Using modern Java features

acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java

@@ -118,8 +118,7 @@ List<Permission> resolvePermission(Object permission) {
 		if (permission instanceof Permission[]) {
 			return Arrays.asList((Permission[]) permission);
 		}
-		if (permission instanceof String) {
-			String permString = (String) permission;
+		if (permission instanceof String permString) {
 			Permission p = buildPermission(permString);
 			if (p != null) {
 				return Arrays.asList(p);

acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java

@@ -56,10 +56,9 @@ public final boolean equals(Object obj) {
 		if (obj == null) {
 			return false;
 		}
-		if (!(obj instanceof Permission)) {
+		if (!(obj instanceof Permission other)) {
 			return false;
 		}
-		Permission other = (Permission) obj;
 		return (this.mask == other.getMask());
 	}
 

acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java

@@ -454,7 +454,7 @@ public void testProcessingCustomSid() {
 		CustomSid customSid = new CustomSid("Custom sid");
 		given(customJdbcMutableAclService.createOrRetrieveSidPrimaryKey("Custom sid", false, false)).willReturn(1L);
 		Long result = customJdbcMutableAclService.createOrRetrieveSidPrimaryKey(customSid, false);
-		assertThat(new Long(1L)).isEqualTo(result);
+		assertThat(Long.valueOf(1L)).isEqualTo(result);
 	}
 
 	protected Authentication getAuth() {

buildSrc/src/main/java/org/springframework/gradle/antora/AntoraVersionPlugin.java

@@ -4,7 +4,6 @@
 import org.gradle.api.GradleException;
 import org.gradle.api.Plugin;
 import org.gradle.api.Project;
-import org.gradle.api.Task;
 import org.gradle.api.tasks.TaskProvider;
 import org.gradle.language.base.plugins.LifecycleBasePlugin;
 
@@ -27,12 +26,8 @@ public void execute(CheckAntoraVersionTask antoraCheckVersion) {
 		project.getPlugins().withType(LifecycleBasePlugin.class, new Action<LifecycleBasePlugin>() {
 			@Override
 			public void execute(LifecycleBasePlugin lifecycleBasePlugin) {
-				project.getTasks().named(LifecycleBasePlugin.CHECK_TASK_NAME).configure(new Action<Task>() {
-					@Override
-					public void execute(Task check) {
-						check.dependsOn(antoraCheckVersion);
-					}
-				});
+				project.getTasks().named(LifecycleBasePlugin.CHECK_TASK_NAME)
+						.configure(check -> check.dependsOn(antoraCheckVersion));
 			}
 		});
 		 project.getTasks().register("antoraUpdateVersion", UpdateAntoraVersionTask.class, new Action<UpdateAntoraVersionTask>() {

buildSrc/src/main/java/org/springframework/gradle/classpath/CheckClasspathForProhibitedDependenciesPlugin.java

@@ -35,9 +35,7 @@ public class CheckClasspathForProhibitedDependenciesPlugin implements Plugin<Pro
 	@Override
 	public void apply(Project project) {
 		project.getPlugins().apply(CheckProhibitedDependenciesLifecyclePlugin.class);
-		project.getPlugins().withType(JavaBasePlugin.class, javaBasePlugin -> {
-			configureProhibitedDependencyChecks(project);
-		});
+		project.getPlugins().withType(JavaBasePlugin.class, javaBasePlugin -> configureProhibitedDependencyChecks(project));
 	}
 
 	private void configureProhibitedDependencyChecks(Project project) {

buildSrc/src/main/java/org/springframework/gradle/classpath/CheckProhibitedDependenciesLifecyclePlugin.java

@@ -34,8 +34,6 @@ public void apply(Project project) {
 			task.setGroup(JavaBasePlugin.VERIFICATION_GROUP);
 			task.setDescription("Checks both the compile/runtime classpath of every SourceSet for prohibited dependencies");
 		});
-		project.getTasks().named(JavaBasePlugin.CHECK_TASK_NAME, checkTask -> {
-			checkTask.dependsOn(checkProhibitedDependencies);
-		});
+		project.getTasks().named(JavaBasePlugin.CHECK_TASK_NAME, checkTask -> checkTask.dependsOn(checkProhibitedDependencies));
 	}
 }

buildSrc/src/main/java/org/springframework/gradle/github/changelog/GitHubChangelogPlugin.java

