Hide utility class constructors

Update all utility classes so that they have a private constructor. This prevents users from accidentally creating an instance, when they should just use the static methods directly. Issue gh-8945
2025-05-31 09:12:14 +00:00 · 2020-07-29 15:15:15 -07:00 · 2020-07-29 15:15:15 -07:00 · 01d90c9881
commit 01d90c9881
parent 8559447357
61 changed files with 213 additions and 52 deletions
--- a/config/src/main/java/org/springframework/security/config/http/ChannelAttributeFactory.java
+++ b/config/src/main/java/org/springframework/security/config/http/ChannelAttributeFactory.java
@ -30,7 +30,7 @@ import org.springframework.security.web.access.channel.ChannelDecisionManagerImp
 * @author Luke Taylor
 * @since 3.0
 */
-public class ChannelAttributeFactory {
+public final class ChannelAttributeFactory {
 	private static final String OPT_REQUIRES_HTTP = "http";
@ -38,6 +38,9 @@ public class ChannelAttributeFactory {
 	private static final String OPT_ANY_CHANNEL = "any";
 	private ChannelAttributeFactory() {
 	}
 	public static List<ConfigAttribute> createChannelAttributes(String requiredChannel) {
 		String channelConfigAttribute;
--- a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserUtils.java
+++ b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserUtils.java
@ -37,6 +37,9 @@ final class OAuth2ClientBeanDefinitionParserUtils {
 	private static final String ATT_AUTHORIZED_CLIENT_SERVICE_REF = "authorized-client-service-ref";
 	private OAuth2ClientBeanDefinitionParserUtils() {
 	}
 	static BeanMetadataElement getClientRegistrationRepository(Element element) {
 		BeanMetadataElement clientRegistrationRepository;
 		String clientRegistrationRepositoryRef = element.getAttribute(ATT_CLIENT_REGISTRATION_REPOSITORY_REF);
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/TestSaml2Credentials.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/TestSaml2Credentials.java
@ -29,7 +29,10 @@ import org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X
 /**
 * Preconfigured SAML credentials for SAML integration tests.
 */
-public class TestSaml2Credentials {
+public final class TestSaml2Credentials {
 	private TestSaml2Credentials() {
 	}
 	static Saml2X509Credential verificationCertificate() {
 		String certificate = "-----BEGIN CERTIFICATE-----\n"
--- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationBuilder.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationBuilder.java
@ -26,7 +26,10 @@ import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
 * @author Rob Winch
 * @since 5.0
 */
-public class ServerHttpSecurityConfigurationBuilder {
+public final class ServerHttpSecurityConfigurationBuilder {
 	private ServerHttpSecurityConfigurationBuilder() {
 	}
 	public static ServerHttpSecurity http() {
 		return new ServerHttpSecurityConfiguration().httpSecurity();
--- a/config/src/test/java/org/springframework/security/config/http/SecurityFiltersAssertions.java
+++ b/config/src/test/java/org/springframework/security/config/http/SecurityFiltersAssertions.java
@ -29,13 +29,15 @@ import static org.assertj.core.api.Assertions.assertThat;
 *
 * @author Josh Cummings
 */
-public class SecurityFiltersAssertions {
+public final class SecurityFiltersAssertions {
 	private static Collection<SecurityFilters> ordered = Arrays.asList(SecurityFilters.values());
 	private SecurityFiltersAssertions() {
 	}
 	public static void assertEquals(List<String> filters) {
 		List<String> expected = ordered.stream().map(SecurityFilters::name).collect(Collectors.toList());
 		assertThat(filters).isEqualTo(expected);
 	}
--- a/core/src/main/java/org/springframework/security/access/expression/ExpressionUtils.java
+++ b/core/src/main/java/org/springframework/security/access/expression/ExpressionUtils.java
@ -22,6 +22,9 @@ import org.springframework.expression.Expression;
 public final class ExpressionUtils {
 	private ExpressionUtils() {
 	}
 	public static boolean evaluateAsBoolean(Expression expr, EvaluationContext ctx) {
 		try {
 			return expr.getValue(ctx, Boolean.class);
--- a/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java
+++ b/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java
@ -38,7 +38,7 @@ import org.springframework.util.Assert;
 * @author Josh Cummings
 * @since 5.2
 */
-public class RsaKeyConverters {
+public final class RsaKeyConverters {
 	private static final String DASHES = "-----";
@ -50,6 +50,9 @@ public class RsaKeyConverters {
 	private static final String X509_PEM_FOOTER = DASHES + "END PUBLIC KEY" + DASHES;
 	private RsaKeyConverters() {
 	}
 	/**
 	 * Construct a {@link Converter} for converting a PEM-encoded PKCS#8 RSA Private Key
 	 * into a {@link RSAPrivateKey}.
