguration;
+import org.springframework.beans.factory.InitializingBean;
 
 /**
  * Client configuration service that holds a static map from issuer URL to a ClientDetails object to use at that issuer.
@@ -36,7 +35,7 @@
  * @author jricher
  *
  */
-public class StaticClientConfigurationService implements ClientConfigurationService {
+public class StaticClientConfigurationService implements ClientConfigurationService, InitializingBean {
 
 	// Map of issuer URL -> client configuration information
 	private Map<String, RegisteredClient> clients;
@@ -66,7 +65,7 @@ public RegisteredClient getClientConfiguration(ServerConfiguration issuer) {
 		return clients.get(issuer.getIssuer());
 	}
 
-	@PostConstruct
+	@Override
 	public void afterPropertiesSet() {
 		if (clients == null || clients.isEmpty()) {
 			throw new IllegalArgumentException("Clients map cannot be null or empty");
diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticServerConfigurationService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticServerConfigurationService.java
index ebca40c1e4..02423b2884 100644
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticServerConfigurationService.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticServerConfigurationService.java
@@ -22,10 +22,10 @@
 
 import java.util.Map;
 
-import javax.annotation.PostConstruct;
 
 import org.mitre.openid.connect.client.service.ServerConfigurationService;
 import org.mitre.openid.connect.config.ServerConfiguration;
+import org.springframework.beans.factory.InitializingBean;
 
 /**
  * Statically configured server configuration service that maps issuer URLs to server configurations to use at that issuer.
@@ -33,7 +33,7 @@
  * @author jricher
  *
  */
-public class StaticServerConfigurationService implements ServerConfigurationService {
+public class StaticServerConfigurationService implements ServerConfigurationService, InitializingBean {
 
 	// map of issuer url -> server configuration information
 	private Map<String, ServerConfiguration> servers;
@@ -60,7 +60,7 @@ public ServerConfiguration getServerConfiguration(String issuer) {
 		return servers.get(issuer);
 	}
 
-	@PostConstruct
+	@Override
 	public void afterPropertiesSet() {
 		if (servers == null || servers.isEmpty()) {
 			throw new IllegalArgumentException("Servers map cannot be null or empty.");
diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticSingleIssuerService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticSingleIssuerService.java
index c72b655236..f3637d68fc 100644
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticSingleIssuerService.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticSingleIssuerService.java
@@ -20,19 +20,19 @@
  */
 package org.mitre.openid.connect.client.service.impl;
 
-import javax.annotation.PostConstruct;
 import javax.servlet.http.HttpServletRequest;
 
 import org.mitre.openid.connect.client.model.IssuerServiceResponse;
 import org.mitre.openid.connect.client.service.IssuerService;
 
 import com.google.common.base.Strings;
+import org.springframework.beans.factory.InitializingBean;
 
 /**
  * @author jricher
  *
  */
-public class StaticSingleIssuerService implements IssuerService {
+public class StaticSingleIssuerService implements IssuerService, InitializingBean {
 
 	private String issuer;
 
@@ -60,7 +60,7 @@ public IssuerServiceResponse getIssuer(HttpServletRequest request) {
 		return new IssuerServiceResponse(getIssuer(), null, null);
 	}
 
-	@PostConstruct
+	@Override
 	public void afterPropertiesSet() {
 
 		if (Strings.isNullOrEmpty(issuer)) {
diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/ThirdPartyIssuerService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/ThirdPartyIssuerService.java
index b26b91c897..59feeceb0f 100644
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/ThirdPartyIssuerService.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/ThirdPartyIssuerService.java
@@ -24,12 +24,12 @@
 import java.util.HashSet;
 import java.util.Set;
 
-import javax.annotation.PostConstruct;
 import javax.servlet.http.HttpServletRequest;
 
 import org.apache.http.client.utils.URIBuilder;
 import org.mitre.openid.connect.client.model.IssuerServiceResponse;
 import org.mitre.openid.connect.client.service.IssuerService;
+import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.authentication.AuthenticationServiceException;
 
 import com.google.common.base.Strings;
@@ -41,7 +41,7 @@
  * @author jricher
  *
  */
-public class ThirdPartyIssuerService implements IssuerService {
+public class ThirdPartyIssuerService implements IssuerService, InitializingBean {
 
 	private String accountChooserUrl;
 
@@ -128,7 +128,7 @@ public void setBlacklist(Set<String> blacklist) {
 		this.blacklist = blacklist;
 	}
 
-	@PostConstruct
+	@Override
 	public void afterPropertiesSet() {
 		if (Strings.isNullOrEmpty(this.accountChooserUrl)) {
 			throw new IllegalArgumentException("Account Chooser URL cannot be null or empty");
diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/impl/DefaultJWTEncryptionAndDecryptionService.java b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/impl/DefaultJWTEncryptionAndDecryptionService.java
index dbe8a530bb..b1f7aa6e06 100644
--- a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/impl/DefaultJWTEncryptionAndDecryptionService.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/impl/DefaultJWTEncryptionAndDecryptionService.java
@@ -25,8 +25,6 @@
 import java.util.Map;
 import java.util.Set;
 
-import javax.annotation.PostConstruct;
-
 import org.mitre.jose.keystore.JWKSetKeyStore;
 import org.mitre.jwt.encryption.service.JWTEncryptionAndDecryptionService;
 import org.slf4j.Logger;
@@ -50,12 +48,13 @@
 import com.nimbusds.jose.jwk.JWK;
 import com.nimbusds.jose.jwk.OctetSequenceKey;
 import com.nimbusds.jose.jwk.RSAKey;
+import org.springframework.beans.factory.InitializingBean;
 
 /**
  * @author wkim
  *
  */
-public class DefaultJWTEncryptionAndDecryptionService implements JWTEncryptionAndDecryptionService {
+public class DefaultJWTEncryptionAndDecryptionService implements JWTEncryptionAndDecryptionService, InitializingBean {
 
 	/**
 	 * Logger for this class
@@ -116,7 +115,7 @@ public DefaultJWTEncryptionAndDecryptionService(JWKSetKeyStore keyStore) throws
 	}
 
 
-	@PostConstruct
+	@Override
 	public void afterPropertiesSet() {
 
 		if (keys == null) {
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/UriEncodedClientUserDetailsService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/UriEncodedClientUserDetailsService.java
index 335efbf184..eed1f4544f 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/UriEncodedClientUserDetailsService.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/UriEncodedClientUserDetailsService.java
@@ -91,7 +91,7 @@ public UserDetails loadUserByUsername(String clientId) throws  UsernameNotFoundE
 			} else {
 				throw new UsernameNotFoundException("Client not found: " + clientId);
 			}
-		} catch (UnsupportedEncodingException | InvalidClientException e) {
+		} catch (IllegalArgumentException | InvalidClientException e) {
 			throw new UsernameNotFoundException("Client not found: " + clientId);
 		}
 
diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java
index 9d286518f1..f3bf236b86 100644
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java
@@ -20,11 +20,10 @@
 import java.util.List;
 import java.util.Locale;
 
-import javax.annotation.PostConstruct;
-
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.BeanCreationException;
+import org.springframework.beans.factory.InitializingBean;
 import org.springframework.util.StringUtils;
 
 import com.google.common.collect.Lists;
@@ -40,7 +39,7 @@
  * @author AANGANES
  *
  */
-public class ConfigurationPropertiesBean {
+public class ConfigurationPropertiesBean implements InitializingBean {
 
