Add new-defaults counterpart tests for security fix defaults

For each of the 12 tests that were failing due to the security commits,
add a parallel counterpart that exercises the new default behavior:
- redirect_uri.matching_mode: exact  (allow_unsafe_matching: false)
- logging_level: INFO
- extended log redaction pattern (code=, access_token=, refresh_token=,
  id_token= in addition to password= and client_secret=)

New compare fixtures (8 files):
- bosh-lite-uaa-defaults.yml, bosh-lite-log4j2-defaults.properties
- all-properties-set-uaa-defaults.yml, all-properties-set-log4j2-defaults.properties
- test-defaults-uaa-defaults.yml, test-defaults-log4j2-defaults.properties
- deprecated-properties-still-work-uaa-defaults.yml
- default-log4j2-template-defaults.properties

New spec examples (12 total):
- 4 fixture-comparison contexts (bosh-lite, all-properties-set,
  test-defaults, deprecated-properties-still-work) with new-defaults
  before blocks (matching_mode=exact, logging_level=INFO)
- 1 unit test: "when not set by the user, defaults to false (exact)"
- 4 logging-format timestamp tests (rfc3339, rfc3339-legacy, deprecated,
  not-set) against the INFO-level template fixture

All 321 examples pass.

Author: fhanik

spec/compare/all-properties-set-log4j2-defaults.properties

@@ -0,0 +1,85 @@
+status = error
+dest = err
+name = UaaLog
+
+property.log_directory = /var/vcap/sys/log/uaa
+property.log_pattern=[%d{yyyy-MM-dd'T'HH:mm:ss.nnnnnn}{GMT+0}Z] uaa%X{context} - %pid [%t] - [%X{traceId},%X{spanId}] .... %5p --- %c{1}: %replace{%m}{(?<=password=|client_secret=|code=|access_token=|refresh_token=|id_token=)([^&\s]*)}{<redacted>}%n
+
+appender.uaaDefaultAppender.type = File
+appender.uaaDefaultAppender.name = UaaDefaultAppender
+appender.uaaDefaultAppender.fileName = ${log_directory}/uaa.log
+appender.uaaDefaultAppender.layout.type = PatternLayout
+appender.uaaDefaultAppender.layout.pattern = ${log_pattern}
+
+appender.uaaAuditAppender.type = File
+appender.uaaAuditAppender.name = UaaAuditAppender
+appender.uaaAuditAppender.fileName = ${log_directory}/uaa_events.log
+appender.uaaAuditAppender.layout.type = PatternLayout
+appender.uaaAuditAppender.layout.pattern = ${log_pattern}
+
+rootLogger.level = info
+rootLogger.appenderRef.uaaDefaultAppender.ref = UaaDefaultAppender
+
+logger.UAAAudit.name = UAA.Audit
+logger.UAAAudit.level = info
+logger.UAAAudit.additivity = true
+logger.UAAAudit.appenderRef.auditEventLog.ref = UaaAuditAppender
+
+
+# These loggers have a configurable level
+logger.cfIdentity.name = org.cloudfoundry.identity
+logger.cfIdentity.level = INFO
+logger.cfIdentity.additivity = false
+logger.cfIdentity.appenderRef.uaaDefaultAppender.ref = UaaDefaultAppender
+
+logger.springSecurity.name = org.springframework.security
+logger.springSecurity.level = INFO
+logger.springSecurity.additivity = false
+logger.springSecurity.appenderRef.uaaDefaultAppender.ref = UaaDefaultAppender
+
+logger.springJdbc.name = org.springframework.jdbc
+logger.springJdbc.level = INFO
+logger.springJdbc.additivity = false
+logger.springJdbc.appenderRef.uaaDefaultAppender.ref = UaaDefaultAppender
+
+
+# These loggers have a fixed level of "info"
+logger.springWebStandardServletEnvironment.name = org.springframework.web.context.support.StandardServletEnvironment
+logger.springWebStandardServletEnvironment.level = info
+logger.springWebStandardServletEnvironment.additivity = false
+logger.springWebStandardServletEnvironment.appenderRef.uaaDefaultAppender.ref = UaaDefaultAppender
+
+logger.apacheHttpWire.name = org.apache.http.wire
+logger.apacheHttpWire.level = info
+logger.apacheHttpWire.additivity = false
+logger.apacheHttpWire.appenderRef.uaaDefaultAppender.ref = UaaDefaultAppender
+
+logger.springAopAspectJExpressionPointcut.name = org.springframework.aop.aspectj.AspectJExpressionPointcut
+logger.springAopAspectJExpressionPointcut.level = info
+logger.springAopAspectJExpressionPointcut.additivity = false
+logger.springAopAspectJExpressionPointcut.appenderRef.uaaDefaultAppender.ref = UaaDefaultAppender
+
+logger.springBeansDefaultListableBeanFactory.name = org.springframework.beans.factory.support.DefaultListableBeanFactory
+logger.springBeansDefaultListableBeanFactory.level = info
+logger.springBeansDefaultListableBeanFactory.additivity = false
+logger.springBeansDefaultListableBeanFactory.appenderRef.uaaDefaultAppender.ref = UaaDefaultAppender
+
+logger.springBeansDisposableBeanAdaptor.name = org.springframework.beans.factory.support.DisposableBeanAdapter
+logger.springBeansDisposableBeanAdaptor.level = info
+logger.springBeansDisposableBeanAdaptor.additivity = false
+logger.springBeansDisposableBeanAdaptor.appenderRef.uaaDefaultAppender.ref = UaaDefaultAppender
+
+logger.springSecurityLdapAuthenticationProvider.name = org.springframework.security.ldap.authentication.LdapAuthenticationProvider
+logger.springSecurityLdapAuthenticationProvider.level = info
+logger.springSecurityLdapAuthenticationProvider.additivity = false
+logger.springSecurityLdapAuthenticationProvider.appenderRef.uaaDefaultAppender.ref = UaaDefaultAppender
+
+logger.springSecurityFilterBasedUserSearch.name = org.springframework.security.ldap.search.FilterBasedLdapUserSearch
+logger.springSecurityFilterBasedUserSearch.level = info
+logger.springSecurityFilterBasedUserSearch.additivity = false
+logger.springSecurityFilterBasedUserSearch.appenderRef.uaaDefaultAppender.ref = UaaDefaultAppender
+
+logger.springWeb.name = org.springframework.web
+logger.springWeb.level = info
+logger.springWeb.additivity = false
+logger.springWeb.appenderRef.uaaDefaultAppender.ref = UaaDefaultAppender