--- a/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
+++ b/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
@ -30,7 +30,7 @@ import org.springframework.core.SpringVersion;
 * @author Luke Taylor
 * @author Rob Winch
 */
-public class SpringSecurityCoreVersion {
+public final class SpringSecurityCoreVersion {
 	private static final String DISABLE_CHECKS = SpringSecurityCoreVersion.class.getName().concat(".DISABLE_CHECKS");
@ -50,6 +50,9 @@ public class SpringSecurityCoreVersion {
 		performVersionChecks();
 	}
 	private SpringSecurityCoreVersion() {
 	}
 	public static String getVersion() {
 		Package pkg = SpringSecurityCoreVersion.class.getPackage();
 		return (pkg != null ? pkg.getImplementationVersion() : null);
--- a/core/src/main/java/org/springframework/security/core/context/ReactiveSecurityContextHolder.java
+++ b/core/src/main/java/org/springframework/security/core/context/ReactiveSecurityContextHolder.java
@ -29,10 +29,13 @@ import org.springframework.security.core.Authentication;
 * @author Rob Winch
 * @since 5.0
 */
-public class ReactiveSecurityContextHolder {
+public final class ReactiveSecurityContextHolder {
 	private static final Class<?> SECURITY_CONTEXT_KEY = SecurityContext.class;
 	private ReactiveSecurityContextHolder() {
 	}
 	/**
 	 * Gets the {@code Mono<SecurityContext>} from Reactor {@link Context}
 	 * @return the {@code Mono<SecurityContext>}
--- a/core/src/main/java/org/springframework/security/util/FieldUtils.java
+++ b/core/src/main/java/org/springframework/security/util/FieldUtils.java
@ -29,6 +29,9 @@ import org.springframework.util.StringUtils;
 */
 public final class FieldUtils {
 	private FieldUtils() {
 	}
 	/**
 	 * Attempts to locate the specified field on the class.
 	 * @param clazz the class definition containing the field
--- a/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java
+++ b/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java
@ -35,6 +35,9 @@ import org.springframework.util.Assert;
 */
 public final class MethodInvocationUtils {
 	private MethodInvocationUtils() {
 	}
 	/**
 	 * Generates a <code>MethodInvocation</code> for specified <code>methodName</code> on
 	 * the passed object, using the <code>args</code> to locate the method.
