Use consistent "@" tag order in Javadoc

Ensure that Javadoc "@" tags appear in a consistent and well defined
order.

Issue gh-8945

cas/src/main/java/org/springframework/security/cas/jackson2/CasJackson2Module.java

@@ -20,6 +20,7 @@ import com.fasterxml.jackson.core.Version;
 import com.fasterxml.jackson.databind.module.SimpleModule;
 import org.jasig.cas.client.authentication.AttributePrincipalImpl;
 import org.jasig.cas.client.validation.AssertionImpl;
+
 import org.springframework.security.cas.authentication.CasAuthenticationToken;
 import org.springframework.security.jackson2.SecurityJackson2Modules;
 
@@ -37,8 +38,8 @@ import org.springframework.security.jackson2.SecurityJackson2Modules;
  * of all security modules on the classpath.</b>
  *
  * @author Jitendra Singh.
- * @see org.springframework.security.jackson2.SecurityJackson2Modules
  * @since 4.2
+ * @see org.springframework.security.jackson2.SecurityJackson2Modules
  */
 public class CasJackson2Module extends SimpleModule {
 

cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java

@@ -381,7 +381,7 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 	/**
 	 * A wrapper for the AuthenticationFailureHandler that will flex the
 	 * {@link AuthenticationFailureHandler} that is used. The value
-	 * {@link CasAuthenticationFilter#setProxyAuthenticationFailureHandler(AuthenticationFailureHandler)
+	 * {@link CasAuthenticationFilter#setProxyAuthenticationFailureHandler(AuthenticationFailureHandler)}
 	 * will be used for proxy requests that fail. The value
 	 * {@link CasAuthenticationFilter#setAuthenticationFailureHandler(AuthenticationFailureHandler)}
 	 * will be used for service tickets that fail.

config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java

@@ -44,10 +44,10 @@ import org.springframework.web.filter.DelegatingFilterProxy;
  * filters necessary for session management, form based login, authorization, etc.
  * </p>
  *
- * @see WebSecurity
- * @author Rob Winch
  * @param <O> The object that this builder returns
  * @param <B> The type of this builder (that is returned by the base class)
+ * @author Rob Winch
+ * @see WebSecurity
  */
 public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBuilder<O>>
 		extends AbstractSecurityBuilder<O> {

config/src/main/java/org/springframework/security/config/annotation/SecurityBuilder.java

@@ -18,9 +18,9 @@ package org.springframework.security.config.annotation;
 /**
  * Interface for building an Object
  *
+ * @param <O> The type of the Object being built
  * @author Rob Winch
  * @since 3.2
- * @param <O> The type of the Object being built
  */
 public interface SecurityBuilder<O> {
 

config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurer.java

@@ -21,11 +21,11 @@ package org.springframework.security.config.annotation;
  * {@link #init(SecurityBuilder)} methods have been invoked, each
  * {@link #configure(SecurityBuilder)} method is invoked.
  *
- * @see AbstractConfiguredSecurityBuilder
- * @author Rob Winch
  * @param <O> The object being built by the {@link SecurityBuilder} B
  * @param <B> The {@link SecurityBuilder} that builds objects of type O. This is also the
  * {@link SecurityBuilder} that is being configured.
+ * @author Rob Winch
+ * @see AbstractConfiguredSecurityBuilder
  */
 public interface SecurityConfigurer<O, B extends SecurityBuilder<O>> {
 

config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java

@@ -27,11 +27,11 @@ import org.springframework.core.annotation.AnnotationAwareOrderComparator;
  * {@link SecurityConfigurer} and when done gaining access to the {@link SecurityBuilder}
  * that is being configured.
  *
- * @author Rob Winch
- * @author Wallace Wadge
  * @param <O> The Object being built by B
  * @param <B> The Builder that is building O and is configured by
  * {@link SecurityConfigurerAdapter}
+ * @author Rob Winch
+ * @author Wallace Wadge
  */
 public abstract class SecurityConfigurerAdapter<O, B extends SecurityBuilder<O>> implements SecurityConfigurer<O, B> {
 

config/src/main/java/org/springframework/security/config/annotation/authentication/ProviderManagerBuilder.java

@@ -23,8 +23,8 @@ import org.springframework.security.config.annotation.SecurityBuilder;
 /**
  * Interface for operating on a SecurityBuilder that creates a {@link ProviderManager}
  *
- * @author Rob Winch
  * @param <B> the type of the {@link SecurityBuilder}
+ * @author Rob Winch
  */
 public interface ProviderManagerBuilder<B extends ProviderManagerBuilder<B>>
 		extends SecurityBuilder<AuthenticationManager> {

config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java

@@ -26,12 +26,11 @@ import org.springframework.security.core.userdetails.UserDetailsPasswordService;
 /**
  * Allows configuring a {@link DaoAuthenticationProvider}
  *
- * @author Rob Winch
- * @since 3.2
  * @param <B> the type of the {@link SecurityBuilder}
  * @param <C> the type of {@link AbstractDaoAuthenticationConfigurer} this is
  * @param <U> The type of {@link UserDetailsService} that is being used
- *
+ * @author Rob Winch
+ * @since 3.2
  */
 abstract class AbstractDaoAuthenticationConfigurer<B extends ProviderManagerBuilder<B>, C extends AbstractDaoAuthenticationConfigurer<B, C, U>, U extends UserDetailsService>
 		extends UserDetailsAwareConfigurer<B, U> {

config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/DaoAuthenticationConfigurer.java

@@ -22,11 +22,10 @@ import org.springframework.security.core.userdetails.UserDetailsService;
 /**
  * Allows configuring a {@link DaoAuthenticationProvider}
  *
- * @author Rob Winch
- * @since 3.2
  * @param <B> The type of {@link ProviderManagerBuilder} this is
  * @param <U> The type of {@link UserDetailsService} that is being used
- *
+ * @author Rob Winch
+ * @since 3.2
  */
 public class DaoAuthenticationConfigurer<B extends ProviderManagerBuilder<B>, U extends UserDetailsService>
 		extends AbstractDaoAuthenticationConfigurer<B, DaoAuthenticationConfigurer<B, U>, U> {

config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsAwareConfigurer.java

@@ -25,9 +25,9 @@ import org.springframework.security.core.userdetails.UserDetailsService;
  * Base class that allows access to the {@link UserDetailsService} for using as a default
  * value with {@link AuthenticationManagerBuilder}.
  *
- * @author Rob Winch
  * @param <B> the type of the {@link ProviderManagerBuilder}
  * @param <U> the type of {@link UserDetailsService}
+ * @author Rob Winch
  */
 public abstract class UserDetailsAwareConfigurer<B extends ProviderManagerBuilder<B>, U extends UserDetailsService>
 		extends SecurityConfigurerAdapter<AuthenticationManager, B> {

config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsServiceConfigurer.java

@@ -23,12 +23,12 @@ import org.springframework.security.core.userdetails.UserDetailsService;
  * Allows configuring a {@link UserDetailsService} within a
  * {@link AuthenticationManagerBuilder}.
  *
- * @author Rob Winch
- * @since 3.2
  * @param <B> the type of the {@link ProviderManagerBuilder}
  * @param <C> the {@link UserDetailsServiceConfigurer} (or this)
  * @param <U> the type of UserDetailsService being used to allow for returning the
  * concrete UserDetailsService.
+ * @author Rob Winch
+ * @since 3.2
  */
 public class UserDetailsServiceConfigurer<B extends ProviderManagerBuilder<B>, C extends UserDetailsServiceConfigurer<B, C, U>, U extends UserDetailsService>
 		extends AbstractDaoAuthenticationConfigurer<B, C, U> {

config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java

@@ -195,7 +195,7 @@ public class RSocketSecurity {
 	/**
 	 * Adds authentication with BasicAuthenticationPayloadExchangeConverter.
 	 * @param basic
-	 * @return
+	 * @return this instance
 	 * @deprecated Use {@link #simpleAuthentication(Customizer)}
 	 */
 	@Deprecated

config/src/main/java/org/springframework/security/config/annotation/web/HttpSecurityBuilder.java

@@ -44,8 +44,8 @@ import org.springframework.security.web.session.ConcurrentSessionFilter;
 import org.springframework.security.web.session.SessionManagementFilter;
 
 /**
- * @author Rob Winch
  * @param <H>
+ * @author Rob Winch
  */
 public interface HttpSecurityBuilder<H extends HttpSecurityBuilder<H>>
 		extends SecurityBuilder<DefaultSecurityFilterChain> {

config/src/main/java/org/springframework/security/config/annotation/web/WebSecurityConfigurer.java

@@ -32,10 +32,10 @@ import org.springframework.security.web.SecurityFilterChain;
  * will automatically be applied to the {@link WebSecurity} by the
  * {@link EnableWebSecurity} annotation.
  *
- * @see WebSecurityConfigurerAdapter
- * @see SecurityFilterChain
  * @author Rob Winch
  * @since 3.2
+ * @see WebSecurityConfigurerAdapter
+ * @see SecurityFilterChain
  */
 public interface WebSecurityConfigurer<T extends SecurityBuilder<Filter>> extends SecurityConfigurer<Filter, T> {
 

