diff --git a/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java b/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java
index 15907a22ca2..53fe8c1efe8 100644
--- a/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java
+++ b/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java
@@ -118,8 +118,7 @@ List<Permission> resolvePermission(Object permission) {
 		if (permission instanceof Permission[]) {
 			return Arrays.asList((Permission[]) permission);
 		}
-		if (permission instanceof String) {
-			String permString = (String) permission;
+		if (permission instanceof String permString) {
 			Permission p = buildPermission(permString);
 			if (p != null) {
 				return Arrays.asList(p);
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java b/acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java
index 147f6439661..8365552a5ab 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java
@@ -56,10 +56,9 @@ public final boolean equals(Object obj) {
 		if (obj == null) {
 			return false;
 		}
-		if (!(obj instanceof Permission)) {
+		if (!(obj instanceof Permission other)) {
 			return false;
 		}
-		Permission other = (Permission) obj;
 		return (this.mask == other.getMask());
 	}
 
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
index 3480ef84c19..0dd52aca9d4 100644
--- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
@@ -454,7 +454,7 @@ public void testProcessingCustomSid() {
 		CustomSid customSid = new CustomSid("Custom sid");
 		given(customJdbcMutableAclService.createOrRetrieveSidPrimaryKey("Custom sid", false, false)).willReturn(1L);
 		Long result = customJdbcMutableAclService.createOrRetrieveSidPrimaryKey(customSid, false);
-		assertThat(new Long(1L)).isEqualTo(result);
+		assertThat(Long.valueOf(1L)).isEqualTo(result);
 	}
 
 	protected Authentication getAuth() {
diff --git a/buildSrc/src/main/java/org/springframework/gradle/antora/AntoraVersionPlugin.java b/buildSrc/src/main/java/org/springframework/gradle/antora/AntoraVersionPlugin.java
index 9a1f95d5b49..48e8e805ac7 100644
--- a/buildSrc/src/main/java/org/springframework/gradle/antora/AntoraVersionPlugin.java
+++ b/buildSrc/src/main/java/org/springframework/gradle/antora/AntoraVersionPlugin.java
@@ -4,7 +4,6 @@
 import org.gradle.api.GradleException;
 import org.gradle.api.Plugin;
 import org.gradle.api.Project;
-import org.gradle.api.Task;
 import org.gradle.api.tasks.TaskProvider;
 import org.gradle.language.base.plugins.LifecycleBasePlugin;
 
@@ -27,12 +26,8 @@ public void execute(CheckAntoraVersionTask antoraCheckVersion) {
 		project.getPlugins().withType(LifecycleBasePlugin.class, new Action<LifecycleBasePlugin>() {
 			@Override
 			public void execute(LifecycleBasePlugin lifecycleBasePlugin) {
-				project.getTasks().named(LifecycleBasePlugin.CHECK_TASK_NAME).configure(new Action<Task>() {
-					@Override
-					public void execute(Task check) {
-						check.dependsOn(antoraCheckVersion);
-					}
-				});
+				project.getTasks().named(LifecycleBasePlugin.CHECK_TASK_NAME)
+						.configure(check -> check.dependsOn(antoraCheckVersion));
 			}
 		});
 		 project.getTasks().register("antoraUpdateVersion", UpdateAntoraVersionTask.class, new Action<UpdateAntoraVersionTask>() {
diff --git a/buildSrc/src/main/java/org/springframework/gradle/classpath/CheckClasspathForProhibitedDependenciesPlugin.java b/buildSrc/src/main/java/org/springframework/gradle/classpath/CheckClasspathForProhibitedDependenciesPlugin.java
index 0791a193e89..41caa9b8d5b 100644
--- a/buildSrc/src/main/java/org/springframework/gradle/classpath/CheckClasspathForProhibitedDependenciesPlugin.java
+++ b/buildSrc/src/main/java/org/springframework/gradle/classpath/CheckClasspathForProhibitedDependenciesPlugin.java
@@ -35,9 +35,7 @@ public class CheckClasspathForProhibitedDependenciesPlugin implements Plugin<Pro
 	@Override
 	public void apply(Project project) {
 		project.getPlugins().apply(CheckProhibitedDependenciesLifecyclePlugin.class);
-		project.getPlugins().withType(JavaBasePlugin.class, javaBasePlugin -> {
-			configureProhibitedDependencyChecks(project);
-		});
+		project.getPlugins().withType(JavaBasePlugin.class, javaBasePlugin -> configureProhibitedDependencyChecks(project));
 	}
 
 	private void configureProhibitedDependencyChecks(Project project) {
diff --git a/buildSrc/src/main/java/org/springframework/gradle/classpath/CheckProhibitedDependenciesLifecyclePlugin.java b/buildSrc/src/main/java/org/springframework/gradle/classpath/CheckProhibitedDependenciesLifecyclePlugin.java
index 77fd369528f..ebdde90c500 100644
--- a/buildSrc/src/main/java/org/springframework/gradle/classpath/CheckProhibitedDependenciesLifecyclePlugin.java
+++ b/buildSrc/src/main/java/org/springframework/gradle/classpath/CheckProhibitedDependenciesLifecyclePlugin.java
@@ -34,8 +34,6 @@ public void apply(Project project) {
 			task.setGroup(JavaBasePlugin.VERIFICATION_GROUP);
 			task.setDescription("Checks both the compile/runtime classpath of every SourceSet for prohibited dependencies");
 		});
-		project.getTasks().named(JavaBasePlugin.CHECK_TASK_NAME, checkTask -> {
-			checkTask.dependsOn(checkProhibitedDependencies);
-		});
+		project.getTasks().named(JavaBasePlugin.CHECK_TASK_NAME, checkTask -> checkTask.dependsOn(checkProhibitedDependencies));
 	}
 }
diff --git a/buildSrc/src/main/java/org/springframework/gradle/github/changelog/GitHubChangelogPlugin.java b/buildSrc/src/main/java/org/springframework/gradle/github/changelog/GitHubChangelogPlugin.java
index 0eab3d80068..907a69ef96b 100644
--- a/buildSrc/src/main/java/org/springframework/gradle/github/changelog/GitHubChangelogPlugin.java
+++ b/buildSrc/src/main/java/org/springframework/gradle/github/changelog/GitHubChangelogPlugin.java
@@ -26,7 +26,6 @@
 import org.gradle.api.artifacts.Configuration;
 import org.gradle.api.artifacts.DependencySet;
 import org.gradle.api.artifacts.repositories.ExclusiveContentRepository;
-import org.gradle.api.artifacts.repositories.InclusiveRepositoryContentDescriptor;
 import org.gradle.api.artifacts.repositories.IvyArtifactRepository;
 import org.gradle.api.artifacts.repositories.IvyPatternRepositoryLayout;
 import org.gradle.api.tasks.JavaExec;
@@ -91,12 +90,7 @@ public void execute(IvyPatternRepositoryLayout layout) {
 			@Override
 			public void execute(ExclusiveContentRepository exclusiveContentRepository) {
 				exclusiveContentRepository.forRepositories(repository);
-				exclusiveContentRepository.filter(new Action<InclusiveRepositoryContentDescriptor>() {
-					@Override
-					public void execute(InclusiveRepositoryContentDescriptor descriptor) {
-						descriptor.includeGroup("spring-io");
-					}
-				});
+				exclusiveContentRepository.filter(descriptor -> descriptor.includeGroup("spring-io"));
 			}
 		});
 	}
diff --git a/buildSrc/src/main/java/org/springframework/gradle/github/milestones/SpringReleaseTrainSpec.java b/buildSrc/src/main/java/org/springframework/gradle/github/milestones/SpringReleaseTrainSpec.java
index 792e390c009..8b2f3bcd0d9 100644
--- a/buildSrc/src/main/java/org/springframework/gradle/github/milestones/SpringReleaseTrainSpec.java
+++ b/buildSrc/src/main/java/org/springframework/gradle/github/milestones/SpringReleaseTrainSpec.java
@@ -114,11 +114,11 @@ private Builder() {
 		}
 
 		public Builder train(int train) {
-			switch (train) {
-				case 1: this.train = Train.ONE; break;
-				case 2: this.train = Train.TWO; break;
-				default: throw new IllegalArgumentException("Invalid train: " + train);
-			}
+			this.train = switch (train) {
+				case 1 -> Train.ONE;
+				case 2 -> Train.TWO;
+				default -> throw new IllegalArgumentException("Invalid train: " + train);
+			};
 			return this;
 		}
 
@@ -156,13 +156,13 @@ public Builder version(String version) {
 		}
 
 		public Builder weekOfMonth(int weekOfMonth) {
-			switch (weekOfMonth) {
-				case 1: this.weekOfMonth = WeekOfMonth.FIRST; break;
-				case 2: this.weekOfMonth = WeekOfMonth.SECOND; break;
-				case 3: this.weekOfMonth = WeekOfMonth.THIRD; break;
-				case 4: this.weekOfMonth = WeekOfMonth.FOURTH; break;
-				default: throw new IllegalArgumentException("Invalid weekOfMonth: " + weekOfMonth);
-			}
+			this.weekOfMonth = switch (weekOfMonth) {
+				case 1 -> WeekOfMonth.FIRST;
+				case 2 -> WeekOfMonth.SECOND;
+				case 3 -> WeekOfMonth.THIRD;
+				case 4 -> WeekOfMonth.FOURTH;
+				default -> throw new IllegalArgumentException("Invalid weekOfMonth: " + weekOfMonth);
+			};
 			return this;
 		}
 