 	/**
 	 * Logger for this class
@@ -72,14 +71,16 @@ public class ConfigurationPropertiesBean {
 	private boolean allowCompleteDeviceCodeUri = false;
 
 	public ConfigurationPropertiesBean() {
-
 	}
 
+	@Override
+	public void afterPropertiesSet() throws Exception {
+		checkConfigConsistency();
+	}
 	/**
 	 * Endpoints protected by TLS must have https scheme in the URI.
-	 * @throws HttpsUrlRequiredException
+	 * @throws BeanCreationException
 	 */
-	@PostConstruct
 	public void checkConfigConsistency() {
 		if (!StringUtils.startsWithIgnoreCase(issuer, "https")) {
 			if (this.forceHttps) {
@@ -273,4 +274,6 @@ public boolean isAllowCompleteDeviceCodeUri() {
 	public void setAllowCompleteDeviceCodeUri(boolean allowCompleteDeviceCodeUri) {
 		this.allowCompleteDeviceCodeUri = allowCompleteDeviceCodeUri;
 	}
+
+
 }
diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml b/openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml
index 480b5780ca..1c703e4e08 100644
--- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml
+++ b/openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml
@@ -17,214 +17,233 @@
     limitations under the License.
  -->
 <beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:mvc="http://www.springframework.org/schema/mvc"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:tx="http://www.springframework.org/schema/tx"
-	xmlns:context="http://www.springframework.org/schema/context"
-	xmlns:security="http://www.springframework.org/schema/security"
-	xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
-	xmlns:util="http://www.springframework.org/schema/util"
-	xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd
+	   xmlns:mvc="http://www.springframework.org/schema/mvc"
+	   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	   xmlns:tx="http://www.springframework.org/schema/tx"
+	   xmlns:context="http://www.springframework.org/schema/context"
+	   xmlns:security="http://www.springframework.org/schema/security"
+	   xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
+	   xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd
 		http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
 		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
 		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
-		http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.3.xsd
+
 		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.3.xsd
 		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
 
 	<!-- Scan for components -->
-	<context:component-scan annotation-config="true" base-package="org.mitre" />
+	<context:component-scan annotation-config="true" base-package="org.mitre"/>
 
 	<!-- Enables the Spring MVC @Controller programming model -->
-	<tx:annotation-driven transaction-manager="transactionManager" />
+	<tx:annotation-driven transaction-manager="transactionManager"/>
 	<mvc:annotation-driven ignore-default-model-on-redirect="true">
 		<mvc:message-converters>
-			<bean class="org.springframework.http.converter.StringHttpMessageConverter" />
-			<bean class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter" />
+			<bean class="org.springframework.http.converter.StringHttpMessageConverter"/>
+			<bean class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter"/>
 		</mvc:message-converters>
 	</mvc:annotation-driven>
 
 	<mvc:interceptors>
 		<mvc:interceptor>
 			<!-- Exclude APIs and other machine-facing endpoints from these interceptors -->
-			<mvc:mapping path="/**" />
-			<mvc:exclude-mapping path="/#{T(org.mitre.openid.connect.web.JWKSetPublishingEndpoint).URL}**" />
-			<mvc:exclude-mapping path="/#{T(org.mitre.discovery.web.DiscoveryEndpoint).WELL_KNOWN_URL}/**" />
-			<mvc:exclude-mapping path="/resources/**" />
+			<mvc:mapping path="/**"/>
+			<mvc:exclude-mapping path="/#{T(org.mitre.openid.connect.web.JWKSetPublishingEndpoint).URL}**"/>
+			<mvc:exclude-mapping path="/#{T(org.mitre.discovery.web.DiscoveryEndpoint).WELL_KNOWN_URL}/**"/>
+			<mvc:exclude-mapping path="/resources/**"/>
 			<mvc:exclude-mapping path="/token**"/>
-			<mvc:exclude-mapping path="/#{T(org.mitre.openid.connect.web.DynamicClientRegistrationEndpoint).URL}/**" />
-			<mvc:exclude-mapping path="/#{T(org.mitre.openid.connect.web.ProtectedResourceRegistrationEndpoint).URL}/**" />
-			<mvc:exclude-mapping path="/#{T(org.mitre.openid.connect.web.UserInfoEndpoint).URL}**" />
-			<mvc:exclude-mapping path="/#{T(org.mitre.openid.connect.web.RootController).API_URL}/**" />
-			<mvc:exclude-mapping path="/#{T(org.mitre.oauth2.web.DeviceEndpoint).URL}/**" />
-			<mvc:exclude-mapping path="/#{T(org.mitre.oauth2.web.IntrospectionEndpoint).URL}**" />
-			<mvc:exclude-mapping path="/#{T(org.mitre.oauth2.web.RevocationEndpoint).URL}**" />
-					 
+			<mvc:exclude-mapping path="/#{T(org.mitre.openid.connect.web.DynamicClientRegistrationEndpoint).URL}/**"/>
+			<mvc:exclude-mapping
+				path="/#{T(org.mitre.openid.connect.web.ProtectedResourceRegistrationEndpoint).URL}/**"/>
+			<mvc:exclude-mapping path="/#{T(org.mitre.openid.connect.web.UserInfoEndpoint).URL}**"/>
+			<mvc:exclude-mapping path="/#{T(org.mitre.openid.connect.web.RootController).API_URL}/**"/>
+			<mvc:exclude-mapping path="/#{T(org.mitre.oauth2.web.DeviceEndpoint).URL}/**"/>
+			<mvc:exclude-mapping path="/#{T(org.mitre.oauth2.web.IntrospectionEndpoint).URL}**"/>
+			<mvc:exclude-mapping path="/#{T(org.mitre.oauth2.web.RevocationEndpoint).URL}**"/>
+
 			<!-- Inject the UserInfo into the response -->
-			<bean id="userInfoInterceptor" class="org.mitre.openid.connect.web.UserInfoInterceptor" />
+			<bean id="userInfoInterceptor" class="org.mitre.openid.connect.web.UserInfoInterceptor"/>
 		</mvc:interceptor>
 		<mvc:interceptor>
 			<!-- Exclude APIs and other machine-facing endpoints from these interceptors -->
-			<mvc:mapping path="/**" />
-			<mvc:exclude-mapping path="/#{T(org.mitre.openid.connect.web.JWKSetPublishingEndpoint).URL}**" />
-			<mvc:exclude-mapping path="/#{T(org.mitre.discovery.web.DiscoveryEndpoint).WELL_KNOWN_URL}/**" />
-			<mvc:exclude-mapping path="/resources/**" />
+			<mvc:mapping path="/**"/>
+			<mvc:exclude-mapping path="/#{T(org.mitre.openid.connect.web.JWKSetPublishingEndpoint).URL}**"/>
+			<mvc:exclude-mapping path="/#{T(org.mitre.discovery.web.DiscoveryEndpoint).WELL_KNOWN_URL}/**"/>
+			<mvc:exclude-mapping path="/resources/**"/>
 			<mvc:exclude-mapping path="/token**"/>
-			<mvc:exclude-mapping path="/#{T(org.mitre.openid.connect.web.DynamicClientRegistrationEndpoint).URL}/**" />
-			<mvc:exclude-mapping path="/#{T(org.mitre.openid.connect.web.ProtectedResourceRegistrationEndpoint).URL}/**" />
-			<mvc:exclude-mapping path="/#{T(org.mitre.openid.connect.web.UserInfoEndpoint).URL}**" />
-			<mvc:exclude-mapping path="/#{T(org.mitre.openid.connect.web.RootController).API_URL}/**" />
-			<mvc:exclude-mapping path="/#{T(org.mitre.oauth2.web.DeviceEndpoint).URL}/**" />
-			<mvc:exclude-mapping path="/#{T(org.mitre.oauth2.web.IntrospectionEndpoint).URL}**" />
-			<mvc:exclude-mapping path="/#{T(org.mitre.oauth2.web.RevocationEndpoint).URL}**" />
+			<mvc:exclude-mapping path="/#{T(org.mitre.openid.connect.web.DynamicClientRegistrationEndpoint).URL}/**"/>
+			<mvc:exclude-mapping
+				path="/#{T(org.mitre.openid.connect.web.ProtectedResourceRegistrationEndpoint).URL}/**"/>
+			<mvc:exclude-mapping path="/#{T(org.mitre.openid.connect.web.UserInfoEndpoint).URL}**"/>
+			<mvc:exclude-mapping path="/#{T(org.mitre.openid.connect.web.RootController).API_URL}/**"/>
+			<mvc:exclude-mapping path="/#{T(org.mitre.oauth2.web.DeviceEndpoint).URL}/**"/>
+			<mvc:exclude-mapping path="/#{T(org.mitre.oauth2.web.IntrospectionEndpoint).URL}**"/>
+			<mvc:exclude-mapping path="/#{T(org.mitre.oauth2.web.RevocationEndpoint).URL}**"/>
 			<!-- Inject the server configuration into the response -->
-			<bean id="serverConfigInterceptor" class="org.mitre.openid.connect.web.ServerConfigInterceptor" />
+			<bean id="serverConfigInterceptor" class="org.mitre.openid.connect.web.ServerConfigInterceptor"/>
 		</mvc:interceptor>
 	</mvc:interceptors>
 
