Replace < and > with &lt and &gt in Javadoc

Closes gh-9847

config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2019 the original author or authors.
+ * Copyright 2019-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -60,7 +60,7 @@ import org.springframework.security.rsocket.util.matcher.RoutePayloadExchangeMat
  *     @Bean
  *     PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
  *         rsocket
- *             .authorizePayload((authorize) ->
+ *             .authorizePayload((authorize) ->
  *                 authorize
  *                     .anyRequest().authenticated()
  *             );
@@ -87,7 +87,7 @@ import org.springframework.security.rsocket.util.matcher.RoutePayloadExchangeMat
  *     @Bean
  *     PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
  *         rsocket
- *             .authorizePayload((authorize) ->
+ *             .authorizePayload((authorize) ->
  *                 authorize
  *                     // must have ROLE_SETUP to make connection
  *                     .setup().hasRole("SETUP")

config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -269,11 +269,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) {
 	 * 		http
-	 * 			.authorizeRequests((authorizeRequests) ->
+	 * 			.authorizeRequests((authorizeRequests) -&gt;
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
-	 * 			.openidLogin((openidLogin) ->
+	 * 			.openidLogin((openidLogin) -&gt;
 	 * 				openidLogin
 	 * 					.permitAll()
 	 * 			);
@@ -302,48 +302,48 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 *
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
-	 * 		http.authorizeRequests((authorizeRequests) ->
+	 * 		http.authorizeRequests((authorizeRequests) -&gt;
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
-	 * 			.openidLogin((openidLogin) ->
+	 * 			.openidLogin((openidLogin) -&gt;
 	 * 				openidLogin
 	 * 					.loginPage(&quot;/login&quot;)
 	 * 					.permitAll()
 	 * 					.authenticationUserDetailsService(
 	 * 						new AutoProvisioningUserDetailsService())
-	 * 					.attributeExchange((googleExchange) ->
+	 * 					.attributeExchange((googleExchange) -&gt;
 	 * 						googleExchange
 	 * 							.identifierPattern(&quot;https://www.google.com/.*&quot;)
-	 * 							.attribute((emailAttribute) ->
+	 * 							.attribute((emailAttribute) -&gt;
 	 * 								emailAttribute
 	 * 									.name(&quot;email&quot;)
 	 * 									.type(&quot;https://axschema.org/contact/email&quot;)
 	 * 									.required(true)
 	 * 							)
-	 * 							.attribute((firstnameAttribute) ->
+	 * 							.attribute((firstnameAttribute) -&gt;
 	 * 								firstnameAttribute
 	 * 									.name(&quot;firstname&quot;)
 	 * 									.type(&quot;https://axschema.org/namePerson/first&quot;)
 	 * 									.required(true)
 	 * 							)
-	 * 							.attribute((lastnameAttribute) ->
+	 * 							.attribute((lastnameAttribute) -&gt;
 	 * 								lastnameAttribute
 	 * 									.name(&quot;lastname&quot;)
 	 * 									.type(&quot;https://axschema.org/namePerson/last&quot;)
 	 * 									.required(true)
 	 * 							)
 	 * 					)
-	 * 					.attributeExchange((yahooExchange) ->
+	 * 					.attributeExchange((yahooExchange) -&gt;
 	 * 						yahooExchange
 	 * 							.identifierPattern(&quot;.*yahoo.com.*&quot;)
-	 * 							.attribute((emailAttribute) ->
+	 * 							.attribute((emailAttribute) -&gt;
 	 * 								emailAttribute
 	 * 									.name(&quot;email&quot;)
 	 * 									.type(&quot;https://schema.openid.net/contact/email&quot;)
 	 * 									.required(true)
 	 * 							)
-	 * 							.attribute((fullnameAttribute) ->
+	 * 							.attribute((fullnameAttribute) -&gt;
 	 * 								fullnameAttribute
 	 * 									.name(&quot;fullname&quot;)
 	 * 									.type(&quot;https://axschema.org/namePerson&quot;)
@@ -497,7 +497,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 *	&#064;Override
 	 *	protected void configure(HttpSecurity http) throws Exception {
 	 *		http
-	 *			.headers((headers) ->
+	 *			.headers((headers) -&gt;
 	 *				headers
 	 *					.contentTypeOptions(withDefaults())
 	 *					.xssProtection(withDefaults())
@@ -519,7 +519,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 *	&#064;Override
 	 *	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.headers((headers) -> headers.disable());