config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java

@@ -231,11 +231,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * }
 	 * </pre>
 	 * @return the {@link OpenIDLoginConfigurer} for further customizations.
+	 * @throws Exception
 	 * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
 	 * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
 	 * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
 	 * supported by <code>spring-security-oauth2</code>.
-	 * @throws Exception
 	 * @see OpenIDLoginConfigurer
 	 */
 	public OpenIDLoginConfigurer<HttpSecurity> openidLogin() throws Exception {
@@ -351,16 +351,15 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	}
 	 * }
 	 * </pre>
-	 *
-	 * @see OpenIDLoginConfigurer
 	 * @param openidLoginCustomizer the {@link Customizer} to provide more options for the
 	 * {@link OpenIDLoginConfigurer}
+	 * @return the {@link HttpSecurity} for further customizations
+	 * @throws Exception
 	 * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
 	 * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
 	 * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
 	 * supported by <code>spring-security-oauth2</code>.
-	 * @return the {@link HttpSecurity} for further customizations
-	 * @throws Exception
+	 * @see OpenIDLoginConfigurer
 	 */
 	public HttpSecurity openidLogin(Customizer<OpenIDLoginConfigurer<HttpSecurity>> openidLoginCustomizer)
 			throws Exception {
@@ -797,12 +796,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	}
 	 * }
 	 * </pre>
-	 *
-	 * @see #requiresChannel()
 	 * @param portMapperCustomizer the {@link Customizer} to provide more options for the
 	 * {@link PortMapperConfigurer}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
+	 * @see #requiresChannel()
 	 */
 	public HttpSecurity portMapper(Customizer<PortMapperConfigurer<HttpSecurity>> portMapperCustomizer)
 			throws Exception {
@@ -1158,10 +1156,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * http.authorizeRequests().antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;).antMatchers(&quot;/admin/**&quot;)
 	 * 		.hasRole(&quot;ADMIN&quot;)
 	 * </pre>
-	 *
-	 * @see #requestMatcher(RequestMatcher)
 	 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further customizations
 	 * @throws Exception
+	 * @see #requestMatcher(RequestMatcher)
 	 */
 	public ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry authorizeRequests()
 			throws Exception {
@@ -1238,12 +1235,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	}
 	 * }
 	 * </pre>
-	 *
-	 * @see #requestMatcher(RequestMatcher)
 	 * @param authorizeRequestsCustomizer the {@link Customizer} to provide more options
 	 * for the {@link ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
+	 * @see #requestMatcher(RequestMatcher)
 	 */
 	public HttpSecurity authorizeRequests(
 			Customizer<ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry> authorizeRequestsCustomizer)
@@ -1779,10 +1775,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	}
 	 * }
 	 * </pre>
-	 *
-	 * @see FormLoginConfigurer#loginPage(String)
 	 * @return the {@link FormLoginConfigurer} for further customizations
 	 * @throws Exception
+	 * @see FormLoginConfigurer#loginPage(String)
 	 */
 	public FormLoginConfigurer<HttpSecurity> formLogin() throws Exception {
 		return getOrApply(new FormLoginConfigurer<>());
@@ -1842,12 +1837,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	}
 	 * }
 	 * </pre>
-	 *
-	 * @see FormLoginConfigurer#loginPage(String)
 	 * @param formLoginCustomizer the {@link Customizer} to provide more options for the
 	 * {@link FormLoginConfigurer}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
+	 * @see FormLoginConfigurer#loginPage(String)
 	 */
 	public HttpSecurity formLogin(Customizer<FormLoginConfigurer<HttpSecurity>> formLoginCustomizer) throws Exception {
 		formLoginCustomizer.customize(getOrApply(new FormLoginConfigurer<>()));
@@ -1935,10 +1929,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * </pre>
 	 *
 	 * <p>
-	 *
-	 * @since 5.2
 	 * @return the {@link Saml2LoginConfigurer} for further customizations
 	 * @throws Exception
+	 * @since 5.2
 	 */
 	public Saml2LoginConfigurer<HttpSecurity> saml2Login() throws Exception {
 		return getOrApply(new Saml2LoginConfigurer<>());
@@ -2025,12 +2018,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * </pre>
 	 *
 	 * <p>
-	 *
-	 * @since 5.2
 	 * @param saml2LoginCustomizer the {@link Customizer} to provide more options for the
 	 * {@link Saml2LoginConfigurer}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
+	 * @since 5.2
 	 */
 	public HttpSecurity saml2Login(Customizer<Saml2LoginConfigurer<HttpSecurity>> saml2LoginCustomizer)
 			throws Exception {
@@ -2122,7 +2114,8 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * <p>
 	 * For more advanced configuration, see {@link OAuth2LoginConfigurer} for available
 	 * options to customize the defaults.
-	 *
+	 * @return the {@link OAuth2LoginConfigurer} for further customizations
+	 * @throws Exception
 	 * @since 5.0
 	 * @see <a target="_blank" href=
 	 * "https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code
@@ -2132,8 +2125,6 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * Authorization Code Flow</a>
 	 * @see org.springframework.security.oauth2.client.registration.ClientRegistration
 	 * @see org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
-	 * @return the {@link OAuth2LoginConfigurer} for further customizations
-	 * @throws Exception
 	 */
 	public OAuth2LoginConfigurer<HttpSecurity> oauth2Login() throws Exception {
 		return getOrApply(new OAuth2LoginConfigurer<>());
@@ -2224,7 +2215,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * <p>
 	 * For more advanced configuration, see {@link OAuth2LoginConfigurer} for available
 	 * options to customize the defaults.
-	 *
+	 * @param oauth2LoginCustomizer the {@link Customizer} to provide more options for the
+	 * {@link OAuth2LoginConfigurer}
+	 * @return the {@link HttpSecurity} for further customizations
+	 * @throws Exception
 	 * @see <a target="_blank" href=
 	 * "https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code
 	 * Grant</a>
@@ -2233,10 +2227,6 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * Authorization Code Flow</a>
 	 * @see org.springframework.security.oauth2.client.registration.ClientRegistration
 	 * @see org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
-	 * @param oauth2LoginCustomizer the {@link Customizer} to provide more options for the
-	 * {@link OAuth2LoginConfigurer}
-	 * @return the {@link HttpSecurity} for further customizations
-	 * @throws Exception
 	 */
 	public HttpSecurity oauth2Login(Customizer<OAuth2LoginConfigurer<HttpSecurity>> oauth2LoginCustomizer)
 			throws Exception {
@@ -2246,13 +2236,12 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 
 	/**
 	 * Configures OAuth 2.0 Client support.
-	 *
+	 * @return the {@link OAuth2ClientConfigurer} for further customizations
+	 * @throws Exception
 	 * @since 5.1
 	 * @see <a target="_blank" href=
 	 * "https://tools.ietf.org/html/rfc6749#section-1.1">OAuth 2.0 Authorization
 	 * Framework</a>
-	 * @return the {@link OAuth2ClientConfigurer} for further customizations
-	 * @throws Exception
 	 */
 	public OAuth2ClientConfigurer<HttpSecurity> oauth2Client() throws Exception {
 		OAuth2ClientConfigurer<HttpSecurity> configurer = getOrApply(new OAuth2ClientConfigurer<>());
@@ -2283,14 +2272,13 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 *	}
 	 * }
 	 * </pre>
-	 *
-	 * @see <a target="_blank" href=
-	 * "https://tools.ietf.org/html/rfc6749#section-1.1">OAuth 2.0 Authorization
-	 * Framework</a>
 	 * @param oauth2ClientCustomizer the {@link Customizer} to provide more options for
 	 * the {@link OAuth2ClientConfigurer}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
+	 * @see <a target="_blank" href=
+	 * "https://tools.ietf.org/html/rfc6749#section-1.1">OAuth 2.0 Authorization
+	 * Framework</a>
 	 */
 	public HttpSecurity oauth2Client(Customizer<OAuth2ClientConfigurer<HttpSecurity>> oauth2ClientCustomizer)
 			throws Exception {
@@ -2300,13 +2288,12 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 
 	/**
 	 * Configures OAuth 2.0 Resource Server support.
-	 *
+	 * @return the {@link OAuth2ResourceServerConfigurer} for further customizations
+	 * @throws Exception
 	 * @since 5.1
 	 * @see <a target="_blank" href=
 	 * "https://tools.ietf.org/html/rfc6749#section-1.1">OAuth 2.0 Authorization
 	 * Framework</a>
-	 * @return the {@link OAuth2ResourceServerConfigurer} for further customizations
-	 * @throws Exception
 	 */
 	public OAuth2ResourceServerConfigurer<HttpSecurity> oauth2ResourceServer() throws Exception {
 		OAuth2ResourceServerConfigurer<HttpSecurity> configurer = getOrApply(
@@ -2353,14 +2340,13 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * 	}
 	 * }
 	 * </pre>
-	 *
-	 * @see <a target="_blank" href=
-	 * "https://tools.ietf.org/html/rfc6749#section-1.1">OAuth 2.0 Authorization
-	 * Framework</a>
 	 * @param oauth2ResourceServerCustomizer the {@link Customizer} to provide more
 	 * options for the {@link OAuth2ResourceServerConfigurer}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
+	 * @see <a target="_blank" href=
+	 * "https://tools.ietf.org/html/rfc6749#section-1.1">OAuth 2.0 Authorization
+	 * Framework</a>
 	 */
 	public HttpSecurity oauth2ResourceServer(
 			Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>> oauth2ResourceServerCustomizer) throws Exception {

config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java

@@ -72,11 +72,11 @@ import org.springframework.web.filter.DelegatingFilterProxy;
  * {@link WebSecurityConfigurerAdapter}.
  * </p>
  *
- * @see EnableWebSecurity
- * @see WebSecurityConfiguration
  * @author Rob Winch
  * @author Evgeniy Cheban
  * @since 3.2
+ * @see EnableWebSecurity
+ * @see WebSecurityConfiguration
  */
 public final class WebSecurity extends AbstractConfiguredSecurityBuilder<Filter, WebSecurity>
 		implements SecurityBuilder<Filter>, ApplicationContextAware {

config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java

@@ -49,13 +49,13 @@ import java.util.Collections;
  * Base class for configuring {@link AbstractAuthenticationFilterConfigurer}. This is
  * intended for internal use only.
  *
- * @see FormLoginConfigurer
- * @see OpenIDLoginConfigurer
  * @param T refers to "this" for returning the current configurer
  * @param F refers to the {@link AbstractAuthenticationProcessingFilter} that is being
  * built
  * @author Rob Winch
  * @since 3.2
+ * @see FormLoginConfigurer
+ * @see OpenIDLoginConfigurer
  */
 public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>, T extends AbstractAuthenticationFilterConfigurer<B, T, F>, F extends AbstractAuthenticationProcessingFilter>
 		extends AbstractHttpConfigurer<T, B> {

config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java

@@ -28,9 +28,9 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
  * A base class for registering {@link RequestMatcher}'s. For example, it might allow for
  * specifying which {@link RequestMatcher} require a certain level of authorization.
  *
+ * @param <C> The object that is returned or Chained after creating the RequestMatcher
  * @author Rob Winch
  * @since 3.2
- * @param <C> The object that is returned or Chained after creating the RequestMatcher
  * @see ChannelSecurityConfigurer
  * @see UrlAuthorizationConfigurer
  * @see ExpressionUrlAuthorizationConfigurer

config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java

@@ -74,6 +74,7 @@ import org.springframework.util.Assert;
  * </ul>
  *
  * @author Rob Winch
+ * @author Michael Vitz
  * @since 3.2
  */
 public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
@@ -184,12 +185,10 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 	 * Specify the {@link SessionAuthenticationStrategy} to use. The default is a
 	 * {@link CsrfAuthenticationStrategy}.
 	 * </p>
-	 *
-	 * @author Michael Vitz
-	 * @since 5.2
 	 * @param sessionAuthenticationStrategy the {@link SessionAuthenticationStrategy} to
 	 * use
 	 * @return the {@link CsrfConfigurer} for further customizations
+	 * @since 5.2
 	 */
 	public CsrfConfigurer<H> sessionAuthenticationStrategy(
 			SessionAuthenticationStrategy sessionAuthenticationStrategy) {
@@ -300,10 +299,8 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 	/**
 	 * Gets the {@link SessionAuthenticationStrategy} to use. If none was set by the user
 	 * a {@link CsrfAuthenticationStrategy} is created.
-	 *
-	 * @author Michael Vitz
-	 * @since 5.2
 	 * @return the {@link SessionAuthenticationStrategy}
+	 * @since 5.2
 	 */
 	private SessionAuthenticationStrategy getSessionAuthenticationStrategy() {
 		if (sessionAuthenticationStrategy != null) {

config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java

@@ -61,9 +61,9 @@ import java.util.function.Function;
  * {@link DefaultLoginPageConfigurer} should be added and how to configure it.</li>
  * </ul>
  *
- * @see WebSecurityConfigurerAdapter
  * @author Rob Winch
  * @since 3.2
+ * @see WebSecurityConfigurerAdapter
  */
 public final class DefaultLoginPageConfigurer<H extends HttpSecurityBuilder<H>>
 		extends AbstractHttpConfigurer<DefaultLoginPageConfigurer<H>, H> {

config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java

@@ -774,11 +774,10 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 	 * <li>Content-Security-Policy</li>
 	 * <li>Content-Security-Policy-Report-Only</li>
 	 * </ul>
-	 *
-	 * @see ContentSecurityPolicyHeaderWriter
-	 * @since 4.1
 	 * @return the {@link ContentSecurityPolicyConfig} for additional configuration
 	 * @throws IllegalArgumentException if policyDirectives is null or empty
+	 * @since 4.1
+	 * @see ContentSecurityPolicyHeaderWriter
 	 */
 	public ContentSecurityPolicyConfig contentSecurityPolicy(String policyDirectives) {
 		this.contentSecurityPolicy.writer = new ContentSecurityPolicyHeaderWriter(policyDirectives);
@@ -805,11 +804,10 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 	 * <li>Content-Security-Policy</li>
 	 * <li>Content-Security-Policy-Report-Only</li>
 	 * </ul>
-	 *
-	 * @see ContentSecurityPolicyHeaderWriter
 	 * @param contentSecurityCustomizer the {@link Customizer} to provide more options for
 	 * the {@link ContentSecurityPolicyConfig}
 	 * @return the {@link HeadersConfigurer} for additional customizations
+	 * @see ContentSecurityPolicyHeaderWriter
 	 */
 	public HeadersConfigurer<H> contentSecurityPolicy(
 			Customizer<ContentSecurityPolicyConfig> contentSecurityCustomizer) {
@@ -944,10 +942,9 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 	 * <pre>
 	 * Referrer-Policy: no-referrer
 	 * </pre>
-	 *
-	 * @see ReferrerPolicyHeaderWriter
-	 * @since 4.2
 	 * @return the {@link ReferrerPolicyConfig} for additional configuration
+	 * @since 4.2
+	 * @see ReferrerPolicyHeaderWriter
 	 */
 	public ReferrerPolicyConfig referrerPolicy() {
 		this.referrerPolicy.writer = new ReferrerPolicyHeaderWriter();
@@ -967,11 +964,10 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 	 * <ul>
 	 * <li>Referrer-Policy</li>
 	 * </ul>
-	 *
-	 * @see ReferrerPolicyHeaderWriter
-	 * @since 4.2
 	 * @return the {@link ReferrerPolicyConfig} for additional configuration
 	 * @throws IllegalArgumentException if policy is null or empty
+	 * @since 4.2
+	 * @see ReferrerPolicyHeaderWriter
 	 */
 	public ReferrerPolicyConfig referrerPolicy(ReferrerPolicy policy) {
 		this.referrerPolicy.writer = new ReferrerPolicyHeaderWriter(policy);
@@ -991,11 +987,10 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 	 * <ul>
 	 * <li>Referrer-Policy</li>
 	 * </ul>
-	 *
-	 * @see ReferrerPolicyHeaderWriter
 	 * @param referrerPolicyCustomizer the {@link Customizer} to provide more options for
 	 * the {@link ReferrerPolicyConfig}
 	 * @return the {@link HeadersConfigurer} for additional customizations
+	 * @see ReferrerPolicyHeaderWriter
 	 */
 	public HeadersConfigurer<H> referrerPolicy(Customizer<ReferrerPolicyConfig> referrerPolicyCustomizer) {
 		this.referrerPolicy.writer = new ReferrerPolicyHeaderWriter();
@@ -1036,11 +1031,10 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 	 * <p>
 	 * Configuration is provided to the {@link FeaturePolicyHeaderWriter} which is
 	 * responsible for writing the header.
-	 *
-	 * @see FeaturePolicyHeaderWriter
-	 * @since 5.1
 	 * @return the {@link FeaturePolicyConfig} for additional configuration
 	 * @throws IllegalArgumentException if policyDirectives is {@code null} or empty
+	 * @since 5.1
+	 * @see FeaturePolicyHeaderWriter
 	 */
 	public FeaturePolicyConfig featurePolicy(String policyDirectives) {
 		this.featurePolicy.writer = new FeaturePolicyHeaderWriter(policyDirectives);

config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java

@@ -143,11 +143,10 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>>
 	 * attacks</a>. If you really want to use an HTTP GET, you can use
 	 * <code>logoutRequestMatcher(new AntPathRequestMatcher(logoutUrl, "GET"));</code>
 	 * </p>
-	 *
-	 * @see #logoutRequestMatcher(RequestMatcher)
-	 * @see HttpSecurity#csrf()
 	 * @param logoutUrl the URL that will invoke logout.
 	 * @return the {@link LogoutConfigurer} for further customization
+	 * @see #logoutRequestMatcher(RequestMatcher)
+	 * @see HttpSecurity#csrf()
 	 */
 	public LogoutConfigurer<H> logoutUrl(String logoutUrl) {
 		this.logoutRequestMatcher = null;
@@ -158,11 +157,10 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>>
 	/**
 	 * The RequestMatcher that triggers log out to occur. In most circumstances users will
 	 * use {@link #logoutUrl(String)} which helps enforce good practices.
-	 *
-	 * @see #logoutUrl(String)
 	 * @param logoutRequestMatcher the RequestMatcher used to determine if logout should
 	 * occur.
 	 * @return the {@link LogoutConfigurer} for further customization
+	 * @see #logoutUrl(String)
 	 */
 	public LogoutConfigurer<H> logoutRequestMatcher(RequestMatcher logoutRequestMatcher) {
 		this.logoutRequestMatcher = logoutRequestMatcher;