-	<mvc:default-servlet-handler />
+	<mvc:default-servlet-handler/>
 
 	<!-- Bean to hold configuration properties -->
-	<import resource="server-config.xml" />
+	<import resource="server-config.xml"/>
 
 	<!-- Import the data context -->
-	<import resource="data-context.xml" />
+	<import resource="data-context.xml"/>
 
 	<!-- SPEL processors -->
-	<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="authenticationManager">
+	<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true"
+									 authentication-manager-ref="authenticationManager">
 		<!--you could also wire in the expression handler up at the layer of the http filters. See https://jira.springsource.org/browse/SEC-1452 -->
-		<security:expression-handler ref="oauthExpressionHandler" />
+		<security:expression-handler ref="oauthExpressionHandler"/>
 	</security:global-method-security>
 
-	<oauth:expression-handler id="oauthExpressionHandler" />
+	<oauth:expression-handler id="oauthExpressionHandler"/>
 
-	<oauth:web-expression-handler id="oauthWebExpressionHandler" />
+	<oauth:web-expression-handler id="oauthWebExpressionHandler"/>
 
 	<!-- Spring Security configuration -->
 
-	<oauth:resource-server id="resourceServerFilter" token-services-ref="defaultOAuth2ProviderTokenService" stateless="false" />
-
-	<security:http pattern="/token" 
-		create-session="stateless"
-		authentication-manager-ref="clientAuthenticationManager"
-		entry-point-ref="oauthAuthenticationEntryPoint"
-		use-expressions="true">
-		
-		<security:intercept-url pattern="/token" access="permitAll" method="OPTIONS" /> <!-- allow OPTIONS calls without auth for CORS stuff -->
-		<security:intercept-url pattern="/token" access="isAuthenticated()" />
-		<security:http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
+	<oauth:resource-server id="resourceServerFilter" token-services-ref="defaultOAuth2ProviderTokenService"
+						   stateless="false"/>
+
+	<security:http pattern="/token"
+				   create-session="stateless"
+				   authentication-manager-ref="clientAuthenticationManager"
+				   entry-point-ref="oauthAuthenticationEntryPoint"
+				   use-expressions="true">
+
+		<security:intercept-url pattern="/token" access="permitAll"
+								method="OPTIONS"/> <!-- allow OPTIONS calls without auth for CORS stuff -->
+		<security:intercept-url pattern="/token" access="isAuthenticated()"/>
+		<security:http-basic entry-point-ref="oauthAuthenticationEntryPoint"/>
 		<!-- include this only if you need to authenticate clients via request parameters -->
-		<security:custom-filter ref="clientAssertionEndpointFilter" after="PRE_AUTH_FILTER" /> <!-- this one has to go first -->
-		<security:custom-filter ref="clientCredentialsEndpointFilter" after="BASIC_AUTH_FILTER" />
-		<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
-		<security:access-denied-handler ref="oauthAccessDeniedHandler" />
+		<security:custom-filter ref="clientAssertionEndpointFilter"
+								after="PRE_AUTH_FILTER"/> <!-- this one has to go first -->
+		<security:custom-filter ref="clientCredentialsEndpointFilter" after="BASIC_AUTH_FILTER"/>
+		<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER"/>
+		<security:access-denied-handler ref="oauthAccessDeniedHandler"/>
 		<security:csrf disabled="true"/>
 	</security:http>
 
 	<!-- Allow open access to discovery endpoints -->
-	<security:http pattern="/#{T(org.mitre.openid.connect.web.JWKSetPublishingEndpoint).URL}**" use-expressions="true" entry-point-ref="http403EntryPoint" create-session="stateless">
-		<security:intercept-url pattern="/#{T(org.mitre.openid.connect.web.JWKSetPublishingEndpoint).URL}**" access="permitAll"/>
-		<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
+	<security:http pattern="/#{T(org.mitre.openid.connect.web.JWKSetPublishingEndpoint).URL}**" use-expressions="true"
+				   entry-point-ref="http403EntryPoint" create-session="stateless">
+		<security:intercept-url pattern="/#{T(org.mitre.openid.connect.web.JWKSetPublishingEndpoint).URL}**"
+								access="permitAll"/>
+		<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER"/>
 		<security:csrf disabled="true"/>
 	</security:http>
-	<security:http pattern="/#{T(org.mitre.discovery.web.DiscoveryEndpoint).WELL_KNOWN_URL}/**" use-expressions="true" entry-point-ref="http403EntryPoint" create-session="stateless">
-		<security:intercept-url pattern="/#{T(org.mitre.discovery.web.DiscoveryEndpoint).WELL_KNOWN_URL}/**" access="permitAll"/>
-		<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
+	<security:http pattern="/#{T(org.mitre.discovery.web.DiscoveryEndpoint).WELL_KNOWN_URL}/**" use-expressions="true"
+				   entry-point-ref="http403EntryPoint" create-session="stateless">
+		<security:intercept-url pattern="/#{T(org.mitre.discovery.web.DiscoveryEndpoint).WELL_KNOWN_URL}/**"
+								access="permitAll"/>
+		<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER"/>
 		<security:csrf disabled="true"/>
 	</security:http>
 
-	<!-- Allow open access to all static resources -->	
-	<security:http pattern="/resources/**" use-expressions="true" entry-point-ref="http403EntryPoint" create-session="stateless">
+	<!-- Allow open access to all static resources -->
+	<security:http pattern="/resources/**" use-expressions="true" entry-point-ref="http403EntryPoint"
+				   create-session="stateless">
 		<security:intercept-url pattern="/resources/**" access="permitAll"/>
-		<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
+		<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER"/>
 		<security:csrf disabled="true"/>
 	</security:http>
-	
+
 	<!-- OAuth-protect API and other endpoints -->
-	<security:http pattern="/#{T(org.mitre.openid.connect.web.DynamicClientRegistrationEndpoint).URL}/**" use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint" create-session="stateless">
-		<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
-		<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
-		<security:expression-handler ref="oauthWebExpressionHandler" />
+	<security:http pattern="/#{T(org.mitre.openid.connect.web.DynamicClientRegistrationEndpoint).URL}/**"
+				   use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint" create-session="stateless">
+		<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER"/>
+		<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER"/>
+		<security:expression-handler ref="oauthWebExpressionHandler"/>
 		<security:intercept-url pattern="/register/**" access="permitAll"/>
 		<security:csrf disabled="true"/>
 	</security:http>
 
-	<security:http pattern="/#{T(org.mitre.openid.connect.web.ProtectedResourceRegistrationEndpoint).URL}/**" use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint" create-session="stateless">
-		<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
-		<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
-		<security:expression-handler ref="oauthWebExpressionHandler" />
+	<security:http pattern="/#{T(org.mitre.openid.connect.web.ProtectedResourceRegistrationEndpoint).URL}/**"
+				   use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint" create-session="stateless">
+		<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER"/>
+		<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER"/>
+		<security:expression-handler ref="oauthWebExpressionHandler"/>
 		<security:intercept-url pattern="/resource/**" access="permitAll"/>
 		<security:csrf disabled="true"/>
 	</security:http>
 
-	<security:http pattern="/#{T(org.mitre.openid.connect.web.UserInfoEndpoint).URL}**" use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint" create-session="stateless">
-		<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
-		<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
-		<security:expression-handler ref="oauthWebExpressionHandler" />
+	<security:http pattern="/#{T(org.mitre.openid.connect.web.UserInfoEndpoint).URL}**" use-expressions="true"
+				   entry-point-ref="oauthAuthenticationEntryPoint" create-session="stateless">
+		<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER"/>
+		<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER"/>
+		<security:expression-handler ref="oauthWebExpressionHandler"/>
 		<security:csrf disabled="true"/>
 	</security:http>
 