+	 * 			.headers((headers) -&gt; headers.disable());
 	 *	}
 	 * }
 	 * </pre>
@@ -538,7 +538,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 *	&#064;Override
 	 *	protected void configure(HttpSecurity http) throws Exception {
 	 *		http
-	 *			.headers((headers) ->
+	 *			.headers((headers) -&gt;
 	 *				headers
 	 *			 		.defaultsDisabled()
 	 *			 		.cacheControl(withDefaults())
@@ -560,9 +560,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 *  protected void configure(HttpSecurity http) throws Exception {
 	 *  	http
-	 *  		.headers((headers) ->
+	 *  		.headers((headers) -&gt;
 	 *  			headers
-	 *  				.frameOptions((frameOptions) -> frameOptions.disable())
+	 *  				.frameOptions((frameOptions) -&gt; frameOptions.disable())
 	 *  		);
 	 * }
 	 * </pre>
@@ -686,17 +686,17 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests((authorizeRequests) ->
+	 * 			.authorizeRequests((authorizeRequests) -&gt;
 	 * 				authorizeRequests
 	 * 					.anyRequest().hasRole(&quot;USER&quot;)
 	 * 			)
-	 * 			.formLogin((formLogin) ->
+	 * 			.formLogin((formLogin) -&gt;
 	 * 				formLogin
 	 * 					.permitAll()
 	 * 			)
-	 * 			.sessionManagement((sessionManagement) ->
+	 * 			.sessionManagement((sessionManagement) -&gt;
 	 * 				sessionManagement
-	 * 					.sessionConcurrency((sessionConcurrency) ->
+	 * 					.sessionConcurrency((sessionConcurrency) -&gt;
 	 * 						sessionConcurrency
 	 * 							.maximumSessions(1)
 	 * 							.expiredUrl(&quot;/login?expired&quot;)
@@ -797,11 +797,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.requiresChannel((requiresChannel) ->
+	 * 			.requiresChannel((requiresChannel) -&gt;
 	 * 				requiresChannel
 	 * 					.anyRequest().requiresSecure()
 	 * 			)
-	 * 			.portMapper((portMapper) ->
+	 * 			.portMapper((portMapper) -&gt;
 	 * 				portMapper
 	 * 					.http(9090).mapsTo(9443)
 	 * 					.http(80).mapsTo(443)
@@ -910,11 +910,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests((authorizeRequests) ->
+	 * 			.authorizeRequests((authorizeRequests) -&gt;
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
-	 * 			.jee((jee) ->
+	 * 			.jee((jee) -&gt;
 	 * 				jee
 	 * 					.mappableRoles(&quot;USER&quot;, &quot;ADMIN&quot;)
 	 * 			);
@@ -1018,7 +1018,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests((authorizeRequests) ->
+	 * 			.authorizeRequests((authorizeRequests) -&gt;
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
@@ -1090,7 +1090,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests((authorizeRequests) ->
+	 * 			.authorizeRequests((authorizeRequests) -&gt;
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
@@ -1197,7 +1197,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests((authorizeRequests) ->
+	 * 			.authorizeRequests((authorizeRequests) -&gt;
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
@@ -1218,7 +1218,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests((authorizeRequests) ->
+	 * 			.authorizeRequests((authorizeRequests) -&gt;
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/admin/**&quot;).hasRole(&quot;ADMIN&quot;)
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
@@ -1240,7 +1240,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		 http
-	 * 		 	.authorizeRequests((authorizeRequests) ->
+	 * 		 	.authorizeRequests((authorizeRequests) -&gt;
 	 * 		 		authorizeRequests
 	 * 			 		.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			 		.antMatchers(&quot;/admin/**&quot;).hasRole(&quot;ADMIN&quot;)
@@ -1281,7 +1281,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeHttpRequests((authorizeHttpRequests) ->
+	 * 			.authorizeHttpRequests((authorizeHttpRequests) -&gt;
 	 * 				authorizeHttpRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
@@ -1302,7 +1302,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeHttpRequests((authorizeHttpRequests) ->
+	 * 			.authorizeHttpRequests((authorizeHttpRequests) -&gt;
 	 * 				authorizeHttpRequests
 	 * 					.antMatchers(&quot;/admin/**&quot;).hasRole(&quot;ADMIN&quot;)
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
@@ -1324,7 +1324,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 		 	.authorizeHttpRequests((authorizeHttpRequests) ->