--- a/core/src/test/java/org/springframework/security/access/annotation/sec2150/MethodInvocationFactory.java
+++ b/core/src/test/java/org/springframework/security/access/annotation/sec2150/MethodInvocationFactory.java
@ -19,7 +19,10 @@ package org.springframework.security.access.annotation.sec2150;
 import org.springframework.aop.framework.ProxyFactory;
 import org.springframework.security.access.intercept.method.MockMethodInvocation;
-public class MethodInvocationFactory {
+public final class MethodInvocationFactory {
 	private MethodInvocationFactory() {
 	}
 	/**
 	 * In order to reproduce the bug for SEC-2150, we must have a proxy object that
--- a/core/src/test/java/org/springframework/security/access/expression/method/SecurityRules.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/SecurityRules.java
@ -16,7 +16,10 @@
 package org.springframework.security.access.expression.method;
-public class SecurityRules {
+public final class SecurityRules {
 	private SecurityRules() {
 	}
 	public static boolean disallow() {
 		return false;
--- a/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java
+++ b/core/src/test/java/org/springframework/security/util/FieldUtilsTests.java
@ -27,8 +27,6 @@ public class FieldUtilsTests {
 	@Test
 	public void gettingAndSettingProtectedFieldIsSuccessful() throws Exception {
 		new FieldUtils();
 		Object tc = new TestClass();
 		assertThat(FieldUtils.getProtectedFieldValue("protectedField", tc)).isEqualTo("x");
--- a/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java
+++ b/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java
@ -33,8 +33,6 @@ public class MethodInvocationUtilsTests {
 	@Test
 	public void createFromClassReturnsMethodWithNoArgInfoForMethodWithNoArgs() {
 		new MethodInvocationUtils();
 		MethodInvocation mi = MethodInvocationUtils.createFromClass(String.class, "length");
 		assertThat(mi).isNotNull();
 	}
--- a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java
@ -29,12 +29,15 @@ import org.bouncycastle.util.Arrays;
 * @author Simeon Macke
 * @since 5.3
 */
-class Argon2EncodingUtils {
+final class Argon2EncodingUtils {
 	private static final Base64.Encoder b64encoder = Base64.getEncoder().withoutPadding();
 	private static final Base64.Decoder b64decoder = Base64.getDecoder();
 	private Argon2EncodingUtils() {
 	}
 	/**
 	 * Encodes a raw Argon2-hash and its parameters into the standard Argon2-hash-string
 	 * as specified in the reference implementation
--- a/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java
@ -237,6 +237,9 @@ public final class Base64 {
 			-9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9 // Decimal 244 - 255
 	};
 	private Base64() {
 	}
 	public static byte[] decode(byte[] bytes) {
 		return decode(bytes, 0, bytes.length, NO_OPTIONS);
 	}
--- a/crypto/src/main/java/org/springframework/security/crypto/codec/Hex.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/codec/Hex.java
@ -30,6 +30,9 @@ public final class Hex {
 	private static final char[] HEX = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e',
 			'f' };
 	private Hex() {
 	}
 	public static char[] encode(byte[] bytes) {
 		final int nBytes = bytes.length;
 		char[] result = new char[2 * nBytes];
--- a/crypto/src/main/java/org/springframework/security/crypto/codec/Utf8.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/codec/Utf8.java
@ -33,6 +33,9 @@ public final class Utf8 {
 	private static final Charset CHARSET = StandardCharsets.UTF_8;
 	private Utf8() {
 	}
 	/**
 	 * Get the bytes of the String in UTF-8 encoded form.
 	 */
--- a/crypto/src/test/java/org/springframework/security/crypto/codec/Base64Tests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/codec/Base64Tests.java
@ -28,8 +28,6 @@ public class Base64Tests {
 	@Test
 	public void isBase64ReturnsTrueForValidBase64() {
 		new Base64(); // unused
 		assertThat(Base64.isBase64(new byte[] { (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D' })).isTrue();
 	}
--- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/CryptoAssumptions.java
@ -26,7 +26,10 @@ import org.junit.AssumptionViolatedException;
 import org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm;
-public class CryptoAssumptions {
+public final class CryptoAssumptions {
 	private CryptoAssumptions() {
 	}
 	public static void assumeGCMJCE() {