- 	<security:http pattern="/#{T(org.mitre.openid.connect.web.RootController).API_URL}/**" use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint" create-session="never">
-		<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
-		<security:expression-handler ref="oauthWebExpressionHandler" />
+	<security:http pattern="/#{T(org.mitre.openid.connect.web.RootController).API_URL}/**" use-expressions="true"
+				   entry-point-ref="oauthAuthenticationEntryPoint" create-session="never">
+		<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER"/>
+		<security:expression-handler ref="oauthWebExpressionHandler"/>
 		<security:csrf disabled="true"/>
 	</security:http>
-	
- 	<security:http pattern="/#{T(org.mitre.oauth2.web.DeviceEndpoint).URL}/**" 
- 		use-expressions="true" 
- 		entry-point-ref="oauthAuthenticationEntryPoint" 
- 		create-session="stateless"
- 		authentication-manager-ref="clientAuthenticationManager">
-		<security:http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
+
+	<security:http pattern="/#{T(org.mitre.oauth2.web.DeviceEndpoint).URL}/**"
+				   use-expressions="true"
+				   entry-point-ref="oauthAuthenticationEntryPoint"
+				   create-session="stateless"
+				   authentication-manager-ref="clientAuthenticationManager">
+		<security:http-basic entry-point-ref="oauthAuthenticationEntryPoint"/>
 		<!-- include this only if you need to authenticate clients via request parameters -->
-		<security:custom-filter ref="clientAssertionEndpointFilter" after="PRE_AUTH_FILTER" /> <!-- this one has to go first -->
-		<security:custom-filter ref="clientCredentialsEndpointFilter" after="BASIC_AUTH_FILTER" />
-		<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
-		<security:access-denied-handler ref="oauthAccessDeniedHandler" />
+		<security:custom-filter ref="clientAssertionEndpointFilter"
+								after="PRE_AUTH_FILTER"/> <!-- this one has to go first -->
+		<security:custom-filter ref="clientCredentialsEndpointFilter" after="BASIC_AUTH_FILTER"/>
+		<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER"/>
+		<security:access-denied-handler ref="oauthAccessDeniedHandler"/>
 		<security:csrf disabled="true"/>
 	</security:http>
-	
-	<security:http pattern="/#{T(org.mitre.oauth2.web.IntrospectionEndpoint).URL}**" 
-			use-expressions="true" 
-			entry-point-ref="oauthAuthenticationEntryPoint" 
-			create-session="stateless"
-			authentication-manager-ref="clientAuthenticationManager">
-		<security:http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
-		<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
-		<security:custom-filter ref="clientAssertionEndpointFilter" after="PRE_AUTH_FILTER" /> <!-- this one has to go first -->
-		<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
-		<security:custom-filter ref="clientCredentialsEndpointFilter" after="BASIC_AUTH_FILTER" />
+
+	<security:http pattern="/#{T(org.mitre.oauth2.web.IntrospectionEndpoint).URL}**"
+				   use-expressions="true"
+				   entry-point-ref="oauthAuthenticationEntryPoint"
+				   create-session="stateless"
+				   authentication-manager-ref="clientAuthenticationManager">
+		<security:http-basic entry-point-ref="oauthAuthenticationEntryPoint"/>
+		<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER"/>
+		<security:custom-filter ref="clientAssertionEndpointFilter"
+								after="PRE_AUTH_FILTER"/> <!-- this one has to go first -->
+		<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER"/>
+		<security:custom-filter ref="clientCredentialsEndpointFilter" after="BASIC_AUTH_FILTER"/>
 		<security:csrf disabled="true"/>
 	</security:http>
 
 	<security:http pattern="/#{T(org.mitre.oauth2.web.RevocationEndpoint).URL}**"
-			use-expressions="true" 
-			entry-point-ref="oauthAuthenticationEntryPoint" 
-			create-session="stateless"
-			authentication-manager-ref="clientAuthenticationManager">
-		<security:http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
-		<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
-		<security:custom-filter ref="clientAssertionEndpointFilter" after="PRE_AUTH_FILTER" /> <!-- this one has to go first -->
-		<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
-		<security:custom-filter ref="clientCredentialsEndpointFilter" after="BASIC_AUTH_FILTER" />
+				   use-expressions="true"
+				   entry-point-ref="oauthAuthenticationEntryPoint"
+				   create-session="stateless"
+				   authentication-manager-ref="clientAuthenticationManager">
+		<security:http-basic entry-point-ref="oauthAuthenticationEntryPoint"/>
+		<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER"/>
+		<security:custom-filter ref="clientAssertionEndpointFilter"
+								after="PRE_AUTH_FILTER"/> <!-- this one has to go first -->
+		<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER"/>
+		<security:custom-filter ref="clientCredentialsEndpointFilter" after="BASIC_AUTH_FILTER"/>
 		<security:csrf disabled="true"/>
 	</security:http>
 
-	<bean id="oauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
-		<property name="realmName" value="openidconnect" />
+	<bean id="oauthAuthenticationEntryPoint"
+		  class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
+		<property name="realmName" value="openidconnect"/>
 	</bean>
 
-	<bean id="http403EntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" />
+	<bean id="http403EntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"/>
 
 	<!-- Additional endpoints for extensions (such as UMA) -->
-	
-	<import resource="endpoint-config.xml" />
+
+	<import resource="endpoint-config.xml"/>
 
 	<!-- SECOAUTH Authorization Server -->
 
-	<import resource="authz-config.xml" />
+	<import resource="authz-config.xml"/>
 
-	<bean id="oauth2ExceptionTranslator" class="org.springframework.security.oauth2.provider.error.DefaultWebResponseExceptionTranslator" />
+	<bean id="oauth2ExceptionTranslator"
+		  class="org.springframework.security.oauth2.provider.error.DefaultWebResponseExceptionTranslator"/>
 
 	<bean id="clientAuthMatcher" class="org.mitre.openid.connect.filter.MultiUrlRequestMatcher">
 		<constructor-arg name="filterProcessesUrls">
@@ -236,47 +255,54 @@
 		</constructor-arg>
 	</bean>
 
-	<bean id="clientCredentialsEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
-		<property name="authenticationManager" ref="clientAuthenticationManager" />
-		<property name="requiresAuthenticationRequestMatcher" ref="clientAuthMatcher" />
+	<bean id="clientCredentialsEndpointFilter"
+		  class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
+		<property name="authenticationManager" ref="clientAuthenticationManager"/>
+		<property name="requiresAuthenticationRequestMatcher" ref="clientAuthMatcher"/>
 	</bean>
-	
-	<bean id="clientAssertionEndpointFilter" class="org.mitre.openid.connect.assertion.JWTBearerClientAssertionTokenEndpointFilter">
-		<constructor-arg name="additionalMatcher" ref="clientAuthMatcher" />
-		<property name="authenticationManager" ref="clientAssertionAuthenticationManager" />
+
+	<bean id="clientAssertionEndpointFilter"
+		  class="org.mitre.openid.connect.assertion.JWTBearerClientAssertionTokenEndpointFilter">
+		<constructor-arg name="additionalMatcher" ref="clientAuthMatcher"/>
+		<property name="authenticationManager" ref="clientAssertionAuthenticationManager"/>
 	</bean>
 
 	<security:authentication-manager id="clientAuthenticationManager">
-		<security:authentication-provider user-service-ref="clientUserDetailsService" />
-		<security:authentication-provider user-service-ref="uriEncodedClientUserDetailsService" />
+		<security:authentication-provider user-service-ref="clientUserDetailsService">
+			<security:password-encoder ref="noopPasswordEncoder"/>
+		</security:authentication-provider>
+		<security:authentication-provider user-service-ref="uriEncodedClientUserDetailsService">
+			<security:password-encoder ref="noopPasswordEncoder"/>
+		</security:authentication-provider>
 	</security:authentication-manager>
 
 	<security:authentication-manager id="clientAssertionAuthenticationManager">
-		<security:authentication-provider ref="clientAssertionAuthenticationProvider" />
+		<security:authentication-provider ref="clientAssertionAuthenticationProvider"/>
 	</security:authentication-manager>
-	
-	<bean id="clientAssertionAuthenticationProvider" class="org.mitre.openid.connect.assertion.JWTBearerAuthenticationProvider" />
+
+	<bean id="clientAssertionAuthenticationProvider"
+		  class="org.mitre.openid.connect.assertion.JWTBearerAuthenticationProvider"/>
 
