Use standard lambda syntax in documentation

Fixes: gh-7774

docs/manual/src/docs/asciidoc/_includes/reactive/exploits/headers.adoc

@@ -23,12 +23,10 @@ You can easily do this with the following Java Configuration:
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers ->
-			headers
-				.frameOptions(frameOptions ->
-					frameOptions
-						.mode(Mode.SAMEORIGIN)
-				)
+		.headers(headers -> headers
+			.frameOptions(frameOptions -> frameOptions
+				.mode(Mode.SAMEORIGIN)
+			)
 		);
 	return http.build();
 }
@@ -46,10 +44,7 @@ An example for both Java configuration is provided below:
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers ->
-			headers
-				.disable()
-		);
+		.headers(headers -> headers.disable());
 	return http.build();
 }
 ----
@@ -76,9 +71,8 @@ If necessary, you can also disable Spring Security's cache control HTTP response
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers ->
-			headers
-				.cache(cache -> cache.disable())
+		.headers(headers -> headers
+			.cache(cache -> cache.disable())
 		);
 	return http.build();
 }
@@ -99,9 +93,8 @@ However, you can disable it in Java Configuration with:
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers ->
-			headers
-				.contentTypeOptions(contentTypeOptions -> contentTypeOptions.disable())
+		.headers(headers -> headers
+			.contentTypeOptions(contentTypeOptions -> contentTypeOptions.disable())
 		);
 	return http.build();
 }
@@ -122,14 +115,12 @@ For example, the following is an example of explicitly providing HSTS with Java
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers ->
-			headers
-				.hsts(hsts ->
-					hsts
-						.includeSubdomains(true)
-						.preload(true)
-						.maxAge(Duration.ofDays(365))
-				)
+		.headers(headers -> headers
+			.hsts(hsts -> hsts
+				.includeSubdomains(true)
+				.preload(true)
+				.maxAge(Duration.ofDays(365))
+			)
 		);
 	return http.build();
 }
@@ -150,12 +141,10 @@ You can customize frame options to use the same origin within Java Configuration
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers ->
-			headers
-				.frameOptions(frameOptions ->
-					frameOptions
-						.mode(SAMEORIGIN)
-				)
+		.headers(headers -> headers
+			.frameOptions(frameOptions -> frameOptions
+				.mode(SAMEORIGIN)
+			)
 		);
 	return http.build();
 }
@@ -175,9 +164,8 @@ You can disable `X-XSS-Protection` with the following Java Configuration:
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers ->
-			headers
-				.xssProtection(xssProtection -> xssProtection.disable())
+		.headers(headers -> headers
+			.xssProtection(xssProtection -> xssProtection.disable())
 		);
 	return http.build();
 }
@@ -209,12 +197,10 @@ You can enable the CSP header using Java configuration as shown below:
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers ->
-			headers
-				.contentSecurityPolicy(contentSecurityPolicy ->
-					contentSecurityPolicy
-						.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
-				)
+		.headers(headers -> headers
+			.contentSecurityPolicy(policy -> policy
+				.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
+			)
 		);
 	return http.build();
 }
@@ -231,13 +217,11 @@ To enable the CSP `report-only` header, provide the following Java configuration
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers ->
-			headers
-				.contentSecurityPolicy(contentSecurityPolicy ->
-					contentSecurityPolicy
-						.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
-						.reportOnly()
-				)
+		.headers(headers -> headers
+			.contentSecurityPolicy(policy -> policy
+				.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
+				.reportOnly()
+			)
 		);
 	return http.build();
 }
@@ -258,12 +242,10 @@ You can enable the Referrer Policy header using Java configuration as shown belo
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers ->
-			headers
-				.referrerPolicy(referrerPolicy ->
-					referrerPolicy
-						.policy(ReferrerPolicy.SAME_ORIGIN)
-				)
+		.headers(headers -> headers
+			.referrerPolicy(referrer -> referrer
+				.policy(ReferrerPolicy.SAME_ORIGIN)
+			)
 		);
 	return http.build();
 }
@@ -295,9 +277,8 @@ can enable the Feature Policy header using Java configuration as shown below:
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers ->
-			headers
-				.featurePolicy("geolocation 'self'")
+		.headers(headers -> headers
+			.featurePolicy("geolocation 'self'")
 		);
 	return http.build();
 }

docs/manual/src/docs/asciidoc/_includes/reactive/exploits/http.adoc

@@ -38,9 +38,8 @@ For example, if the production environment adds a header named `X-Forwarded-Prot
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.redirectToHttps(redirectToHttps ->
-			redirectToHttps
-				.httpsRedirectWhen(e -> e.getRequest().getHeaders().containsKey("X-Forwarded-Proto"))
+		.redirectToHttps(redirect -> redirect
+			.httpsRedirectWhen(e -> e.getRequest().getHeaders().containsKey("X-Forwarded-Proto"))
 		);
 	return http.build();
 }

docs/manual/src/docs/asciidoc/_includes/reactive/method.adoc

@@ -88,9 +88,8 @@ public class SecurityConfig {
 		return http
 			// Demonstrate that method security works
 			// Best practice to use both for defense in depth
-			.authorizeExchange(exchanges ->
-				exchanges
-					.anyExchange().permitAll()
+			.authorizeExchange(exchanges -> exchanges
+				.anyExchange().permitAll()
 			)
 			.httpBasic(withDefaults())
 			.build();

docs/manual/src/docs/asciidoc/_includes/reactive/oauth2/login.adoc

@@ -151,12 +151,11 @@ Additional configuration options can be seen below:
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.oauth2Login(oauth2Login ->
-			oauth2Login
-				.authenticationConverter(converter)
-				.authenticationManager(manager)
-				.authorizedClientRepository(authorizedClients)
-				.clientRegistrationRepository(clientRegistrations)
+		.oauth2Login(oauth2 -> oauth2
+			.authenticationConverter(converter)
+			.authenticationManager(manager)
+			.authorizedClientRepository(authorizedClients)
+			.clientRegistrationRepository(clientRegistrations)
 		);
 	return http.build();
 }