@@ -26,7 +26,6 @@
 import org.gradle.api.artifacts.Configuration;
 import org.gradle.api.artifacts.DependencySet;
 import org.gradle.api.artifacts.repositories.ExclusiveContentRepository;
-import org.gradle.api.artifacts.repositories.InclusiveRepositoryContentDescriptor;
 import org.gradle.api.artifacts.repositories.IvyArtifactRepository;
 import org.gradle.api.artifacts.repositories.IvyPatternRepositoryLayout;
 import org.gradle.api.tasks.JavaExec;
@@ -91,12 +90,7 @@ public void execute(IvyPatternRepositoryLayout layout) {
 			@Override
 			public void execute(ExclusiveContentRepository exclusiveContentRepository) {
 				exclusiveContentRepository.forRepositories(repository);
-				exclusiveContentRepository.filter(new Action<InclusiveRepositoryContentDescriptor>() {
-					@Override
-					public void execute(InclusiveRepositoryContentDescriptor descriptor) {
-						descriptor.includeGroup("spring-io");
-					}
-				});
+				exclusiveContentRepository.filter(descriptor -> descriptor.includeGroup("spring-io"));
 			}
 		});
 	}

buildSrc/src/main/java/org/springframework/gradle/github/milestones/SpringReleaseTrainSpec.java

@@ -114,11 +114,11 @@ private Builder() {
 		}
 
 		public Builder train(int train) {
-			switch (train) {
-				case 1: this.train = Train.ONE; break;
-				case 2: this.train = Train.TWO; break;
-				default: throw new IllegalArgumentException("Invalid train: " + train);
-			}
+			this.train = switch (train) {
+				case 1 -> Train.ONE;
+				case 2 -> Train.TWO;
+				default -> throw new IllegalArgumentException("Invalid train: " + train);
+			};
 			return this;
 		}
 
@@ -156,13 +156,13 @@ public Builder version(String version) {
 		}
 
 		public Builder weekOfMonth(int weekOfMonth) {
-			switch (weekOfMonth) {
-				case 1: this.weekOfMonth = WeekOfMonth.FIRST; break;
-				case 2: this.weekOfMonth = WeekOfMonth.SECOND; break;
-				case 3: this.weekOfMonth = WeekOfMonth.THIRD; break;
-				case 4: this.weekOfMonth = WeekOfMonth.FOURTH; break;
-				default: throw new IllegalArgumentException("Invalid weekOfMonth: " + weekOfMonth);
-			}
+			this.weekOfMonth = switch (weekOfMonth) {
+				case 1 -> WeekOfMonth.FIRST;
+				case 2 -> WeekOfMonth.SECOND;
+				case 3 -> WeekOfMonth.THIRD;
+				case 4 -> WeekOfMonth.FOURTH;
+				default -> throw new IllegalArgumentException("Invalid weekOfMonth: " + weekOfMonth);
+			};
 			return this;
 		}
 
@@ -172,14 +172,14 @@ public Builder weekOfMonth(WeekOfMonth weekOfMonth) {
 		}
 
 		public Builder dayOfWeek(int dayOfWeek) {
-			switch (dayOfWeek) {
-				case 1: this.dayOfWeek = DayOfWeek.MONDAY; break;
-				case 2: this.dayOfWeek = DayOfWeek.TUESDAY; break;
-				case 3: this.dayOfWeek = DayOfWeek.WEDNESDAY; break;
-				case 4: this.dayOfWeek = DayOfWeek.THURSDAY; break;
-				case 5: this.dayOfWeek = DayOfWeek.FRIDAY; break;
-				default: throw new IllegalArgumentException("Invalid dayOfWeek: " + dayOfWeek);
-			}
+			this.dayOfWeek = switch (dayOfWeek) {
+				case 1 -> DayOfWeek.MONDAY;
+				case 2 -> DayOfWeek.TUESDAY;
+				case 3 -> DayOfWeek.WEDNESDAY;
+				case 4 -> DayOfWeek.THURSDAY;
+				case 5 -> DayOfWeek.FRIDAY;
+				default -> throw new IllegalArgumentException("Invalid dayOfWeek: " + dayOfWeek);
+			};
 			return this;
 		}
 