 	<!-- Configure locale information -->
-	<import resource="locale-config.xml" />
+	<import resource="locale-config.xml"/>
 
 	<!-- user services -->
-	<import resource="user-context.xml" />
-	
+	<import resource="user-context.xml"/>
+
 	<!-- assertion processing -->
-	<import resource="assertion-config.xml" />
+	<import resource="assertion-config.xml"/>
 
 	<!-- End Spring Security configuration -->
 
 	<!-- JPA -->
 
-	<import resource="jpa-config.xml" />
+	<import resource="jpa-config.xml"/>
 
 	<!-- End JPA -->
 
 	<!-- Crypto -->
 
-	<import resource="crypto-config.xml" />
+	<import resource="crypto-config.xml"/>
 
 	<!-- End Crypto -->
 
@@ -284,31 +310,31 @@
 
 	<!-- Handles HTTP GET requests for /resources/** by efficiently serving 
 		up static resources in the ${webappRoot}/resources directory -->
-	<mvc:resources mapping="/resources/**" location="/resources/" />
+	<mvc:resources mapping="/resources/**" location="/resources/"/>
 
 	<!-- Resolves views selected for rendering by @Controllers to .jsp resources 
 		in the /WEB-INF/views directory -->
 	<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
-		<property name="viewClass" value="org.springframework.web.servlet.view.JstlView" />
-		<property name="prefix" value="/WEB-INF/views/" />
-		<property name="suffix" value=".jsp" />
-		<property name="order" value="2" />
+		<property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>
+		<property name="prefix" value="/WEB-INF/views/"/>
+		<property name="suffix" value=".jsp"/>
+		<property name="order" value="2"/>
 	</bean>
 
 	<!-- Resolve views based on string names -->
 	<bean class="org.springframework.web.servlet.view.BeanNameViewResolver">
-		<property name="order" value="1" />
+		<property name="order" value="1"/>
 	</bean>
 
 	<!-- End view configuration -->
 
 	<!--Import scheduled task configuration -->
-	<import resource="task-config.xml" />
-	
+	<import resource="task-config.xml"/>
+
 	<!-- Import configuration for front-end (JavaScript) UI components -->
-	<import resource="ui-config.xml" />
+	<import resource="ui-config.xml"/>
 
 	<!-- import application-local configuration information (such as bean definitions) -->
-	<import resource="local-config.xml" />
+	<import resource="local-config.xml"/>
 
 </beans>
diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/user-context.xml b/openid-connect-server-webapp/src/main/webapp/WEB-INF/user-context.xml
index 2aff943637..501303d764 100644
--- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/user-context.xml
+++ b/openid-connect-server-webapp/src/main/webapp/WEB-INF/user-context.xml
@@ -30,9 +30,12 @@
 		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.3.xsd
 		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
 
+	<bean id="noopPasswordEncoder" class="org.springframework.security.crypto.password.NoOpPasswordEncoder"/>
+
 	<security:authentication-manager id="authenticationManager">
 		<security:authentication-provider>
 			<security:jdbc-user-service data-source-ref="dataSource"/>
+			<security:password-encoder ref="noopPasswordEncoder" />
 		</security:authentication-provider>
 	</security:authentication-manager>
 		
diff --git a/openid-connect-server/pom.xml b/openid-connect-server/pom.xml
index 84fe62198e..ace88fcc9e 100644
--- a/openid-connect-server/pom.xml
+++ b/openid-connect-server/pom.xml
@@ -72,11 +72,26 @@
 			<artifactId>org.eclipse.persistence.jpa</artifactId>
 			<scope>test</scope>
 		</dependency>
-
 		<dependency>
 			<groupId>org.apache.commons</groupId>
 			<artifactId>commons-io</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>javax.xml.bind</groupId>
+			<artifactId>jaxb-api</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>com.sun.xml.bind</groupId>
+			<artifactId>jaxb-core</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>com.sun.xml.bind</groupId>
+			<artifactId>jaxb-impl</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>javax.activation</groupId>
+			<artifactId>activation</artifactId>
+		</dependency>
 	</dependencies>
 	<description>OpenID Connect server libraries for Spring and Spring Security.</description>
 	<url />
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/BlacklistAwareRedirectResolver.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/BlacklistAwareRedirectResolver.java
index fc45ed20b9..13664bd410 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/BlacklistAwareRedirectResolver.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/BlacklistAwareRedirectResolver.java
@@ -43,11 +43,6 @@ public class BlacklistAwareRedirectResolver extends DefaultRedirectResolver {
 	@Autowired
 	private BlacklistedSiteService blacklistService;
 
-	@Autowired
-	private ConfigurationPropertiesBean config;
-
-	private boolean strictMatch = true;
-
 	/* (non-Javadoc)
 	 * @see org.springframework.security.oauth2.provider.endpoint.RedirectResolver#resolveRedirect(java.lang.String, org.springframework.security.oauth2.provider.ClientDetails)
 	 */
@@ -63,43 +58,4 @@ public String resolveRedirect(String requestedRedirect, ClientDetails client) th
 		}
 	}
 
-	/* (non-Javadoc)
-	 * @see org.springframework.security.oauth2.provider.endpoint.DefaultRedirectResolver#redirectMatches(java.lang.String, java.lang.String)
-	 */
-	@Override
-	protected boolean redirectMatches(String requestedRedirect, String redirectUri) {
-
-		if (isStrictMatch()) {
-			// we're doing a strict string match for all clients
-			return Strings.nullToEmpty(requestedRedirect).equals(redirectUri);
-		} else {
-			// otherwise do the prefix-match from the library
-			return super.redirectMatches(requestedRedirect, redirectUri);
-		}
-
-	}
-
-	/**
-	 * @return the strictMatch
-	 */
-	public boolean isStrictMatch() {
-		if (config.isHeartMode()) {
-			// HEART mode enforces strict matching
-			return true;
-		} else {
-			return strictMatch;
-		}
-	}
-
-	/**
-	 * Set this to true to require exact string matches for all redirect URIs. (Default is false)
-	 *
-	 * @param strictMatch the strictMatch to set
-	 */
-	public void setStrictMatch(boolean strictMatch) {
-		this.strictMatch = strictMatch;
-	}
-
-
-
 }
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataServiceSupport.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataServiceSupport.java
index c4e787c9eb..9d1414d311 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataServiceSupport.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataServiceSupport.java
@@ -25,6 +25,7 @@
 import org.springframework.format.datetime.DateFormatter;
 
 public abstract class MITREidDataServiceSupport {
+	public static final String DATE_TIME_ISO = "yyyy-MM-dd'T'HH:mm:ss.SSSZ";
 	private final DateFormatter dateFormatter;
 	/**
 	 * Logger for this class
@@ -32,8 +33,7 @@ public abstract class MITREidDataServiceSupport {
 	private static final Logger logger = LoggerFactory.getLogger(MITREidDataServiceSupport.class);
 
 	public MITREidDataServiceSupport() {
-		dateFormatter = new DateFormatter();
-		dateFormatter.setIso(ISO.DATE_TIME);
+		dateFormatter = new DateFormatter(DATE_TIME_ISO);
 	}
 
 	protected Date utcToDate(String value) {
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java
index 45ba59901c..f07d1f521d 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java
@@ -51,6 +51,8 @@
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.oauth2.common.util.OAuth2Utils;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
@@ -212,6 +214,16 @@ public PKCEAlgorithm deserialize(JsonElement json, Type typeOfT, JsonDeserializa
 					}
 				}
 			})
+			.registerTypeAdapter(GrantedAuthority.class, new JsonDeserializer<GrantedAuthority>() {
+				@Override
+				public GrantedAuthority deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
+					if (json.isJsonPrimitive()) {
+						return new SimpleGrantedAuthority(json.getAsString());
+					} else {
+						return null;
+					}
+				}
+			})
 			.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
 			.create();
 