docs/manual/src/docs/asciidoc/_includes/reactive/oauth2/resource-server.adoc

@@ -129,9 +129,8 @@ The first is a `SecurityWebFilterChain` that configures the app as a resource se
 @Bean
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
-		.authorizeExchange(exchanges ->
-			exchanges
-				.anyExchange().authenticated()
+		.authorizeExchange(exchanges -> exchanges
+			.anyExchange().authenticated()
 		)
 		.oauth2ResourceServer(OAuth2ResourceServerSpec::jwt)
 	return http.build();
@@ -147,14 +146,12 @@ Replacing this is as simple as exposing the bean within the application:
 @Bean
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
-		.authorizeExchange(exchanges ->
-			exchanges
-				.pathMatchers("/message/**").hasAuthority("SCOPE_message:read")
-				.anyExchange().authenticated()
+		.authorizeExchange(exchanges -> exchanges
+			.pathMatchers("/message/**").hasAuthority("SCOPE_message:read")
+			.anyExchange().authenticated()
 		)
-		.oauth2ResourceServer(oauth2ResourceServer ->
-			oauth2ResourceServer
-				.jwt(withDefaults())
+		.oauth2ResourceServer(oauth2 -> oauth2
+			.jwt(withDefaults())
 		);
 	return http.build();
 }
@@ -190,16 +187,13 @@ An authorization server's JWK Set Uri can be configured <<webflux-oauth2resource
 @Bean
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
-		.authorizeExchange(exchanges ->
-			exchanges
-				.anyExchange().authenticated()
+		.authorizeExchange(exchanges -> exchanges
+			.anyExchange().authenticated()
 		)
-		.oauth2ResourceServer(oauth2ResourceServer ->
-			oauth2ResourceServer
-				.jwt(jwt ->
-					jwt
-						.jwkSetUri("https://idp.example.com/.well-known/jwks.json")
-				)
+		.oauth2ResourceServer(oauth2 -> oauth2
+			.jwt(jwt -> jwt
+				.jwkSetUri("https://idp.example.com/.well-known/jwks.json")
+			)
 		);
 	return http.build();
 }
@@ -217,16 +211,13 @@ More powerful than `jwkSetUri()` is `decoder()`, which will completely replace a
 @Bean
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
-		.authorizeExchange(exchanges ->
-			exchanges
-				.anyExchange().authenticated()
+		.authorizeExchange(exchanges -> exchanges
+			.anyExchange().authenticated()
 		)
-		.oauth2ResourceServer(oauth2ResourceServer ->
-			oauth2ResourceServer
-				.jwt(jwt ->
-					jwt
-					    .decoder(myCustomDecoder())
-				)
+		.oauth2ResourceServer(oauth2 -> oauth2
+			.jwt(jwt -> jwt
+				.decoder(myCustomDecoder())
+			)
 		);
     return http.build();
 }
@@ -398,7 +389,7 @@ This means that to protect an endpoint or method with a scope derived from a JWT
 @Bean
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
-		.authorizeExchange(exchanges ->exchanges
+		.authorizeExchange(exchanges -> exchanges
 			.mvcMatchers("/contacts/**").hasAuthority("SCOPE_contacts")
 			.mvcMatchers("/messages/**").hasAuthority("SCOPE_messages")
 			.anyExchange().authenticated()
@@ -430,16 +421,13 @@ To this end, the DSL exposes `jwtAuthenticationConverter()`:
 @Bean
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
-		.authorizeExchange(exchanges ->
-			exchanges
-				.anyExchange().authenticated()
+		.authorizeExchange(exchanges -> exchanges
+			.anyExchange().authenticated()
 		)
-		.oauth2ResourceServer(oauth2ResourceServer ->
-			oauth2ResourceServer
-				.jwt(jwt ->
-					jwt
-						.jwtAuthenticationConverter(grantedAuthoritiesExtractor())
-				)
+		.oauth2ResourceServer(oauth2 -> oauth2
+			.jwt(jwt -> jwt
+				.jwtAuthenticationConverter(grantedAuthoritiesExtractor())
+			)
 		);
 	return http.build();
 }
@@ -678,9 +666,8 @@ When use Opaque Token, this `SecurityWebFilterChain` looks like:
 @Bean
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
-		.authorizeExchange(exchanges ->
-			exchanges
-				.anyExchange().authenticated()
+		.authorizeExchange(exchanges -> exchanges
+			.anyExchange().authenticated()
 		)
 		.oauth2ResourceServer(ServerHttpSecurity.OAuth2ResourceServerSpec::opaqueToken)
 	return http.build();
@@ -698,17 +685,14 @@ public class MyCustomSecurityConfiguration {
     @Bean
     SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
         http
-            .authorizeExchange(exchanges ->
-                exchanges
-                    .pathMatchers("/messages/**").hasAuthority("SCOPE_message:read")
-                    .anyExchange().authenticated()
+            .authorizeExchange(exchanges -> exchanges
+                .pathMatchers("/messages/**").hasAuthority("SCOPE_message:read")
+                .anyExchange().authenticated()
             )
-            .oauth2ResourceServer(oauth2ResourceServer ->
-                oauth2ResourceServer
-                    .opaqueToken(opaqueToken ->
-                        opaqueToken
-                            .introspector(myIntrospector())
-                    )
+            .oauth2ResourceServer(oauth2 -> oauth2
+                .opaqueToken(opaqueToken -> opaqueToken
+                    .introspector(myIntrospector())
+                )
             );
         return http.build();
     }
@@ -745,17 +729,14 @@ public class DirectlyConfiguredIntrospectionUri {
     @Bean
     SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
         http
-            .authorizeExchange(exchanges ->
-                exchanges
-                    .anyExchange().authenticated()
+            .authorizeExchange(exchanges -> exchanges
+                .anyExchange().authenticated()
             )
-            .oauth2ResourceServer(oauth2ResourceServer ->
-                oauth2ResourceServer
-                    .opaqueToken(opaqueToken ->
-                        opaqueToken
-                            .introspectionUri("https://idp.example.com/introspect")
-                            .introspectionClientCredentials("client", "secret")
-                    )
+            .oauth2ResourceServer(oauth2 -> oauth2
+                .opaqueToken(opaqueToken -> opaqueToken
+                    .introspectionUri("https://idp.example.com/introspect")
+                    .introspectionClientCredentials("client", "secret")
+                )
             );
         return http.build();
     }
@@ -776,16 +757,13 @@ public class DirectlyConfiguredIntrospector {
     @Bean
     SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
         http
-            .authorizeExchange(exchanges ->
-                exchanges
-                    .anyExchange().authenticated()
+            .authorizeExchange(exchanges -> exchanges
+                .anyExchange().authenticated()
             )
-            .oauth2ResourceServer(oauth2ResourceServer ->
-                oauth2ResourceServer
-                    .opaqueToken(opaqueToken ->
-                        opaqueToken
-                            .introspector(myCustomIntrospector())
-                    )
+            .oauth2ResourceServer(oauth2 -> oauth2
+                .opaqueToken(opaqueToken -> opaqueToken
+                    .introspector(myCustomIntrospector())
+                )
             );
         return http.build();
     }

docs/manual/src/docs/asciidoc/_includes/reactive/webflux.adoc

@@ -56,9 +56,8 @@ public class HelloWebfluxSecurityConfig {
 	@Bean
 	public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 		http
-			.authorizeExchange(exchanges ->
-				exchanges
-					.anyExchange().authenticated()
+			.authorizeExchange(exchanges -> exchanges
+			    .anyExchange().authenticated()
 			)
 			.httpBasic(withDefaults())
 			.formLogin(withDefaults());

docs/manual/src/docs/asciidoc/_includes/reactive/x509.adoc

@@ -10,9 +10,8 @@ Below is an example of a reactive x509 security configuration:
 public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
 	http
 		.x509(withDefaults())
-		.authorizeExchange(exchanges ->
-			exchanges
-				.anyExchange().permitAll()
+		.authorizeExchange(exchanges -> exchanges
+		    .anyExchange().permitAll()
 		);
 	return http.build();
 }
@@ -37,14 +36,12 @@ public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
 	};
 