buildSrc/src/main/java/org/springframework/gradle/maven/SpringSigningPlugin.java

@@ -21,7 +21,6 @@
 import org.gradle.api.Project;
 import org.gradle.api.publish.Publication;
 import org.gradle.api.publish.PublishingExtension;
-import org.gradle.api.publish.plugins.PublishingPlugin;
 import org.gradle.plugins.signing.SigningExtension;
 import org.gradle.plugins.signing.SigningPlugin;
 
@@ -44,12 +43,7 @@ public void execute(SigningPlugin signingPlugin) {
 
 	private void sign(Project project) {
 		SigningExtension signing = project.getExtensions().findByType(SigningExtension.class);
-		signing.setRequired(new Callable<Boolean>() {
-			@Override
-			public Boolean call() throws Exception {
-				return project.getGradle().getTaskGraph().hasTask("publishArtifacts");
-			}
-		});
+		signing.setRequired((Callable<Boolean>) () -> project.getGradle().getTaskGraph().hasTask("publishArtifacts"));
 		String signingKeyId = (String) project.findProperty("signingKeyId");
 		String signingKey = (String) project.findProperty("signingKey");
 		String signingPassword = (String) project.findProperty("signingPassword");

config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java

@@ -294,7 +294,7 @@ Flux<String> retrieveFlux(Flux<String> payload) {
 
 		@MessageMapping({ "secure.send", "send" })
 		Mono<Void> send(Mono<String> payload) {
-			return payload.doOnNext(this::add).then(Mono.fromRunnable(() -> doNotifyAll()));
+			return payload.doOnNext(this::add).then(Mono.fromRunnable(this::doNotifyAll));
 		}
 
 		private synchronized void doNotifyAll() {

config/src/main/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessor.java

@@ -68,8 +68,7 @@ public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory)
 			return;
 		}
 		ConversionService service = beanFactory.getConversionService();
-		if (service instanceof ConverterRegistry) {
-			ConverterRegistry registry = (ConverterRegistry) service;
+		if (service instanceof ConverterRegistry registry) {
 			registry.addConverter(String.class, RSAPrivateKey.class, this.pkcs8);
 			registry.addConverter(String.class, RSAPublicKey.class, this.x509);
 		}

config/src/main/java/org/springframework/security/config/http/ChannelAttributeFactory.java

@@ -42,19 +42,12 @@ private ChannelAttributeFactory() {
 	}
 
 	public static List<ConfigAttribute> createChannelAttributes(String requiredChannel) {
-		String channelConfigAttribute;
-		if (requiredChannel.equals(OPT_REQUIRES_HTTPS)) {
-			channelConfigAttribute = "REQUIRES_SECURE_CHANNEL";
-		}
-		else if (requiredChannel.equals(OPT_REQUIRES_HTTP)) {
-			channelConfigAttribute = "REQUIRES_INSECURE_CHANNEL";
-		}
-		else if (requiredChannel.equals(OPT_ANY_CHANNEL)) {
-			channelConfigAttribute = ChannelDecisionManagerImpl.ANY_CHANNEL;
-		}
-		else {
-			throw new BeanCreationException("Unknown channel attribute " + requiredChannel);
-		}
+		String channelConfigAttribute = switch (requiredChannel) {
+			case OPT_REQUIRES_HTTPS -> "REQUIRES_SECURE_CHANNEL";
+			case OPT_REQUIRES_HTTP -> "REQUIRES_INSECURE_CHANNEL";
+			case OPT_ANY_CHANNEL -> ChannelDecisionManagerImpl.ANY_CHANNEL;
+			default -> throw new BeanCreationException("Unknown channel attribute " + requiredChannel);
+		};
 		return SecurityConfig.createList(channelConfigAttribute);
 	}
 

config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java

@@ -382,7 +382,7 @@ SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 						.anyRequest().authenticated()
 				)
 				.formLogin(Customizer.withDefaults())
-				.requestCache((cache) -> cache.disable());
+				.requestCache(RequestCacheConfigurer::disable);
 			// @formatter:on
 			return http.build();
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java