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DynamicClientRegistrationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DynamicClientRegistrationEndpoint.java
index a96f8209ea..6ea1f155c5 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DynamicClientRegistrationEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DynamicClientRegistrationEndpoint.java
@@ -246,10 +246,6 @@ public String registerNewClient(@RequestBody String jsonString, Model m) {
 				m.addAttribute(HttpCodeView.CODE, HttpStatus.CREATED); // http 201
 
 				return ClientInformationResponseView.VIEWNAME;
-			} catch (UnsupportedEncodingException e) {
-				logger.error("Unsupported encoding", e);
-				m.addAttribute(HttpCodeView.CODE, HttpStatus.INTERNAL_SERVER_ERROR);
-				return HttpCodeView.VIEWNAME;
 			} catch (IllegalArgumentException e) {
 				logger.error("Couldn't save client", e);
 
@@ -293,7 +289,7 @@ public String readClientConfiguration(@PathVariable("id") String clientId, Model
 				m.addAttribute(HttpCodeView.CODE, HttpStatus.OK); // http 200
 
 				return ClientInformationResponseView.VIEWNAME;
-			} catch (UnsupportedEncodingException e) {
+			} catch (IllegalArgumentException e) {
 				logger.error("Unsupported encoding", e);
 				m.addAttribute(HttpCodeView.CODE, HttpStatus.INTERNAL_SERVER_ERROR);
 				return HttpCodeView.VIEWNAME;
@@ -319,7 +315,7 @@ public String readClientConfiguration(@PathVariable("id") String clientId, Model
 	 */
 	@PreAuthorize("hasRole('ROLE_CLIENT') and #oauth2.hasScope('" + SystemScopeService.REGISTRATION_TOKEN_SCOPE + "')")
 	@RequestMapping(value = "/{id}", method = RequestMethod.PUT, produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE)
-	public String updateClient(@PathVariable("id") String clientId, @RequestBody String jsonString, Model m, OAuth2Authentication auth) {
+	public String updateClient(@PathVariable("id") String clientId, @RequestBody String jsonString, Model m, OAuth2Authentication auth) throws UnsupportedEncodingException {
 
 
 		ClientDetailsEntity newClient = null;
@@ -382,10 +378,6 @@ public String updateClient(@PathVariable("id") String clientId, @RequestBody Str
 				m.addAttribute(HttpCodeView.CODE, HttpStatus.OK); // http 200
 
 				return ClientInformationResponseView.VIEWNAME;
-			} catch (UnsupportedEncodingException e) {
-				logger.error("Unsupported encoding", e);
-				m.addAttribute(HttpCodeView.CODE, HttpStatus.INTERNAL_SERVER_ERROR);
-				return HttpCodeView.VIEWNAME;
 			} catch (IllegalArgumentException e) {
 				logger.error("Couldn't save client", e);
 
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java
index 9e2e89b336..0db921246d 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java
@@ -177,10 +177,6 @@ public String registerNewProtectedResource(@RequestBody String jsonString, Model
 				m.addAttribute(HttpCodeView.CODE, HttpStatus.CREATED); // http 201
 
 				return ClientInformationResponseView.VIEWNAME;
-			} catch (UnsupportedEncodingException e) {
-				logger.error("Unsupported encoding", e);
-				m.addAttribute(HttpCodeView.CODE, HttpStatus.INTERNAL_SERVER_ERROR);
-				return HttpCodeView.VIEWNAME;
 			} catch (IllegalArgumentException e) {
 				logger.error("Couldn't save client", e);
 
@@ -245,7 +241,7 @@ public String readResourceConfiguration(@PathVariable("id") String clientId, Mod
 				m.addAttribute(HttpCodeView.CODE, HttpStatus.OK); // http 200
 
 				return ClientInformationResponseView.VIEWNAME;
-			} catch (UnsupportedEncodingException e) {
+			} catch (IllegalArgumentException e) {
 				logger.error("Unsupported encoding", e);
 				m.addAttribute(HttpCodeView.CODE, HttpStatus.INTERNAL_SERVER_ERROR);
 				return HttpCodeView.VIEWNAME;
@@ -356,10 +352,6 @@ public String updateProtectedResource(@PathVariable("id") String clientId, @Requ
 				m.addAttribute(HttpCodeView.CODE, HttpStatus.OK); // http 200
 
 				return ClientInformationResponseView.VIEWNAME;
-			} catch (UnsupportedEncodingException e) {
-				logger.error("Unsupported encoding", e);
-				m.addAttribute(HttpCodeView.CODE, HttpStatus.INTERNAL_SERVER_ERROR);
-				return HttpCodeView.VIEWNAME;
 			} catch (IllegalArgumentException e) {
 				logger.error("Couldn't save client", e);
 
diff --git a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestBlacklistAwareRedirectResolver.java b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestBlacklistAwareRedirectResolver.java
index 3698ec9e05..51214ba304 100644
--- a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestBlacklistAwareRedirectResolver.java
+++ b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestBlacklistAwareRedirectResolver.java
@@ -87,15 +87,6 @@ public void testResolveRedirect_safe() {
 
 		assertThat(res1, is(equalTo(goodUri)));
 		
-		// set the resolver to non-strict and test the path-based redirect resolution
-		
-		resolver.setStrictMatch(false);
-
-		String res2 = resolver.resolveRedirect(pathUri, client);
-
-		assertThat(res2, is(equalTo(pathUri)));
-
-
 	}
 
 	@Test(expected = InvalidRequestException.class)
@@ -106,52 +97,4 @@ public void testResolveRedirect_blacklisted() {
 
 	}
 
-	@Test
-	public void testRedirectMatches_default() {
-
-		// this is not an exact match
-		boolean res1 = resolver.redirectMatches(pathUri, goodUri);
-
-		assertThat(res1, is(false));
-
-		// this is an exact match
-		boolean res2 = resolver.redirectMatches(goodUri, goodUri);
-
-		assertThat(res2, is(true));
-
-	}
-
-	@Test
-	public void testRedirectMatches_nonstrict() {
-
-		// set the resolver to non-strict match mode
-		resolver.setStrictMatch(false);
-		
-		// this is not an exact match (but that's OK)
-		boolean res1 = resolver.redirectMatches(pathUri, goodUri);
-
-		assertThat(res1, is(true));
-
-		// this is an exact match
-		boolean res2 = resolver.redirectMatches(goodUri, goodUri);
-
-		assertThat(res2, is(true));
-
-	}
-
-	@Test
-	public void testHeartMode() {
-		when(config.isHeartMode()).thenReturn(true);
-
-		// this is not an exact match
-		boolean res1 = resolver.redirectMatches(pathUri, goodUri);
-
-		assertThat(res1, is(false));
-
-		// this is an exact match
-		boolean res2 = resolver.redirectMatches(goodUri, goodUri);
-
-		assertThat(res2, is(true));
-	}
-
 }
diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_0.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_0.java
index 6d5e7ec7ca..777f77336f 100644
--- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_0.java
+++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_0.java
@@ -130,8 +130,7 @@ public class TestMITREidDataService_1_0 {
 
 	@Before
 	public void prepare() {
-		formatter = new DateFormatter();
-		formatter.setIso(ISO.DATE_TIME);
+		formatter = new DateFormatter(MITREidDataServiceSupport.DATE_TIME_ISO);
 		Mockito.reset(clientRepository, approvedSiteRepository, authHolderRepository, tokenRepository, sysScopeRepository, wlSiteRepository, blSiteRepository);
 	}
 
@@ -967,4 +966,4 @@ public void testExportDisabled() throws IOException {
 		dataService.exportData(writer);
 	}
 
-}
\ No newline at end of file
+}
diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_1.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_1.java
index d7ab851fd4..855d8192ba 100644
--- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_1.java
+++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_1.java
@@ -128,8 +128,7 @@ public class TestMITREidDataService_1_1 {
 
 	@Before
 	public void prepare() {
-		formatter = new DateFormatter();
-		formatter.setIso(ISO.DATE_TIME);
+		formatter = new DateFormatter(MITREidDataServiceSupport.DATE_TIME_ISO);
 