 	http
-		.x509(x509 ->
-			x509
-				.principalExtractor(principalExtractor)
-				.authenticationManager(authenticationManager)
+		.x509(x509 -> x509
+		    .principalExtractor(principalExtractor)
+		    .authenticationManager(authenticationManager)
 		)
-		.authorizeExchange(exchanges ->
-			exchanges
-				.anyExchange().authenticated()
+		.authorizeExchange(exchanges -> exchanges
+		    .anyExchange().authenticated()
 		);
 	return http.build();
 }

docs/manual/src/docs/asciidoc/_includes/servlet/authentication/logout.adoc

@@ -17,17 +17,16 @@ Similar to configuring login capabilities, however, you also have various option
 [source,java]
 ----
 protected void configure(HttpSecurity http) throws Exception {
-	http
-		.logout(logout ->                                                       // <1>
-		    logout
-			    .logoutUrl("/my/logout")                                        // <2>
-			    .logoutSuccessUrl("/my/index")                                  // <3>
-			    .logoutSuccessHandler(logoutSuccessHandler)                     // <4>
-			    .invalidateHttpSession(true)                                    // <5>
-			    .addLogoutHandler(logoutHandler)                                // <6>
-			    .deleteCookies(cookieNamesToClear)                              // <7>
-		)
-		...
+    http
+        .logout(logout -> logout                                                // <1>
+            .logoutUrl("/my/logout")                                            // <2>
+            .logoutSuccessUrl("/my/index")                                      // <3>
+            .logoutSuccessHandler(logoutSuccessHandler)                         // <4>
+            .invalidateHttpSession(true)                                        // <5>
+            .addLogoutHandler(logoutHandler)                                    // <6>
+            .deleteCookies(cookieNamesToClear)                                  // <7>
+        )
+        ...
 }
 ----
 

docs/manual/src/docs/asciidoc/_includes/servlet/authorization/authorize-requests.adoc

@@ -9,12 +9,11 @@ For example:
 ----
 protected void configure(HttpSecurity http) throws Exception {
 	http
-		.authorizeRequests(authorizeRequests ->                                        // <1>
-		    authorizeRequests
-			    .antMatchers("/resources/**", "/signup", "/about").permitAll()         // <2>
-			    .antMatchers("/admin/**").hasRole("ADMIN")                             // <3>
-			    .antMatchers("/db/**").access("hasRole('ADMIN') and hasRole('DBA')")   // <4>
-			    .anyRequest().authenticated()                                          // <5>
+		.authorizeRequests(authorize -> authorize                                  // <1>
+		    .antMatchers("/resources/**", "/signup", "/about").permitAll()         // <2>
+		    .antMatchers("/admin/**").hasRole("ADMIN")                             // <3>
+		    .antMatchers("/db/**").access("hasRole('ADMIN') and hasRole('DBA')")   // <4>
+		    .anyRequest().authenticated()                                          // <5>
 		)
 		.formLogin(withDefaults());
 }

docs/manual/src/docs/asciidoc/_includes/servlet/authorization/expression-based.adoc

@@ -140,10 +140,9 @@ or in Java configuration
 [source,java]
 ----
 http
-    .authorizeRequests(authorizeRequests ->
-        authorizeRequests
-            .antMatchers("/user/**").access("@webSecurity.check(authentication,request)")
-            ...
+    .authorizeRequests(authorize -> authorize
+        .antMatchers("/user/**").access("@webSecurity.check(authentication,request)")
+        ...
     )
 ----
 
@@ -181,10 +180,9 @@ or in Java configuration
 [source,java]
 ----
 http
-	.authorizeRequests(authorizeRequests ->
-	    authorizeRequests
-			.antMatchers("/user/{userId}/**").access("@webSecurity.checkUserId(authentication,#userId)")
-			...
+	.authorizeRequests(authorize -> authorize
+		.antMatchers("/user/{userId}/**").access("@webSecurity.checkUserId(authentication,#userId)")
+		...
 	);
 ----
 

docs/manual/src/docs/asciidoc/_includes/servlet/exploits/csrf.adoc

@@ -70,9 +70,8 @@ public class WebSecurityConfig extends
 	@Override
 	protected void configure(HttpSecurity http) {
 		http
-			.csrf(csrf ->
-				csrf
-					.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
+			.csrf(csrf -> csrf
+				.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
 			);
 	}
 }
@@ -119,9 +118,7 @@ public class WebSecurityConfig extends
 	@Override
 	protected void configure(HttpSecurity http) {
 		http
-			.csrf(csrf ->
-				csrf.disable()
-			);
+			.csrf(csrf -> csrf.disable());
 	}
 }
 ----
@@ -303,9 +300,8 @@ public class WebSecurityConfig extends
 	@Override
 	protected void configure(HttpSecurity http) {
 		http
-			.logout(logout ->
-				logout
-					.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
+			.logout(logout -> logout
+				.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
 			);
 	}
 }