config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java

@@ -214,8 +214,8 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @param sessionCreationPolicy the {@link SessionCreationPolicy} to use. Cannot be
 	 * null.
 	 * @return the {@link SessionManagementConfigurer} for further customizations
-	 * @see SessionCreationPolicy
 	 * @throws IllegalArgumentException if {@link SessionCreationPolicy} is null.
+	 * @see SessionCreationPolicy
 	 */
 	public SessionManagementConfigurer<H> sessionCreationPolicy(SessionCreationPolicy sessionCreationPolicy) {
 		Assert.notNull(sessionCreationPolicy, "sessionCreationPolicy cannot be null");

config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java

@@ -163,10 +163,9 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 
 	/**
 	 * Sets the repository for authorized client(s).
-	 *
-	 * @since 5.1
 	 * @param authorizedClientRepository the authorized client repository
 	 * @return the {@link OAuth2LoginConfigurer} for further configuration
+	 * @since 5.1
 	 */
 	public OAuth2LoginConfigurer<B> authorizedClientRepository(
 			OAuth2AuthorizedClientRepository authorizedClientRepository) {
@@ -250,11 +249,10 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 
 		/**
 		 * Sets the resolver used for resolving {@link OAuth2AuthorizationRequest}'s.
-		 *
-		 * @since 5.1
 		 * @param authorizationRequestResolver the resolver used for resolving
 		 * {@link OAuth2AuthorizationRequest}'s
 		 * @return the {@link AuthorizationEndpointConfig} for further configuration
+		 * @since 5.1
 		 */
 		public AuthorizationEndpointConfig authorizationRequestResolver(
 				OAuth2AuthorizationRequestResolver authorizationRequestResolver) {

config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java

@@ -118,11 +118,11 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
  * </ul>
  *
  * @author Rob Winch
+ * @since 3.2
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
  * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
- * @since 3.2
  */
 public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>
 		extends AbstractAuthenticationFilterConfigurer<H, OpenIDLoginConfigurer<H>, OpenIDAuthenticationFilter> {

config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java

@@ -40,8 +40,8 @@ import org.springframework.util.StringUtils;
  * Allows mapping security constraints using {@link MessageMatcher} to the security
  * expressions.
  *
- * @since 4.0
  * @author Rob Winch
+ * @since 4.0
  */
 public class MessageSecurityMetadataSourceRegistry {
 
@@ -152,7 +152,7 @@ public class MessageSecurityMetadataSourceRegistry {
 	 * from. Uses
 	 * {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}.
 	 * @return the {@link Constraint} that is associated to the {@link MessageMatcher}
-	 * @see {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}
+	 * @see MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)
 	 */
 	private Constraint simpDestMatchers(SimpMessageType type, String... patterns) {
 		List<MatcherBuilder> matchers = new ArrayList<>(patterns.length);

config/src/main/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurity.java

@@ -47,6 +47,7 @@ import java.lang.annotation.Target;
  *          return new MapReactiveUserDetailsService(user);
  *     }
  * }
+ * </pre>
  *
  * Below is the same as our minimal configuration, but explicitly declaring the
  * {@code ServerHttpSecurity}.
@@ -54,7 +55,6 @@ import java.lang.annotation.Target;
  * <pre class="code">
  * &#064;EnableWebFluxSecurity
  * public class MyExplicitSecurityConfiguration {
- *     // @formatter:off
  *     &#064;Bean
  *     public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
  *          http
@@ -65,9 +65,7 @@ import java.lang.annotation.Target;
  *                    .formLogin();
  *          return http.build();
  *     }
- *     // @formatter:on
  *
- *     // @formatter:off
  *     &#064;Bean
  *     public MapReactiveUserDetailsService userDetailsService() {
  *          UserDetails user = User.withDefaultPasswordEncoder()
@@ -77,8 +75,8 @@ import java.lang.annotation.Target;
  *               .build();
  *          return new MapReactiveUserDetailsService(user);
  *     }
- *     // @formatter:on
  * }
+ * </pre>
  *
  * @author Rob Winch
  * @since 5.0

config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java

@@ -447,13 +447,13 @@ final class AuthenticationConfigBuilder {
 
 	/**
 	 * Parses OpenID 1.0 and 2.0 - related parts of configuration xmls
+	 * @param sessionStrategy sessionStrategy
+	 * @param openIDLoginElt the element from the xml file
+	 * @return the parsed filter as rootBeanDefinition
 	 * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
 	 * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
 	 * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
 	 * supported by <code>spring-security-oauth2</code>.
-	 * @param sessionStrategy sessionStrategy
-	 * @param openIDLoginElt the element from the xml file
-	 * @return the parsed filter as rootBeanDefinition
 	 */
 	private RootBeanDefinition parseOpenIDFilter(BeanReference sessionStrategy, Element openIDLoginElt) {
 		RootBeanDefinition openIDFilter;

config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java

@@ -55,8 +55,8 @@ import org.springframework.util.xml.DomUtils;
  * A {@link BeanDefinitionParser} for <http>'s <oauth2-resource-server>
  * element.
  *
- * @since 5.3
  * @author Josh Cummings
+ * @since 5.3
  */
 final class OAuth2ResourceServerBeanDefinitionParser implements BeanDefinitionParser {
 

config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java

@@ -26,10 +26,10 @@ import org.springframework.util.ClassUtils;
 
 /**
  * Checks for the presence of a ContextSource instance. Also supplies the standard
- * reference to any unconfigured <ldap-authentication-provider> or <ldap-user-service>
- * beans. This is necessary in cases where the user has given the server a specific Id,
- * but hasn't used the server-ref attribute to link this to the other ldap definitions.
- * See SEC-799.
+ * reference to any unconfigured &lt;ldap-authentication-provider&gt; or
+ * &lt;ldap-user-service&gt; beans. This is necessary in cases where the user has given
+ * the server a specific Id, but hasn't used the server-ref attribute to link this to the
+ * other ldap definitions. See SEC-799.
  *
  * @author Luke Taylor
  * @since 3.0

config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java

@@ -189,25 +189,51 @@ import static org.springframework.security.web.server.DelegatingServerAuthentica
  *
  * A minimal configuration can be found below:
  *
- * <pre class="code"> &#064;EnableWebFluxSecurity public class
- * MyMinimalSecurityConfiguration {
+ * <pre class="code">
+ * &#064;EnableWebFluxSecurity
+ * public class MyMinimalSecurityConfiguration {
  *
- * &#064;Bean public MapReactiveUserDetailsService userDetailsService() { UserDetails user
- * = User.withDefaultPasswordEncoder() .username("user") .password("password")
- * .roles("USER") .build(); return new MapReactiveUserDetailsService(user); } }
+ *     &#064;Bean
+ *     public MapReactiveUserDetailsService userDetailsService() {
+ *         UserDetails user = User.withDefaultPasswordEncoder()
+ *             .username("user")
+ *             .password("password")
+ *             .roles("USER")
+ *             .build();
+ *         return new MapReactiveUserDetailsService(user);
+ *     }
+ * }
+ * </pre>
  *
  * Below is the same as our minimal configuration, but explicitly declaring the
  * {@code ServerHttpSecurity}.
  *
- * <pre class="code"> &#064;EnableWebFluxSecurity public class
- * MyExplicitSecurityConfiguration { &#064;Bean public SecurityWebFilterChain
- * springSecurityFilterChain(ServerHttpSecurity http) { http .authorizeExchange()
- * .anyExchange().authenticated() .and() .httpBasic().and() .formLogin(); return
- * http.build(); }
+ * <pre class="code">
+ * &#064;EnableWebFluxSecurity
+ * public class MyExplicitSecurityConfiguration {
  *
- * &#064;Bean public MapReactiveUserDetailsService userDetailsService() { UserDetails user
- * = User.withDefaultPasswordEncoder() .username("user") .password("password")
- * .roles("USER") .build(); return new MapReactiveUserDetailsService(user); } }
+ *     &#064;Bean
+ *     public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
+ *         http
+ *             .authorizeExchange()
+ *               .anyExchange().authenticated()
+ *             .and()
+ *               .httpBasic().and()
+ *               .formLogin();
+ *             return http.build();
+ *     }
+ *
+ *     &#064;Bean
+ *     public MapReactiveUserDetailsService userDetailsService() {
+ *         UserDetails user = User.withDefaultPasswordEncoder()
+ *             .username("user")
+ *             .password("password")
+ *             .roles("USER")
+ *             .build();
+ *         return new MapReactiveUserDetailsService(user);
+ *     }
+ * }
+ * </pre>
  *
  * @author Rob Winch
  * @author Vedran Pavic
@@ -829,11 +855,10 @@ public class ServerHttpSecurity {
 	 * Note that if extractor is not specified, {@link SubjectDnX509PrincipalExtractor}
 	 * will be used. If authenticationManager is not specified,
 	 * {@link ReactivePreAuthenticatedAuthenticationManager} will be used.
-	 *
-	 * @since 5.2
 	 * @param x509Customizer the {@link Customizer} to provide more options for the
 	 * {@link X509Spec}
 	 * @return the {@link ServerHttpSecurity} to customize
+	 * @since 5.2
 	 */
 	public ServerHttpSecurity x509(Customizer<X509Spec> x509Customizer) {
 		if (this.x509 == null) {
@@ -994,10 +1019,9 @@ public class ServerHttpSecurity {
 		 * The {@link ServerSecurityContextRepository} used to save the
 		 * {@code Authentication}. Defaults to
 		 * {@link WebSessionServerSecurityContextRepository}.
-		 *
-		 * @since 5.2
 		 * @param securityContextRepository the repository to use
 		 * @return the {@link OAuth2LoginSpec} to continue configuring
+		 * @since 5.2
 		 */
 		public OAuth2LoginSpec securityContextRepository(ServerSecurityContextRepository securityContextRepository) {
 			this.securityContextRepository = securityContextRepository;
@@ -1008,10 +1032,9 @@ public class ServerHttpSecurity {
 		 * The {@link ServerAuthenticationSuccessHandler} used after authentication
 		 * success. Defaults to {@link RedirectServerAuthenticationSuccessHandler}
 		 * redirecting to "/".
-		 *
-		 * @since 5.2
 		 * @param authenticationSuccessHandler the success handler to use
 		 * @return the {@link OAuth2LoginSpec} to customize
+		 * @since 5.2
 		 */
 		public OAuth2LoginSpec authenticationSuccessHandler(
 				ServerAuthenticationSuccessHandler authenticationSuccessHandler) {
@@ -1024,10 +1047,9 @@ public class ServerHttpSecurity {
 		 * The {@link ServerAuthenticationFailureHandler} used after authentication
 		 * failure. Defaults to {@link RedirectServerAuthenticationFailureHandler}
 		 * redirecting to "/login?error".
-		 *
-		 * @since 5.2
 		 * @param authenticationFailureHandler the failure handler to use
 		 * @return the {@link OAuth2LoginSpec} to customize
+		 * @since 5.2
 		 */
 		public OAuth2LoginSpec authenticationFailureHandler(
 				ServerAuthenticationFailureHandler authenticationFailureHandler) {
@@ -1121,11 +1143,10 @@ public class ServerHttpSecurity {
 
 		/**
 		 * Sets the repository to use for storing {@link OAuth2AuthorizationRequest}'s.
-		 *
-		 * @since 5.2
 		 * @param authorizationRequestRepository the repository to use for storing
 		 * {@link OAuth2AuthorizationRequest}'s
 		 * @return the {@link OAuth2LoginSpec} for further configuration
+		 * @since 5.2
 		 */
 		public OAuth2LoginSpec authorizationRequestRepository(
 				ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
@@ -1135,11 +1156,10 @@ public class ServerHttpSecurity {
 
 		/**
 		 * Sets the resolver used for resolving {@link OAuth2AuthorizationRequest}'s.
-		 *
-		 * @since 5.2
 		 * @param authorizationRequestResolver the resolver used for resolving
 		 * {@link OAuth2AuthorizationRequest}'s
 		 * @return the {@link OAuth2LoginSpec} for further configuration
+		 * @since 5.2
 		 */
 		public OAuth2LoginSpec authorizationRequestResolver(
 				ServerOAuth2AuthorizationRequestResolver authorizationRequestResolver) {
@@ -1150,11 +1170,10 @@ public class ServerHttpSecurity {
 		/**
 		 * Sets the {@link ServerWebExchangeMatcher matcher} used for determining if the
 		 * request is an authentication request.
-		 *
-		 * @since 5.2
 		 * @param authenticationMatcher the {@link ServerWebExchangeMatcher matcher} used
 		 * for determining if the request is an authentication request
 		 * @return the {@link OAuth2LoginSpec} for further configuration
+		 * @since 5.2
 		 */
 		public OAuth2LoginSpec authenticationMatcher(ServerWebExchangeMatcher authenticationMatcher) {
 			this.authenticationMatcher = authenticationMatcher;
@@ -1499,11 +1518,10 @@ public class ServerHttpSecurity {
 