@@ -172,14 +172,14 @@ public Builder weekOfMonth(WeekOfMonth weekOfMonth) {
 		}
 
 		public Builder dayOfWeek(int dayOfWeek) {
-			switch (dayOfWeek) {
-				case 1: this.dayOfWeek = DayOfWeek.MONDAY; break;
-				case 2: this.dayOfWeek = DayOfWeek.TUESDAY; break;
-				case 3: this.dayOfWeek = DayOfWeek.WEDNESDAY; break;
-				case 4: this.dayOfWeek = DayOfWeek.THURSDAY; break;
-				case 5: this.dayOfWeek = DayOfWeek.FRIDAY; break;
-				default: throw new IllegalArgumentException("Invalid dayOfWeek: " + dayOfWeek);
-			}
+			this.dayOfWeek = switch (dayOfWeek) {
+				case 1 -> DayOfWeek.MONDAY;
+				case 2 -> DayOfWeek.TUESDAY;
+				case 3 -> DayOfWeek.WEDNESDAY;
+				case 4 -> DayOfWeek.THURSDAY;
+				case 5 -> DayOfWeek.FRIDAY;
+				default -> throw new IllegalArgumentException("Invalid dayOfWeek: " + dayOfWeek);
+			};
 			return this;
 		}
 
diff --git a/buildSrc/src/main/java/org/springframework/gradle/maven/SpringSigningPlugin.java b/buildSrc/src/main/java/org/springframework/gradle/maven/SpringSigningPlugin.java
index 112651ba2ed..076872770af 100644
--- a/buildSrc/src/main/java/org/springframework/gradle/maven/SpringSigningPlugin.java
+++ b/buildSrc/src/main/java/org/springframework/gradle/maven/SpringSigningPlugin.java
@@ -21,7 +21,6 @@
 import org.gradle.api.Project;
 import org.gradle.api.publish.Publication;
 import org.gradle.api.publish.PublishingExtension;
-import org.gradle.api.publish.plugins.PublishingPlugin;
 import org.gradle.plugins.signing.SigningExtension;
 import org.gradle.plugins.signing.SigningPlugin;
 
@@ -44,12 +43,7 @@ public void execute(SigningPlugin signingPlugin) {
 
 	private void sign(Project project) {
 		SigningExtension signing = project.getExtensions().findByType(SigningExtension.class);
-		signing.setRequired(new Callable<Boolean>() {
-			@Override
-			public Boolean call() throws Exception {
-				return project.getGradle().getTaskGraph().hasTask("publishArtifacts");
-			}
-		});
+		signing.setRequired((Callable<Boolean>) () -> project.getGradle().getTaskGraph().hasTask("publishArtifacts"));
 		String signingKeyId = (String) project.findProperty("signingKeyId");
 		String signingKey = (String) project.findProperty("signingKey");
 		String signingPassword = (String) project.findProperty("signingPassword");
diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java
index d67477400d2..142dfe4d8be 100644
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java
@@ -294,7 +294,7 @@ Flux<String> retrieveFlux(Flux<String> payload) {
 
 		@MessageMapping({ "secure.send", "send" })
 		Mono<Void> send(Mono<String> payload) {
-			return payload.doOnNext(this::add).then(Mono.fromRunnable(() -> doNotifyAll()));
+			return payload.doOnNext(this::add).then(Mono.fromRunnable(this::doNotifyAll));
 		}
 
 		private synchronized void doNotifyAll() {
diff --git a/config/src/main/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessor.java b/config/src/main/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessor.java
index 7b406b95466..69905dfe5e4 100644
--- a/config/src/main/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessor.java
@@ -68,8 +68,7 @@ public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory)
 			return;
 		}
 		ConversionService service = beanFactory.getConversionService();
-		if (service instanceof ConverterRegistry) {
-			ConverterRegistry registry = (ConverterRegistry) service;
+		if (service instanceof ConverterRegistry registry) {
 			registry.addConverter(String.class, RSAPrivateKey.class, this.pkcs8);
 			registry.addConverter(String.class, RSAPublicKey.class, this.x509);
 		}
diff --git a/config/src/main/java/org/springframework/security/config/http/ChannelAttributeFactory.java b/config/src/main/java/org/springframework/security/config/http/ChannelAttributeFactory.java
index 6c009194296..0030a34dcee 100644
--- a/config/src/main/java/org/springframework/security/config/http/ChannelAttributeFactory.java
+++ b/config/src/main/java/org/springframework/security/config/http/ChannelAttributeFactory.java
@@ -42,19 +42,12 @@ private ChannelAttributeFactory() {
 	}
 
 	public static List<ConfigAttribute> createChannelAttributes(String requiredChannel) {
-		String channelConfigAttribute;
-		if (requiredChannel.equals(OPT_REQUIRES_HTTPS)) {
-			channelConfigAttribute = "REQUIRES_SECURE_CHANNEL";
-		}
-		else if (requiredChannel.equals(OPT_REQUIRES_HTTP)) {
-			channelConfigAttribute = "REQUIRES_INSECURE_CHANNEL";
-		}
-		else if (requiredChannel.equals(OPT_ANY_CHANNEL)) {
-			channelConfigAttribute = ChannelDecisionManagerImpl.ANY_CHANNEL;
-		}
-		else {
-			throw new BeanCreationException("Unknown channel attribute " + requiredChannel);
-		}
+		String channelConfigAttribute = switch (requiredChannel) {
+			case OPT_REQUIRES_HTTPS -> "REQUIRES_SECURE_CHANNEL";
+			case OPT_REQUIRES_HTTP -> "REQUIRES_INSECURE_CHANNEL";
+			case OPT_ANY_CHANNEL -> ChannelDecisionManagerImpl.ANY_CHANNEL;
+			default -> throw new BeanCreationException("Unknown channel attribute " + requiredChannel);
+		};
 		return SecurityConfig.createList(channelConfigAttribute);
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
index 5bde6992a66..1b14a87b335 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
@@ -382,7 +382,7 @@ SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 						.anyRequest().authenticated()
 				)
 				.formLogin(Customizer.withDefaults())
-				.requestCache((cache) -> cache.disable());
+				.requestCache(RequestCacheConfigurer::disable);
 			// @formatter:on
 			return http.build();
 		}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
index 989948a82a2..1e825be9808 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
@@ -556,9 +556,7 @@ SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 				.sessionManagement((sessionManagement) ->
 					sessionManagement
 						.requireExplicitAuthenticationStrategy(false)
-						.sessionFixation((sessionFixation) ->
-							sessionFixation.newSession()
-						)
+						.sessionFixation(SessionManagementConfigurer.SessionFixationConfigurer::newSession)
 				)
 				.httpBasic(withDefaults());
 			// @formatter:on
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
index 510d9492f31..4f6a56444e9 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
@@ -868,8 +868,7 @@ public void getJwtDecoderWhenTwoJwtDecoderBeansThenThrowsException() {
 		context.registerBean("decoderTwo", JwtDecoder.class, () -> decoder);
 		this.spring.context(context).autowire();
 		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
-		assertThatExceptionOfType(NoUniqueBeanDefinitionException.class)
-				.isThrownBy(() -> jwtConfigurer.getJwtDecoder());
+		assertThatExceptionOfType(NoUniqueBeanDefinitionException.class).isThrownBy(jwtConfigurer::getJwtDecoder);
 	}
 
 	@Test
@@ -1885,9 +1884,7 @@ SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 					.anyRequest().authenticated()
 				)
 				.oauth2Login(withDefaults())
-				.oauth2ResourceServer((oauth2) -> oauth2
-					.jwt()
-				);
+				.oauth2ResourceServer((oauth2) -> oauth2.jwt(withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/SyncExecutorSubscribableChannelPostProcessor.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/SyncExecutorSubscribableChannelPostProcessor.java
index fa1bf08d26b..36790510b9b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/SyncExecutorSubscribableChannelPostProcessor.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/SyncExecutorSubscribableChannelPostProcessor.java
@@ -27,8 +27,7 @@ public class SyncExecutorSubscribableChannelPostProcessor implements BeanPostPro
 
 	@Override
 	public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
-		if (bean instanceof ExecutorSubscribableChannel) {
-			ExecutorSubscribableChannel original = (ExecutorSubscribableChannel) bean;
+		if (bean instanceof ExecutorSubscribableChannel original) {
 			ExecutorSubscribableChannel channel = new ExecutorSubscribableChannel();
 			channel.setInterceptors(original.getInterceptors());
 			return channel;
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/WebSocketMessageBrokerSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/WebSocketMessageBrokerSecurityConfigurationTests.java
index 278974000e8..4eb5a74c17d 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/WebSocketMessageBrokerSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/WebSocketMessageBrokerSecurityConfigurationTests.java
@@ -627,9 +627,8 @@ static class TestHandshakeHandler implements HandshakeHandler {
 		public boolean doHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler,
 				Map<String, Object> attributes) throws HandshakeFailureException {
 			this.attributes = attributes;
-			if (wsHandler instanceof SockJsWebSocketHandler) {
+			if (wsHandler instanceof SockJsWebSocketHandler sockJs) {
 				// work around SPR-12716
-				SockJsWebSocketHandler sockJs = (SockJsWebSocketHandler) wsHandler;
 				WebSocketServerSockJsSession session = (WebSocketServerSockJsSession) ReflectionTestUtils
 						.getField(sockJs, "sockJsSession");
 				this.attributes = session.getAttributes();
diff --git a/config/src/test/java/org/springframework/security/config/doc/XmlNode.java b/config/src/test/java/org/springframework/security/config/doc/XmlNode.java
index 5ed6c38c0ec..02e90960838 100644
--- a/config/src/test/java/org/springframework/security/config/doc/XmlNode.java
+++ b/config/src/test/java/org/springframework/security/config/doc/XmlNode.java
@@ -58,8 +58,7 @@ public Optional<XmlNode> child(String name) {
 
 	public Optional<XmlNode> parent() {
 		// @formatter:off
-		return Optional.ofNullable(this.node.getParentNode())
-				.map((parent) -> new XmlNode(parent));
+		return Optional.ofNullable(this.node.getParentNode()).map(XmlNode::new);
 		// @formatter:on
 	}
 