 		assumeAes256(CipherAlgorithm.GCM);
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@ -3,7 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
 	<suppress files=".*" checks="SpringHideUtilityClassConstructor" />
 	<suppress files=".*" checks="SpringJavadoc" />
 	<suppress files=".*" checks="SpringLambda" />
 	<suppress files=".*" checks="SpringMethodOrder" />
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlExtractor.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControlExtractor.java
@ -29,10 +29,13 @@ import org.apache.commons.logging.LogFactory;
 * @author Luke Taylor
 * @since 3.0
 */
-public class PasswordPolicyControlExtractor {
+public final class PasswordPolicyControlExtractor {
 	private static final Log logger = LogFactory.getLog(PasswordPolicyControlExtractor.class);
 	private PasswordPolicyControlExtractor() {
 	}
 	public static PasswordPolicyResponseControl extractControl(DirContext dirCtx) {
 		LdapContext ctx = (LdapContext) dirCtx;
 		Control[] ctrls = null;
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java
@ -40,6 +40,9 @@ final class OAuth2AuthorizationGrantRequestEntityUtils {
 	private static HttpHeaders DEFAULT_TOKEN_REQUEST_HEADERS = getDefaultTokenRequestHeaders();
 	private OAuth2AuthorizationGrantRequestEntityUtils() {
 	}
 	static HttpHeaders getTokenRequestHeaders(ClientRegistration clientRegistration) {
 		HttpHeaders headers = new HttpHeaders();
 		headers.addAll(DEFAULT_TOKEN_REQUEST_HEADERS);
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/TestOAuth2AuthenticationTokens.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/TestOAuth2AuthenticationTokens.java
@ -25,7 +25,10 @@ import org.springframework.security.oauth2.core.user.TestOAuth2Users;
 * @author Josh Cummings
 * @since 5.2
 */
-public class TestOAuth2AuthenticationTokens {
+public final class TestOAuth2AuthenticationTokens {
 	private TestOAuth2AuthenticationTokens() {
 	}
 	public static OAuth2AuthenticationToken authenticated() {
 		DefaultOAuth2User principal = TestOAuth2Users.create();
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/TestOAuth2AuthorizationCodeAuthenticationTokens.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/TestOAuth2AuthorizationCodeAuthenticationTokens.java
@ -29,7 +29,10 @@ import org.springframework.security.oauth2.core.endpoint.TestOAuth2Authorization
 * @author Rob Winch
 * @since 5.1
 */
-public class TestOAuth2AuthorizationCodeAuthenticationTokens {
+public final class TestOAuth2AuthorizationCodeAuthenticationTokens {
 	private TestOAuth2AuthorizationCodeAuthenticationTokens() {
 	}
 	public static OAuth2AuthorizationCodeAuthenticationToken unauthenticated() {
 		ClientRegistration registration = TestClientRegistrations.clientRegistration().build();
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/TestClientRegistrations.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/TestClientRegistrations.java
@ -23,7 +23,10 @@ import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 * @author Rob Winch
 * @since 5.1
 */
-public class TestClientRegistrations {
+public final class TestClientRegistrations {
 	private TestClientRegistrations() {
 	}
 	public static ClientRegistration.Builder clientRegistration() {
 		return ClientRegistration.withRegistrationId("registration-id")
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/HttpMessageConverters.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/HttpMessageConverters.java
@ -45,6 +45,9 @@ final class HttpMessageConverters {
 		jsonbPresent = ClassUtils.isPresent("javax.json.bind.Jsonb", classLoader);
 	}
 	private HttpMessageConverters() {
 	}
 	static GenericHttpMessageConverter<Object> getJsonMessageConverter() {
 		if (jackson2Present) {
 			return new MappingJackson2HttpMessageConverter();
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AccessTokens.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AccessTokens.java
@ -25,7 +25,10 @@ import java.util.HashSet;
 * @author Rob Winch
 * @since 5.1
 */
-public class TestOAuth2AccessTokens {
+public final class TestOAuth2AccessTokens {
 	private TestOAuth2AccessTokens() {
 	}
 	public static OAuth2AccessToken noScopes() {
 		return new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "no-scopes", Instant.now(),
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/TestOAuth2RefreshTokens.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/TestOAuth2RefreshTokens.java