docs/manual/src/docs/asciidoc/_includes/servlet/exploits/headers.adoc

@@ -27,11 +27,10 @@ public class WebSecurityConfig extends
 	protected void configure(HttpSecurity http) {
 		http
 			// ...
-			.headers(headers ->
-				headers
-					.frameOptions(frameOptions ->
-						frameOptions.sameOrigin()
-					)
+			.headers(headers -> headers
+				.frameOptions(frameOptions -> frameOptions
+					.sameOrigin()
+				)
 			);
 	}
 }
@@ -69,11 +68,10 @@ WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers ->
-				headers
-					// do not use any default headers unless explicitly listed
-					.defaultsDisabled()
-					.cacheControl(withDefaults())
+			.headers(headers -> headers
+				// do not use any default headers unless explicitly listed
+				.defaultsDisabled()
+				.cacheControl(withDefaults())
 			);
 	}
 }
@@ -105,9 +103,7 @@ WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers ->
-				headers.disable()
-			);
+			.headers(headers -> headers.disable());
 	}
 }
 ----
@@ -149,10 +145,8 @@ WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) {
 		http
 			// ...
-			.headers(headers ->
-				headers.cacheControl(cache ->
-					cache.disabled()
-				)
+			.headers(headers -> headers
+				.cacheControl(cache -> cache.disable())
 			);
 	}
 }
@@ -194,10 +188,8 @@ public class WebSecurityConfig extends
 	protected void configure(HttpSecurity http) {
 		http
 			// ...
-			.headers(headers ->
-				headers.contentTypeOptions(contentType ->
-					contentType.disabled()
-				)
+			.headers(headers -> headers
+				.contentTypeOptions(contentTypeOptions -> contentTypeOptions.disable())
 			);
 	}
 }
@@ -239,14 +231,12 @@ WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers ->
-				headers
-					.httpStrictTransportSecurity(hsts ->
-						hsts
-							.includeSubDomains(true)
-							.preload(true)
-							.maxAgeInSeconds(31536000)
-					)
+			.headers(headers -> headers
+				.httpStrictTransportSecurity(hsts -> hsts
+					.includeSubDomains(true)
+					.preload(true)
+					.maxAgeInSeconds(31536000)
+				)
 			);
 	}
 }
@@ -291,14 +281,12 @@ WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers ->
-				headers
-					.httpPublicKeyPinning(hpkp ->
-						hpkp
-							.includeSubDomains(true)
-							.reportUri("https://example.net/pkp-report")
-							.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=", "E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=")
-					)
+			.headers(headers -> headers
+				.httpPublicKeyPinning(hpkp -> hpkp
+					.includeSubDomains(true)
+					.reportUri("https://example.net/pkp-report")
+					.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=", "E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=")
+				)
 			);
 	}
 }
@@ -348,12 +336,10 @@ WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers ->
-				headers
-					.frameOptions(frameOptions ->
-						frameOptions
-							.sameOrigin()
-					)
+			.headers(headers -> headers
+				.frameOptions(frameOptions -> frameOptions
+					.sameOrigin()
+				)
 			);
 	}
 }
@@ -397,12 +383,10 @@ WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers ->
-				headers
-					.xssProtection(xssProtection ->
-						xssProtection
-							.block(false)
-					)
+			.headers(headers -> headers
+				.xssProtection(xss -> xss
+					.block(false)
+				)
 			);
 	}
 }
@@ -456,12 +440,10 @@ WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) {
 		http
 			// ...
-			.headers(headers ->
-				headers
-					.contentSecurityPolicy(csp ->
-						csp
-							.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
-					)
+			.headers(headers -> headers
+				.contentSecurityPolicy(csp -> csp
+					.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
+				)
 			);
 	}
 }
@@ -499,13 +481,11 @@ public class WebSecurityConfig extends
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers ->
-				headers
-					.contentSecurityPolicy(csp ->
-						csp
-							.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
-							.reportOnly()
-					)
+			.headers(headers -> headers
+				.contentSecurityPolicy(csp -> csp
+					.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
+					.reportOnly()
+				)
 			);
 	}
 }
@@ -548,12 +528,10 @@ WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) {
 		http
 			// ...
-			.headers(headers ->
-				headers
-					.referrerPolicy(referrerPolicy ->
-						referrerPolicy
-							.policy(ReferrerPolicy.SAME_ORIGIN)
-					)
+			.headers(headers -> headers
+				.referrerPolicy(referrer -> referrer
+					.policy(ReferrerPolicy.SAME_ORIGIN)
+				)
 			);
 	}
 }
@@ -605,9 +583,8 @@ WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers ->
-				headers
-					.featurePolicy("geolocation 'self'")
+			.headers(headers -> headers
+				.featurePolicy("geolocation 'self'")
 			);
 	}
 }
@@ -694,9 +671,8 @@ WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers ->
-				headers
-					.addHeaderWriter(new StaticHeadersWriter("X-Custom-Security-Header","header-value"))
+			.headers(headers -> headers
+				.addHeaderWriter(new StaticHeadersWriter("X-Custom-Security-Header","header-value"))
 			);
 	}
 }
@@ -739,9 +715,8 @@ WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers ->
-				headers
-					.addHeaderWriter(new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN))
+			.headers(headers -> headers
+				.addHeaderWriter(new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN))
 			);
 	}
 }
@@ -794,12 +769,9 @@ WebSecurityConfigurerAdapter {
 			new DelegatingRequestMatcherHeaderWriter(matcher,new XFrameOptionsHeaderWriter());
 		http
 			// ...
-			.headers(headers ->
-				headers
-					.frameOptions(frameOptions ->
-						frameOptions.disable()
-					)
-					.addHeaderWriter(headerWriter)
+			.headers(headers -> headers
+				.frameOptions(frameOptions -> frameOptions.disable())
+				.addHeaderWriter(headerWriter)
 			);
 	}
 }

docs/manual/src/docs/asciidoc/_includes/servlet/exploits/http.adoc

@@ -25,9 +25,8 @@ public class WebSecurityConfig extends
 	protected void configure(HttpSecurity http) {
 		http
 			// ...
-			.requiresChannel(channel ->
-				channel
-					.anyRequest().requiresSecure()
+			.requiresChannel(channel -> channel
+				.anyRequest().requiresSecure()
 			);
 	}
 }

docs/manual/src/docs/asciidoc/_includes/servlet/integrations/mvc.adoc

@@ -102,9 +102,8 @@ If we wanted to restrict access to this controller method to admin users, a deve
 ----
 protected configure(HttpSecurity http) throws Exception {
 	http
-		.authorizeRequests(authorizeRequests ->
-		    authorizeRequests
-			    .antMatchers("/admin").hasRole("ADMIN")
+		.authorizeRequests(authorize -> authorize
+			.antMatchers("/admin").hasRole("ADMIN")
 		);
 }
 ----
@@ -133,9 +132,8 @@ The following configuration will protect the same URLs that Spring MVC will matc
 ----
 protected configure(HttpSecurity http) throws Exception {
 	http
-		.authorizeRequests(authorizeRequests ->
-		    authorizeRequests
-			    .mvcMatchers("/admin").hasRole("ADMIN")
+		.authorizeRequests(authorize -> authorize
+			.mvcMatchers("/admin").hasRole("ADMIN")
 		);
 }
 ----

docs/manual/src/docs/asciidoc/_includes/servlet/integrations/websocket.adoc

@@ -319,18 +319,16 @@ Similarly, you can customize frame options to use the same origin within Java Co
 public class WebSecurityConfig extends
    WebSecurityConfigurerAdapter {
 
-  @Override
-  protected void configure(HttpSecurity http) throws Exception {
-    http
-      // ...
-      .headers(headers ->
-        headers
-          .frameOptions(frameOptions ->
-             frameOptions
-               .sameOrigin()
-          )
-      );
-  }
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http
+            // ...
+            .headers(headers -> headers
+                .frameOptions(frameOptions -> frameOptions
+                     .sameOrigin()
+                )
+        );
+    }
 }
 ----
 
@@ -361,20 +359,17 @@ public class WebSecurityConfig
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http
-            .csrf(csrf ->
-                csrf
-                    // ignore our stomp endpoints since they are protected using Stomp headers
-                    .ignoringAntMatchers("/chat/**")
+            .csrf(csrf -> csrf
+                // ignore our stomp endpoints since they are protected using Stomp headers
+                .ignoringAntMatchers("/chat/**")
             )
-            .headers(headers ->
-                headers
-                    // allow same origin to frame our site to support iframe SockJS
-                    .frameOptions(frameOptions ->
-                        frameOptions
-                            .sameOrigin()
-                    )
+            .headers(headers -> headers
+                // allow same origin to frame our site to support iframe SockJS
+                .frameOptions(frameOptions -> frameOptions
+                    .sameOrigin()
+                )
             )
-            .authorizeRequests(authorizeRequests ->
+            .authorizeRequests(authorize -> authorize
                 ...
             )
             ...

docs/manual/src/docs/asciidoc/_includes/servlet/java-configuration/index.adoc

@@ -140,9 +140,8 @@ It has a method called `configure` with the following default implementation:
 ----
 protected void configure(HttpSecurity http) throws Exception {
 	http
-		.authorizeRequests(authorizeRequests ->
-		    authorizeRequests
-			    .anyRequest().authenticated()
+		.authorizeRequests(authorize -> authorize
+			.anyRequest().authenticated()
 		)
 		.formLogin(withDefaults())
 		.httpBasic(withDefaults());
@@ -192,9 +191,8 @@ public class MultiHttpSecurityConfig {
 		protected void configure(HttpSecurity http) throws Exception {
 			http
 				.antMatcher("/api/**")                               <3>
-				.authorizeRequests(authorizeRequests ->
-				    authorizeRequests
-					    .anyRequest().hasRole("ADMIN")
+				.authorizeRequests(authorize -> authorize
+					.anyRequest().hasRole("ADMIN")
 			    )
 				.httpBasic(withDefaults());
 		}
@@ -206,9 +204,8 @@ public class MultiHttpSecurityConfig {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			http
-				.authorizeRequests(authorizeRequests ->
-				    authorizeRequests
-					    .anyRequest().authenticated()
+				.authorizeRequests(authorize -> authorize
+					.anyRequest().authenticated()
 				)
 				.formLogin(withDefaults());
 		}
@@ -326,16 +323,15 @@ For example, if you wanted to configure the `filterSecurityPublishAuthorizationS
 @Override
 protected void configure(HttpSecurity http) throws Exception {
 	http
-		.authorizeRequests(authorizeRequests ->
-			authorizeRequests
-				.anyRequest().authenticated()
-				.withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
-					public <O extends FilterSecurityInterceptor> O postProcess(
-							O fsi) {
-						fsi.setPublishAuthorizationSuccess(true);
-						return fsi;
-					}
-				})
+		.authorizeRequests(authorize -> authorize
+			.anyRequest().authenticated()
+			.withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
+				public <O extends FilterSecurityInterceptor> O postProcess(
+						O fsi) {
+					fsi.setPublishAuthorizationSuccess(true);
+					return fsi;
+				}
+			})
 		);
 }
 ----

docs/manual/src/docs/asciidoc/_includes/servlet/oauth2/oauth2-client.adoc

@@ -27,17 +27,15 @@ public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.oauth2Client(oauth2Client ->
-			    oauth2Client
-				    .clientRegistrationRepository(this.clientRegistrationRepository())
-				    .authorizedClientRepository(this.authorizedClientRepository())
-				    .authorizedClientService(this.authorizedClientService())
-				    .authorizationCodeGrant(authorizationCodeGrant ->
-					    authorizationCodeGrant
-						    .authorizationRequestRepository(this.authorizationRequestRepository())
-						    .authorizationRequestResolver(this.authorizationRequestResolver())
-						    .accessTokenResponseClient(this.accessTokenResponseClient())
-				    )
+			.oauth2Client(oauth2 -> oauth2
+				.clientRegistrationRepository(this.clientRegistrationRepository())
+				.authorizedClientRepository(this.authorizedClientRepository())
+				.authorizedClientService(this.authorizedClientService())
+				.authorizationCodeGrant(codeGrant -> codeGrant
+					.authorizationRequestRepository(this.authorizationRequestRepository())
+					.authorizationRequestResolver(this.authorizationRequestResolver())
+					.accessTokenResponseClient(this.accessTokenResponseClient())
+				)
 			);
 	}
 }
@@ -465,18 +463,16 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests(authorizeRequests ->
-			    authorizeRequests
-				    .anyRequest().authenticated()
+			.authorizeRequests(authorize -> authorize
+				.anyRequest().authenticated()
 			)
-			.oauth2Login(oauth2Login ->
-				oauth2Login
-					.authorizationEndpoint(authorizationEndpoint ->
-						authorizationEndpoint
-							.authorizationRequestResolver(
-							    new CustomAuthorizationRequestResolver(
-							            this.clientRegistrationRepository))    <1>
+			.oauth2Login(oauth2 -> oauth2
+				.authorizationEndpoint(authorization -> authorization
+					.authorizationRequestResolver(
+					    new CustomAuthorizationRequestResolver(
+					            this.clientRegistrationRepository)    <1>
 					)
+				)
 			);
 	}
 }
@@ -595,13 +591,11 @@ public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.oauth2Client(oauth2Client ->
-			    oauth2Client
-				    .authorizationCodeGrant(authorizationCodeGrant ->
-				        authorizationCodeGrant
-					        .authorizationRequestRepository(this.authorizationRequestRepository())
-					        ...
-					)
+			.oauth2Client(oauth2 -> oauth2
+				.authorizationCodeGrant(codeGrant -> codeGrant
+					.authorizationRequestRepository(this.authorizationRequestRepository())
+					...
+				)
 			);
 	}
 }
@@ -659,13 +653,11 @@ public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.oauth2Client(oauth2Client ->
-			    oauth2Client
-				    .authorizationCodeGrant(authorizationCodeGrant ->
-				        authorizationCodeGrant
-					        .accessTokenResponseClient(this.accessTokenResponseClient())
-					        ...
-					 )
+			.oauth2Client(oauth2 -> oauth2
+				.authorizationCodeGrant(codeGrant -> codeGrant
+					.accessTokenResponseClient(this.accessTokenResponseClient())
+					...
+				)
 			);
 	}
 }

docs/manual/src/docs/asciidoc/_includes/servlet/oauth2/oauth2-login.adoc

@@ -291,9 +291,8 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests(authorizeRequests ->
-			    authorizeRequests
-				    .anyRequest().authenticated()
+			.authorizeRequests(authorize -> authorize
+				.anyRequest().authenticated()
 			)
 			.oauth2Login(withDefaults());
 	}
@@ -317,9 +316,8 @@ public class OAuth2LoginConfig {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			http
-				.authorizeRequests(authorizeRequests ->
-				    authorizeRequests
-					    .anyRequest().authenticated()
+				.authorizeRequests(authorize -> authorize
+					.anyRequest().authenticated()
 				)
 				.oauth2Login(withDefaults());
 		}
@@ -366,9 +364,8 @@ public class OAuth2LoginConfig {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			http
-				.authorizeRequests(authorizeRequests ->
-				    authorizeRequests
-					    .anyRequest().authenticated()
+				.authorizeRequests(authorize -> authorize
+					.anyRequest().authenticated()
 				)
 				.oauth2Login(withDefaults());
 		}
@@ -418,24 +415,19 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.oauth2Login(oauth2Login ->
-			    oauth2Login
-			        .authorizationEndpoint(authorizationEndpoint ->
-			            authorizationEndpoint
-			                ...
-			        )
-			        .redirectionEndpoint(redirectionEndpoint ->
-			            redirectionEndpoint
-			                ...
-			        )
-			        .tokenEndpoint(tokenEndpoint ->
-			            tokenEndpoint
-			                ...
-			        )
-			        .userInfoEndpoint(userInfoEndpoint ->
-			            userInfoEndpoint
-			                ...
-			        )
+			.oauth2Login(oauth2 -> oauth2
+			    .authorizationEndpoint(authorization -> authorization
+			            ...
+			    )
+			    .redirectionEndpoint(redirection -> redirection
+			            ...
+			    )
+			    .tokenEndpoint(token -> token
+			            ...
+			    )
+			    .userInfoEndpoint(userInfo -> userInfo
+			            ...
+			    )
 			);
 	}
 }
@@ -470,33 +462,28 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.oauth2Login(oauth2Login ->
-			    oauth2Login
-			        .clientRegistrationRepository(this.clientRegistrationRepository())
-			        .authorizedClientRepository(this.authorizedClientRepository())
-			        .authorizedClientService(this.authorizedClientService())
-			        .loginPage("/login")
-			        .authorizationEndpoint(authorizationEndpoint ->
-			            authorizationEndpoint
-			                .baseUri(this.authorizationRequestBaseUri())
-			                .authorizationRequestRepository(this.authorizationRequestRepository())
-			                .authorizationRequestResolver(this.authorizationRequestResolver())
-			        )
-			        .redirectionEndpoint(redirectionEndpoint ->
-			             redirectionEndpoint
-			                .baseUri(this.authorizationResponseBaseUri())
-			        )
-			        .tokenEndpoint(tokenEndpoint ->
-			            tokenEndpoint
-			                .accessTokenResponseClient(this.accessTokenResponseClient())
-			        )
-			        .userInfoEndpoint(userInfoEndpoint ->
-			            userInfoEndpoint
-			                .userAuthoritiesMapper(this.userAuthoritiesMapper())
-			                .userService(this.oauth2UserService())
-			                .oidcUserService(this.oidcUserService())
-			                .customUserType(GitHubOAuth2User.class, "github")
-			        )
+			.oauth2Login(oauth2 -> oauth2
+			    .clientRegistrationRepository(this.clientRegistrationRepository())
+			    .authorizedClientRepository(this.authorizedClientRepository())
+			    .authorizedClientService(this.authorizedClientService())
+			    .loginPage("/login")
+			    .authorizationEndpoint(authorization -> authorization
+			        .baseUri(this.authorizationRequestBaseUri())
+			        .authorizationRequestRepository(this.authorizationRequestRepository())
+			        .authorizationRequestResolver(this.authorizationRequestResolver())
+			    )
+			    .redirectionEndpoint(redirection -> redirection
+			        .baseUri(this.authorizationResponseBaseUri())
+			    )
+			    .tokenEndpoint(token -> token
+			        .accessTokenResponseClient(this.accessTokenResponseClient())
+			    )
+			    .userInfoEndpoint(userInfo -> userInfo
+			        .userAuthoritiesMapper(this.userAuthoritiesMapper())
+			        .userService(this.oauth2UserService())
+			        .oidcUserService(this.oidcUserService())
+			        .customUserType(GitHubOAuth2User.class, "github")
+			    )
 			);
 	}
 }
@@ -542,15 +529,13 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.oauth2Login(oauth2Login ->
-			    oauth2Login
-			        .loginPage("/login/oauth2")
+			.oauth2Login(oauth2 -> oauth2
+			    .loginPage("/login/oauth2")
+			    ...
+			    .authorizationEndpoint(authorization -> authorization
+			        .baseUri("/login/oauth2/authorization")
 			        ...
-			        .authorizationEndpoint(authorizationEndpoint ->
-			            authorizationEndpoint
-			                .baseUri("/login/oauth2/authorization")
-			                ...
-			        )
+			    )
 			);
 	}
 }
@@ -594,13 +579,11 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.oauth2Login(oauth2Login ->
-			    oauth2Login
-			        .redirectionEndpoint(redirectionEndpoint ->
-			            redirectionEndpoint
-			                .baseUri("/login/oauth2/callback/*")
-			                ...
-			        )
+			.oauth2Login(oauth2 -> oauth2
+			    .redirectionEndpoint(redirection -> redirection
+			        .baseUri("/login/oauth2/callback/*")
+			        ...
+			    )
 			);
 	}
 }
@@ -661,13 +644,11 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.oauth2Login(oauth2Login ->
-			    oauth2Login
-			        .userInfoEndpoint(userInfoEndpoint ->
-			            userInfoEndpoint
-			                .userAuthoritiesMapper(this.userAuthoritiesMapper())
-			                ...
-			        )
+			.oauth2Login(oauth2 -> oauth2
+			    .userInfoEndpoint(userInfo -> userInfo
+			        .userAuthoritiesMapper(this.userAuthoritiesMapper())
+			        ...
+			    )
 			);
 	}
 
@@ -740,13 +721,11 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.oauth2Login(oauth2Login ->
-			    oauth2Login
-			        .userInfoEndpoint(userInfoEndpoint ->
-			            userInfoEndpoint
-			                .oidcUserService(this.oidcUserService())
-			                ...
-			        )
+			.oauth2Login(oauth2 -> oauth2
+			    .userInfoEndpoint(userInfo -> userInfo
+			        .oidcUserService(this.oidcUserService())
+			        ...
+			    )
 			);
 	}
 
@@ -791,13 +770,11 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.oauth2Login(oauth2Login ->
-			    oauth2Login
-			        .userInfoEndpoint(userInfoEndpoint ->
-			            userInfoEndpoint
-			                .customUserType(GitHubOAuth2User.class, "github")
-			                ...
-			        )
+			.oauth2Login(oauth2 -> oauth2
+			    .userInfoEndpoint(userInfo -> userInfo
+			        .customUserType(GitHubOAuth2User.class, "github")
+			        ...
+			    )
 			);
 	}
 }
@@ -909,13 +886,11 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.oauth2Login(oauth2Login ->
-			    oauth2Login
-			        .userInfoEndpoint(userInfoEndpoint ->
-			            userInfoEndpoint
-			                .userService(this.oauth2UserService())
-			                ...
-			        )
+			.oauth2Login(oauth2 -> oauth2
+			    .userInfoEndpoint(userInfo -> userInfo
+			        .userService(this.oauth2UserService())
+			        ...
+			    )
 			);
 	}
 
@@ -945,13 +920,11 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.oauth2Login(oauth2Login ->
-			    oauth2Login
-				    .userInfoEndpoint(userInfoEndpoint ->
-				        userInfoEndpoint
-				            .oidcUserService(this.oidcUserService())
-			                ...
-			        )
+			.oauth2Login(oauth2 -> oauth2
+				.userInfoEndpoint(userInfo -> userInfo
+				    .oidcUserService(this.oidcUserService())
+				    ...
+			    )
 			);
 	}
 
@@ -1031,14 +1004,12 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests(authorizeRequests ->
-				authorizeRequests
-					.anyRequest().authenticated()
+			.authorizeRequests(authorize -> authorize
+				.anyRequest().authenticated()
 			)
 			.oauth2Login(withDefaults())
-			.logout(logout ->
-				logout
-					.logoutSuccessHandler(oidcLogoutSuccessHandler())
+			.logout(logout -> logout
+				.logoutSuccessHandler(oidcLogoutSuccessHandler())
 			);
 	}
 

docs/manual/src/docs/asciidoc/_includes/servlet/oauth2/oauth2-resourceserver.adoc

@@ -128,9 +128,8 @@ The first is a `WebSecurityConfigurerAdapter` that configures the app as a resou
 ----
 protected void configure(HttpSecurity http) {
     http
-        .authorizeRequests(authorizeRequests ->
-            authorizeRequests
-                .anyRequest().authenticated()
+        .authorizeRequests(authorize -> authorize
+            .anyRequest().authenticated()
         )
         .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
 }
@@ -146,17 +145,14 @@ Replacing this is as simple as exposing the bean within the application:
 public class MyCustomSecurityConfiguration extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) {
         http
-            .authorizeRequests(authorizeRequests ->
-                authorizeRequests
-                    .mvcMatchers("/messages/**").hasAuthority("SCOPE_message:read")
-                    .anyRequest().authenticated()
+            .authorizeRequests(authorize -> authorize
+                .mvcMatchers("/messages/**").hasAuthority("SCOPE_message:read")
+                .anyRequest().authenticated()
             )
-            .oauth2ResourceServer(oauth2ResourceServer ->
-                oauth2ResourceServer
-                    .jwt(jwt ->
-                        jwt
-                            .jwtAuthenticationConverter(myConverter())
-                    )
+            .oauth2ResourceServer(oauth2 -> oauth2
+                .jwt(jwt -> jwt
+                    .jwtAuthenticationConverter(myConverter())
+                )
             );
     }
 }
@@ -194,16 +190,13 @@ An authorization server's JWK Set Uri can be configured <<oauth2resourceserver-j
 public class DirectlyConfiguredJwkSetUri extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) {
         http
-            .authorizeRequests(authorizeRequests ->
-                authorizeRequests
-                    .anyRequest().authenticated()
+            .authorizeRequests(authorize -> authorize
+                .anyRequest().authenticated()
             )
-            .oauth2ResourceServer(oauth2ResourceServer ->
-                oauth2ResourceServer
-                    .jwt(jwt ->
-                        jwt
-                            .jwkSetUri("https://idp.example.com/.well-known/jwks.json")
-                    )
+            .oauth2ResourceServer(oauth2 -> oauth2
+                .jwt(jwt -> jwt
+                    .jwkSetUri("https://idp.example.com/.well-known/jwks.json")
+                )
             );
     }
 }
@@ -222,16 +215,13 @@ More powerful than `jwkSetUri()` is `decoder()`, which will completely replace a
 public class DirectlyConfiguredJwtDecoder extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) {
         http
-            .authorizeRequests(authorizeRequests ->
-                authorizeRequests
-                    .anyRequest().authenticated()
+            .authorizeRequests(authorize -> authorize
+                .anyRequest().authenticated()
             )
-            .oauth2ResourceServer(oauth2ResourceServer ->
-                oauth2ResourceServer
-                    .jwt(jwt ->
-                        jwt
-                            .decoder(myCustomDecoder())
-                    )
+            .oauth2ResourceServer(oauth2 -> oauth2
+                .jwt(jwt -> jwt
+                    .decoder(myCustomDecoder())
+                )
             );
     }
 }
@@ -427,7 +417,7 @@ This means that to protect an endpoint or method with a scope derived from a JWT
 public class DirectlyConfiguredJwkSetUri extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) {
         http
-            .authorizeRequests(authorizeRequests -> authorizeRequests
+            .authorizeRequests(authorize -> authorize
                 .mvcMatchers("/contacts/**").hasAuthority("SCOPE_contacts")
                 .mvcMatchers("/messages/**").hasAuthority("SCOPE_messages")
                 .anyRequest().authenticated()
@@ -460,16 +450,13 @@ To this end, the DSL exposes `jwtAuthenticationConverter()`:
 public class DirectlyConfiguredJwkSetUri extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) {
         http
-            .authorizeRequests(authorizeRequests ->
-                authorizeRequests
-                    .anyRequest().authenticated()
+            .authorizeRequests(authorize -> authorize
+                .anyRequest().authenticated()
             )
-            .oauth2ResourceServer(oauth2ResourceServer ->
-                oauth2ResourceServer
-                    .jwt(jwt ->
-                        jwt
-                            .jwtAuthenticationConverter(grantedAuthoritiesExtractor())
-                    )
+            .oauth2ResourceServer(oauth2 -> oauth2
+                .jwt(jwt -> jwt
+                    .jwtAuthenticationConverter(grantedAuthoritiesExtractor())
+                )
             );
     }
 }
@@ -828,9 +815,8 @@ When use Opaque Token, this `WebSecurityConfigurerAdapter` looks like:
 ----
 protected void configure(HttpSecurity http) {
     http
-        .authorizeRequests(authorizeRequests ->
-            authorizeRequests
-                .anyRequest().authenticated()
+        .authorizeRequests(authorize -> authorize
+            .anyRequest().authenticated()
         )
         .oauth2ResourceServer(OAuth2ResourceServerConfigurer::opaqueToken);
 }
@@ -846,17 +832,14 @@ Replacing this is as simple as exposing the bean within the application:
 public class MyCustomSecurityConfiguration extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) {
         http
-            .authorizeRequests(authorizeRequests ->
-                authorizeRequests
-                    .mvcMatchers("/messages/**").hasAuthority("SCOPE_message:read")
-                    .anyRequest().authenticated()
+            .authorizeRequests(authorize -> authorize
+                .mvcMatchers("/messages/**").hasAuthority("SCOPE_message:read")
+                .anyRequest().authenticated()
             )
-            .oauth2ResourceServer(oauth2ResourceServer ->
-                oauth2ResourceServer
-                    .opaqueToken(opaqueToken ->
-                        opaqueToken
-                            .introspector(myIntrospector())
-                    )
+            .oauth2ResourceServer(oauth2 -> oauth2
+                .opaqueToken(opaqueToken -> opaqueToken
+                    .introspector(myIntrospector())
+                )
             );
     }
 }
@@ -891,17 +874,14 @@ An authorization server's Introspection Uri can be configured <<oauth2resourcese
 public class DirectlyConfiguredIntrospectionUri extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) {
         http
-            .authorizeRequests(authorizeRequests ->
-                authorizeRequests
-                    .anyRequest().authenticated()
+            .authorizeRequests(authorize -> authorize
+                .anyRequest().authenticated()
             )
-            .oauth2ResourceServer(oauth2ResourceServer ->
-                oauth2ResourceServer
-                    .opaqueToken(opaqueToken ->
-                        opaqueToken
-                            .introspectionUri("https://idp.example.com/introspect")
-                            .introspectionClientCredentials("client", "secret")
-                    )
+            .oauth2ResourceServer(oauth2 -> oauth2
+                .opaqueToken(opaqueToken -> opaqueToken
+                    .introspectionUri("https://idp.example.com/introspect")
+                    .introspectionClientCredentials("client", "secret")
+                )
             );
     }
 }
@@ -920,16 +900,13 @@ More powerful than `introspectionUri()` is `introspector()`, which will complete
 public class DirectlyConfiguredIntrospector extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) {
         http
-            .authorizeRequests(authorizeRequests ->
-                authorizeRequests
-                    .anyRequest().authenticated()
+            .authorizeRequests(authorize -> authorize
+                .anyRequest().authenticated()
             )
-            .oauth2ResourceServer(oauth2ResourceServer ->
-                oauth2ResourceServer
-                    .opaqueToken(opaqueToken ->
-                        opaqueToken
-                            .introspector(myCustomIntrospector())
-                    )
+            .oauth2ResourceServer(oauth2 -> oauth2
+                .opaqueToken(opaqueToken -> opaqueToken
+                    .introspector(myCustomIntrospector())
+                )
             );
     }
 }
@@ -1220,13 +1197,11 @@ And then specify this `AuthenticationManagerResolver` in the DSL:
 [source,java]
 ----
 http
-    .authorizeRequests(authorizeRequests ->
-        authorizeRequests
-            .anyRequest().authenticated()
+    .authorizeRequests(authorize -> authorize
+        .anyRequest().authenticated()
     )
-    .oauth2ResourceServer(oauth2ResourceServer ->
-        oauth2ResourceServer
-            .authenticationManagerResolver(this.tokenAuthenticationManagerResolver)
+    .oauth2ResourceServer(oauth2 -> oauth2
+        .authenticationManagerResolver(this.tokenAuthenticationManagerResolver)
     );
 ----
 
@@ -1253,13 +1228,11 @@ JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIs
     ("https://idp.example.org/issuerOne", "https://idp.example.org/issuerTwo");
 
 http
-    .authorizeRequests(authorizeRequests ->
-        authorizeRequests
-            .anyRequest().authenticated()
+    .authorizeRequests(authorize -> authorize
+        .anyRequest().authenticated()
     )
-    .oauth2ResourceServer(oauth2ResourceServer ->
-        oauth2ResourceServer
-            .authenticationManagerResolver(authenticationManagerResolver)
+    .oauth2ResourceServer(oauth2 -> oauth2
+        .authenticationManagerResolver(authenticationManagerResolver)
     );
 ----
 
@@ -1286,13 +1259,11 @@ JwtIssuerAuthenticationManagerResolver authenticationManagerResolver =
         new JwtIssuerAuthenticationManagerResolver(authenticationManagers::get);
 
 http
-    .authorizeRequests(authorizeRequests ->
-        authorizeRequests
-            .anyRequest().authenticated()
+    .authorizeRequests(authorize -> authorize
+        .anyRequest().authenticated()
     )
-    .oauth2ResourceServer(oauth2ResourceServer ->
-        oauth2ResourceServer
-            .authenticationManagerResolver(authenticationManagerResolver)
+    .oauth2ResourceServer(oauth2 -> oauth2
+        .authenticationManagerResolver(authenticationManagerResolver)
     );
 ----
 
@@ -1443,9 +1414,8 @@ To achieve this, you can wire a `HeaderBearerTokenResolver` instance into the DS
 [source,java]
 ----
 http
-    .oauth2ResourceServer(oauth2ResourceServer ->
-        oauth2ResourceServer
-            .bearerTokenResolver(new HeaderBearerTokenResolver("x-goog-iap-jwt-assertion"))
+    .oauth2ResourceServer(oauth2 -> oauth2
+        .bearerTokenResolver(new HeaderBearerTokenResolver("x-goog-iap-jwt-assertion"))
     );
 ----
 
@@ -1458,9 +1428,8 @@ Or, you may wish to read the token from a form parameter, which you can do by co
 DefaultBearerTokenResolver resolver = new DefaultBearerTokenResolver();
 resolver.setAllowFormEncodedBodyParameter(true);
 http
-    .oauth2ResourceServer(oauth2ResourceServer ->
-        oauth2ResourceServer
-            .bearerTokenResolver(resolver)
+    .oauth2ResourceServer(oauth2 -> oauth2
+        .bearerTokenResolver(resolver)
     );
 ----
 

docs/manual/src/docs/asciidoc/_includes/servlet/saml2/saml2-login.adoc

@@ -85,9 +85,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http
-            .authorizeRequests(authorizeRequests ->
-                authorizeRequests
-                    .anyRequest().authenticated()
+            .authorizeRequests(authorize -> authorize
+                .anyRequest().authenticated()
             )
             .saml2Login(withDefaults())
         ;
@@ -105,13 +104,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http
-            .authorizeRequests(authorizeRequests ->
-                authorizeRequests
-                    .anyRequest().authenticated()
+            .authorizeRequests(authorize -> authorize
+                .anyRequest().authenticated()
             )
-            .saml2Login(saml2Login ->
-                saml2Login
-                    .relyingPartyRegistrationRepository(...)
+            .saml2Login(saml2 -> saml2
+                .relyingPartyRegistrationRepository(...)
             )
         ;
     }
@@ -262,13 +259,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
         };
 
         http
-            .authorizeRequests(authorizeRequests ->
-                authorizeRequests
-                    .anyRequest().authenticated()
+            .authorizeRequests(authorize -> authorize
+                .anyRequest().authenticated()
             )
-            .saml2Login(saml2Login ->
-                saml2Login
-                   .addObjectPostProcessor(processor)
+            .saml2Login(saml2 -> saml2
+               .addObjectPostProcessor(processor)
             )
         ;
     }
@@ -291,13 +286,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
         authProvider.setAuthoritiesMapper(AUTHORITIES_MAPPER);
         authProvider.setAuthoritiesExtractor(AUTHORITIES_EXTRACTOR);
         http
-            .authorizeRequests(authorizeRequests ->
-                authorizeRequests
-                    .anyRequest().authenticated()
+            .authorizeRequests(authorize -> authorize
+                .anyRequest().authenticated()
             )
-            .saml2Login(saml2Login ->
-                saml2Login
-                    .authenticationManager(new ProviderManager(asList(authProvider)))
+            .saml2Login(saml2 -> saml2
+                .authenticationManager(new ProviderManager(asList(authProvider)))
             )
         ;
     }
@@ -319,13 +312,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) throws Exception {
         AuthenticationManager authenticationManager = new MySaml2AuthenticationManager(...);
         http
-            .authorizeRequests(authorizeRequests ->
-                authorizeRequests
-                    .anyRequest().authenticated()
+            .authorizeRequests(authorize -> authorize
+                .anyRequest().authenticated()
             )
-            .saml2Login(saml2Login ->
-                saml2Login
-                    .authenticationManager(authenticationManager)
+            .saml2Login(saml2 -> saml2
+                .authenticationManager(authenticationManager)
             )
         ;
     }

samples/boot/hellowebflux-method/src/main/java/sample/SecurityConfig.java

@@ -40,9 +40,8 @@ public class SecurityConfig {
 		return http
 			// Demonstrate that method security works
 			// Best practice to use both for defense in depth
-			.authorizeExchange(exchanges ->
-				exchanges
-					.anyExchange().permitAll()
+			.authorizeExchange(exchanges -> exchanges
+				.anyExchange().permitAll()
 			)
 			.httpBasic(withDefaults())
 			.build();

samples/boot/helloworld/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -34,15 +34,13 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-				.authorizeRequests(authorizeRequests ->
-					authorizeRequests
-						.antMatchers("/css/**", "/index").permitAll()
-						.antMatchers("/user/**").hasRole("USER")
+				.authorizeRequests(authorize -> authorize
+					.antMatchers("/css/**", "/index").permitAll()
+					.antMatchers("/user/**").hasRole("USER")
 				)
-				.formLogin(formLogin ->
-					formLogin
-						.loginPage("/login")
-						.failureUrl("/login-error")
+				.formLogin(formLogin -> formLogin
+					.loginPage("/login")
+					.failureUrl("/login-error")
 				);
 	}
 	// @formatter:on