@@ -67,7 +66,7 @@ public String attribute(String name) {
 		// @formatter:off
 		return Optional.ofNullable(this.node.getAttributes())
 				.map((attrs) -> attrs.getNamedItem(name))
-				.map((attr) -> attr.getTextContent())
+				.map(Node::getTextContent)
 				.orElse(null);
 		// @formatter:on
 	}
diff --git a/config/src/test/java/org/springframework/security/config/test/SpringTestContextExtension.java b/config/src/test/java/org/springframework/security/config/test/SpringTestContextExtension.java
index 1496e523558..aeb4d37cc40 100644
--- a/config/src/test/java/org/springframework/security/config/test/SpringTestContextExtension.java
+++ b/config/src/test/java/org/springframework/security/config/test/SpringTestContextExtension.java
@@ -31,7 +31,7 @@ public class SpringTestContextExtension implements BeforeEachCallback, AfterEach
 	@Override
 	public void afterEach(ExtensionContext context) throws Exception {
 		TestSecurityContextHolder.clearContext();
-		getContexts(context.getRequiredTestInstance()).forEach((springTestContext) -> springTestContext.close());
+		getContexts(context.getRequiredTestInstance()).forEach(SpringTestContext::close);
 	}
 
 	@Override
diff --git a/core/src/main/java/org/springframework/security/access/SecurityConfig.java b/core/src/main/java/org/springframework/security/access/SecurityConfig.java
index 4be11c2dfcd..3079174e529 100644
--- a/core/src/main/java/org/springframework/security/access/SecurityConfig.java
+++ b/core/src/main/java/org/springframework/security/access/SecurityConfig.java
@@ -38,8 +38,7 @@ public SecurityConfig(String config) {
 
 	@Override
 	public boolean equals(Object obj) {
-		if (obj instanceof ConfigAttribute) {
-			ConfigAttribute attr = (ConfigAttribute) obj;
+		if (obj instanceof ConfigAttribute attr) {
 			return this.attrib.equals(attr.getAttribute());
 		}
 		return false;
diff --git a/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java
index 45f65bb84c2..27992654d41 100644
--- a/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java
@@ -89,8 +89,7 @@ private List<ConfigAttribute> processAnnotations(Annotation[] annotations) {
 				attributes.add(Jsr250SecurityConfig.PERMIT_ALL_ATTRIBUTE);
 				return attributes;
 			}
-			if (annotation instanceof RolesAllowed) {
-				RolesAllowed ra = (RolesAllowed) annotation;
+			if (annotation instanceof RolesAllowed ra) {
 
 				for (String allowed : ra.value()) {
 					String defaultedAllowed = getRoleWithDefaultPrefix(allowed);
diff --git a/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java
index 219b3f7eb84..c276ead8aad 100644
--- a/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java
@@ -43,8 +43,7 @@ public abstract class AbstractMethodSecurityMetadataSource implements MethodSecu
 
 	@Override
 	public final Collection<ConfigAttribute> getAttributes(Object object) {
-		if (object instanceof MethodInvocation) {
-			MethodInvocation mi = (MethodInvocation) object;
+		if (object instanceof MethodInvocation mi) {
 			Object target = mi.getThis();
 			Class<?> targetClass = null;
 			if (target != null) {
diff --git a/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java
index 1c41d40d984..b7ebebb540a 100644
--- a/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java
@@ -264,8 +264,7 @@ public boolean equals(Object obj) {
 			if (this == obj) {
 				return true;
 			}
-			if (obj != null && obj instanceof RegisteredMethod) {
-				RegisteredMethod rhs = (RegisteredMethod) obj;
+			if (obj instanceof RegisteredMethod rhs) {
 				return this.method.equals(rhs.method) && this.registeredJavaType.equals(rhs.registeredJavaType);
 			}
 			return false;
diff --git a/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java b/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java
index d9cfea49554..dc45dd84c40 100644
--- a/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java
+++ b/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java
@@ -71,14 +71,9 @@ public void decide(Authentication authentication, Object object, Collection<Conf
 		for (AccessDecisionVoter voter : getDecisionVoters()) {
 			int result = voter.vote(authentication, object, configAttributes);
 			switch (result) {
-			case AccessDecisionVoter.ACCESS_GRANTED:
-				grant++;
-				break;
-			case AccessDecisionVoter.ACCESS_DENIED:
-				deny++;
-				break;
-			default:
-				break;
+				case AccessDecisionVoter.ACCESS_GRANTED -> grant++;
+				case AccessDecisionVoter.ACCESS_DENIED -> deny++;
+				default -> { }
 			}
 		}
 		if (grant > deny) {
diff --git a/core/src/main/java/org/springframework/security/authentication/ProviderManager.java b/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
index bc54e4c026d..a09283b08c0 100644
--- a/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
+++ b/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
@@ -256,8 +256,7 @@ private void prepareException(AuthenticationException ex, Authentication auth) {
 	 * @param dest the destination authentication object
 	 */
 	private void copyDetails(Authentication source, Authentication dest) {
-		if ((dest instanceof AbstractAuthenticationToken) && (dest.getDetails() == null)) {
-			AbstractAuthenticationToken token = (AbstractAuthenticationToken) dest;
+		if ((dest instanceof AbstractAuthenticationToken token) && (dest.getDetails() == null)) {
 			token.setDetails(source.getDetails());
 		}
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationToken.java
index 8a62c9ca2af..629372bc1ae 100644
--- a/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationToken.java
@@ -94,12 +94,8 @@ public boolean equals(Object obj) {
 		if (!super.equals(obj)) {
 			return false;
 		}
-		if (obj instanceof RememberMeAuthenticationToken) {
-			RememberMeAuthenticationToken other = (RememberMeAuthenticationToken) obj;
-			if (this.getKeyHash() != other.getKeyHash()) {
-				return false;
-			}
-			return true;
+		if (obj instanceof RememberMeAuthenticationToken other) {
+			return this.getKeyHash() == other.getKeyHash();
 		}
 		return false;
 	}
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java
index cb85f91d4a1..086e7684dd1 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java
@@ -160,10 +160,9 @@ public void afterPropertiesSet() throws Exception {
 	 */
 	@Override
 	public Authentication authenticate(Authentication auth) throws AuthenticationException {
-		if (!(auth instanceof UsernamePasswordAuthenticationToken)) {
+		if (!(auth instanceof UsernamePasswordAuthenticationToken request)) {
 			return null;
 		}
-		UsernamePasswordAuthenticationToken request = (UsernamePasswordAuthenticationToken) auth;
 		Set<GrantedAuthority> authorities;
 		try {
 			// Create the LoginContext object, and pass our InternallCallbackHandler
@@ -233,8 +232,7 @@ protected void handleLogout(SessionDestroyedEvent event) {
 		}
 		for (SecurityContext context : contexts) {
 			Authentication auth = context.getAuthentication();
-			if ((auth != null) && (auth instanceof JaasAuthenticationToken)) {
-				JaasAuthenticationToken token = (JaasAuthenticationToken) auth;
+			if ((auth instanceof JaasAuthenticationToken token)) {
 				try {
 					LoginContext loginContext = token.getLoginContext();
 					logout(token, loginContext);
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasGrantedAuthority.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasGrantedAuthority.java
index d0d76b89d1f..affbc186ef4 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasGrantedAuthority.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasGrantedAuthority.java
@@ -58,8 +58,7 @@ public boolean equals(Object obj) {
 		if (this == obj) {
 			return true;
 		}
-		if (obj instanceof JaasGrantedAuthority) {
-			JaasGrantedAuthority jga = (JaasGrantedAuthority) obj;
+		if (obj instanceof JaasGrantedAuthority jga) {
 			return this.role.equals(jga.role) && this.principal.equals(jga.principal);
 		}
 		return false;
diff --git a/core/src/main/java/org/springframework/security/core/ComparableVersion.java b/core/src/main/java/org/springframework/security/core/ComparableVersion.java
index 7e01b042aa5..ccae59f3210 100644
--- a/core/src/main/java/org/springframework/security/core/ComparableVersion.java
+++ b/core/src/main/java/org/springframework/security/core/ComparableVersion.java
@@ -130,23 +130,13 @@ public int compareTo(Item item) {
 				return (value == 0) ? 0 : 1; // 1.0 == 1, 1.1 > 1
 			}
 
-			switch (item.getType()) {
-			case INT_ITEM:
-				int itemValue = ((IntItem) item).value;
-				return (value < itemValue) ? -1 : ((value == itemValue) ? 0 : 1);
-			case LONG_ITEM:
-			case BIGINTEGER_ITEM:
-				return -1;
-
-			case STRING_ITEM:
-				return 1; // 1.1 > 1-sp
-
-			case LIST_ITEM:
-				return 1; // 1.1 > 1-1
-
-			default:
-				throw new IllegalStateException("invalid item: " + item.getClass());
-			}
+			return switch (item.getType()) {
+				case INT_ITEM -> Integer.compare(value, ((IntItem) item).value);
+				case LONG_ITEM, BIGINTEGER_ITEM -> -1;
+				case STRING_ITEM -> 1; // 1.1 > 1-sp
+				case LIST_ITEM -> 1; // 1.1 > 1-1
+				default -> throw new IllegalStateException("invalid item: " + item.getClass());
+			};
 		}
 
 		@Override
@@ -204,24 +194,14 @@ public int compareTo(Item item) {
 				return (value == 0) ? 0 : 1; // 1.0 == 1, 1.1 > 1
 			}
 
-			switch (item.getType()) {
-			case INT_ITEM:
-				return 1;
-			case LONG_ITEM:
-				long itemValue = ((LongItem) item).value;
-				return (value < itemValue) ? -1 : ((value == itemValue) ? 0 : 1);
-			case BIGINTEGER_ITEM:
-				return -1;
-
-			case STRING_ITEM:
-				return 1; // 1.1 > 1-sp
-
-			case LIST_ITEM:
-				return 1; // 1.1 > 1-1
-
-			default:
-				throw new IllegalStateException("invalid item: " + item.getClass());
-			}
+			return switch (item.getType()) {
+				case INT_ITEM -> 1;
+				case LONG_ITEM -> Long.compare(value, ((LongItem) item).value);
+				case BIGINTEGER_ITEM -> -1;
+				case STRING_ITEM -> 1; // 1.1 > 1-sp
+				case LIST_ITEM -> 1; // 1.1 > 1-1
+				default -> throw new IllegalStateException("invalid item: " + item.getClass());
+			};
 		}
 
 		@Override
@@ -278,23 +258,13 @@ public int compareTo(Item item) {
 				return BigInteger.ZERO.equals(value) ? 0 : 1; // 1.0 == 1, 1.1 > 1
 			}
 
-			switch (item.getType()) {
-			case INT_ITEM:
-			case LONG_ITEM:
-				return 1;
-
-			case BIGINTEGER_ITEM:
-				return value.compareTo(((BigIntegerItem) item).value);
-
-			case STRING_ITEM:
-				return 1; // 1.1 > 1-sp
-
-			case LIST_ITEM:
-				return 1; // 1.1 > 1-1
-
-			default:
-				throw new IllegalStateException("invalid item: " + item.getClass());
-			}
+			return switch (item.getType()) {
+				case INT_ITEM, LONG_ITEM -> 1;
+				case BIGINTEGER_ITEM -> value.compareTo(((BigIntegerItem) item).value);
+				case STRING_ITEM -> 1; // 1.1 > 1-sp
+				case LIST_ITEM -> 1; // 1.1 > 1-1
+				default -> throw new IllegalStateException("invalid item: " + item.getClass());
+			};
 		}
 
 		@Override
@@ -351,18 +321,12 @@ private static class StringItem implements Item {
 		StringItem(String value, boolean followedByDigit) {
 			if (followedByDigit && value.length() == 1) {
 				// a1 = alpha-1, b1 = beta-1, m1 = milestone-1
-				switch (value.charAt(0)) {
-				case 'a':
-					value = "alpha";
-					break;
-				case 'b':
-					value = "beta";
-					break;
-				case 'm':
-					value = "milestone";
-					break;
-				default:
-				}
+				value = switch (value.charAt(0)) {
+					case 'a' -> "alpha";
+					case 'b' -> "beta";
+					case 'm' -> "milestone";
+					default -> value;
+				};
 			}
 			this.value = ALIASES.getProperty(value, value);
 		}
@@ -402,21 +366,13 @@ public int compareTo(Item item) {
 				// 1-rc < 1, 1-ga > 1
 				return comparableQualifier(value).compareTo(RELEASE_VERSION_INDEX);
 			}
-			switch (item.getType()) {
-			case INT_ITEM:
-			case LONG_ITEM:
-			case BIGINTEGER_ITEM:
-				return -1; // 1.any < 1.1 ?
-
-			case STRING_ITEM:
-				return comparableQualifier(value).compareTo(comparableQualifier(((StringItem) item).value));
-
-			case LIST_ITEM:
-				return -1; // 1.any < 1-1
-
-			default:
-				throw new IllegalStateException("invalid item: " + item.getClass());
-			}
+			return switch (item.getType()) {
+				case INT_ITEM, LONG_ITEM, BIGINTEGER_ITEM -> -1; // 1.any < 1.1 ?
+				case STRING_ITEM ->
+						comparableQualifier(value).compareTo(comparableQualifier(((StringItem) item).value));
+				case LIST_ITEM -> -1; // 1.any < 1-1
+				default -> throw new IllegalStateException("invalid item: " + item.getClass());
+			};
 		}
 
 		@Override
@@ -484,36 +440,27 @@ public int compareTo(Item item) {
 				Item first = get(0);
 				return first.compareTo(null);
 			}
-			switch (item.getType()) {
-			case INT_ITEM:
-			case LONG_ITEM:
-			case BIGINTEGER_ITEM:
-				return -1; // 1-1 < 1.0.x
-
-			case STRING_ITEM:
-				return 1; // 1-1 > 1-sp
-
-			case LIST_ITEM:
-				Iterator<Item> left = iterator();
-				Iterator<Item> right = ((ListItem) item).iterator();
-
-				while (left.hasNext() || right.hasNext()) {
-					Item l = left.hasNext() ? left.next() : null;
-					Item r = right.hasNext() ? right.next() : null;
-
-					// if this is shorter, then invert the compare and mul with -1
-					int result = l == null ? (r == null ? 0 : -1 * r.compareTo(l)) : l.compareTo(r);
-
-					if (result != 0) {
-						return result;
+			return switch (item.getType()) {
+				case INT_ITEM, LONG_ITEM, BIGINTEGER_ITEM -> -1; // 1-1 < 1.0.x
+				case STRING_ITEM -> 1; // 1-1 > 1-sp
+				case LIST_ITEM -> {
+					Iterator<Item> left = iterator();
+					Iterator<Item> right = ((ListItem) item).iterator();
+					while (left.hasNext() || right.hasNext()) {
+						Item l = left.hasNext() ? left.next() : null;
+						Item r = right.hasNext() ? right.next() : null;
+
+						// if this is shorter, then invert the compare and mul with -1
+						int result = l == null ? (r == null ? 0 : -1 * r.compareTo(l)) : l.compareTo(r);
+
+						if (result != 0) {
+							yield result;
+						}
 					}
+					yield 0;
 				}
-
-				return 0;
-
-			default:
-				throw new IllegalStateException("invalid item: " + item.getClass());
-			}
+				default -> throw new IllegalStateException("invalid item: " + item.getClass());
+			};
 		}
 
 		@Override
diff --git a/core/src/main/java/org/springframework/security/core/context/SecurityContextHolderStrategy.java b/core/src/main/java/org/springframework/security/core/context/SecurityContextHolderStrategy.java
index aaf7def3c2d..6b23733667e 100644
--- a/core/src/main/java/org/springframework/security/core/context/SecurityContextHolderStrategy.java
+++ b/core/src/main/java/org/springframework/security/core/context/SecurityContextHolderStrategy.java
@@ -48,7 +48,7 @@ public interface SecurityContextHolderStrategy {
 	 * @since 5.8
 	 */
 	default Supplier<SecurityContext> getDeferredContext() {
-		return () -> getContext();
+		return this::getContext;
 	}
 
 	/**
diff --git a/core/src/main/java/org/springframework/security/core/context/SecurityContextImpl.java b/core/src/main/java/org/springframework/security/core/context/SecurityContextImpl.java
index 734373df578..c83bba8741a 100644
--- a/core/src/main/java/org/springframework/security/core/context/SecurityContextImpl.java
+++ b/core/src/main/java/org/springframework/security/core/context/SecurityContextImpl.java
@@ -42,8 +42,7 @@ public SecurityContextImpl(Authentication authentication) {
 
 	@Override
 	public boolean equals(Object obj) {
-		if (obj instanceof SecurityContextImpl) {
-			SecurityContextImpl other = (SecurityContextImpl) obj;
+		if (obj instanceof SecurityContextImpl other) {
 			if ((this.getAuthentication() == null) && (other.getAuthentication() == null)) {
 				return true;
 			}
diff --git a/core/src/main/java/org/springframework/security/core/session/SessionRegistryImpl.java b/core/src/main/java/org/springframework/security/core/session/SessionRegistryImpl.java
index 34119b1d474..6ac3f4e4aae 100644
--- a/core/src/main/java/org/springframework/security/core/session/SessionRegistryImpl.java
+++ b/core/src/main/java/org/springframework/security/core/session/SessionRegistryImpl.java
@@ -100,13 +100,11 @@ public SessionInformation getSessionInformation(String sessionId) {
 
 	@Override
 	public void onApplicationEvent(AbstractSessionEvent event) {
-		if (event instanceof SessionDestroyedEvent) {
-			SessionDestroyedEvent sessionDestroyedEvent = (SessionDestroyedEvent) event;
+		if (event instanceof SessionDestroyedEvent sessionDestroyedEvent) {
 			String sessionId = sessionDestroyedEvent.getId();
 			removeSessionInformation(sessionId);
 		}
-		else if (event instanceof SessionIdChangedEvent) {
-			SessionIdChangedEvent sessionIdChangedEvent = (SessionIdChangedEvent) event;
+		else if (event instanceof SessionIdChangedEvent sessionIdChangedEvent) {
 			String oldSessionId = sessionIdChangedEvent.getOldSessionId();
 			if (this.sessionIds.containsKey(oldSessionId)) {
 				Object principal = this.sessionIds.get(oldSessionId).getPrincipal();
diff --git a/core/src/main/java/org/springframework/security/core/token/DefaultToken.java b/core/src/main/java/org/springframework/security/core/token/DefaultToken.java
index aaa89ffb6d5..852dcc52edc 100644
--- a/core/src/main/java/org/springframework/security/core/token/DefaultToken.java
+++ b/core/src/main/java/org/springframework/security/core/token/DefaultToken.java
@@ -59,8 +59,7 @@ public String getExtendedInformation() {
 
 	@Override
 	public boolean equals(Object obj) {
-		if (obj != null && obj instanceof DefaultToken) {
-			DefaultToken rhs = (DefaultToken) obj;
+		if (obj instanceof DefaultToken rhs) {
 			return this.key.equals(rhs.key) && this.keyCreationTime == rhs.keyCreationTime
 					&& this.extendedInformation.equals(rhs.extendedInformation);
 		}
@@ -71,7 +70,7 @@ public boolean equals(Object obj) {
 	public int hashCode() {
 		int code = 979;
 		code = code * this.key.hashCode();
-		code = code * new Long(this.keyCreationTime).hashCode();
+		code = code * Long.valueOf(this.keyCreationTime).hashCode();
 		code = code * this.extendedInformation.hashCode();
 		return code;
 	}
diff --git a/core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java b/core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java
index cf3f0f0206a..e8596d31301 100644
--- a/core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java
+++ b/core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java
@@ -142,7 +142,7 @@ private String generatePseudoRandomNumber() {
 	}
 
 	private String computeServerSecretApplicableAt(long time) {
-		return this.serverSecret + ":" + new Long(time % this.serverInteger).intValue();
+		return this.serverSecret + ":" + Long.valueOf(time % this.serverInteger).intValue();
 	}
 
 	/**
diff --git a/core/src/main/java/org/springframework/security/jackson2/UnmodifiableListDeserializer.java b/core/src/main/java/org/springframework/security/jackson2/UnmodifiableListDeserializer.java
index fd86dadcccf..8dc8ef286a5 100644
--- a/core/src/main/java/org/springframework/security/jackson2/UnmodifiableListDeserializer.java
+++ b/core/src/main/java/org/springframework/security/jackson2/UnmodifiableListDeserializer.java
@@ -44,8 +44,7 @@ public List deserialize(JsonParser jp, DeserializationContext ctxt) throws IOExc
 		JsonNode node = mapper.readTree(jp);
 		List<Object> result = new ArrayList<>();
 		if (node != null) {
-			if (node instanceof ArrayNode) {
-				ArrayNode arrayNode = (ArrayNode) node;
+			if (node instanceof ArrayNode arrayNode) {
 				for (JsonNode elementNode : arrayNode) {
 					result.add(mapper.readValue(elementNode.traverse(mapper), Object.class));
 				}
diff --git a/core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetDeserializer.java b/core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetDeserializer.java
index c26d6921b5b..74e19fa8bbc 100644
--- a/core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetDeserializer.java
+++ b/core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetDeserializer.java
@@ -44,8 +44,7 @@ public Set deserialize(JsonParser jp, DeserializationContext ctxt) throws IOExce
 		JsonNode node = mapper.readTree(jp);
 		Set<Object> resultSet = new HashSet<>();
 		if (node != null) {
-			if (node instanceof ArrayNode) {
-				ArrayNode arrayNode = (ArrayNode) node;
+			if (node instanceof ArrayNode arrayNode) {
 				for (JsonNode elementNode : arrayNode) {
 					resultSet.add(mapper.readValue(elementNode.traverse(mapper), Object.class));
 				}
diff --git a/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java b/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java
index 26ade0d0928..9c407bfd405 100644
--- a/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java
+++ b/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java
@@ -60,8 +60,7 @@ public static MethodInvocation create(Object object, String methodName, Object..
 		// Determine the type that declares the requested method,
 		// taking into account proxies
 		Class<?> target = AopUtils.getTargetClass(object);
-		if (object instanceof Advised) {
-			Advised a = (Advised) object;
+		if (object instanceof Advised a) {
 			if (!a.isProxyTargetClass()) {
 				Class<?>[] possibleInterfaces = a.getProxiedInterfaces();
 				for (Class<?> possibleInterface : possibleInterfaces) {
diff --git a/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java b/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java
index 4d59a0173b8..9fcfc7fb3a1 100644
--- a/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java
+++ b/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java
@@ -17,7 +17,6 @@
 package org.springframework.security.access.vote;
 
 import java.util.Collection;
-import java.util.Iterator;
 
 import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.ConfigAttribute;
@@ -47,9 +46,7 @@ public boolean supports(Class<?> clazz) {
 
 	@Override
 	public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
-		Iterator<ConfigAttribute> iter = attributes.iterator();
-		while (iter.hasNext()) {
-			ConfigAttribute attribute = iter.next();
+		for (ConfigAttribute attribute : attributes) {
 			if (this.supports(attribute)) {
 				return ACCESS_DENIED;
 			}
diff --git a/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java b/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java
index b20964b0200..6408c9a5704 100644
--- a/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java
+++ b/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java
@@ -17,7 +17,6 @@
 package org.springframework.security.access.vote;
 
 import java.util.Collection;
-import java.util.Iterator;
 
 import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.ConfigAttribute;
@@ -49,9 +48,7 @@ public boolean supports(Class<?> clazz) {
 
 	@Override
 	public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
-		Iterator<ConfigAttribute> iter = attributes.iterator();
-		while (iter.hasNext()) {
-			ConfigAttribute attribute = iter.next();
+		for (ConfigAttribute attribute : attributes) {
 			if (this.supports(attribute)) {
 				return ACCESS_DENIED;
 			}
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java
index 3df2268f58b..9bd8b83e312 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java
@@ -222,16 +222,13 @@ public void publishNullPublisher() {
 	public void javadocExample() {
 		String resName = "/" + getClass().getName().replace('.', '/') + ".xml";
 		ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext(resName);
-		context.registerShutdownHook();
-		try {
+		try (context) {
+			context.registerShutdownHook();
 			this.provider = context.getBean(DefaultJaasAuthenticationProvider.class);
 			Authentication auth = this.provider.authenticate(this.token);
 			assertThat(auth.isAuthenticated()).isEqualTo(true);
 			assertThat(auth.getPrincipal()).isEqualTo(this.token.getPrincipal());
 		}
-		finally {
-			context.close();
-		}
 	}
 
 	private void verifyFailedLogin() {
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
index 4da9805811e..a330862b4c6 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
@@ -174,8 +174,7 @@ public void testFull() {
 		assertThat(set.contains("ROLE_TEST2")).withFailMessage("GrantedAuthorities should contain ROLE_TEST2").isTrue();
 		boolean foundit = false;
 		for (GrantedAuthority a : list) {
-			if (a instanceof JaasGrantedAuthority) {
-				JaasGrantedAuthority grant = (JaasGrantedAuthority) a;
+			if (a instanceof JaasGrantedAuthority grant) {
 				assertThat(grant.getPrincipal()).withFailMessage("Principal was null on JaasGrantedAuthority")
 						.isNotNull();
 				foundit = true;
diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/TestCallbackHandler.java b/core/src/test/java/org/springframework/security/authentication/jaas/TestCallbackHandler.java
index 645b6847096..0084c95c8d2 100644
--- a/core/src/test/java/org/springframework/security/authentication/jaas/TestCallbackHandler.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/TestCallbackHandler.java
@@ -30,8 +30,7 @@ public class TestCallbackHandler implements JaasAuthenticationCallbackHandler {
 
 	@Override
 	public void handle(Callback callback, Authentication auth) {
-		if (callback instanceof TextInputCallback) {
-			TextInputCallback tic = (TextInputCallback) callback;
+		if (callback instanceof TextInputCallback tic) {
 			tic.setText(auth.getPrincipal().toString());
 		}
 	}
diff --git a/core/src/test/java/org/springframework/security/authorization/SpringAuthorizationEventPublisherTests.java b/core/src/test/java/org/springframework/security/authorization/SpringAuthorizationEventPublisherTests.java
index cc56d8477e1..466e484c743 100644
--- a/core/src/test/java/org/springframework/security/authorization/SpringAuthorizationEventPublisherTests.java
+++ b/core/src/test/java/org/springframework/security/authorization/SpringAuthorizationEventPublisherTests.java
@@ -38,7 +38,7 @@
  */
 public class SpringAuthorizationEventPublisherTests {
 
-	Supplier<Authentication> authentication = () -> TestAuthentication.authenticatedUser();
+	Supplier<Authentication> authentication = TestAuthentication::authenticatedUser;
 
 	ApplicationEventPublisher applicationEventPublisher;
 
diff --git a/core/src/test/java/org/springframework/security/core/StaticFinalReflectionUtils.java b/core/src/test/java/org/springframework/security/core/StaticFinalReflectionUtils.java
index 1cff2226804..76e8b7eed4a 100644
--- a/core/src/test/java/org/springframework/security/core/StaticFinalReflectionUtils.java
+++ b/core/src/test/java/org/springframework/security/core/StaticFinalReflectionUtils.java
@@ -68,13 +68,7 @@ public Object run() {
 				field.set(null, newValue);
 			}
 		}
-		catch (SecurityException ex) {
-			throw new RuntimeException(ex);
-		}
-		catch (IllegalAccessException ex) {
-			throw new RuntimeException(ex);
-		}
-		catch (IllegalArgumentException ex) {
+		catch (SecurityException | IllegalAccessException | IllegalArgumentException ex) {
 			throw new RuntimeException(ex);
 		}
 	}
diff --git a/core/src/test/java/org/springframework/security/core/context/ThreadLocalSecurityContextHolderStrategyTests.java b/core/src/test/java/org/springframework/security/core/context/ThreadLocalSecurityContextHolderStrategyTests.java
index 9fc4b66401e..0b3fbc35cbd 100644
--- a/core/src/test/java/org/springframework/security/core/context/ThreadLocalSecurityContextHolderStrategyTests.java
+++ b/core/src/test/java/org/springframework/security/core/context/ThreadLocalSecurityContextHolderStrategyTests.java
@@ -57,7 +57,7 @@ void deferredContext() {
 	void deferredContextValidates() {
 		this.strategy.setDeferredContext(() -> null);
 		Supplier<SecurityContext> deferredContext = this.strategy.getDeferredContext();
-		assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy(() -> deferredContext.get());
+		assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy(deferredContext::get);
 	}
 
 	@Test
diff --git a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java
index 4502d58ee01..58938144fdf 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java
@@ -58,19 +58,14 @@ private Argon2EncodingUtils() {
 	 */
 	static String encode(byte[] hash, Argon2Parameters parameters) throws IllegalArgumentException {
 		StringBuilder stringBuilder = new StringBuilder();
-		switch (parameters.getType()) {
-		case Argon2Parameters.ARGON2_d:
-			stringBuilder.append("$argon2d");
-			break;
-		case Argon2Parameters.ARGON2_i:
-			stringBuilder.append("$argon2i");
-			break;
-		case Argon2Parameters.ARGON2_id:
-			stringBuilder.append("$argon2id");
-			break;
-		default:
-			throw new IllegalArgumentException("Invalid algorithm type: " + parameters.getType());
-		}
+		stringBuilder.append(
+				switch (parameters.getType()) {
+					case Argon2Parameters.ARGON2_d -> "$argon2d";
+					case Argon2Parameters.ARGON2_i -> "$argon2i";
+					case Argon2Parameters.ARGON2_id -> "$argon2id";
+					default -> throw new IllegalArgumentException("Invalid algorithm type: " + parameters.getType());
+				}
+		);
 		stringBuilder.append("$v=").append(parameters.getVersion()).append("$m=").append(parameters.getMemory())
 				.append(",t=").append(parameters.getIterations()).append(",p=").append(parameters.getLanes());
 		if (parameters.getSalt() != null) {
@@ -107,19 +102,12 @@ static Argon2Hash decode(String encodedHash) throws IllegalArgumentException {
 			throw new IllegalArgumentException("Invalid encoded Argon2-hash");
 		}
 		int currentPart = 1;
-		switch (parts[currentPart++]) {
-		case "argon2d":
-			paramsBuilder = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_d);
-			break;
-		case "argon2i":
-			paramsBuilder = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_i);
-			break;
-		case "argon2id":
-			paramsBuilder = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_id);
-			break;
-		default:
-			throw new IllegalArgumentException("Invalid algorithm type: " + parts[0]);
-		}
+		paramsBuilder = switch (parts[currentPart++]) {
+			case "argon2d" -> new Argon2Parameters.Builder(Argon2Parameters.ARGON2_d);
+			case "argon2i" -> new Argon2Parameters.Builder(Argon2Parameters.ARGON2_i);
+			case "argon2id" -> new Argon2Parameters.Builder(Argon2Parameters.ARGON2_id);
+			default -> throw new IllegalArgumentException("Invalid algorithm type: " + parts[0]);
+		};
 		if (parts[currentPart].startsWith("v=")) {
 			paramsBuilder.withVersion(Integer.parseInt(parts[currentPart].substring(2)));
 			currentPart++;
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
index 381b3c31798..c6d475b69e0 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
@@ -260,43 +260,30 @@ private void raiseExceptionForErrorCode(int code, NamingException exception) {
 		String hexString = Integer.toHexString(code);
 		Throwable cause = new ActiveDirectoryAuthenticationException(hexString, exception.getMessage(), exception);
 		switch (code) {
-		case PASSWORD_EXPIRED:
-			throw new CredentialsExpiredException(this.messages.getMessage(
+			case PASSWORD_EXPIRED -> throw new CredentialsExpiredException(this.messages.getMessage(
 					"LdapAuthenticationProvider.credentialsExpired", "User credentials have expired"), cause);
-		case ACCOUNT_DISABLED:
-			throw new DisabledException(
+			case ACCOUNT_DISABLED -> throw new DisabledException(
 					this.messages.getMessage("LdapAuthenticationProvider.disabled", "User is disabled"), cause);
-		case ACCOUNT_EXPIRED:
-			throw new AccountExpiredException(
+			case ACCOUNT_EXPIRED -> throw new AccountExpiredException(
 					this.messages.getMessage("LdapAuthenticationProvider.expired", "User account has expired"), cause);
-		case ACCOUNT_LOCKED:
-			throw new LockedException(
+			case ACCOUNT_LOCKED -> throw new LockedException(
 					this.messages.getMessage("LdapAuthenticationProvider.locked", "User account is locked"), cause);
-		default:
-			throw badCredentials(cause);
+			default -> throw badCredentials(cause);
 		}
 	}
 
 	private String subCodeToLogMessage(int code) {
-		switch (code) {
-		case USERNAME_NOT_FOUND:
-			return "User was not found in directory";
-		case INVALID_PASSWORD:
-			return "Supplied password was invalid";
-		case NOT_PERMITTED:
-			return "User not permitted to logon at this time";
-		case PASSWORD_EXPIRED:
-			return "Password has expired";
-		case ACCOUNT_DISABLED:
-			return "Account is disabled";
-		case ACCOUNT_EXPIRED:
-			return "Account expired";
-		case PASSWORD_NEEDS_RESET:
-			return "User must reset password";
-		case ACCOUNT_LOCKED:
-			return "Account locked";
-		}
-		return "Unknown (error code " + Integer.toHexString(code) + ")";
+		return switch (code) {
+			case USERNAME_NOT_FOUND -> "User was not found in directory";
+			case INVALID_PASSWORD -> "Supplied password was invalid";
+			case NOT_PERMITTED -> "User not permitted to logon at this time";
+			case PASSWORD_EXPIRED -> "Password has expired";
+			case ACCOUNT_DISABLED -> "Account is disabled";
+			case ACCOUNT_EXPIRED -> "Account expired";
+			case PASSWORD_NEEDS_RESET -> "User must reset password";
+			case ACCOUNT_LOCKED -> "Account locked";
+			default -> "Unknown (error code " + Integer.toHexString(code) + ")";
+		};
 	}
 
 	private BadCredentialsException badCredentials() {
diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/MessageMatcherDelegatingAuthorizationManager.java b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/MessageMatcherDelegatingAuthorizationManager.java
index 68c1be5d7b9..d442e7532cf 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/MessageMatcherDelegatingAuthorizationManager.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/MessageMatcherDelegatingAuthorizationManager.java
@@ -85,8 +85,7 @@ private MessageAuthorizationContext<?> authorizationContext(MessageMatcher<?> ma
 		if (!matcher.matches((Message) message)) {
 			return null;
 		}
-		if (matcher instanceof SimpDestinationMessageMatcher) {
-			SimpDestinationMessageMatcher simp = (SimpDestinationMessageMatcher) matcher;
+		if (matcher instanceof SimpDestinationMessageMatcher simp) {
 			return new MessageAuthorizationContext<>(message, simp.extractPathVariables(message));
 		}
 		if (matcher instanceof Builder.LazySimpDestinationMessageMatcher) {
@@ -111,7 +110,7 @@ public static final class Builder {
 
 		private final List<Entry<AuthorizationManager<MessageAuthorizationContext<?>>>> mappings = new ArrayList<>();
 
-		private Supplier<PathMatcher> pathMatcher = () -> new AntPathMatcher();
+		private Supplier<PathMatcher> pathMatcher = AntPathMatcher::new;
 
 		public Builder() {
 		}
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcher.java
index 00aa6e8a648..2b2e2cfae5c 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/SimpMessageTypeMatcher.java
@@ -57,10 +57,9 @@ public boolean equals(Object other) {
 		if (this == other) {
 			return true;
 		}
-		if (!(other instanceof SimpMessageTypeMatcher)) {
+		if (!(other instanceof SimpMessageTypeMatcher otherMatcher)) {
 			return false;
 		}
-		SimpMessageTypeMatcher otherMatcher = (SimpMessageTypeMatcher) other;
 		return ObjectUtils.nullSafeEquals(this.typeToMatch, otherMatcher.typeToMatch);
 	}
 
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java
index 09413839b83..bfaa289a936 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java
@@ -396,8 +396,7 @@ private LobCreatorArgumentPreparedStatementSetter(LobCreator lobCreator, Object[
 
 		@Override
 		protected void doSetValue(PreparedStatement ps, int parameterPosition, Object argValue) throws SQLException {
-			if (argValue instanceof SqlParameterValue) {
-				SqlParameterValue paramValue = (SqlParameterValue) argValue;
+			if (argValue instanceof SqlParameterValue paramValue) {
 				if (paramValue.getSqlType() == Types.BLOB) {
 					if (paramValue.getValue() != null) {
 						Assert.isInstanceOf(byte[].class, paramValue.getValue(),
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java
index d367685e21f..fb1232328ca 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java
@@ -110,9 +110,8 @@ public RemoveAuthorizedClientOAuth2AuthorizationFailureHandler(
 	@Override
 	public void onAuthorizationFailure(OAuth2AuthorizationException authorizationException, Authentication principal,
 			Map<String, Object> attributes) {
-		if (authorizationException instanceof ClientAuthorizationException
+		if (authorizationException instanceof ClientAuthorizationException clientAuthorizationException
 				&& hasRemovalErrorCode(authorizationException)) {
-			ClientAuthorizationException clientAuthorizationException = (ClientAuthorizationException) authorizationException;
 			this.delegate.removeAuthorizedClient(clientAuthorizationException.getClientRegistrationId(), principal,
 					attributes);
 		}
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.java
index 0e7edd67d77..23784a9d001 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.java
@@ -112,9 +112,8 @@ public RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler(
 	@Override
 	public Mono<Void> onAuthorizationFailure(OAuth2AuthorizationException authorizationException,
 			Authentication principal, Map<String, Object> attributes) {
-		if (authorizationException instanceof ClientAuthorizationException
+		if (authorizationException instanceof ClientAuthorizationException clientAuthorizationException
 				&& hasRemovalErrorCode(authorizationException)) {
-			ClientAuthorizationException clientAuthorizationException = (ClientAuthorizationException) authorizationException;
 			return this.delegate.removeAuthorizedClient(clientAuthorizationException.getClientRegistrationId(),
 					principal, attributes);
 		}
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java
index b2bd659b5b0..668acbecb93 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java
@@ -70,13 +70,13 @@ public void setup() {
 	@Test
 	public void authenticateWhenErrorThenOAuth2AuthorizationException() {
 		this.authorizationResponse = TestOAuth2AuthorizationResponses.error();
-		assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy(() -> authenticate());
+		assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy(this::authenticate);
 	}
 
 	@Test
 	public void authenticateWhenStateNotEqualThenOAuth2AuthorizationException() {
 		this.authorizationRequest.state("notequal");
-		assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy(() -> authenticate());
+		assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy(this::authenticate);
 	}
 
 	@Test
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java
index 2884f63dda9..046b04001df 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java
@@ -478,12 +478,11 @@ private ClientRegistration.Builder registrationOAuth2(String path, String body)
 		final Dispatcher dispatcher = new Dispatcher() {
 			@Override
 			public MockResponse dispatch(RecordedRequest request) {
-				switch (request.getPath()) {
-				case "/.well-known/oauth-authorization-server/issuer1":
-				case "/.well-known/oauth-authorization-server/":
-					return buildSuccessMockResponse(responseBody);
-				}
-				return new MockResponse().setResponseCode(404);
+				return switch (request.getPath()) {
+					case "/.well-known/oauth-authorization-server/issuer1", "/.well-known/oauth-authorization-server/" ->
+							buildSuccessMockResponse(responseBody);
+					default -> new MockResponse().setResponseCode(404);
+				};
 			}
 		};
 		this.server.setDispatcher(dispatcher);
@@ -514,12 +513,11 @@ private ClientRegistration.Builder registrationOidcFallback(String path, String
 		final Dispatcher dispatcher = new Dispatcher() {
 			@Override
 			public MockResponse dispatch(RecordedRequest request) {
-				switch (request.getPath()) {
-				case "/issuer1/.well-known/openid-configuration":
-				case "/.well-known/openid-configuration/":
-					return buildSuccessMockResponse(responseBody);
-				}
-				return new MockResponse().setResponseCode(404);
+				return switch (request.getPath()) {
+					case "/issuer1/.well-known/openid-configuration", "/.well-known/openid-configuration/" ->
+							buildSuccessMockResponse(responseBody);
+					default -> new MockResponse().setResponseCode(404);
+				};
 			}
 		};
 		this.server.setDispatcher(dispatcher);
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoderProviderConfigurationUtils.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoderProviderConfigurationUtils.java
index d4ab2d56f1f..7fe963d8bd9 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoderProviderConfigurationUtils.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoderProviderConfigurationUtils.java
@@ -87,7 +87,7 @@ else if (jwk.getKeyType() == KeyType.EC) {
 			}
 			Assert.notEmpty(jwsAlgorithms, "Failed to find any algorithms from the JWK set");
 			return jwsAlgorithms;
-		}).onErrorMap(KeySourceException.class, (ex) -> new IllegalStateException(ex));
+		}).onErrorMap(KeySourceException.class, IllegalStateException::new);
 	}
 
 	static Mono<Map<String, Object>> getConfigurationForIssuerLocation(String issuer, WebClient web) {
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java
index 153414e1b48..24bc7321137 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveRemoteJWKSource.java
@@ -61,10 +61,10 @@ class ReactiveRemoteJWKSource implements ReactiveJWKSource {
 	public Mono<List<JWK>> get(JWKSelector jwkSelector) {
 		// @formatter:off
 		return this.cachedJWKSet.get()
-				.switchIfEmpty(Mono.defer(() -> getJWKSet()))
+				.switchIfEmpty(Mono.defer(this::getJWKSet))
 				.flatMap((jwkSet) -> get(jwkSelector, jwkSet))
 				.switchIfEmpty(Mono.defer(() -> getJWKSet()
-						.map((jwkSet) -> jwkSelector.select(jwkSet)))
+						.map(jwkSelector::select))
 				);
 		// @formatter:on
 	}
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProvider.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProvider.java
index eb1d63ff8f7..96d862c102c 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProvider.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProvider.java
@@ -101,10 +101,9 @@ public OpaqueTokenAuthenticationProvider(OpaqueTokenIntrospector introspector) {
 	 */
 	@Override
 	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
-		if (!(authentication instanceof BearerTokenAuthenticationToken)) {
+		if (!(authentication instanceof BearerTokenAuthenticationToken bearer)) {
 			return null;
 		}
-		BearerTokenAuthenticationToken bearer = (BearerTokenAuthenticationToken) authentication;
 		OAuth2AuthenticatedPrincipal principal = getOAuth2AuthenticatedPrincipal(bearer);
 		Authentication result = this.authenticationConverter.convert(bearer.getToken(), principal);
 		if (result == null) {
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPoint.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPoint.java
index 9db76d0de7f..19361ecdd31 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPoint.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPoint.java
@@ -74,8 +74,7 @@ public void commence(HttpServletRequest request, HttpServletResponse response,
 			if (StringUtils.hasText(error.getUri())) {
 				parameters.put("error_uri", error.getUri());
 			}
-			if (error instanceof BearerTokenError) {
-				BearerTokenError bearerTokenError = (BearerTokenError) error;
+			if (error instanceof BearerTokenError bearerTokenError) {
 				if (StringUtils.hasText(bearerTokenError.getScope())) {
 					parameters.put("scope", bearerTokenError.getScope());
 				}
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPoint.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPoint.java
index 7c7ee2aa44e..a2bc58a50d2 100644
--- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPoint.java
+++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPoint.java
@@ -82,8 +82,7 @@ private Map<String, String> createParameters(AuthenticationException authExcepti
 			if (StringUtils.hasText(error.getUri())) {
 				parameters.put("error_uri", error.getUri());
 			}
-			if (error instanceof BearerTokenError) {
-				BearerTokenError bearerTokenError = (BearerTokenError) error;
+			if (error instanceof BearerTokenError bearerTokenError) {
 				if (StringUtils.hasText(bearerTokenError.getScope())) {
 					parameters.put("scope", bearerTokenError.getScope());
 				}
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocket.java b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocket.java
index 499cd82b15c..6286e7a108b 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocket.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocket.java
@@ -91,9 +91,9 @@ public Flux<Payload> requestStream(Payload payload) {
 	public Flux<Payload> requestChannel(Publisher<Payload> payloads) {
 		return Flux.from(payloads).switchOnFirst((signal, innerFlux) -> {
 			Payload firstPayload = signal.get();
-			return intercept(PayloadExchangeType.REQUEST_CHANNEL, firstPayload).flatMapMany((context) -> innerFlux
-					.index().concatMap((tuple) -> justOrIntercept(tuple.getT1(), tuple.getT2()))
-					.transform((securedPayloads) -> this.source.requestChannel(securedPayloads)).contextWrite(context));
+			return intercept(PayloadExchangeType.REQUEST_CHANNEL, firstPayload).flatMapMany(
+					(context) -> innerFlux.index().concatMap((tuple) -> justOrIntercept(tuple.getT1(), tuple.getT2()))
+							.transform(this.source::requestChannel).contextWrite(context));
 		});
 	}
 
@@ -112,8 +112,8 @@ private Mono<Context> intercept(PayloadExchangeType type, Payload payload) {
 			ContextPayloadInterceptorChain chain = new ContextPayloadInterceptorChain(this.interceptors);
 			DefaultPayloadExchange exchange = new DefaultPayloadExchange(type, payload, this.metadataMimeType,
 					this.dataMimeType);
-			return chain.next(exchange).then(Mono.fromCallable(() -> chain.getContext()))
-					.defaultIfEmpty(Context.empty()).contextWrite(this.context);
+			return chain.next(exchange).then(Mono.fromCallable(chain::getContext)).defaultIfEmpty(Context.empty())
+					.contextWrite(this.context);
 		});
 	}
 
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptor.java b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptor.java
index aa750c88be9..6464db64c31 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptor.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptor.java
@@ -83,8 +83,7 @@ private Mono<Context> intercept(Payload payload, MimeType dataMimeType, MimeType
 			ContextPayloadInterceptorChain chain = new ContextPayloadInterceptorChain(this.interceptors);
 			DefaultPayloadExchange exchange = new DefaultPayloadExchange(PayloadExchangeType.SETUP, payload,
 					metadataMimeType, dataMimeType);
-			return chain.next(exchange).then(Mono.fromCallable(() -> chain.getContext()))
-					.defaultIfEmpty(Context.empty());
+			return chain.next(exchange).then(Mono.fromCallable(chain::getContext)).defaultIfEmpty(Context.empty());
 		});
 	}
 
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatchers.java b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatchers.java
index ef96a1b1c91..d47cd44d863 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatchers.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/PayloadExchangeMatchers.java
@@ -16,9 +16,6 @@
 
 package org.springframework.security.rsocket.util.matcher;
 
-import reactor.core.publisher.Mono;
-
-import org.springframework.security.rsocket.api.PayloadExchange;
 import org.springframework.security.rsocket.api.PayloadExchangeType;
 
 /**
@@ -30,37 +27,17 @@ private PayloadExchangeMatchers() {
 	}
 
 	public static PayloadExchangeMatcher setup() {
-		return new PayloadExchangeMatcher() {
-
-			@Override
-			public Mono<MatchResult> matches(PayloadExchange exchange) {
-				return PayloadExchangeType.SETUP.equals(exchange.getType()) ? MatchResult.match()
-						: MatchResult.notMatch();
-			}
-
-		};
+		return (exchange) -> PayloadExchangeType.SETUP.equals(exchange.getType())
+				? PayloadExchangeMatcher.MatchResult.match() : PayloadExchangeMatcher.MatchResult.notMatch();
 	}
 
 	public static PayloadExchangeMatcher anyRequest() {
-		return new PayloadExchangeMatcher() {
-
-			@Override
-			public Mono<MatchResult> matches(PayloadExchange exchange) {
-				return exchange.getType().isRequest() ? MatchResult.match() : MatchResult.notMatch();
-			}
-
-		};
+		return (exchange) -> exchange.getType().isRequest() ? PayloadExchangeMatcher.MatchResult.match()
+				: PayloadExchangeMatcher.MatchResult.notMatch();
 	}
 
 	public static PayloadExchangeMatcher anyExchange() {
-		return new PayloadExchangeMatcher() {
-
-			@Override
-			public Mono<MatchResult> matches(PayloadExchange exchange) {
-				return MatchResult.match();
-			}
-
-		};
+		return (exchange) -> PayloadExchangeMatcher.MatchResult.match();
 	}
 
 }
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcher.java b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcher.java
index d4c4ab8dbee..47297b69d0f 100644
--- a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcher.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcher.java
@@ -52,8 +52,8 @@ public Mono<MatchResult> matches(PayloadExchange exchange) {
 		Map<String, Object> metadata = this.metadataExtractor.extract(exchange.getPayload(),
 				exchange.getMetadataMimeType());
 		return Optional.ofNullable((String) metadata.get(MetadataExtractor.ROUTE_KEY))
-				.map((routeValue) -> this.routeMatcher.parseRoute(routeValue))
-				.map((route) -> this.routeMatcher.matchAndExtract(this.pattern, route)).map((v) -> MatchResult.match(v))
+				.map(this.routeMatcher::parseRoute)
+				.map((route) -> this.routeMatcher.matchAndExtract(this.pattern, route)).map(MatchResult::match)
 				.orElse(MatchResult.notMatch());
 	}
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/Saml2WebSsoAuthenticationFilter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/Saml2WebSsoAuthenticationFilter.java
index 4affc10049d..8fd2de183d8 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/Saml2WebSsoAuthenticationFilter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/Saml2WebSsoAuthenticationFilter.java
@@ -129,8 +129,7 @@ public void setAuthenticationRequestRepository(
 
 	private void setAuthenticationRequestRepositoryIntoAuthenticationConverter(
 			Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest> authenticationRequestRepository) {
-		if (this.authenticationConverter instanceof Saml2AuthenticationTokenConverter) {
-			Saml2AuthenticationTokenConverter authenticationTokenConverter = (Saml2AuthenticationTokenConverter) this.authenticationConverter;
+		if (this.authenticationConverter instanceof Saml2AuthenticationTokenConverter authenticationTokenConverter) {
 			authenticationTokenConverter.setAuthenticationRequestRepository(authenticationRequestRepository);
 		}
 	}
diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/RequestKey.java b/web/src/main/java/org/springframework/security/web/access/intercept/RequestKey.java
index b608e4f8b33..43722a7a7f5 100644
--- a/web/src/main/java/org/springframework/security/web/access/intercept/RequestKey.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/RequestKey.java
@@ -48,10 +48,9 @@ String getMethod() {
 
 	@Override
 	public boolean equals(Object obj) {
-		if (!(obj instanceof RequestKey)) {
+		if (!(obj instanceof RequestKey key)) {
 			return false;
 		}
-		RequestKey key = (RequestKey) obj;
 		if (!this.url.equals(key.url)) {
 			return false;
 		}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java
index 613bbd1da49..5c8b7cd6fda 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java
@@ -167,7 +167,7 @@ private boolean isValidCookieTokensLength(String[] cookieTokens) {
 
 	private long getTokenExpiryTime(String[] cookieTokens) {
 		try {
-			return new Long(cookieTokens[1]);
+			return Long.valueOf(cookieTokens[1]);
 		}
 		catch (NumberFormatException nfe) {
 			throw new InvalidCookieException(
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
index 73067a88dc5..d089a5b6331 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
@@ -385,7 +385,7 @@ void validateAndDecode(String entryPointKey, String expectedRealm) throws BadCre
 			}
 			// Extract expiry time from nonce
 			try {
-				this.nonceExpiryTime = new Long(nonceTokens[0]);
+				this.nonceExpiryTime = Long.valueOf(nonceTokens[0]);
 			}
 			catch (NumberFormatException nfe) {
 				throw new BadCredentialsException(DigestAuthenticationFilter.this.messages.getMessage(
diff --git a/web/src/main/java/org/springframework/security/web/server/ServerFormLoginAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/server/ServerFormLoginAuthenticationConverter.java
index 01fa28c6b09..a851af1df2f 100644
--- a/web/src/main/java/org/springframework/security/web/server/ServerFormLoginAuthenticationConverter.java
+++ b/web/src/main/java/org/springframework/security/web/server/ServerFormLoginAuthenticationConverter.java
@@ -46,7 +46,7 @@ public class ServerFormLoginAuthenticationConverter implements Function<ServerWe
 	@Override
 	@Deprecated
 	public Mono<Authentication> apply(ServerWebExchange exchange) {
-		return exchange.getFormData().map((data) -> createAuthentication(data));
+		return exchange.getFormData().map(this::createAuthentication);
 	}
 
 	private UsernamePasswordAuthenticationToken createAuthentication(MultiValueMap<String, String> data) {
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java
index c2e3e3e7884..cf5a64210d6 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java
@@ -277,8 +277,7 @@ private Authentication createSwitchUserToken(UserDetails targetUser, Authenticat
 	private Optional<Authentication> extractSourceAuthentication(Authentication currentAuthentication) {
 		// iterate over granted authorities and find the 'switch user' authority
 		for (GrantedAuthority authority : currentAuthentication.getAuthorities()) {
-			if (authority instanceof SwitchUserGrantedAuthority) {
-				SwitchUserGrantedAuthority switchAuthority = (SwitchUserGrantedAuthority) authority;
+			if (authority instanceof SwitchUserGrantedAuthority switchAuthority) {
 				return Optional.of(switchAuthority.getSource());
 			}
 		}
diff --git a/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java b/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java
index 2fac52493cd..60844345398 100755
--- a/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java
+++ b/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java
@@ -41,7 +41,7 @@ public class ThrowableAnalyzer {
 	 *
 	 * @see Throwable#getCause()
 	 */
-	public static final ThrowableCauseExtractor DEFAULT_EXTRACTOR = (throwable) -> throwable.getCause();
+	public static final ThrowableCauseExtractor DEFAULT_EXTRACTOR = Throwable::getCause;
 
 	/**
 	 * Default extractor for {@link InvocationTargetException} instances.
diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java
index 21b6140f70d..da9874b4d9e 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java
@@ -226,10 +226,9 @@ public String getPattern() {
 
 	@Override
 	public boolean equals(Object obj) {
-		if (!(obj instanceof AntPathRequestMatcher)) {
+		if (!(obj instanceof AntPathRequestMatcher other)) {
 			return false;
 		}
-		AntPathRequestMatcher other = (AntPathRequestMatcher) obj;
 		return this.pattern.equals(other.pattern) && this.httpMethod == other.httpMethod
 				&& this.caseSensitive == other.caseSensitive;
 	}
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java
index 2a022318aba..8866a3d5446 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java
@@ -88,7 +88,7 @@ public void constructorEmptyMediaTypes() {
 
 	@Test
 	public void constructorWhenEmptyMediaTypeThenIAE() {
-		assertThatIllegalArgumentException().isThrownBy(() -> new MediaTypeRequestMatcher());
+		assertThatIllegalArgumentException().isThrownBy(MediaTypeRequestMatcher::new);
 	}
 
 	@Test