@@ -556,9 +556,7 @@ SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 				.sessionManagement((sessionManagement) ->
 					sessionManagement
 						.requireExplicitAuthenticationStrategy(false)
-						.sessionFixation((sessionFixation) ->
-							sessionFixation.newSession()
-						)
+						.sessionFixation(SessionManagementConfigurer.SessionFixationConfigurer::newSession)
 				)
 				.httpBasic(withDefaults());
 			// @formatter:on

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java

@@ -868,8 +868,7 @@ public void getJwtDecoderWhenTwoJwtDecoderBeansThenThrowsException() {
 		context.registerBean("decoderTwo", JwtDecoder.class, () -> decoder);
 		this.spring.context(context).autowire();
 		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
-		assertThatExceptionOfType(NoUniqueBeanDefinitionException.class)
-				.isThrownBy(() -> jwtConfigurer.getJwtDecoder());
+		assertThatExceptionOfType(NoUniqueBeanDefinitionException.class).isThrownBy(jwtConfigurer::getJwtDecoder);
 	}
 
 	@Test
@@ -1885,9 +1884,7 @@ SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 					.anyRequest().authenticated()
 				)
 				.oauth2Login(withDefaults())
-				.oauth2ResourceServer((oauth2) -> oauth2
-					.jwt()
-				);
+				.oauth2ResourceServer((oauth2) -> oauth2.jwt(withDefaults()));
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/socket/SyncExecutorSubscribableChannelPostProcessor.java

@@ -27,8 +27,7 @@ public class SyncExecutorSubscribableChannelPostProcessor implements BeanPostPro
 
 	@Override
 	public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
-		if (bean instanceof ExecutorSubscribableChannel) {
-			ExecutorSubscribableChannel original = (ExecutorSubscribableChannel) bean;
+		if (bean instanceof ExecutorSubscribableChannel original) {
 			ExecutorSubscribableChannel channel = new ExecutorSubscribableChannel();
 			channel.setInterceptors(original.getInterceptors());
 			return channel;

config/src/test/java/org/springframework/security/config/annotation/web/socket/WebSocketMessageBrokerSecurityConfigurationTests.java

@@ -627,9 +627,8 @@ static class TestHandshakeHandler implements HandshakeHandler {
 		public boolean doHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler,
 				Map<String, Object> attributes) throws HandshakeFailureException {
 			this.attributes = attributes;
-			if (wsHandler instanceof SockJsWebSocketHandler) {
+			if (wsHandler instanceof SockJsWebSocketHandler sockJs) {
 				// work around SPR-12716
-				SockJsWebSocketHandler sockJs = (SockJsWebSocketHandler) wsHandler;
 				WebSocketServerSockJsSession session = (WebSocketServerSockJsSession) ReflectionTestUtils
 						.getField(sockJs, "sockJsSession");
 				this.attributes = session.getAttributes();

config/src/test/java/org/springframework/security/config/doc/XmlNode.java

@@ -58,16 +58,15 @@ public Optional<XmlNode> child(String name) {
 
 	public Optional<XmlNode> parent() {
 		// @formatter:off
-		return Optional.ofNullable(this.node.getParentNode())
-				.map((parent) -> new XmlNode(parent));
+		return Optional.ofNullable(this.node.getParentNode()).map(XmlNode::new);
 		// @formatter:on
 	}
 
 	public String attribute(String name) {
 		// @formatter:off
 		return Optional.ofNullable(this.node.getAttributes())
 				.map((attrs) -> attrs.getNamedItem(name))
-				.map((attr) -> attr.getTextContent())
+				.map(Node::getTextContent)
 				.orElse(null);
 		// @formatter:on
 	}

config/src/test/java/org/springframework/security/config/test/SpringTestContextExtension.java

@@ -31,7 +31,7 @@ public class SpringTestContextExtension implements BeforeEachCallback, AfterEach
 	@Override
 	public void afterEach(ExtensionContext context) throws Exception {
 		TestSecurityContextHolder.clearContext();
-		getContexts(context.getRequiredTestInstance()).forEach((springTestContext) -> springTestContext.close());
+		getContexts(context.getRequiredTestInstance()).forEach(SpringTestContext::close);
 	}
 