 		Mockito.reset(clientRepository, approvedSiteRepository, authHolderRepository, tokenRepository, sysScopeRepository, wlSiteRepository, blSiteRepository);
 	}
diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_2.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_2.java
index 594900ae29..555f0c7e6c 100644
--- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_2.java
+++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_2.java
@@ -131,8 +131,7 @@ public class TestMITREidDataService_1_2 {
 
 	@Before
 	public void prepare() {
-		formatter = new DateFormatter();
-		formatter.setIso(ISO.DATE_TIME);
+		formatter = new DateFormatter(MITREidDataServiceSupport.DATE_TIME_ISO);
 
 		Mockito.reset(clientRepository, approvedSiteRepository, authHolderRepository, tokenRepository, sysScopeRepository, wlSiteRepository, blSiteRepository);
 	}
diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_3.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_3.java
index 29a04d932d..3b195fd0f0 100644
--- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_3.java
+++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_3.java
@@ -142,8 +142,8 @@ public class TestMITREidDataService_1_3 {
 
 	@Before
 	public void prepare() {
-		formatter = new DateFormatter();
-		formatter.setIso(ISO.DATE_TIME);
+		formatter = new DateFormatter(MITREidDataServiceSupport.DATE_TIME_ISO);
+		//formatter.setIso(ISO.DATE_TIME);
 
 		Mockito.reset(clientRepository, approvedSiteRepository, authHolderRepository, tokenRepository, sysScopeRepository, wlSiteRepository, blSiteRepository);
 	}
diff --git a/pom.xml b/pom.xml
index 6824f13603..5b2c5007a6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -16,7 +16,8 @@
     See the License for the specific language governing permissions and
     limitations under the License.
  -->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+		 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.mitre</groupId>
 	<artifactId>openid-connect-parent</artifactId>
@@ -27,7 +28,7 @@
 		<groupId>org.sonatype.oss</groupId>
 		<artifactId>oss-parent</artifactId>
 		<version>9</version>
-		<relativePath />
+		<relativePath/>
 	</parent>
 	<licenses>
 		<license>
@@ -48,7 +49,8 @@
 
 	<scm>
 		<connection>scm:git:https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server.git</connection>
-		<developerConnection>scm:git:git@github.com:mitreid-connect/OpenID-Connect-Java-Spring-Server.git</developerConnection>
+		<developerConnection>scm:git:git@github.com:mitreid-connect/OpenID-Connect-Java-Spring-Server.git
+		</developerConnection>
 		<url>https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server.git</url>
 		<tag>HEAD</tag>
 	</scm>
@@ -71,9 +73,12 @@
 
 	<properties>
 		<java-version>1.8</java-version>
-		<org.slf4j-version>1.7.25</org.slf4j-version>
+		<org.slf4j-version>1.7.26</org.slf4j-version>
 	</properties>
-	<description>A reference implementation of OpenID Connect (http://openid.net/connect/), OAuth 2.0, and UMA built on top of Java, Spring, and Spring Security. The project contains a fully functioning server, client, and utility library.</description>
+	<description>A reference implementation of OpenID Connect (http://openid.net/connect/), OAuth 2.0, and UMA built on
+		top of Java, Spring, and Spring Security. The project contains a fully functioning server, client, and utility
+		library.
+	</description>
 	<url>https://github.com/mitreid-connect</url>
 	<build>
 		<pluginManagement>
@@ -81,27 +86,27 @@
 				<plugin>
 					<groupId>org.apache.maven.plugins</groupId>
 					<artifactId>maven-jar-plugin</artifactId>
-					<version>3.0.2</version>
+					<version>3.1.2</version>
 				</plugin>
 				<plugin>
 					<groupId>org.apache.maven.plugins</groupId>
 					<artifactId>maven-war-plugin</artifactId>
-					<version>3.0.0</version>
+					<version>3.2.3</version>
 				</plugin>
 				<plugin>
 					<groupId>org.apache.maven.plugins</groupId>
 					<artifactId>maven-javadoc-plugin</artifactId>
-					<version>2.10.4</version>
+					<version>3.1.1</version>
 				</plugin>
 				<plugin>
 					<groupId>org.jacoco</groupId>
 					<artifactId>jacoco-maven-plugin</artifactId>
-					<version>0.7.9</version>
+					<version>0.8.4</version>
 				</plugin>
 				<plugin>
 					<groupId>org.apache.maven.plugins</groupId>
 					<artifactId>maven-checkstyle-plugin</artifactId>
-					<version>2.10</version>
+					<version>3.1.0</version>
 				</plugin>
 				<plugin>
 					<groupId>org.apache.maven.plugins</groupId>
@@ -111,17 +116,17 @@
 				<plugin>
 					<groupId>org.apache.maven.plugins</groupId>
 					<artifactId>maven-source-plugin</artifactId>
-					<version>3.0.1</version>
+					<version>3.1.0</version>
 				</plugin>
 				<plugin>
 					<groupId>org.apache.maven.plugins</groupId>
 					<artifactId>maven-compiler-plugin</artifactId>
-					<version>3.6.1</version>
+					<version>3.8.1</version>
 				</plugin>
 				<plugin>
 					<groupId>org.eclipse.jetty</groupId>
 					<artifactId>jetty-maven-plugin</artifactId>
-					<version>9.4.3.v20170317</version>
+					<version>9.4.19.v20190610</version>
 				</plugin>
 				<plugin>
 					<inherited>true</inherited>
@@ -137,12 +142,12 @@
 				<plugin>
 					<groupId>org.apache.maven.plugins</groupId>
 					<artifactId>maven-site-plugin</artifactId>
-					<version>3.6</version>
+					<version>3.7.1</version>
 				</plugin>
 				<plugin>
 					<groupId>org.apache.maven.plugins</groupId>
 					<artifactId>maven-project-info-reports-plugin</artifactId>
-					<version>2.9</version>
+					<version>3.0.0</version>
 				</plugin>
 				<!--This plugin's configuration is used to store Eclipse m2e settings only. It has no influence on the Maven build itself.-->
 				<plugin>
@@ -168,7 +173,7 @@
 										</goals>
 									</pluginExecutionFilter>
 									<action>
-										<execute />
+										<execute/>
 									</action>
 								</pluginExecution>
 							</pluginExecutions>
@@ -193,6 +198,11 @@
 							<artifactId>wro4j-extensions</artifactId>
 							<version>1.8.0</version>
 						</dependency>
+						<dependency>
+							<groupId>org.mockito</groupId>
+							<artifactId>mockito-core</artifactId>
+							<version>2.18.0</version>
+						</dependency>
 					</dependencies>
 				</plugin>
 			</plugins>
@@ -209,7 +219,7 @@
 					<windowtitle>MITREid Connect v. ${project.version}</windowtitle>
 					<doctitle>MITREid Connect v. ${project.version}</doctitle>
 					<overview>${basedir}/src/main/javadoc/overview.html</overview>
-					<additionalparam>-Xdoclint:none</additionalparam>
+					<doclint>none</doclint>
 				</configuration>
 				<executions>
 					<execution>
@@ -282,74 +292,79 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-site-plugin</artifactId>
+			</plugin>
+		</plugins>
+	</build>
+
+	<reporting>
+		<plugins>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-project-info-reports-plugin</artifactId>
+				<configuration>
+					<dependencyDetailsEnabled>false</dependencyDetailsEnabled>
+				</configuration>
+				<reportSets>
+					<reportSet>
+						<reports>
+							<report>index</report>
+							<report>ci-management</report>
+							<report>dependencies</report>
+							<report>dependency-convergence</report>
+							<!-- <report>dependency-info</report> -->
+							<report>dependency-management</report>
+							<report>help</report>
+							<report>issue-management</report>
+							<report>licenses</report>
+							<report>mailing-lists</report>
+							<report>modules</report>
+							<report>plugin-management</report>
+							<report>plugins</report>
+							<report>team</report>
+							<report>scm</report>
+							<report>summary</report>
+						</reports>
+					</reportSet>
+				</reportSets>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-javadoc-plugin</artifactId>
 				<configuration>
-					<reportPlugins>
-						<plugin>
-							<groupId>org.apache.maven.plugins</groupId>
-							<artifactId>maven-project-info-reports-plugin</artifactId>
-							<configuration>
-								<dependencyDetailsEnabled>false</dependencyDetailsEnabled>
-								<dependencyLocationsEnabled>false</dependencyLocationsEnabled>
-							</configuration>
-							<reports>
-								<report>index</report>
-								<report>cim</report>
-								<report>dependencies</report>
-								<report>dependency-convergence</report>
-<!-- 								<report>dependency-info</report> -->
-								<report>dependency-management</report>
-								<report>help</report>
-								<report>issue-tracking</report>
-								<report>license</report>
-								<report>mailing-list</report>
-								<report>modules</report>
-								<report>plugin-management</report>
-								<report>plugins</report>
-								<report>project-team</report>
-								<report>scm</report>
-								<report>summary</report>
-							</reports>
-						</plugin>
-						<plugin>
-							<groupId>org.apache.maven.plugins</groupId>
-							<artifactId>maven-javadoc-plugin</artifactId>
-							<configuration>
-								<author>true</author>
-								<version>true</version>
-								<use>true</use>
-								<linksource>true</linksource>
-								<windowtitle>MITREid Connect ${project.name} v. ${project.version}</windowtitle>
-								<doctitle>MITREid Connect ${project.name} v. ${project.version}</doctitle>
-								<overview>${basedir}/src/main/javadoc/overview.html</overview>
-								<additionalparam>-Xdoclint:none</additionalparam>
-							</configuration>
-						</plugin>
-						<plugin>
-							<groupId>org.apache.maven.plugins</groupId>
-							<artifactId>maven-checkstyle-plugin</artifactId>
-							<configuration>
-								<configLocation>checkstyle.xml</configLocation>
-							</configuration>
-						</plugin>
-						<plugin>
-							<groupId>org.apache.maven.plugins</groupId>
-							<artifactId>maven-surefire-plugin</artifactId>
-							<configuration>
-								<junitArtifactName>junit:junit</junitArtifactName>
-								<excludes>
-									<exclude>**/*_Roo_*</exclude>
-								</excludes>
-							</configuration>
-						</plugin>
-						<plugin>
-							<groupId>org.jacoco</groupId>
-							<artifactId>jacoco-maven-plugin</artifactId>
-						</plugin>
-					</reportPlugins>
+					<author>true</author>
+					<version>true</version>
+					<use>true</use>
+					<linksource>true</linksource>
+					<windowtitle>MITREid Connect ${project.name} v. ${project.version}</windowtitle>
+					<doctitle>MITREid Connect ${project.name} v. ${project.version}</doctitle>
+					<overview>${basedir}/src/main/javadoc/overview.html</overview>
+					<doclint>none</doclint>
 				</configuration>
 			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-checkstyle-plugin</artifactId>
+				<configuration>
+					<configLocation>checkstyle.xml</configLocation>
+				</configuration>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-surefire-plugin</artifactId>
+				<configuration>
+					<junitArtifactName>junit:junit</junitArtifactName>
+					<excludes>
+						<exclude>**/*_Roo_*</exclude>
+					</excludes>
+				</configuration>
+			</plugin>
+			<plugin>
+				<groupId>org.jacoco</groupId>
+				<artifactId>jacoco-maven-plugin</artifactId>
+			</plugin>
 		</plugins>
-	</build>
+	</reporting>
+
 	<issueManagement>
 		<url>https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/issues</url>
 		<system>GitHub Issues</system>
@@ -365,7 +380,7 @@
 			<dependency>
 				<groupId>org.springframework</groupId>
 				<artifactId>spring-framework-bom</artifactId>
-				<version>4.3.22.RELEASE</version>
+				<version>5.1.8.RELEASE</version>
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>
@@ -374,26 +389,26 @@
 			<dependency>
 				<groupId>com.fasterxml.jackson.core</groupId>
 				<artifactId>jackson-databind</artifactId>
-				<version>2.9.8</version>
+				<version>2.9.9.1</version>
 			</dependency>
 			<dependency>
 				<groupId>com.fasterxml.jackson.core</groupId>
 				<artifactId>jackson-annotations</artifactId>
-				<version>2.9.8</version>
+				<version>2.9.9</version>
 			</dependency>
 