@ -22,7 +22,10 @@ import java.time.Instant;
 * @author Rob Winch
 * @since 5.1
 */
-public class TestOAuth2RefreshTokens {
+public final class TestOAuth2RefreshTokens {
 	private TestOAuth2RefreshTokens() {
 	}
 	public static OAuth2RefreshToken refreshToken() {
 		return new OAuth2RefreshToken("refresh-token", Instant.now());
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AccessTokenResponses.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AccessTokenResponses.java
@ -26,7 +26,10 @@ import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames
 * @author Rob Winch
 * @since 5.1
 */
-public class TestOAuth2AccessTokenResponses {
+public final class TestOAuth2AccessTokenResponses {
 	private TestOAuth2AccessTokenResponses() {
 	}
 	public static OAuth2AccessTokenResponse.Builder accessTokenResponse() {
 		return OAuth2AccessTokenResponse.withToken("token").tokenType(OAuth2AccessToken.TokenType.BEARER);
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationExchanges.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationExchanges.java
@ -21,7 +21,10 @@ package org.springframework.security.oauth2.core.endpoint;
 * @author Eddú Meléndez
 * @since 5.1
 */
-public class TestOAuth2AuthorizationExchanges {
+public final class TestOAuth2AuthorizationExchanges {
 	private TestOAuth2AuthorizationExchanges() {
 	}
 	public static OAuth2AuthorizationExchange success() {
 		OAuth2AuthorizationRequest request = TestOAuth2AuthorizationRequests.request().build();
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationRequests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationRequests.java
@ -23,7 +23,10 @@ import java.util.Map;
 * @author Rob Winch
 * @since 5.1
 */
-public class TestOAuth2AuthorizationRequests {
+public final class TestOAuth2AuthorizationRequests {
 	private TestOAuth2AuthorizationRequests() {
 	}
 	public static OAuth2AuthorizationRequest.Builder request() {
 		String registrationId = "registration-id";
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationResponses.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationResponses.java
@ -20,7 +20,10 @@ package org.springframework.security.oauth2.core.endpoint;
 * @author Rob Winch
 * @since 5.1
 */
-public class TestOAuth2AuthorizationResponses {
+public final class TestOAuth2AuthorizationResponses {
 	private TestOAuth2AuthorizationResponses() {
 	}
 	public static OAuth2AuthorizationResponse.Builder success() {
 		return OAuth2AuthorizationResponse.success("authorization-code").state("state")
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/TestOidcIdTokens.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/TestOidcIdTokens.java
@ -23,7 +23,10 @@ import java.time.Instant;
 *
 * @author Josh Cummings
 */
-public class TestOidcIdTokens {
+public final class TestOidcIdTokens {
 	private TestOidcIdTokens() {
 	}
 	public static OidcIdToken.Builder idToken() {
 		return OidcIdToken.withTokenValue("id-token").issuer("https://example.com").subject("subject")
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/TestOidcUsers.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/TestOidcUsers.java
@ -30,7 +30,10 @@ import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
 /**
 * @author Joe Grandja
 */
-public class TestOidcUsers {
+public final class TestOidcUsers {
 	private TestOidcUsers() {
 	}
 	public static DefaultOidcUser create() {
 		OidcIdToken idToken = idToken();
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/TestOAuth2Users.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/TestOAuth2Users.java
@ -28,7 +28,10 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
 /**
 * @author Rob Winch
 */
-public class TestOAuth2Users {
+public final class TestOAuth2Users {
 	private TestOAuth2Users() {
 	}
 	public static DefaultOAuth2User create() {
 		String nameAttributeKey = "username";
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java
@ -38,7 +38,7 @@ import org.springframework.web.util.UriComponentsBuilder;
 * @author Rafiullah Hamedy
 * @since 5.2
 */
-class JwtDecoderProviderConfigurationUtils {
+final class JwtDecoderProviderConfigurationUtils {
 	private static final String OIDC_METADATA_PATH = "/.well-known/openid-configuration";
@ -49,6 +49,9 @@ class JwtDecoderProviderConfigurationUtils {