 		/**
 		 * Sets the repository to use for storing {@link OAuth2AuthorizationRequest}'s.
-		 *
-		 * @since 5.2
 		 * @param authorizationRequestRepository the repository to use for storing
 		 * {@link OAuth2AuthorizationRequest}'s
 		 * @return the {@link OAuth2ClientSpec} to customize
+		 * @since 5.2
 		 */
 		public OAuth2ClientSpec authorizationRequestRepository(
 				ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
@@ -3689,8 +3707,8 @@ public class ServerHttpSecurity {
 		/**
 		 * Configures {@code Content-Security-Policy} response header.
 		 *
-		 * @see #contentSecurityPolicy(String)
 		 * @since 5.1
+		 * @see #contentSecurityPolicy(String)
 		 */
 		public class ContentSecurityPolicySpec {
 
@@ -3740,8 +3758,8 @@ public class ServerHttpSecurity {
 		/**
 		 * Configures {@code Feature-Policy} response header.
 		 *
-		 * @see #featurePolicy(String)
 		 * @since 5.1
+		 * @see #featurePolicy(String)
 		 */
 		public class FeaturePolicySpec {
 
@@ -3763,9 +3781,9 @@ public class ServerHttpSecurity {
 		/**
 		 * Configures {@code Referrer-Policy} response header.
 		 *
+		 * @since 5.1
 		 * @see #referrerPolicy()
 		 * @see #referrerPolicy(ReferrerPolicy)
-		 * @since 5.1
 		 */
 		public class ReferrerPolicySpec {
 

config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java

@@ -109,29 +109,29 @@ public class SampleWebSecurityConfigurerAdapterTests {
 	}
 
 	/**
-	 * <code>
-	 *   <http>
-	 *     <intercept-url pattern="/resources/**" access="permitAll"/>
-	 *     <intercept-url pattern="/**" access="authenticated"/>
-	 *     <logout
+	 * <pre>
+	 *   &lt;http&gt;
+	 *     &lt;intercept-url pattern="/resources/**" access="permitAll"/&gt;
+	 *     &lt;intercept-url pattern="/**" access="authenticated"/&gt;
+	 *     &lt;logout
 	 *         logout-success-url="/login?logout"
 	 *         logout-url="/logout"
-	 *     <form-login
+	 *     &lt;form-login
 	 *         authentication-failure-url="/login?error"
-	 *         login-page="/login" <!-- Except Spring Security renders the login page -->
-	 *         login-processing-url="/login" <!-- but only POST -->
+	 *         login-page="/login" &lt;!-- Except Spring Security renders the login page --&gt;
+	 *         login-processing-url="/login" &lt;!-- but only POST --&gt;
 	 *         password-parameter="password"
 	 *         username-parameter="username"
-	 *     />
-	 *   </http>
-	 *   <authentication-manager>
-	 *     <authentication-provider>
-	 *       <user-service>
-	 *         <user username="user" password="password" authorities="ROLE_USER"/>
-	 *       </user-service>
-	 *     </authentication-provider>
-	 *   </authentication-manager>
-	 * </code>
+	 *     /&gt;
+	 *   &lt;/http&gt;
+	 *   &lt;authentication-manager&gt;
+	 *     &lt;authentication-provider&gt;
+	 *       &lt;user-service&gt;
+	 *         &lt;user username="user" password="password" authorities="ROLE_USER"/&gt;
+	 *       &lt;/user-service&gt;
+	 *     &lt;/authentication-provider&gt;
+	 *   &lt;/authentication-manager&gt;
+	 * </pre>
 	 *
 	 * @author Rob Winch
 	 */
@@ -183,35 +183,35 @@ public class SampleWebSecurityConfigurerAdapterTests {
 	}
 
 	/**
-	 * <code>
-	 *   <http security="none" pattern="/resources/**"/>
-	 *   <http>
-	 *     <intercept-url pattern="/logout" access="permitAll"/>
-	 *     <intercept-url pattern="/login" access="permitAll"/>
-	 *     <intercept-url pattern="/signup" access="permitAll"/>
-	 *     <intercept-url pattern="/about" access="permitAll"/>
-	 *     <intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
-	 *     <logout
+	 * <pre>
+	 *   &lt;http security="none" pattern="/resources/**"/&gt;
+	 *   &lt;http&gt;
+	 *     &lt;intercept-url pattern="/logout" access="permitAll"/&gt;
+	 *     &lt;intercept-url pattern="/login" access="permitAll"/&gt;
+	 *     &lt;intercept-url pattern="/signup" access="permitAll"/&gt;
+	 *     &lt;intercept-url pattern="/about" access="permitAll"/&gt;
+	 *     &lt;intercept-url pattern="/**" access="hasRole('ROLE_USER')"/&gt;
+	 *     &lt;logout
 	 *         logout-success-url="/login?logout"
 	 *         logout-url="/logout"
-	 *     <form-login
+	 *     &lt;form-login
 	 *         authentication-failure-url="/login?error"
 	 *         login-page="/login"
-	 *         login-processing-url="/login" <!-- but only POST -->
+	 *         login-processing-url="/login" &lt;!-- but only POST --&gt;
 	 *         password-parameter="password"
 	 *         username-parameter="username"
-	 *     />
-	 *   </http>
-	 *   <authentication-manager>
-	 *     <authentication-provider>
-	 *       <user-service>
-	 *         <user username="user" password="password" authorities="ROLE_USER"/>
-	 *         <user username="admin" password="password" authorities=
-	"ROLE_USER,ROLE_ADMIN"/>
-	 *       </user-service>
-	 *     </authentication-provider>
-	 *   </authentication-manager>
-	 * </code>
+	 *     /&gt;
+	 *   &lt;/http&gt;
+	 *   &lt;authentication-manager&gt;
+	 *     &lt;authentication-provider&gt;
+	 *       &lt;user-service&gt;
+	 *         &lt;user username="user" password="password" authorities="ROLE_USER"/&gt;
+	 *         &lt;user username="admin" password="password" authorities=
+	"ROLE_USER,ROLE_ADMIN"/&gt;
+	 *       &lt;/user-service&gt;
+	 *     &lt;/authentication-provider&gt;
+	 *   &lt;/authentication-manager&gt;
+	 * </pre>
 	 *
 	 * @author Rob Winch
 	 */
@@ -319,38 +319,38 @@ public class SampleWebSecurityConfigurerAdapterTests {
 
 	/**
 	 * <code>
-	 *   <http security="none" pattern="/resources/**"/>
-	 *   <http pattern="/api/**">
-	 *     <intercept-url pattern="/api/admin/**" access="hasRole('ROLE_ADMIN')"/>
-	 *     <intercept-url pattern="/api/**" access="hasRole('ROLE_USER')"/>
-	 *     <http-basic />
-	 *   </http>
-	 *   <http>
-	 *     <intercept-url pattern="/logout" access="permitAll"/>
-	 *     <intercept-url pattern="/login" access="permitAll"/>
-	 *     <intercept-url pattern="/signup" access="permitAll"/>
-	 *     <intercept-url pattern="/about" access="permitAll"/>
-	 *     <intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
-	 *     <logout
+	 *   &lt;http security="none" pattern="/resources/**"/&gt;
+	 *   &lt;http pattern="/api/**"&gt;
+	 *     &lt;intercept-url pattern="/api/admin/**" access="hasRole('ROLE_ADMIN')"/&gt;
+	 *     &lt;intercept-url pattern="/api/**" access="hasRole('ROLE_USER')"/&gt;
+	 *     &lt;http-basic /&gt;
+	 *   &lt;/http&gt;
+	 *   &lt;http&gt;
+	 *     &lt;intercept-url pattern="/logout" access="permitAll"/&gt;
+	 *     &lt;intercept-url pattern="/login" access="permitAll"/&gt;
+	 *     &lt;intercept-url pattern="/signup" access="permitAll"/&gt;
+	 *     &lt;intercept-url pattern="/about" access="permitAll"/&gt;
+	 *     &lt;intercept-url pattern="/**" access="hasRole('ROLE_USER')"/&gt;
+	 *     &lt;logout
 	 *         logout-success-url="/login?logout"
 	 *         logout-url="/logout"
-	 *     <form-login
+	 *     &lt;form-login
 	 *         authentication-failure-url="/login?error"
 	 *         login-page="/login"
-	 *         login-processing-url="/login" <!-- but only POST -->
+	 *         login-processing-url="/login" &lt;!-- but only POST --&gt;
 	 *         password-parameter="password"
 	 *         username-parameter="username"
-	 *     />
-	 *   </http>
-	 *   <authentication-manager>
-	 *     <authentication-provider>
-	 *       <user-service>
-	 *         <user username="user" password="password" authorities="ROLE_USER"/>
-	 *         <user username="admin" password="password" authorities=
-	"ROLE_USER,ROLE_ADMIN"/>
-	 *       </user-service>
-	 *     </authentication-provider>
-	 *   </authentication-manager>
+	 *     /&gt;
+	 *   &lt;/http&gt;
+	 *   &lt;authentication-manager&gt;
+	 *     &lt;authentication-provider&gt;
+	 *       &lt;user-service&gt;
+	 *         &lt;user username="user" password="password" authorities="ROLE_USER"/&gt;
+	 *         &lt;user username="admin" password="password" authorities=
+	"ROLE_USER,ROLE_ADMIN"/&gt;
+	 *       &lt;/user-service&gt;
+	 *     &lt;/authentication-provider&gt;
+	 *   &lt;/authentication-manager&gt;
 	 * </code>
 	 *
 	 * @author Rob Winch

config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java

@@ -63,8 +63,8 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
 
 /**
- * Tests to verify that all the functionality of <http> attributes are present in Java
- * Config.
+ * Tests to verify that all the functionality of &lt;http&gt; attributes are present in
+ * Java Config.
  *
  * @author Rob Winch
  * @author Joe Grandja

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.java

@@ -39,7 +39,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- * Tests to verify that all the functionality of <anonymous> attributes is present
+ * Tests to verify that all the functionality of &lt;anonymous&gt; attributes is present
  *
  * @author Rob Winch
  * @author Josh Cummings

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java

@@ -45,7 +45,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- * Tests to verify that all the functionality of <http-basic> attributes is present
+ * Tests to verify that all the functionality of &lt;http-basic&gt; attributes is present
  *
  * @author Rob Winch
  * @author Josh Cummings

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java

@@ -46,7 +46,8 @@ import org.springframework.web.filter.OncePerRequestFilter;
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
- * Tests to verify that all the functionality of <custom-filter> attributes is present
+ * Tests to verify that all the functionality of &lt;custom-filter&gt; attributes is
+ * present
  *
  * @author Rob Winch
  * @author Josh Cummings

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.java

@@ -45,7 +45,7 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
 
 /**
- * Tests to verify that all the functionality of <expression-handler> attributes is
+ * Tests to verify that all the functionality of &lt;expression-handler&gt; attributes is
  * present
  *
  * @author Rob Winch

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFirewallTests.java

@@ -36,7 +36,8 @@ import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 
 /**
- * Tests to verify that all the functionality of <http-firewall> attributes is present
+ * Tests to verify that all the functionality of &lt;http-firewall&gt; attributes is
+ * present
  *
  * @author Rob Winch
  * @author Josh Cummings

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java

@@ -45,7 +45,7 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
 
 /**
- * Tests to verify that all the functionality of <form-login> attributes is present
+ * Tests to verify that all the functionality of &lt;form-login&gt; attributes is present
  *
  * @author Rob Winch
  * @author Josh Cummings

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java

@@ -40,7 +40,7 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
 
 /**
- * Tests to verify that all the functionality of <headers> attributes is present
+ * Tests to verify that all the functionality of &lt;headers&gt; attributes is present
  *
  * @author Rob Winch
  * @author Josh Cummings

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java

@@ -41,7 +41,8 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- * Tests to verify that all the functionality of <intercept-url> attributes is present
+ * Tests to verify that all the functionality of &lt;intercept-url&gt; attributes is
+ * present
  *
  * @author Rob Winch
  * @author Josh Cummings

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java

@@ -44,7 +44,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- * Tests to verify that all the functionality of <jee> attributes is present
+ * Tests to verify that all the functionality of &lt;jee&gt; attributes is present
  *
  * @author Rob Winch
  * @author Josh Cummings

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java

@@ -48,7 +48,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- * Tests to verify that all the functionality of <logout> attributes is present
+ * Tests to verify that all the functionality of &lt;logout&gt; attributes is present
  *
  * @author Rob Winch
  * @author Josh Cummings

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java

@@ -70,7 +70,8 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- * Tests to verify that all the functionality of <openid-login> attributes is present
+ * Tests to verify that all the functionality of &lt;openid-login&gt; attributes is
+ * present
  *
  * @author Rob Winch
  * @author Josh Cummings

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java

@@ -30,7 +30,8 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
 
 /**
- * Tests to verify that all the functionality of <port-mappings> attributes is present
+ * Tests to verify that all the functionality of &lt;port-mappings&gt; attributes is
+ * present
  *
  * @author Rob Winch
  * @author Josh Cummings

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java

@@ -42,7 +42,8 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- * Tests to verify that all the functionality of <request-cache> attributes is present
+ * Tests to verify that all the functionality of &lt;request-cache&gt; attributes is
+ * present
  *
  * @author Rob Winch
  * @author Josh Cummings

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java

@@ -43,8 +43,8 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- * Tests to verify that all the functionality of <access-denied-handler> attributes is
- * present
+ * Tests to verify that all the functionality of &lt;access-denied-handler&gt; attributes
+ * is present
  *
  * @author Rob Winch
  * @author Josh Cummings

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java

@@ -51,8 +51,8 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
 
 /**
- * Tests to verify that all the functionality of <x509> attributes is present in Java
- * config
+ * Tests to verify that all the functionality of &lt;x509&gt; attributes is present in
+ * Java config
  *
  * @author Rob Winch
  * @author Josh Cummings

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java

@@ -63,7 +63,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
- * Tests to verify that all the functionality of <anonymous> attributes is present
+ * Tests to verify that all the functionality of &lt;anonymous&gt; attributes is present
  *
  * @author Rob Winch
  * @author Josh Cummings

core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java

@@ -17,7 +17,9 @@ package org.springframework.security.access.prepost;
 
 import java.lang.annotation.Annotation;
 import java.lang.reflect.Method;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
 
 import org.springframework.core.annotation.AnnotationUtils;
 import org.springframework.security.access.ConfigAttribute;
@@ -41,9 +43,9 @@ import org.springframework.util.ClassUtils;
  * combine annotations defined in multiple locations for a single method - they may be
  * defined on the method itself, or at interface or class level.
  *
- * @see PreInvocationAuthorizationAdviceVoter
  * @author Luke Taylor
  * @since 3.0
+ * @see PreInvocationAuthorizationAdviceVoter
  */
 public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecurityMetadataSource {
 
@@ -53,12 +55,13 @@ public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecur
 		this.attributeFactory = attributeFactory;
 	}
 
+	@Override
 	public Collection<ConfigAttribute> getAttributes(Method method, Class<?> targetClass) {
 		if (method.getDeclaringClass() == Object.class) {
 			return Collections.emptyList();
 		}
 
-		logger.trace("Looking for Pre/Post annotations for method '" + method.getName() + "' on target class '"
+		this.logger.trace("Looking for Pre/Post annotations for method '" + method.getName() + "' on target class '"
 				+ targetClass + "'");
 		PreFilter preFilter = findAnnotation(method, targetClass, PreFilter.class);
 		PreAuthorize preAuthorize = findAnnotation(method, targetClass, PreAuthorize.class);
@@ -68,7 +71,7 @@ public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecur
 
 		if (preFilter == null && preAuthorize == null && postFilter == null && postAuthorize == null) {
 			// There is no meta-data so return
-			logger.trace("No expression annotations found");
+			this.logger.trace("No expression annotations found");
 			return Collections.emptyList();
 		}
 
@@ -80,14 +83,14 @@ public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecur
 
 		ArrayList<ConfigAttribute> attrs = new ArrayList<>(2);
 
-		PreInvocationAttribute pre = attributeFactory.createPreInvocationAttribute(preFilterAttribute, filterObject,
-				preAuthorizeAttribute);
+		PreInvocationAttribute pre = this.attributeFactory.createPreInvocationAttribute(preFilterAttribute,
+				filterObject, preAuthorizeAttribute);
 
 		if (pre != null) {
 			attrs.add(pre);
 		}
 
-		PostInvocationAttribute post = attributeFactory.createPostInvocationAttribute(postFilterAttribute,
+		PostInvocationAttribute post = this.attributeFactory.createPostInvocationAttribute(postFilterAttribute,
 				postAuthorizeAttribute);
 
 		if (post != null) {
@@ -99,6 +102,7 @@ public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecur
 		return attrs;
 	}
 
+	@Override
 	public Collection<ConfigAttribute> getAllConfigAttributes() {
 		return null;
 	}
@@ -117,7 +121,7 @@ public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecur
 		A annotation = AnnotationUtils.findAnnotation(specificMethod, annotationClass);
 
 		if (annotation != null) {
-			logger.debug(annotation + " found on specific method: " + specificMethod);
+			this.logger.debug(annotation + " found on specific method: " + specificMethod);
 			return annotation;
 		}
 
@@ -126,7 +130,7 @@ public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecur
 			annotation = AnnotationUtils.findAnnotation(method, annotationClass);
 
 			if (annotation != null) {
-				logger.debug(annotation + " found on: " + method);
+				this.logger.debug(annotation + " found on: " + method);
 				return annotation;
 			}
 		}
@@ -136,7 +140,7 @@ public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecur
 		annotation = AnnotationUtils.findAnnotation(specificMethod.getDeclaringClass(), annotationClass);
 
 		if (annotation != null) {
-			logger.debug(annotation + " found on: " + specificMethod.getDeclaringClass().getName());
+			this.logger.debug(annotation + " found on: " + specificMethod.getDeclaringClass().getName());
 			return annotation;
 		}
 

core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java

@@ -260,10 +260,9 @@ public class JaasAuthenticationProvider extends AbstractJaasAuthenticationProvid
 	/**
 	 * If set, a call to {@code Configuration#refresh()} will be made by
 	 * {@code #configureJaas(Resource) } method. Defaults to {@code true}.
-	 *
-	 * @see <a href="https://jira.springsource.org/browse/SEC-1320">SEC-1320</a>
 	 * @param refresh set to {@code false} to disable reloading of the configuration. May
 	 * be useful in some environments.
+	 * @see <a href="https://jira.springsource.org/browse/SEC-1320">SEC-1320</a>
 	 */
 	public void setRefreshConfigurationOnStartup(boolean refresh) {
 		this.refreshConfigurationOnStartup = refresh;

core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java

@@ -16,19 +16,19 @@
 
 package org.springframework.security.authorization;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.authentication.AuthenticationTrustResolver;
 import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
 import org.springframework.security.core.Authentication;
-import reactor.core.publisher.Mono;
 
 /**
  * A {@link ReactiveAuthorizationManager} that determines if the current user is
  * authenticated.
  *
- * @author Rob Winch
- * @since 5.0
  * @param <T> The type of object authorization is being performed against. This does not
- * matter since the authorization decision does not use the object.
+ * @author Rob Winch
+ * @since 5.0 matter since the authorization decision does not use the object.
  */
 public class AuthenticatedReactiveAuthorizationManager<T> implements ReactiveAuthorizationManager<T> {
 
@@ -47,7 +47,7 @@ public class AuthenticatedReactiveAuthorizationManager<T> implements ReactiveAut
 	 * @return <code>true</code> if not anonymous, otherwise <code>false</code>.
 	 */
 	private boolean isNotAnonymous(Authentication authentication) {
-		return !authTrustResolver.isAnonymous(authentication);
+		return !this.authTrustResolver.isAnonymous(authentication);
 	}
 
 	/**

core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java

@@ -16,20 +16,21 @@
 
 package org.springframework.security.authorization;
 
-import org.springframework.security.core.Authentication;
-import org.springframework.util.Assert;
-import reactor.core.publisher.Mono;
-
 import java.util.Arrays;
 import java.util.List;
 
+import reactor.core.publisher.Mono;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.util.Assert;
+
 /**
  * A {@link ReactiveAuthorizationManager} that determines if the current user is
  * authorized by evaluating if the {@link Authentication} contains a specified authority.
  *
+ * @param <T> the type of object being authorized
  * @author Rob Winch
  * @since 5.0
- * @param <T> the type of object being authorized
  */
 public class AuthorityReactiveAuthorizationManager<T> implements ReactiveAuthorizationManager<T> {
 

core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java

@@ -15,18 +15,18 @@
  */
 package org.springframework.security.authorization;
 
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.core.Authentication;
 
-import reactor.core.publisher.Mono;
-
 /**
  * A reactive authorization manager which can determine if an {@link Authentication} has
  * access to a specific object.
  *
+ * @param <T> the type of object that the authorization check is being done one.
  * @author Rob Winch
  * @since 5.0
- * @param <T> the type of object that the authorization check is being done one.
  */
 public interface ReactiveAuthorizationManager<T> {
 

core/src/main/java/org/springframework/security/core/ComparableVersion.java

@@ -78,11 +78,11 @@ import java.util.Stack;
  * </ul>
  * </p>
  *
+ * @author Kenney Westerhof
+ * @author Hervé Boutemy
  * @see <a href=
  * "https://cwiki.apache.org/confluence/display/MAVENOLD/Versioning">"Versioning" on Maven
  * Wiki</a>
- * @author <a href="mailto:kenney@apache.org">Kenney Westerhof</a>
- * @author <a href="mailto:hboutemy@apache.org">Hervé Boutemy</a>
  */
 class ComparableVersion implements Comparable<ComparableVersion> {
 
@@ -134,18 +134,18 @@ class ComparableVersion implements Comparable<ComparableVersion> {
 
 		@Override
 		public boolean isNull() {
-			return BigInteger_ZERO.equals(value);
+			return BigInteger_ZERO.equals(this.value);
 		}
 
 		@Override
 		public int compareTo(Item item) {
 			if (item == null) {
-				return BigInteger_ZERO.equals(value) ? 0 : 1; // 1.0 == 1, 1.1 > 1
+				return BigInteger_ZERO.equals(this.value) ? 0 : 1; // 1.0 == 1, 1.1 > 1
 			}
 
 			switch (item.getType()) {
 			case INTEGER_ITEM:
-				return value.compareTo(((IntegerItem) item).value);
+				return this.value.compareTo(((IntegerItem) item).value);
 
 			case STRING_ITEM:
 				return 1; // 1.1 > 1-sp
@@ -160,7 +160,7 @@ class ComparableVersion implements Comparable<ComparableVersion> {
 
 		@Override
 		public String toString() {
-			return value.toString();
+			return this.value.toString();
 		}
 
 	}
@@ -215,7 +215,7 @@ class ComparableVersion implements Comparable<ComparableVersion> {
 
 		@Override
 		public boolean isNull() {
-			return (comparableQualifier(value).compareTo(RELEASE_VERSION_INDEX) == 0);
+			return (comparableQualifier(this.value).compareTo(RELEASE_VERSION_INDEX) == 0);
 		}
 
 		/**
@@ -241,14 +241,14 @@ class ComparableVersion implements Comparable<ComparableVersion> {
 		public int compareTo(Item item) {
 			if (item == null) {
 				// 1-rc < 1, 1-ga > 1
-				return comparableQualifier(value).compareTo(RELEASE_VERSION_INDEX);
+				return comparableQualifier(this.value).compareTo(RELEASE_VERSION_INDEX);
 			}
 			switch (item.getType()) {
 			case INTEGER_ITEM:
 				return -1; // 1.any < 1.1 ?
 
 			case STRING_ITEM:
-				return comparableQualifier(value).compareTo(comparableQualifier(((StringItem) item).value));
+				return comparableQualifier(this.value).compareTo(comparableQualifier(((StringItem) item).value));
 
 			case LIST_ITEM:
 				return -1; // 1.any < 1-1
@@ -260,7 +260,7 @@ class ComparableVersion implements Comparable<ComparableVersion> {
 
 		@Override
 		public String toString() {
-			return value;
+			return this.value;
 		}
 
 	}
@@ -354,11 +354,11 @@ class ComparableVersion implements Comparable<ComparableVersion> {
 	public final void parseVersion(String version) {
 		this.value = version;
 
-		items = new ListItem();
+		this.items = new ListItem();
 
 		version = version.toLowerCase(Locale.ENGLISH);
 
-		ListItem list = items;
+		ListItem list = this.items;
 
 		Stack<Item> stack = new Stack<>();
 		stack.push(list);
@@ -428,7 +428,7 @@ class ComparableVersion implements Comparable<ComparableVersion> {
 			list.normalize();
 		}
 
-		canonical = items.toString();
+		this.canonical = this.items.toString();
 	}
 
 	private static Item parseItem(boolean isDigit, String buf) {
@@ -437,22 +437,22 @@ class ComparableVersion implements Comparable<ComparableVersion> {
 
 	@Override
 	public int compareTo(ComparableVersion o) {
-		return items.compareTo(o.items);
+		return this.items.compareTo(o.items);
 	}
 
 	@Override
 	public String toString() {
-		return value;
+		return this.value;
 	}
 
 	@Override
 	public boolean equals(Object o) {
-		return (o instanceof ComparableVersion) && canonical.equals(((ComparableVersion) o).canonical);
+		return (o instanceof ComparableVersion) && this.canonical.equals(((ComparableVersion) o).canonical);
 	}
 
 	@Override
 	public int hashCode() {
-		return canonical.hashCode();
+		return this.canonical.hashCode();
 	}
 
 }

core/src/main/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscoverer.java

@@ -81,9 +81,9 @@ import org.springframework.util.ReflectionUtils;
  * {@link PrioritizedParameterNameDiscoverer} are an all or nothing operation.
  * </p>
  *
- * @see DefaultSecurityParameterNameDiscoverer
  * @author Rob Winch
  * @since 3.2
+ * @see DefaultSecurityParameterNameDiscoverer
  */
 public class AnnotationParameterNameDiscoverer implements ParameterNameDiscoverer {
 
@@ -104,6 +104,7 @@ public class AnnotationParameterNameDiscoverer implements ParameterNameDiscovere
 	 * @see org.springframework.core.ParameterNameDiscoverer#getParameterNames(java
 	 * .lang.reflect.Method)
 	 */
+	@Override
 	public String[] getParameterNames(Method method) {
 		Method originalMethod = BridgeMethodResolver.findBridgedMethod(method);
 		String[] paramNames = lookupParameterNames(METHOD_METHODPARAM_FACTORY, originalMethod);
@@ -127,6 +128,7 @@ public class AnnotationParameterNameDiscoverer implements ParameterNameDiscovere
 	 * @see org.springframework.core.ParameterNameDiscoverer#getParameterNames(java
 	 * .lang.reflect.Constructor)
 	 */
+	@Override
 	public String[] getParameterNames(Constructor<?> constructor) {
 		return lookupParameterNames(CONSTRUCTOR_METHODPARAM_FACTORY, constructor);
 	}
@@ -164,7 +166,7 @@ public class AnnotationParameterNameDiscoverer implements ParameterNameDiscovere
 	 */
 	private String findParameterName(Annotation[] parameterAnnotations) {
 		for (Annotation paramAnnotation : parameterAnnotations) {
-			if (annotationClassesToUse.contains(paramAnnotation.annotationType().getName())) {
+			if (this.annotationClassesToUse.contains(paramAnnotation.annotationType().getName())) {
 				return (String) AnnotationUtils.getValue(paramAnnotation, "value");
 			}
 		}
@@ -180,9 +182,9 @@ public class AnnotationParameterNameDiscoverer implements ParameterNameDiscovere
 	/**
 	 * Strategy interface for looking up the parameter names.
 	 *
+	 * @param <T> the type to inspect (i.e. {@link Method} or {@link Constructor})
 	 * @author Rob Winch
 	 * @since 3.2
-	 * @param <T> the type to inspect (i.e. {@link Method} or {@link Constructor})
 	 */
 	private interface ParameterNameFactory<T extends AccessibleObject> {
 

core/src/main/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscoverer.java

@@ -22,6 +22,7 @@ import java.util.Set;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.core.DefaultParameterNameDiscoverer;
 import org.springframework.core.LocalVariableTableParameterNameDiscoverer;
 import org.springframework.core.ParameterNameDiscoverer;
@@ -44,9 +45,9 @@ import org.springframework.util.ClassUtils;
  * {@link LocalVariableTableParameterNameDiscoverer} is added directly.</li>
  * </ul>
  *
- * @see AnnotationParameterNameDiscoverer
  * @author Rob Winch
  * @since 3.2
+ * @see AnnotationParameterNameDiscoverer
  */
 public class DefaultSecurityParameterNameDiscoverer extends PrioritizedParameterNameDiscoverer {
 

core/src/main/java/org/springframework/security/core/session/SessionRegistryImpl.java

@@ -16,16 +16,22 @@
 
 package org.springframework.security.core.session;
 
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
+import java.util.concurrent.CopyOnWriteArraySet;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.springframework.context.ApplicationListener;
 import org.springframework.util.Assert;
 
-import java.util.*;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.ConcurrentMap;
-import java.util.concurrent.CopyOnWriteArraySet;
-
 /**
  * Default implementation of
  * {@link org.springframework.security.core.session.SessionRegistry SessionRegistry} which
@@ -44,10 +50,10 @@ public class SessionRegistryImpl implements SessionRegistry, ApplicationListener
 
 	protected final Log logger = LogFactory.getLog(SessionRegistryImpl.class);
 
-	/** <principal:Object,SessionIdSet> */
+	// <principal:Object,SessionIdSet>
 	private final ConcurrentMap<Object, Set<String>> principals;
 
-	/** <sessionId:Object,SessionInformation> */
+	// <sessionId:Object,SessionInformation>
 	private final Map<String, SessionInformation> sessionIds;
 
 	public SessionRegistryImpl() {
@@ -61,12 +67,14 @@ public class SessionRegistryImpl implements SessionRegistry, ApplicationListener
 		this.sessionIds = sessionIds;
 	}
 
+	@Override
 	public List<Object> getAllPrincipals() {
-		return new ArrayList<>(principals.keySet());
+		return new ArrayList<>(this.principals.keySet());
 	}
 
+	@Override
 	public List<SessionInformation> getAllSessions(Object principal, boolean includeExpiredSessions) {
-		final Set<String> sessionsUsedByPrincipal = principals.get(principal);
+		final Set<String> sessionsUsedByPrincipal = this.principals.get(principal);
 
 		if (sessionsUsedByPrincipal == null) {
 			return Collections.emptyList();
@@ -89,12 +97,14 @@ public class SessionRegistryImpl implements SessionRegistry, ApplicationListener
 		return list;
 	}
 
+	@Override
 	public SessionInformation getSessionInformation(String sessionId) {
 		Assert.hasText(sessionId, "SessionId required as per interface contract");
 
-		return sessionIds.get(sessionId);
+		return this.sessionIds.get(sessionId);
 	}
 
+	@Override
 	public void onApplicationEvent(AbstractSessionEvent event) {
 		if (event instanceof SessionDestroyedEvent) {
 			SessionDestroyedEvent sessionDestroyedEvent = (SessionDestroyedEvent) event;
@@ -104,12 +114,13 @@ public class SessionRegistryImpl implements SessionRegistry, ApplicationListener
 		else if (event instanceof SessionIdChangedEvent) {
 			SessionIdChangedEvent sessionIdChangedEvent = (SessionIdChangedEvent) event;
 			String oldSessionId = sessionIdChangedEvent.getOldSessionId();
-			Object principal = sessionIds.get(oldSessionId).getPrincipal();
+			Object principal = this.sessionIds.get(oldSessionId).getPrincipal();
 			removeSessionInformation(oldSessionId);
 			registerNewSession(sessionIdChangedEvent.getNewSessionId(), principal);
 		}
 	}
 
+	@Override
 	public void refreshLastRequest(String sessionId) {
 		Assert.hasText(sessionId, "SessionId required as per interface contract");
 
@@ -120,6 +131,7 @@ public class SessionRegistryImpl implements SessionRegistry, ApplicationListener
 		}
 	}
 
+	@Override
 	public void registerNewSession(String sessionId, Object principal) {
 		Assert.hasText(sessionId, "SessionId required as per interface contract");
 		Assert.notNull(principal, "Principal required as per interface contract");
@@ -128,25 +140,26 @@ public class SessionRegistryImpl implements SessionRegistry, ApplicationListener
 			removeSessionInformation(sessionId);
 		}
 
-		if (logger.isDebugEnabled()) {
-			logger.debug("Registering session " + sessionId + ", for principal " + principal);
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("Registering session " + sessionId + ", for principal " + principal);
 		}
 
-		sessionIds.put(sessionId, new SessionInformation(principal, sessionId, new Date()));
+		this.sessionIds.put(sessionId, new SessionInformation(principal, sessionId, new Date()));
 
-		principals.compute(principal, (key, sessionsUsedByPrincipal) -> {
+		this.principals.compute(principal, (key, sessionsUsedByPrincipal) -> {
 			if (sessionsUsedByPrincipal == null) {
 				sessionsUsedByPrincipal = new CopyOnWriteArraySet<>();
 			}
 			sessionsUsedByPrincipal.add(sessionId);
 
-			if (logger.isTraceEnabled()) {
-				logger.trace("Sessions used by '" + principal + "' : " + sessionsUsedByPrincipal);
+			if (this.logger.isTraceEnabled()) {
+				this.logger.trace("Sessions used by '" + principal + "' : " + sessionsUsedByPrincipal);
 			}
 			return sessionsUsedByPrincipal;
 		});
 	}
 
+	@Override
 	public void removeSessionInformation(String sessionId) {
 		Assert.hasText(sessionId, "SessionId required as per interface contract");
 
@@ -156,29 +169,29 @@ public class SessionRegistryImpl implements SessionRegistry, ApplicationListener
 			return;
 		}
 
-		if (logger.isTraceEnabled()) {
-			logger.debug("Removing session " + sessionId + " from set of registered sessions");
+		if (this.logger.isTraceEnabled()) {
+			this.logger.debug("Removing session " + sessionId + " from set of registered sessions");
 		}
 
-		sessionIds.remove(sessionId);
+		this.sessionIds.remove(sessionId);
 
-		principals.computeIfPresent(info.getPrincipal(), (key, sessionsUsedByPrincipal) -> {
-			if (logger.isDebugEnabled()) {
-				logger.debug("Removing session " + sessionId + " from principal's set of registered sessions");
+		this.principals.computeIfPresent(info.getPrincipal(), (key, sessionsUsedByPrincipal) -> {
+			if (this.logger.isDebugEnabled()) {
+				this.logger.debug("Removing session " + sessionId + " from principal's set of registered sessions");
 			}
 
 			sessionsUsedByPrincipal.remove(sessionId);
 
 			if (sessionsUsedByPrincipal.isEmpty()) {
 				// No need to keep object in principals Map anymore
-				if (logger.isDebugEnabled()) {
-					logger.debug("Removing principal " + info.getPrincipal() + " from registry");
+				if (this.logger.isDebugEnabled()) {
+					this.logger.debug("Removing principal " + info.getPrincipal() + " from registry");
 				}
 				sessionsUsedByPrincipal = null;
 			}
 
-			if (logger.isTraceEnabled()) {
-				logger.trace("Sessions used by '" + info.getPrincipal() + "' : " + sessionsUsedByPrincipal);
+			if (this.logger.isTraceEnabled()) {
+				this.logger.trace("Sessions used by '" + info.getPrincipal() + "' : " + sessionsUsedByPrincipal);
 			}
 			return sessionsUsedByPrincipal;
 		});

core/src/main/java/org/springframework/security/core/userdetails/UserCache.java

@@ -32,8 +32,8 @@ package org.springframework.security.core.userdetails;
  * configure a cache to store the <tt>UserDetails</tt> information rather than loading it
  * each time.
  *
- * @see org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
  * @author Ben Alex
+ * @see org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
  */
 public interface UserCache {
 

core/src/main/java/org/springframework/security/core/userdetails/UserDetails.java

@@ -16,12 +16,12 @@
 
 package org.springframework.security.core.userdetails;
 
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-
 import java.io.Serializable;
 import java.util.Collection;
 
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+
 /**
  * Provides core user information.
  *
@@ -36,9 +36,9 @@ import java.util.Collection;
  * {@link org.springframework.security.core.userdetails.User} for a reference
  * implementation (which you might like to extend or use in your code).
  *
+ * @author Ben Alex
  * @see UserDetailsService
  * @see UserCache
- * @author Ben Alex
  */
 public interface UserDetails extends Serializable {
 

core/src/main/java/org/springframework/security/core/userdetails/UserDetailsService.java

@@ -27,9 +27,9 @@ package org.springframework.security.core.userdetails;
  * The interface requires only one read-only method, which simplifies support for new
  * data-access strategies.
  *
+ * @author Ben Alex
  * @see org.springframework.security.authentication.dao.DaoAuthenticationProvider
  * @see UserDetails
- * @author Ben Alex
  */
 public interface UserDetailsService {
 

core/src/main/java/org/springframework/security/jackson2/UnmodifiableListDeserializer.java

@@ -16,6 +16,11 @@
 
 package org.springframework.security.jackson2;
 
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.DeserializationContext;
@@ -24,17 +29,12 @@ import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.node.ArrayNode;
 
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
 /**
  * Custom deserializer for {@link UnmodifiableListDeserializer}.
  *
  * @author Rob Winch
- * @see UnmodifiableListMixin
  * @since 5.0.2
+ * @see UnmodifiableListMixin
  */
 class UnmodifiableListDeserializer extends JsonDeserializer<List> {
 

core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetDeserializer.java

@@ -16,6 +16,11 @@
 
 package org.springframework.security.jackson2;
 
+import java.io.IOException;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.DeserializationContext;
@@ -24,17 +29,12 @@ import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.node.ArrayNode;
 
-import java.io.IOException;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
-
 /**
  * Custom deserializer for {@link UnmodifiableSetMixin}.
  *
  * @author Jitendra Singh
- * @see UnmodifiableSetMixin
  * @since 4.2
+ * @see UnmodifiableSetMixin
  */
 class UnmodifiableSetDeserializer extends JsonDeserializer<Set> {
 

core/src/main/java/org/springframework/security/jackson2/UserDeserializer.java

@@ -16,6 +16,9 @@
 
 package org.springframework.security.jackson2;
 
+import java.io.IOException;
+import java.util.Set;
+
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.core.type.TypeReference;
@@ -24,20 +27,18 @@ import com.fasterxml.jackson.databind.JsonDeserializer;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.node.MissingNode;
+
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 
-import java.io.IOException;
-import java.util.Set;
-
 /**
  * Custom Deserializer for {@link User} class. This is already registered with
  * {@link UserMixin}. You can also use it directly with your mixin class.
  *
  * @author Jitendra Singh
- * @see UserMixin
  * @since 4.2
+ * @see UserMixin
  */
 class UserDeserializer extends JsonDeserializer<User> {
 

core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java

@@ -43,8 +43,8 @@ import org.springframework.security.core.GrantedAuthority;
  * @author Jitendra Singh
  * @author Greg Turnquist
  * @author Onur Kagan Ozcan
- * @see UsernamePasswordAuthenticationTokenMixin
  * @since 4.2
+ * @see UsernamePasswordAuthenticationTokenMixin
  */
 class UsernamePasswordAuthenticationTokenDeserializer extends JsonDeserializer<UsernamePasswordAuthenticationToken> {
 

core/src/test/java/org/springframework/security/access/annotation/sec2150/MethodInvocationFactory.java

@@ -23,7 +23,7 @@ public class MethodInvocationFactory {
 	/**
 	 * In order to reproduce the bug for SEC-2150, we must have a proxy object that
 	 * implements TargetSourceAware and implements our annotated interface.
-	 * @return
+	 * @return the mock method invocation
 	 * @throws NoSuchMethodException
 	 */
 	public static MockMethodInvocation createSec2150MethodInvocation() throws NoSuchMethodException {

crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java

@@ -368,11 +368,11 @@ public final class Base64 {
 	 * @param len Length of data to convert
 	 * @param options Specified options
 	 * @return The Base64-encoded data as a String
-	 * @see Base64#DO_BREAK_LINES
 	 * @throws java.io.IOException if there is an error
 	 * @throws NullPointerException if source array is null
 	 * @throws IllegalArgumentException if source array, offset, or length are invalid
 	 * @since 2.3.1
+	 * @see Base64#DO_BREAK_LINES
 	 */
 	private static byte[] encodeBytesToBytes(byte[] source, int off, int len, int options) {
 
@@ -603,8 +603,8 @@ public final class Base64 {
 			}
 			else {
 				// There's a bad input character in the Base64 stream.
-				throw new InvalidBase64CharacterException(String.format(
-						"Bad Base64 input character decimal %d in array position %d", ((int) source[i]) & 0xFF, i));
+				throw new InvalidBase64CharacterException(String
+						.format("Bad Base64 input character decimal %d in array position %d", (source[i]) & 0xFF, i));
 			}
 		}
 

crypto/src/main/java/org/springframework/security/crypto/encrypt/Encryptors.java

@@ -59,8 +59,7 @@ public class Encryptors {
 	 * @param salt a hex-encoded, random, site-global salt value to use to generate the
 	 * key
 	 *
-	 * @see #stronger(CharSequence, CharSequence), which uses the significatly more secure
-	 * GCM (instead of CBC)
+	 * @see #stronger(CharSequence, CharSequence)
 	 */
 	public static BytesEncryptor standard(CharSequence password, CharSequence salt) {
 		return new AesBytesEncryptor(password.toString(), salt, KeyGenerators.secureRandom(16));

crypto/src/main/java/org/springframework/security/crypto/password/DelegatingPasswordEncoder.java

@@ -31,7 +31,7 @@ import java.util.Map;
  *
  * <pre>
  * String idForEncode = "bcrypt";
- * Map<String,PasswordEncoder> encoders = new HashMap<>();
+ * Map&lt;String,PasswordEncoder&gt; encoders = new HashMap<>();
  * encoders.put(idForEncode, new BCryptPasswordEncoder());
  * encoders.put("noop", NoOpPasswordEncoder.getInstance());
  * encoders.put("pbkdf2", new Pbkdf2PasswordEncoder());
@@ -114,10 +114,10 @@ import java.util.Map;
  * {@link IllegalArgumentException}. This behavior can be customized using
  * {@link #setDefaultPasswordEncoderForMatches(PasswordEncoder)}.
  *
- * @see org.springframework.security.crypto.factory.PasswordEncoderFactories
  * @author Rob Winch
  * @author Michael Simons
  * @since 5.0
+ * @see org.springframework.security.crypto.factory.PasswordEncoderFactories
  */
 public class DelegatingPasswordEncoder implements PasswordEncoder {
 

crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java

@@ -178,7 +178,7 @@ public class BCryptPasswordEncoderTests {
 
 	/**
 	 * @see <a href=
-	 * "https://github.com/spring-projects/spring-security/pull/7042#issuecomment-506755496">https://github.com/spring-projects/spring-security/pull/7042#issuecomment-506755496</>
+	 * "https://github.com/spring-projects/spring-security/pull/7042#issuecomment-506755496">https://github.com/spring-projects/spring-security/pull/7042#issuecomment-506755496</a>
 	 */
 	@Test
 	public void upgradeFromNullOrEmpty() {
@@ -189,7 +189,7 @@ public class BCryptPasswordEncoderTests {
 
 	/**
 	 * @see <a href=
-	 * "https://github.com/spring-projects/spring-security/pull/7042#issuecomment-506755496">https://github.com/spring-projects/spring-security/pull/7042#issuecomment-506755496</>
+	 * "https://github.com/spring-projects/spring-security/pull/7042#issuecomment-506755496">https://github.com/spring-projects/spring-security/pull/7042#issuecomment-506755496</a>
 	 */
 	@Test(expected = IllegalArgumentException.class)
 	public void upgradeFromNonBCrypt() {

data/src/main/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtension.java

@@ -75,8 +75,8 @@ import org.springframework.security.core.context.SecurityContextHolder;
  * This works because the principal in this instance is a User which has an id field on
  * it.
  *
- * @since 4.0
  * @author Rob Winch
+ * @since 4.0
  */
 public class SecurityEvaluationContextExtension implements EvaluationContextExtension {
 
@@ -97,6 +97,7 @@ public class SecurityEvaluationContextExtension implements EvaluationContextExte
 		this.authentication = authentication;
 	}
 
+	@Override
 	public String getExtensionId() {
 		return "security";
 	}

etc/checkstyle/checkstyle-suppressions.xml

@@ -3,7 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="AtclauseOrder" />
 	<suppress files=".*" checks="AvoidStarImport" />
 	<suppress files=".*" checks="EmptyBlock" />
 	<suppress files=".*" checks="FinalClass" />

messaging/src/main/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandler.java

@@ -29,8 +29,8 @@ import org.springframework.util.Assert;
  * {@link MessageSecurityExpressionRoot}.
  *
  * @param <T> the type for the body of the Message
- * @since 4.0
  * @author Rob Winch
+ * @since 4.0
  */
 public class DefaultMessageSecurityExpressionHandler<T> extends AbstractSecurityExpressionHandler<Message<T>> {
 

messaging/src/main/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactory.java

@@ -32,8 +32,8 @@ import org.springframework.security.messaging.util.matcher.MessageMatcher;
  * A class used to create a {@link MessageSecurityMetadataSource} that uses
  * {@link MessageMatcher} mapped to Spring Expressions.
  *
- * @since 4.0
  * @author Rob Winch
+ * @since 4.0
  */
 public final class ExpressionBasedMessageSecurityMetadataSourceFactory {
 

messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java

@@ -33,9 +33,9 @@ import java.util.Collection;
  * If no {@code MessageExpressionConfigAttribute} is found, then {@code ACCESS_ABSTAIN} is
  * returned.
  *
- * @since 4.0
  * @author Rob Winch
  * @author Daniel Bustamante Ospina
+ * @since 4.0
  */
 public class MessageExpressionVoter<T> implements AccessDecisionVoter<Message<T>> {
 

messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageSecurityExpressionRoot.java

@@ -22,8 +22,8 @@ import org.springframework.security.core.Authentication;
 /**
  * The {@link SecurityExpressionRoot} used for {@link Message} expressions.
  *
- * @since 4.0
  * @author Rob Winch
+ * @since 4.0
  */
 public class MessageSecurityExpressionRoot extends SecurityExpressionRoot {
 

messaging/src/main/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptor.java

@@ -33,8 +33,8 @@ import org.springframework.util.Assert;
  * <p>
  * Refer to {@link AbstractSecurityInterceptor} for details on the workflow.
  *
- * @since 4.0
  * @author Rob Winch
+ * @since 4.0
  */
 public final class ChannelSecurityInterceptor extends AbstractSecurityInterceptor implements ChannelInterceptor {
 

messaging/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java

@@ -31,10 +31,10 @@ import java.util.*;
  * {@code Collection<ConfigAttribute>} is returned.
  * </p>
  *
+ * @author Rob Winch
+ * @since 4.0
  * @see ChannelSecurityInterceptor
  * @see ExpressionBasedMessageSecurityMetadataSourceFactory
- * @since 4.0
- * @author Rob Winch
  */
 public final class DefaultMessageSecurityMetadataSource implements MessageSecurityMetadataSource {
 

messaging/src/main/java/org/springframework/security/messaging/access/intercept/MessageSecurityMetadataSource.java

@@ -21,10 +21,10 @@ import org.springframework.security.access.SecurityMetadataSource;
 /**
  * A {@link SecurityMetadataSource} that is used for securing {@link Message}
  *
+ * @author Rob Winch
+ * @since 4.0
  * @see ChannelSecurityInterceptor
  * @see DefaultMessageSecurityMetadataSource
- * @since 4.0
- * @author Rob Winch
  */
 public interface MessageSecurityMetadataSource extends SecurityMetadataSource {
 

messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java

@@ -36,8 +36,8 @@ import org.springframework.util.Assert;
  * {@link Authentication} from the specified {@link Message#getHeaders()}.
  * </p>
  *
- * @since 4.0
  * @author Rob Winch
+ * @since 4.0
  */
 public final class SecurityContextChannelInterceptor extends ChannelInterceptorAdapter
 		implements ExecutorChannelInterceptor {

messaging/src/main/java/org/springframework/security/messaging/util/matcher/MessageMatcher.java

@@ -20,8 +20,8 @@ import org.springframework.messaging.Message;
 /**
  * API for determining if a {@link Message} should be matched on.
  *
- * @since 4.0
  * @author Rob Winch
+ * @since 4.0
  */
 public interface MessageMatcher<T> {
 

messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpDestinationMessageMatcher.java

@@ -32,8 +32,8 @@ import java.util.Map;
  * {@link SimpMessageType}.
  * </p>
  *
- * @since 4.0
  * @author Rob Winch
+ * @since 4.0
  */
 public final class SimpDestinationMessageMatcher implements MessageMatcher<Object> {
 

messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcher.java

@@ -26,8 +26,8 @@ import org.springframework.util.ObjectUtils;
  * A {@link MessageMatcher} that matches if the provided {@link Message} has a type that
  * is the same as the {@link SimpMessageType} that was specified in the constructor.
  *
- * @since 4.0
  * @author Rob Winch
+ * @since 4.0
  *
  */
 public class SimpMessageTypeMatcher implements MessageMatcher<Object> {

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java

@@ -219,8 +219,8 @@ public final class AuthorizedClientServiceOAuth2AuthorizedClientManager implemen
 	 * default.
 	 * @param authorizationFailureHandler the {@link OAuth2AuthorizationFailureHandler}
 	 * that handles authorization failures
-	 * @see RemoveAuthorizedClientOAuth2AuthorizationFailureHandler
 	 * @since 5.3
+	 * @see RemoveAuthorizedClientOAuth2AuthorizationFailureHandler
 	 */
 	public void setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler authorizationFailureHandler) {
 		Assert.notNull(authorizationFailureHandler, "authorizationFailureHandler cannot be null");

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java

@@ -70,12 +70,12 @@ import java.util.function.Function;
  *
  * @author Ankur Pathak
  * @author Phil Clay
+ * @since 5.2.2
  * @see ReactiveOAuth2AuthorizedClientManager
  * @see ReactiveOAuth2AuthorizedClientProvider
  * @see ReactiveOAuth2AuthorizedClientService
  * @see ReactiveOAuth2AuthorizationSuccessHandler
  * @see ReactiveOAuth2AuthorizationFailureHandler
- * @since 5.2.2
  */
 public final class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
 		implements ReactiveOAuth2AuthorizedClientManager {
@@ -221,8 +221,8 @@ public final class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
 	 * by default.
 	 * </p>
 	 * @param authorizationFailureHandler the handler that handles authorization failures.
-	 * @see RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler
 	 * @since 5.3
+	 * @see RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler
 	 */
 	public void setAuthorizationFailureHandler(ReactiveOAuth2AuthorizationFailureHandler authorizationFailureHandler) {
 		Assert.notNull(authorizationFailureHandler, "authorizationFailureHandler cannot be null");

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientService.java

@@ -56,11 +56,10 @@ public final class InMemoryOAuth2AuthorizedClientService implements OAuth2Author
 	/**
 	 * Constructs an {@code InMemoryOAuth2AuthorizedClientService} using the provided
 	 * parameters.
-	 *
-	 * @since 5.2
 	 * @param clientRegistrationRepository the repository of client registrations
 	 * @param authorizedClients the initial {@code Map} of authorized client(s) keyed by
 	 * {@link OAuth2AuthorizedClientId}
+	 * @since 5.2
 	 */
 	public InMemoryOAuth2AuthorizedClientService(ClientRegistrationRepository clientRegistrationRepository,
 			Map<OAuth2AuthorizedClientId, OAuth2AuthorizedClient> authorizedClients) {

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java

@@ -145,11 +145,10 @@ public final class OAuth2AuthorizeRequest {
 		/**
 		 * Sets the name of the {@code Principal} (to be) associated to the authorized
 		 * client.
-		 *
-		 * @since 5.3
 		 * @param principalName the name of the {@code Principal} (to be) associated to
 		 * the authorized client
 		 * @return the {@link Builder}
+		 * @since 5.3
 		 */
 		public Builder principal(String principalName) {
 			return principal(createAuthentication(principalName));

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClient.java

@@ -107,9 +107,8 @@ public class OAuth2AuthorizedClient implements Serializable {
 
 	/**
 	 * Returns the {@link OAuth2RefreshToken refresh token} credential granted.
-	 *
-	 * @since 5.1
 	 * @return the {@link OAuth2RefreshToken}
+	 * @since 5.1
 	 */
 	public @Nullable OAuth2RefreshToken getRefreshToken() {
 		return this.refreshToken;

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationToken.java

@@ -154,9 +154,8 @@ public class OAuth2LoginAuthenticationToken extends AbstractAuthenticationToken
 
 	/**
 	 * Returns the {@link OAuth2RefreshToken refresh token}.
-	 *
-	 * @since 5.1
 	 * @return the {@link OAuth2RefreshToken}
+	 * @since 5.1
 	 */
 	public @Nullable OAuth2RefreshToken getRefreshToken() {
 		return this.refreshToken;

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java

@@ -109,10 +109,9 @@ public class OAuth2LoginReactiveAuthenticationManager implements ReactiveAuthent
 	 * Sets the {@link GrantedAuthoritiesMapper} used for mapping
 	 * {@link OAuth2User#getAuthorities()} to a new set of authorities which will be
 	 * associated to the {@link OAuth2LoginAuthenticationToken}.
-	 *
-	 * @since 5.4
 	 * @param authoritiesMapper the {@link GrantedAuthoritiesMapper} used for mapping the
 	 * user's authorities
+	 * @since 5.4
 	 */
 	public final void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) {
 		Assert.notNull(authoritiesMapper, "authoritiesMapper cannot be null");

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java

@@ -46,9 +46,9 @@ import static org.springframework.security.oauth2.core.web.reactive.function.OAu
  * Accepts a JSON response body containing an OAuth 2.0 Access token or error.
  * </p>
  *
+ * @param <T> type of grant request
  * @author Phil Clay
  * @since 5.3
- * @param <T> type of grant request
  * @see <a href="https://tools.ietf.org/html/rfc6749#section-3.2">RFC-6749 Token
  * Endpoint</a>
  * @see WebClientReactiveAuthorizationCodeTokenResponseClient

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java

@@ -32,10 +32,10 @@ import java.io.IOException;
 /**
  * A {@link ResponseErrorHandler} that handles an {@link OAuth2Error OAuth 2.0 Error}.
  *
- * @see ResponseErrorHandler
- * @see OAuth2Error
  * @author Joe Grandja
  * @since 5.1
+ * @see ResponseErrorHandler
+ * @see OAuth2Error
  */
 public class OAuth2ErrorResponseErrorHandler implements ResponseErrorHandler {
 

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java

@@ -205,10 +205,9 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
 	 * Sets the {@link JwtDecoderFactory} used for {@link OidcIdToken} signature
 	 * verification. The factory returns a {@link JwtDecoder} associated to the provided
 	 * {@link ClientRegistration}.
-	 *
-	 * @since 5.2
 	 * @param jwtDecoderFactory the {@link JwtDecoderFactory} used for {@link OidcIdToken}
 	 * signature verification
+	 * @since 5.2
 	 */
 	public final void setJwtDecoderFactory(JwtDecoderFactory<ClientRegistration> jwtDecoderFactory) {
 		Assert.notNull(jwtDecoderFactory, "jwtDecoderFactory cannot be null");

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java

@@ -160,10 +160,9 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements React
 	 * Sets the {@link ReactiveJwtDecoderFactory} used for {@link OidcIdToken} signature
 	 * verification. The factory returns a {@link ReactiveJwtDecoder} associated to the
 	 * provided {@link ClientRegistration}.
-	 *
-	 * @since 5.2
 	 * @param jwtDecoderFactory the {@link ReactiveJwtDecoderFactory} used for
 	 * {@link OidcIdToken} signature verification
+	 * @since 5.2
 	 */
 	public final void setJwtDecoderFactory(ReactiveJwtDecoderFactory<ClientRegistration> jwtDecoderFactory) {
 		Assert.notNull(jwtDecoderFactory, "jwtDecoderFactory cannot be null");
@@ -174,10 +173,9 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements React
 	 * Sets the {@link GrantedAuthoritiesMapper} used for mapping
 	 * {@link OidcUser#getAuthorities()} to a new set of authorities which will be
 	 * associated to the {@link OAuth2LoginAuthenticationToken}.
-	 *
-	 * @since 5.4
 	 * @param authoritiesMapper the {@link GrantedAuthoritiesMapper} used for mapping the
 	 * user's authorities
+	 * @since 5.4
 	 */
 	public final void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) {
 		Assert.notNull(authoritiesMapper, "authoritiesMapper cannot be null");

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java

@@ -136,9 +136,8 @@ public final class OidcIdTokenValidator implements OAuth2TokenValidator<Jwt> {
 	 * Sets the maximum acceptable clock skew. The default is 60 seconds. The clock skew
 	 * is used when validating the {@link JwtClaimNames#EXP exp} and
 	 * {@link JwtClaimNames#IAT iat} claims.
-	 *
-	 * @since 5.2
 	 * @param clockSkew the maximum acceptable clock skew
+	 * @since 5.2
 	 */
 	public void setClockSkew(Duration clockSkew) {
 		Assert.notNull(clockSkew, "clockSkew cannot be null");
@@ -149,9 +148,8 @@ public final class OidcIdTokenValidator implements OAuth2TokenValidator<Jwt> {
 	/**
 	 * Sets the {@link Clock} used in {@link Instant#now(Clock)} when validating the
 	 * {@link JwtClaimNames#EXP exp} and {@link JwtClaimNames#IAT iat} claims.
-	 *
-	 * @since 5.3
 	 * @param clock the clock
+	 * @since 5.3
 	 */
 	public void setClock(Clock clock) {
 		Assert.notNull(clock, "clock cannot be null");

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java

@@ -71,10 +71,9 @@ public class OidcReactiveOAuth2UserService implements ReactiveOAuth2UserService<
 	/**
 	 * Returns the default {@link Converter}'s used for type conversion of claim values
 	 * for an {@link OidcUserInfo}.
-	 *
-	 * @since 5.2
 	 * @return a {@link Map} of {@link Converter}'s keyed by {@link StandardClaimNames
 	 * claim name}
+	 * @since 5.2
 	 */
 	public static Map<String, Converter<Object, ?>> createDefaultClaimTypeConverters() {
 		Converter<Object, ?> booleanConverter = getConverter(TypeDescriptor.valueOf(Boolean.class));
@@ -148,11 +147,10 @@ public class OidcReactiveOAuth2UserService implements ReactiveOAuth2UserService<
 	 * Sets the factory that provides a {@link Converter} used for type conversion of
 	 * claim values for an {@link OidcUserInfo}. The default is {@link ClaimTypeConverter}
 	 * for all {@link ClientRegistration clients}.
-	 *
-	 * @since 5.2
 	 * @param claimTypeConverterFactory the factory that provides a {@link Converter} used
 	 * for type conversion of claim values for a specific {@link ClientRegistration
 	 * client}
+	 * @since 5.2
 	 */
 	public final void setClaimTypeConverterFactory(
 			Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory) {

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequest.java

@@ -52,12 +52,11 @@ public class OidcUserRequest extends OAuth2UserRequest {
 
 	/**
 	 * Constructs an {@code OidcUserRequest} using the provided parameters.
-	 *
-	 * @since 5.1
 	 * @param clientRegistration the client registration
 	 * @param accessToken the access token credential
 	 * @param idToken the ID Token
 	 * @param additionalParameters the additional parameters, may be empty
+	 * @since 5.1
 	 */
 	public OidcUserRequest(ClientRegistration clientRegistration, OAuth2AccessToken accessToken, OidcIdToken idToken,
 			Map<String, Object> additionalParameters) {

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java

@@ -78,10 +78,9 @@ public class OidcUserService implements OAuth2UserService<OidcUserRequest, OidcU
 	/**
 	 * Returns the default {@link Converter}'s used for type conversion of claim values
 	 * for an {@link OidcUserInfo}.
-	 *
-	 * @since 5.2
 	 * @return a {@link Map} of {@link Converter}'s keyed by {@link StandardClaimNames
 	 * claim name}
+	 * @since 5.2
 	 */
 	public static Map<String, Converter<Object, ?>> createDefaultClaimTypeConverters() {
 		Converter<Object, ?> booleanConverter = getConverter(TypeDescriptor.valueOf(Boolean.class));
@@ -190,10 +189,9 @@ public class OidcUserService implements OAuth2UserService<OidcUserRequest, OidcU
 
 	/**
 	 * Sets the {@link OAuth2UserService} used when requesting the user info resource.
-	 *
-	 * @since 5.1
 	 * @param oauth2UserService the {@link OAuth2UserService} used when requesting the
 	 * user info resource.
+	 * @since 5.1
 	 */
 	public final void setOauth2UserService(OAuth2UserService<OAuth2UserRequest, OAuth2User> oauth2UserService) {
 		Assert.notNull(oauth2UserService, "oauth2UserService cannot be null");
@@ -204,11 +202,10 @@ public class OidcUserService implements OAuth2UserService<OidcUserRequest, OidcU
 	 * Sets the factory that provides a {@link Converter} used for type conversion of
 	 * claim values for an {@link OidcUserInfo}. The default is {@link ClaimTypeConverter}
 	 * for all {@link ClientRegistration clients}.
-	 *
-	 * @since 5.2
 	 * @param claimTypeConverterFactory the factory that provides a {@link Converter} used
 	 * for type conversion of claim values for a specific {@link ClientRegistration
 	 * client}
+	 * @since 5.2
 	 */
 	public final void setClaimTypeConverterFactory(
 			Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory) {
@@ -224,9 +221,8 @@ public class OidcUserService implements OAuth2UserService<OidcUserRequest, OidcU
 	 * {@link OidcUserRequest#getAccessToken() access token} to determine if the user info
 	 * resource is accessible or not. If there is at least one match, the user info
 	 * resource will be requested, otherwise it will not.
-	 *
-	 * @since 5.2
 	 * @param accessibleScopes the scope(s) that allow access to the user info resource
+	 * @since 5.2
 	 */
 	public final void setAccessibleScopes(Set<String> accessibleScopes) {
 		Assert.notNull(accessibleScopes, "accessibleScopes cannot be null");

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java

@@ -136,9 +136,8 @@ public final class ClientRegistration implements Serializable {
 	 * Configuring uri template variables is especially useful when the client is running
 	 * behind a Proxy Server. This ensures that the X-Forwarded-* headers are used when
 	 * expanding the redirect-uri.
-	 *
-	 * @since 5.4
 	 * @return the uri (or uri template) for the redirection endpoint
+	 * @since 5.4
 	 */
 	public String getRedirectUri() {
 		return this.redirectUri;
@@ -234,10 +233,9 @@ public final class ClientRegistration implements Serializable {
 		/**
 		 * Returns the issuer identifier uri for the OpenID Connect 1.0 provider or the
 		 * OAuth 2.0 Authorization Server.
-		 *
-		 * @since 5.4
 		 * @return the issuer identifier uri for the OpenID Connect 1.0 provider or the
 		 * OAuth 2.0 Authorization Server
+		 * @since 5.4
 		 */
 		public String getIssuerUri() {
 			return this.issuerUri;
@@ -245,9 +243,8 @@ public final class ClientRegistration implements Serializable {
 
 		/**
 		 * Returns a {@code Map} of the metadata describing the provider's configuration.
-		 *
-		 * @since 5.1
 		 * @return a {@code Map} of the metadata describing the provider's configuration
+		 * @since 5.1
 		 */
 		public Map<String, Object> getConfigurationMetadata() {
 			return this.configurationMetadata;
@@ -279,9 +276,8 @@ public final class ClientRegistration implements Serializable {
 
 			/**
 			 * Returns the authentication method for the user info endpoint.
-			 *
-			 * @since 5.1
 			 * @return the {@link AuthenticationMethod} for the user info endpoint.
+			 * @since 5.1
 			 */
 			public AuthenticationMethod getAuthenticationMethod() {
 				return this.authenticationMethod;
@@ -467,10 +463,9 @@ public final class ClientRegistration implements Serializable {
 		 * Configuring uri template variables is especially useful when the client is
 		 * running behind a Proxy Server. This ensures that the X-Forwarded-* headers are
 		 * used when expanding the redirect-uri.
-		 *
-		 * @since 5.4
 		 * @param redirectUri the uri (or uri template) for the redirection endpoint
 		 * @return the {@link Builder}
+		 * @since 5.4
 		 */
 		public Builder redirectUri(String redirectUri) {
 			this.redirectUri = redirectUri;
@@ -533,11 +528,10 @@ public final class ClientRegistration implements Serializable {
 
 		/**
 		 * Sets the authentication method for the user info endpoint.
-		 *
-		 * @since 5.1
 		 * @param userInfoAuthenticationMethod the authentication method for the user info
 		 * endpoint
 		 * @return the {@link Builder}
+		 * @since 5.1
 		 */
 		public Builder userInfoAuthenticationMethod(AuthenticationMethod userInfoAuthenticationMethod) {
 			this.userInfoAuthenticationMethod = userInfoAuthenticationMethod;
@@ -569,11 +563,10 @@ public final class ClientRegistration implements Serializable {
 		/**
 		 * Sets the issuer identifier uri for the OpenID Connect 1.0 provider or the OAuth
 		 * 2.0 Authorization Server.
-		 *
-		 * @since 5.4
 		 * @param issuerUri the issuer identifier uri for the OpenID Connect 1.0 provider
 		 * or the OAuth 2.0 Authorization Server
 		 * @return the {@link Builder}
+		 * @since 5.4
 		 */
 		public Builder issuerUri(String issuerUri) {
 			this.issuerUri = issuerUri;
@@ -582,11 +575,10 @@ public final class ClientRegistration implements Serializable {
 
 		/**
 		 * Sets the metadata describing the provider's configuration.
-		 *
-		 * @since 5.1
 		 * @param configurationMetadata the metadata describing the provider's
 		 * configuration
 		 * @return the {@link Builder}
+		 * @since 5.1
 		 */
 		public Builder providerConfigurationMetadata(Map<String, Object> configurationMetadata) {
 			if (configurationMetadata != null) {

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.java

@@ -78,9 +78,8 @@ public final class InMemoryClientRegistrationRepository
 	 * Constructs an {@code InMemoryClientRegistrationRepository} using the provided
 	 * {@code Map} of {@link ClientRegistration#getRegistrationId() registration id} to
 	 * {@link ClientRegistration}.
-	 *
-	 * @since 5.2
 	 * @param registrations the {@code Map} of client registration(s)
+	 * @since 5.2
 	 */
 	public InMemoryClientRegistrationRepository(Map<String, ClientRegistration> registrations) {
 		Assert.notNull(registrations, "registrations cannot be null");