 	@Override

core/src/main/java/org/springframework/security/access/SecurityConfig.java

@@ -38,8 +38,7 @@ public SecurityConfig(String config) {
 
 	@Override
 	public boolean equals(Object obj) {
-		if (obj instanceof ConfigAttribute) {
-			ConfigAttribute attr = (ConfigAttribute) obj;
+		if (obj instanceof ConfigAttribute attr) {
 			return this.attrib.equals(attr.getAttribute());
 		}
 		return false;

core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java

@@ -89,8 +89,7 @@ private List<ConfigAttribute> processAnnotations(Annotation[] annotations) {
 				attributes.add(Jsr250SecurityConfig.PERMIT_ALL_ATTRIBUTE);
 				return attributes;
 			}
-			if (annotation instanceof RolesAllowed) {
-				RolesAllowed ra = (RolesAllowed) annotation;
+			if (annotation instanceof RolesAllowed ra) {
 
 				for (String allowed : ra.value()) {
 					String defaultedAllowed = getRoleWithDefaultPrefix(allowed);

core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java

@@ -43,8 +43,7 @@ public abstract class AbstractMethodSecurityMetadataSource implements MethodSecu
 
 	@Override
 	public final Collection<ConfigAttribute> getAttributes(Object object) {
-		if (object instanceof MethodInvocation) {
-			MethodInvocation mi = (MethodInvocation) object;
+		if (object instanceof MethodInvocation mi) {
 			Object target = mi.getThis();
 			Class<?> targetClass = null;
 			if (target != null) {

core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java

@@ -264,8 +264,7 @@ public boolean equals(Object obj) {
 			if (this == obj) {
 				return true;
 			}
-			if (obj != null && obj instanceof RegisteredMethod) {
-				RegisteredMethod rhs = (RegisteredMethod) obj;
+			if (obj instanceof RegisteredMethod rhs) {
 				return this.method.equals(rhs.method) && this.registeredJavaType.equals(rhs.registeredJavaType);
 			}
 			return false;

core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java

@@ -71,14 +71,9 @@ public void decide(Authentication authentication, Object object, Collection<Conf
 		for (AccessDecisionVoter voter : getDecisionVoters()) {
 			int result = voter.vote(authentication, object, configAttributes);
 			switch (result) {
-			case AccessDecisionVoter.ACCESS_GRANTED:
-				grant++;
-				break;
-			case AccessDecisionVoter.ACCESS_DENIED:
-				deny++;
-				break;
-			default:
-				break;
+				case AccessDecisionVoter.ACCESS_GRANTED -> grant++;
+				case AccessDecisionVoter.ACCESS_DENIED -> deny++;
+				default -> { }
 			}
 		}
 		if (grant > deny) {

core/src/main/java/org/springframework/security/authentication/ProviderManager.java

@@ -256,8 +256,7 @@ private void prepareException(AuthenticationException ex, Authentication auth) {
 	 * @param dest the destination authentication object
 	 */
 	private void copyDetails(Authentication source, Authentication dest) {
-		if ((dest instanceof AbstractAuthenticationToken) && (dest.getDetails() == null)) {
-			AbstractAuthenticationToken token = (AbstractAuthenticationToken) dest;
+		if ((dest instanceof AbstractAuthenticationToken token) && (dest.getDetails() == null)) {
 			token.setDetails(source.getDetails());
 		}
 	}

core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationToken.java

@@ -94,12 +94,8 @@ public boolean equals(Object obj) {
 		if (!super.equals(obj)) {
 			return false;
 		}
-		if (obj instanceof RememberMeAuthenticationToken) {
-			RememberMeAuthenticationToken other = (RememberMeAuthenticationToken) obj;
-			if (this.getKeyHash() != other.getKeyHash()) {
-				return false;
-			}
-			return true;
+		if (obj instanceof RememberMeAuthenticationToken other) {
+			return this.getKeyHash() == other.getKeyHash();
 		}
 		return false;
 	}