 	private static final ParameterizedTypeReference<Map<String, Object>> typeReference = new ParameterizedTypeReference<Map<String, Object>>() {
 	};
 	private JwtDecoderProviderConfigurationUtils() {
 	}
 	static Map<String, Object> getConfigurationForOidcIssuerLocation(String oidcIssuerLocation) {
 		return getConfiguration(oidcIssuerLocation, oidc(URI.create(oidcIssuerLocation)));
 	}
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jose/TestKeys.java
@ -32,10 +32,9 @@ import javax.crypto.spec.SecretKeySpec;
 * @author Joe Grandja
 * @since 5.2
 */
-public class TestKeys {
+public final class TestKeys {
 	public static final KeyFactory kf;
 	static {
 		try {
 			kf = KeyFactory.getInstance("RSA");
@ -57,12 +56,11 @@ public class TestKeys {
 			+ "kJdJ/ZIV+WW4noDdzpKqHcwmB8FsrumlVY/DNVvUSDIipiq9PbP4H99TXN1o746o"
 			+ "RaNa07rq1hoCgMSSy+85SagCoxlmyE+D+of9SsMY8Ol9t0rdzpobBuhyJ/o5dfvj" + "KwIDAQAB";
-	public static final RSAPublicKey DEFAULT_PUBLIC_KEY = publicKey();
+	public static final RSAPublicKey DEFAULT_PUBLIC_KEY;
-
+	static {
 	private static RSAPublicKey publicKey() {
 		X509EncodedKeySpec spec = new X509EncodedKeySpec(Base64.getDecoder().decode(DEFAULT_RSA_PUBLIC_KEY));
 		try {
-			return (RSAPublicKey) kf.generatePublic(spec);
+			DEFAULT_PUBLIC_KEY = (RSAPublicKey) kf.generatePublic(spec);
 		}
 		catch (InvalidKeySpecException ex) {
 			throw new IllegalArgumentException(ex);
@ -95,16 +93,19 @@ public class TestKeys {
 			+ "c5TVvhG/ubfBspI5DhQqIGijnVBzFT//UfIYMSKJo75qqBEyP2EJSmCsunWsAFsM"
 			+ "TszuiGTkrKcZy9G0wJqPztZZl2F2+bJgnA6nBEV7g5PA4Af+QSmaIhRwqGDAuROR" + "47jndeyIaMTNETEmOnms+as17g==";
-	public static final RSAPrivateKey DEFAULT_PRIVATE_KEY = privateKey();
+	public static final RSAPrivateKey DEFAULT_PRIVATE_KEY;
-	private static RSAPrivateKey privateKey() {
+	static {
 		PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(DEFAULT_RSA_PRIVATE_KEY));
 		try {
-			return (RSAPrivateKey) kf.generatePrivate(spec);
+			DEFAULT_PRIVATE_KEY = (RSAPrivateKey) kf.generatePrivate(spec);
 		}
 		catch (InvalidKeySpecException ex) {
 			throw new IllegalArgumentException(ex);
 		}
 	}
 	private TestKeys() {
 	}
 }
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/TestJwts.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/TestJwts.java
@ -19,7 +19,10 @@ package org.springframework.security.oauth2.jwt;
 import java.time.Instant;
 import java.util.Arrays;
-public class TestJwts {
+public final class TestJwts {
 	private TestJwts() {
 	}
 	public static Jwt.Builder jwt() {
 		return Jwt.withTokenValue("token").header("alg", "none").audience(Arrays.asList("https://audience.example.org"))
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AuthenticatedPrincipals.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AuthenticatedPrincipals.java
@ -36,7 +36,10 @@ import org.springframework.security.oauth2.server.resource.introspection.OAuth2I
 *
 * @author Josh Cummings
 */
-public class TestOAuth2AuthenticatedPrincipals {
+public final class TestOAuth2AuthenticatedPrincipals {
 	private TestOAuth2AuthenticatedPrincipals() {
 	}
 	public static OAuth2AuthenticatedPrincipal active() {
 		return active(attributes -> {
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/TestBearerTokenAuthentications.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/TestBearerTokenAuthentications.java
@ -33,7 +33,10 @@ import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
 *
 * @author Josh Cummings
 */
-public class TestBearerTokenAuthentications {
+public final class TestBearerTokenAuthentications {
 	private TestBearerTokenAuthentications() {
 	}
 	public static BearerTokenAuthentication bearer() {
 		Collection<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("SCOPE_USER");
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java
@ -74,12 +74,15 @@ import org.springframework.security.saml2.Saml2Exception;
 * @author Josh Cummings
 * @since 5.4
 */
-public class OpenSamlInitializationService {
+public final class OpenSamlInitializationService {
 	private static final Log log = LogFactory.getLog(OpenSamlInitializationService.class);
 	private static final AtomicBoolean initialized = new AtomicBoolean(false);
 	private OpenSamlInitializationService() {
 	}
 	/**
 	 * Ready OpenSAML for use and configure it with reasonable defaults.