 			<!-- Spring Security -->
 			<dependency>
 				<groupId>org.springframework.security</groupId>
 				<artifactId>spring-security-bom</artifactId>
-				<version>4.2.11.RELEASE</version>
+				<version>5.1.5.RELEASE</version>
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>
 			<dependency>
 				<groupId>org.springframework.security.oauth</groupId>
 				<artifactId>spring-security-oauth2</artifactId>
-				<version>2.1.0.RELEASE</version>
+				<version>2.3.6.RELEASE</version>
 			</dependency>
 
 			<!-- Servlet -->
@@ -419,17 +434,17 @@
 			<dependency>
 				<groupId>mysql</groupId>
 				<artifactId>mysql-connector-java</artifactId>
-				<version>5.1.42</version>
+				<version>5.1.47</version>
 			</dependency>
 			<dependency>
 				<groupId>org.hsqldb</groupId>
 				<artifactId>hsqldb</artifactId>
-				<version>2.3.4</version>
+				<version>2.5.0</version>
 			</dependency>
 			<dependency>
 				<groupId>org.postgresql</groupId>
 				<artifactId>postgresql</artifactId>
-				<version>42.0.0.jre7</version>
+				<version>42.2.6</version>
 			</dependency>
 			<dependency>
 				<groupId>com.oracle</groupId>
@@ -449,7 +464,7 @@
 			<dependency>
 				<groupId>com.zaxxer</groupId>
 				<artifactId>HikariCP</artifactId>
-				<version>2.6.1</version>
+				<version>3.3.1</version>
 			</dependency>
 
 
@@ -511,13 +526,13 @@
 			<dependency>
 				<groupId>org.easymock</groupId>
 				<artifactId>easymock</artifactId>
-				<version>3.4</version>
+				<version>4.0.2</version>
 				<scope>test</scope>
 			</dependency>
 			<dependency>
 				<groupId>org.mockito</groupId>
 				<artifactId>mockito-all</artifactId>
-				<version>1.9.5</version>
+				<version>1.10.19</version>
 				<scope>test</scope>
 			</dependency>
 			<!-- MITREid Connect components -->
@@ -564,17 +579,17 @@
 			<dependency>
 				<groupId>com.google.guava</groupId>
 				<artifactId>guava</artifactId>
-				<version>27.0-jre</version>
+				<version>28.0-jre</version>
 			</dependency>
 			<dependency>
 				<groupId>com.google.code.gson</groupId>
 				<artifactId>gson</artifactId>
-				<version>2.8.0</version>
+				<version>2.8.5</version>
 			</dependency>
 			<dependency>
 				<groupId>org.apache.httpcomponents</groupId>
 				<artifactId>httpclient</artifactId>
-				<version>4.5.3</version>
+				<version>4.5.9</version>
 				<exclusions>
 					<exclusion>
 						<groupId>commons-logging</groupId>
@@ -585,7 +600,7 @@
 			<dependency>
 				<groupId>com.nimbusds</groupId>
 				<artifactId>nimbus-jose-jwt</artifactId>
-				<version>5.4</version>
+				<version>7.4</version>
 			</dependency>
 			<dependency>
 				<groupId>org.bouncycastle</groupId>
@@ -607,6 +622,27 @@
 				<artifactId>wro4j-extensions</artifactId>
 				<version>1.8.0</version>
 			</dependency>
+
+			<dependency>
+				<groupId>javax.xml.bind</groupId>
+				<artifactId>jaxb-api</artifactId>
+				<version>2.3.0</version>
+			</dependency>
+			<dependency>
+				<groupId>com.sun.xml.bind</groupId>
+				<artifactId>jaxb-core</artifactId>
+				<version>2.3.0</version>
+			</dependency>
+			<dependency>
+				<groupId>com.sun.xml.bind</groupId>
+				<artifactId>jaxb-impl</artifactId>
+				<version>2.3.0</version>
+			</dependency>
+			<dependency>
+				<groupId>javax.activation</groupId>
+				<artifactId>activation</artifactId>
+				<version>1.1.1</version>
+			</dependency>
 		</dependencies>
 	</dependencyManagement>