+	 * 		 	.authorizeHttpRequests((authorizeHttpRequests) -&gt;
 	 * 		 		authorizeHttpRequests
 	 * 			 		.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			 		.antMatchers(&quot;/admin/**&quot;).hasRole(&quot;ADMIN&quot;)
@@ -1380,11 +1380,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests((authorizeRequests) ->
+	 * 			.authorizeRequests((authorizeRequests) -&gt;
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
-	 * 			.requestCache((requestCache) ->
+	 * 			.requestCache((requestCache) -&gt;
 	 * 				requestCache.disable()
 	 * 			);
 	 * 	}
@@ -1428,12 +1428,12 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests((authorizeRequests) ->
+	 * 			.authorizeRequests((authorizeRequests) -&gt;
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
 	 * 			// sample exception handling customization
-	 * 			.exceptionHandling((exceptionHandling) ->
+	 * 			.exceptionHandling((exceptionHandling) -&gt;
 	 * 				exceptionHandling
 	 * 					.accessDeniedPage(&quot;/errors/access-denied&quot;)
 	 * 			);
@@ -1477,7 +1477,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.securityContext((securityContext) ->
+	 * 			.securityContext((securityContext) -&gt;
 	 * 				securityContext
 	 * 					.securityContextRepository(SCR)
 	 * 			);
@@ -1519,7 +1519,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.servletApi((servletApi) ->
+	 * 			.servletApi((servletApi) -&gt;
 	 * 				servletApi.disable()
 	 * 			);
 	 * 	}
@@ -1575,7 +1575,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 *     protected void configure(HttpSecurity http) throws Exception {
 	 *         http
-	 *             .csrf((csrf) -> csrf.disable());
+	 *             .csrf((csrf) -&gt; csrf.disable());
 	 *     }
 	 * }
 	 * </pre>
@@ -1651,13 +1651,13 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests((authorizeRequests) ->
+	 * 			.authorizeRequests((authorizeRequests) -&gt;
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
 	 * 			.formLogin(withDefaults())
 	 * 			// sample logout customization
-	 * 			.logout((logout) ->
+	 * 			.logout((logout) -&gt;
 	 * 				logout.deleteCookies(&quot;remove&quot;)
 	 * 					.invalidateHttpSession(false)
 	 * 					.logoutUrl(&quot;/custom-logout&quot;)
@@ -1766,13 +1766,13 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests((authorizeRequests) ->
+	 * 			.authorizeRequests((authorizeRequests) -&gt;
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
 	 * 			.formLogin(withDefaults())
 	 * 			// sample anonymous customization
-	 * 			.anonymous((anonymous) ->
+	 * 			.anonymous((anonymous) -&gt;
 	 * 				anonymous
 	 * 					.authorities(&quot;ROLE_ANON&quot;)
 	 * 			)
@@ -1792,13 +1792,13 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests((authorizeRequests) ->
+	 * 			.authorizeRequests((authorizeRequests) -&gt;
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
 	 * 			.formLogin(withDefaults())
 	 * 			// sample anonymous customization
-	 * 			.anonymous((anonymous) ->
+	 * 			.anonymous((anonymous) -&gt;
 	 * 				anonymous.disable()
 	 * 			);
 	 * 	}
@@ -1901,7 +1901,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests((authorizeRequests) ->
+	 * 			.authorizeRequests((authorizeRequests) -&gt;
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
@@ -1920,11 +1920,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests((authorizeRequests) ->
+	 * 			.authorizeRequests((authorizeRequests) -&gt;
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
-	 * 			.formLogin((formLogin) ->
+	 * 			.formLogin((formLogin) -&gt;
 	 * 				formLogin
 	 * 					.usernameParameter(&quot;username&quot;)
 	 * 					.passwordParameter(&quot;password&quot;)
@@ -2278,7 +2278,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 		&#064;Override
 	 * 		protected void configure(HttpSecurity http) throws Exception {
 	 * 			http
-	 * 				.authorizeRequests((authorizeRequests) ->
+	 * 				.authorizeRequests((authorizeRequests) -&gt;
 	 * 					authorizeRequests
 	 * 						.anyRequest().authenticated()
 	 * 				)
@@ -2362,7 +2362,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests((authorizeRequests) ->
+	 * 			.authorizeRequests((authorizeRequests) -&gt;
 	 * 				authorizeRequests
 	 * 					.anyRequest().authenticated()
 	 * 			)
@@ -2419,13 +2419,13 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests((authorizeRequests) ->
+	 * 			.authorizeRequests((authorizeRequests) -&gt;
 	 * 				authorizeRequests
 	 * 					.anyRequest().authenticated()
 	 * 			)
-	 * 			.oauth2ResourceServer((oauth2ResourceServer) ->
+	 * 			.oauth2ResourceServer((oauth2ResourceServer) -&gt;
 	 * 				oauth2ResourceServer
-	 * 					.jwt((jwt) ->
+	 * 					.jwt((jwt) -&gt;
 	 * 						jwt
 	 * 							.decoder(jwtDecoder())
 	 * 					)
@@ -2512,12 +2512,12 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests((authorizeRequests) ->
+	 * 			.authorizeRequests((authorizeRequests) -&gt;
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
 	 * 			.formLogin(withDefaults())
-	 * 			.requiresChannel((requiresChannel) ->
+	 * 			.requiresChannel((requiresChannel) -&gt;
 	 * 				requiresChannel
 	 * 					.anyRequest().requiresSecure()
 	 * 			);
@@ -2586,7 +2586,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.authorizeRequests((authorizeRequests) ->
+	 * 			.authorizeRequests((authorizeRequests) -&gt;
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
@@ -2828,11 +2828,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.requestMatchers((requestMatchers) ->
+	 * 			.requestMatchers((requestMatchers) -&gt;
 	 * 				requestMatchers
 	 * 					.antMatchers(&quot;/api/**&quot;, &quot;/oauth/**&quot;)
 	 * 			)
-	 * 			.authorizeRequests((authorizeRequests) ->
+	 * 			.authorizeRequests((authorizeRequests) -&gt;
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
@@ -2851,12 +2851,12 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.requestMatchers((requestMatchers) ->
+	 * 			.requestMatchers((requestMatchers) -&gt;
 	 * 				requestMatchers
 	 * 					.antMatchers(&quot;/api/**&quot;)
 	 * 					.antMatchers(&quot;/oauth/**&quot;)
 	 * 			)
-	 * 			.authorizeRequests((authorizeRequests) ->
+	 * 			.authorizeRequests((authorizeRequests) -&gt;
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)
@@ -2875,15 +2875,15 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	&#064;Override
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 	 * 		http
-	 * 			.requestMatchers((requestMatchers) ->
+	 * 			.requestMatchers((requestMatchers) -&gt;
 	 * 				requestMatchers
 	 * 					.antMatchers(&quot;/api/**&quot;)
 	 * 			)
-	 *			.requestMatchers((requestMatchers) ->
+	 *			.requestMatchers((requestMatchers) -&gt;
 	 *			requestMatchers
 	 * 				.antMatchers(&quot;/oauth/**&quot;)
 	 * 			)
-	 * 			.authorizeRequests((authorizeRequests) ->
+	 * 			.authorizeRequests((authorizeRequests) -&gt;
 	 * 				authorizeRequests
 	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 	 * 			)

config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityCustomizer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -29,7 +29,7 @@ import org.springframework.security.config.annotation.web.builders.WebSecurity;
  * <pre>
  * &#064;Bean
  * public WebSecurityCustomizer ignoringCustomizer() {
- * 	return (web) -> web.ignoring().antMatchers("/ignore1", "/ignore2");
+ * 	return (web) -&gt; web.ignoring().antMatchers("/ignore1", "/ignore2");
  * }
  * </pre>
  *

config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2019 the original author or authors.
+ * Copyright 2002-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -170,7 +170,7 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 	 * <pre>
 	 * http
 	 *     .csrf()
-	 *         .ignoringRequestMatchers((request) -> "XMLHttpRequest".equals(request.getHeader("X-Requested-With")))
+	 *         .ignoringRequestMatchers((request) -&gt; "XMLHttpRequest".equals(request.getHeader("X-Requested-With")))
 	 *         .and()
 	 *     ...
 	 * </pre>

config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java

@@ -398,7 +398,7 @@ public class ServerHttpSecurity {
 	 * 	    http
 	 * 	        // ...
 	 * 	        .redirectToHttps()
-	 * 	            .httpsRedirectWhen((serverWebExchange) ->
+	 * 	            .httpsRedirectWhen((serverWebExchange) ->
 	 * 	            	serverWebExchange.getRequest().getHeaders().containsKey("X-Requires-Https"))
 	 * 	    return http.build();
 	 * 	}
@@ -433,9 +433,9 @@ public class ServerHttpSecurity {
 	 * 	public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	 * 	    http
 	 * 	        // ...
-	 * 	        .redirectToHttps((redirectToHttps) ->
+	 * 	        .redirectToHttps((redirectToHttps) ->
 	 * 	        	redirectToHttps
-	 * 	            	.httpsRedirectWhen((serverWebExchange) ->
+	 * 	            	.httpsRedirectWhen((serverWebExchange) ->
 	 * 	            		serverWebExchange.getRequest().getHeaders().containsKey("X-Requires-Https"))
 	 * 	            );
 	 * 	    return http.build();
@@ -503,7 +503,7 @@ public class ServerHttpSecurity {
 	 *  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	 *      http
 	 *          // ...
-	 *          .csrf((csrf) ->
+	 *          .csrf((csrf) ->
 	 *              csrf.disabled()
 	 *          );
 	 *      return http.build();
@@ -518,7 +518,7 @@ public class ServerHttpSecurity {
 	 *  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	 *      http
 	 *          // ...
-	 *          .csrf((csrf) ->
+	 *          .csrf((csrf) ->
 	 *              csrf
 	 *                  // Handle CSRF failures
 	 *                  .accessDeniedHandler(accessDeniedHandler)
@@ -609,7 +609,7 @@ public class ServerHttpSecurity {
 	 *  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	 *      http
 	 *          // ...
-	 *          .anonymous((anonymous) ->
+	 *          .anonymous((anonymous) ->
 	 *              anonymous
 	 *                  .key("key")
 	 *                  .authorities("ROLE_ANONYMOUS")
@@ -662,7 +662,7 @@ public class ServerHttpSecurity {
 	 *  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	 *      http
 	 *          // ...
-	 *          .httpBasic((httpBasic) ->
+	 *          .httpBasic((httpBasic) ->
 	 *              httpBasic
 	 *                  // used for authenticating the credentials
 	 *                  .authenticationManager(authenticationManager)
@@ -721,7 +721,7 @@ public class ServerHttpSecurity {
 	 *  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	 *      http
 	 *          // ...
-	 *          .formLogin((formLogin) ->
+	 *          .formLogin((formLogin) ->
 	 *              formLogin
 	 *              	// used for authenticating the credentials
 	 *              	.authenticationManager(authenticationManager)
@@ -783,7 +783,7 @@ public class ServerHttpSecurity {
 	 *  @Bean
 	 *  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	 *      http
-	 *          .x509((x509) ->
+	 *          .x509((x509) ->
 	 *              x509
 	 *          	    .authenticationManager(authenticationManager)
 	 *                  .principalExtractor(principalExtractor)
@@ -841,7 +841,7 @@ public class ServerHttpSecurity {
 	 *  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	 *      http
 	 *          // ...
-	 *          .oauth2Login((oauth2Login) ->
+	 *          .oauth2Login((oauth2Login) ->
 	 *              oauth2Login
 	 *                  .authenticationConverter(authenticationConverter)
 	 *                  .authenticationManager(manager)
@@ -892,7 +892,7 @@ public class ServerHttpSecurity {
 	 *  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	 *      http
 	 *          // ...
-	 *          .oauth2Client((oauth2Client) ->
+	 *          .oauth2Client((oauth2Client) ->
 	 *              oauth2Client
 	 *                  .clientRegistrationRepository(clientRegistrationRepository)
 	 *                  .authorizedClientRepository(authorizedClientRepository)
@@ -943,9 +943,9 @@ public class ServerHttpSecurity {
 	 *  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	 *      http
 	 *          // ...
-	 *          .oauth2ResourceServer((oauth2ResourceServer) ->
+	 *          .oauth2ResourceServer((oauth2ResourceServer) ->
 	 *              oauth2ResourceServer
-	 *                  .jwt((jwt) ->
+	 *                  .jwt((jwt) ->
 	 *                      jwt
 	 *                          .publicKey(publicKey())
 	 *                  )
@@ -1029,15 +1029,15 @@ public class ServerHttpSecurity {
 	 *  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	 *      http
 	 *          // ...
-	 *          .headers((headers) ->
+	 *          .headers((headers) ->
 	 *              headers
 	 *                  // customize frame options to be same origin
-	 *                  .frameOptions((frameOptions) ->
+	 *                  .frameOptions((frameOptions) ->
 	 *                      frameOptions
 	 *                          .mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN)
 	 *                   )
 	 *                  // disable cache control
-	 *                  .cache((cache) ->
+	 *                  .cache((cache) ->
 	 *                      cache
 	 *                          .disable()
 	 *                  )
@@ -1090,7 +1090,7 @@ public class ServerHttpSecurity {
 	 *  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	 *      http
 	 *          // ...
-	 *          .exceptionHandling((exceptionHandling) ->
+	 *          .exceptionHandling((exceptionHandling) ->
 	 *              exceptionHandling
 	 *                  // customize how to request for authentication
 	 *                  .authenticationEntryPoint(entryPoint)
@@ -1125,10 +1125,10 @@ public class ServerHttpSecurity {
 	 *              .pathMatchers(HttpMethod.POST, "/users").hasAuthority("USER_POST")
 	 *              // a request to /users/{username} requires the current authentication's username
 	 *              // to be equal to the {username}
-	 *              .pathMatchers("/users/{username}").access((authentication, context) ->
+	 *              .pathMatchers("/users/{username}").access((authentication, context) ->
 	 *                  authentication
 	 *                      .map(Authentication::getName)
-	 *                      .map((username) -> username.equals(context.getVariables().get("username")))
+	 *                      .map((username) -> username.equals(context.getVariables().get("username")))
 	 *                      .map(AuthorizationDecision::new)
 	 *              )
 	 *              // allows providing a custom matching strategy that requires the role "ROLE_CUSTOM"
@@ -1155,7 +1155,7 @@ public class ServerHttpSecurity {
 	 *  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	 *      http
 	 *          // ...
-	 *          .authorizeExchange((exchanges) ->
+	 *          .authorizeExchange((exchanges) ->
 	 *              exchanges
 	 *                  // any URL that starts with /admin/ requires the role "ROLE_ADMIN"
 	 *                  .pathMatchers("/admin/**").hasRole("ADMIN")
@@ -1163,10 +1163,10 @@ public class ServerHttpSecurity {
 	 *                  .pathMatchers(HttpMethod.POST, "/users").hasAuthority("USER_POST")
 	 *                  // a request to /users/{username} requires the current authentication's username
 	 *                  // to be equal to the {username}
-	 *                  .pathMatchers("/users/{username}").access((authentication, context) ->
+	 *                  .pathMatchers("/users/{username}").access((authentication, context) ->
 	 *                      authentication
 	 *                          .map(Authentication::getName)
-	 *                          .map((username) -> username.equals(context.getVariables().get("username")))
+	 *                          .map((username) -> username.equals(context.getVariables().get("username")))
 	 *                          .map(AuthorizationDecision::new)
 	 *                  )
 	 *                  // allows providing a custom matching strategy that requires the role "ROLE_CUSTOM"
@@ -1224,7 +1224,7 @@ public class ServerHttpSecurity {
 	 *  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	 *      http
 	 *          // ...
-	 *          .logout((logout) ->
+	 *          .logout((logout) ->
 	 *              logout
 	 *                  // configures how log out is done
 	 *                  .logoutHandler(logoutHandler)
@@ -1280,7 +1280,7 @@ public class ServerHttpSecurity {
 	 *  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	 *      http
 	 *          // ...
-	 *          .requestCache((requestCache) ->
+	 *          .requestCache((requestCache) ->
 	 *              requestCache
 	 *                  // configures how the request is cached
 	 *                  .requestCache(customRequestCache)

crypto/src/main/java/org/springframework/security/crypto/password/DelegatingPasswordEncoder.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -31,7 +31,7 @@ import java.util.Map;
  *
  * <pre>
  * String idForEncode = "bcrypt";
- * Map&lt;String,PasswordEncoder&gt; encoders = new HashMap<>();
+ * Map&lt;String,PasswordEncoder&gt; encoders = new HashMap&lt;&gt;();
  * encoders.put(idForEncode, new BCryptPasswordEncoder());
  * encoders.put("noop", NoOpPasswordEncoder.getInstance());
  * encoders.put("pbkdf2", new Pbkdf2PasswordEncoder());

oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -99,7 +99,7 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver
 	 *     authenticationManagers.put("https://issuerOne.example.org", managerOne);
 	 *     authenticationManagers.put("https://issuerTwo.example.org", managerTwo);
 	 *     JwtIssuerReactiveAuthenticationManagerResolver resolver = new JwtIssuerReactiveAuthenticationManagerResolver
-	 *     	((issuer) -> Mono.justOrEmpty(authenticationManagers.get(issuer));
+	 *     	((issuer) -> Mono.justOrEmpty(authenticationManagers.get(issuer));
 	 * </pre>
 	 *
 	 * The keys in the {@link Map} are the trusted issuers.