 	 *
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java
@ -35,6 +35,9 @@ final class Saml2Utils {
 	private static Base64 BASE64 = new Base64(0, new byte[] { '\n' });
 	private Saml2Utils() {
 	}
 	static String samlEncode(byte[] b) {
 		return BASE64.encodeAsString(b);
 	}
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrations.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrations.java
@ -34,6 +34,9 @@ public final class RelyingPartyRegistrations {
 	private static final RestOperations rest = new RestTemplate(
 			Arrays.asList(new OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter()));
 	private RelyingPartyRegistrations() {
 	}
 	/**
 	 * Return a {@link RelyingPartyRegistration.Builder} based off of the given SAML 2.0
 	 * Asserting Party (IDP) metadata.
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2ServletUtils.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2ServletUtils.java
@ -34,6 +34,9 @@ final class Saml2ServletUtils {
 	private static final char PATH_DELIMITER = '/';
 	private Saml2ServletUtils() {
 	}
 	static String resolveUrlTemplate(String template, String baseUrl, RelyingPartyRegistration relyingParty) {
 		if (!StringUtils.hasText(template)) {
 			return baseUrl;
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java
@ -32,6 +32,9 @@ public final class Saml2Utils {
 	private static Base64 BASE64 = new Base64(0, new byte[] { '\n' });
 	private Saml2Utils() {
 	}
 	public static String samlEncode(byte[] b) {
 		return BASE64.encodeAsString(b);
 	}
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/TestSaml2X509Credentials.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/TestSaml2X509Credentials.java
@ -31,6 +31,9 @@ import org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509Cred
 public final class TestSaml2X509Credentials {
 	private TestSaml2X509Credentials() {
 	}
 	public static Saml2X509Credential assertingPartySigningCredential() {
 		return new Saml2X509Credential(idpPrivateKey(), idpCertificate(), Saml2X509CredentialType.SIGNING);
 	}
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/TestSaml2X509Credentials.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/credentials/TestSaml2X509Credentials.java
@ -31,6 +31,9 @@ import org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X
 public final class TestSaml2X509Credentials {
 	private TestSaml2X509Credentials() {
 	}
 	public static Saml2X509Credential assertingPartySigningCredential() {
 		return new Saml2X509Credential(idpPrivateKey(), idpCertificate(), Saml2X509CredentialType.SIGNING);
 	}
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java
@ -97,6 +97,9 @@ final class TestOpenSamlObjects {
 	private static SecretKey SECRET_KEY = new SecretKeySpec(
 			Base64.getDecoder().decode("shOnwNMoCv88HKMEa91+FlYoD5RNvzMTAL5LGxZKIFk="), "AES");
 	private TestOpenSamlObjects() {
 	}
 	static Response response() {
 		return response(DESTINATION, ASSERTING_PARTY_ENTITY_ID);
 	}
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestSaml2AuthenticationRequestContexts.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestSaml2AuthenticationRequestContexts.java
@ -21,7 +21,10 @@ import org.springframework.security.saml2.provider.service.registration.TestRely
 /**
 * Test {@link Saml2AuthenticationRequestContext}s
 */
-public class TestSaml2AuthenticationRequestContexts {
+public final class TestSaml2AuthenticationRequestContexts {
 	private TestSaml2AuthenticationRequestContexts() {
 	}
 	public static Saml2AuthenticationRequestContext.Builder authenticationRequestContext() {
 		return Saml2AuthenticationRequestContext.builder().relayState("relayState").issuer("issuer")
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java
@ -23,7 +23,10 @@ import org.springframework.security.saml2.provider.service.servlet.filter.Saml2W
 /**
 * Preconfigured test data for {@link RelyingPartyRegistration} objects
 */
-public class TestRelyingPartyRegistrations {
+public final class TestRelyingPartyRegistrations {
 	private TestRelyingPartyRegistrations() {
 	}
 	public static RelyingPartyRegistration.Builder relyingPartyRegistration() {
 		String registrationId = "simplesamlphp";
--- a/taglibs/src/main/java/org/springframework/security/taglibs/TagLibConfig.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/TagLibConfig.java
@ -51,6 +51,9 @@ public final class TagLibConfig {
 		}
 	}
 	private TagLibConfig() {
 	}
 	/**
 	 * Returns EVAL_BODY_INCLUDE if the authorized flag is true or UI security has been
 	 * disabled. Otherwise returns SKIP_BODY.
--- a/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
+++ b/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java
@ -97,7 +97,10 @@ import org.springframework.web.server.adapter.WebHttpHandlerBuilder;
 * @author Rob Winch
 * @since 5.0
 */
-public class SecurityMockServerConfigurers {
+public final class SecurityMockServerConfigurers {
 	private SecurityMockServerConfigurers() {
 	}
 	/**
 	 * Sets up Spring Security's {@link WebTestClient} test support
--- a/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurers.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurers.java
@ -30,6 +30,9 @@ import org.springframework.util.Assert;
 */
 public final class SecurityMockMvcConfigurers {
 	private SecurityMockMvcConfigurers() {
 	}
 	/**
 	 * Configures the MockMvcBuilder for use with Spring Security. Specifically the
 	 * configurer adds the Spring Bean named "springSecurityFilterChain" as a Filter. It
--- a/web/src/main/java/org/springframework/security/web/WebAttributes.java
+++ b/web/src/main/java/org/springframework/security/web/WebAttributes.java
@ -52,4 +52,7 @@ public final class WebAttributes {
 	public static final String WEB_INVOCATION_PRIVILEGE_EVALUATOR_ATTRIBUTE = WebAttributes.class.getName()
 			+ ".WEB_INVOCATION_PRIVILEGE_EVALUATOR_ATTRIBUTE";
 	private WebAttributes() {
 	}
 }
--- a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthUtils.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthUtils.java
@ -31,6 +31,9 @@ final class DigestAuthUtils {
 	private static final String[] EMPTY_STRING_ARRAY = new String[0];
 	private DigestAuthUtils() {
 	}
 	static String encodePasswordInA1Format(String username, String realm, String password) {
 		String a1 = username + ":" + realm + ":" + password;
--- a/web/src/main/java/org/springframework/security/web/savedrequest/FastHttpDateFormat.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/FastHttpDateFormat.java
@ -32,7 +32,7 @@ import java.util.TimeZone;
 * @author Remy Maucherat
 * @author Andrey Grebnev
 */
-public class FastHttpDateFormat {
+public final class FastHttpDateFormat {
 	/** HTTP date format. */
 	protected static final SimpleDateFormat format = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss zzz", Locale.US);
@ -66,6 +66,9 @@ public class FastHttpDateFormat {
 	/** Parser cache. */
 	protected static final HashMap<String, Long> parseCache = new HashMap<>();
 	private FastHttpDateFormat() {
 	}
 	/**
 	 * Formats a specified date to HTTP format. If local format is not <code>null</code>,
 	 * it's used instead.
--- a/web/src/main/java/org/springframework/security/web/util/UrlUtils.java
+++ b/web/src/main/java/org/springframework/security/web/util/UrlUtils.java
@ -30,6 +30,9 @@ import javax.servlet.http.HttpServletRequest;
 */
 public final class UrlUtils {
 	private UrlUtils() {
 	}
 	public static String buildFullRequestUrl(HttpServletRequest r) {
 		return buildFullRequestUrl(r.getScheme(), r.getServerName(), r.getServerPort(), r.getRequestURI(),
 				r.getQueryString());
--- a/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestClientBuilder.java
+++ b/web/src/test/java/org/springframework/security/test/web/reactive/server/WebTestClientBuilder.java
@ -34,7 +34,10 @@ import org.springframework.web.server.WebFilter;
 * @since 5.0
 *
 */
-public class WebTestClientBuilder {
+public final class WebTestClientBuilder {
 	private WebTestClientBuilder() {
 	}
 	public static Builder bindToWebFilters(WebFilter... webFilters) {
 		return WebTestClient.bindToController(new Http200RestController()).webFilter(webFilters).configureClient();
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/X509TestUtils.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/X509TestUtils.java
@ -25,7 +25,10 @@ import java.security.cert.X509Certificate;
 *
 * @author Luke Taylor
 */
-public class X509TestUtils {
+public final class X509TestUtils {
 	private X509TestUtils() {
 	}
 	/**
 	 * Builds an X.509 certificate. In human-readable form it is: