Use standard lambda syntax in documentation

Fixes: gh-7774

docs/manual/src/docs/asciidoc/_includes/reactive/exploits/headers.adoc

@@ -23,10 +23,8 @@ You can easily do this with the following Java Configuration:
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers ->
+		.headers(headers -> headers
-			headers
+			.frameOptions(frameOptions -> frameOptions
-				.frameOptions(frameOptions ->
-					frameOptions
 				.mode(Mode.SAMEORIGIN)
 			)
 		);
@@ -46,10 +44,7 @@ An example for both Java configuration is provided below:
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers ->
+		.headers(headers -> headers.disable());
-			headers
-				.disable()
-		);
 	return http.build();
 }
 ----
@@ -76,8 +71,7 @@ If necessary, you can also disable Spring Security's cache control HTTP response
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers ->
+		.headers(headers -> headers
-			headers
 			.cache(cache -> cache.disable())
 		);
 	return http.build();
@@ -99,8 +93,7 @@ However, you can disable it in Java Configuration with:
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers ->
+		.headers(headers -> headers
-			headers
 			.contentTypeOptions(contentTypeOptions -> contentTypeOptions.disable())
 		);
 	return http.build();
@@ -122,10 +115,8 @@ For example, the following is an example of explicitly providing HSTS with Java
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers ->
+		.headers(headers -> headers
-			headers
+			.hsts(hsts -> hsts
-				.hsts(hsts ->
-					hsts
 				.includeSubdomains(true)
 				.preload(true)
 				.maxAge(Duration.ofDays(365))
@@ -150,10 +141,8 @@ You can customize frame options to use the same origin within Java Configuration
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers ->
+		.headers(headers -> headers
-			headers
+			.frameOptions(frameOptions -> frameOptions
-				.frameOptions(frameOptions ->
-					frameOptions
 				.mode(SAMEORIGIN)
 			)
 		);
@@ -175,8 +164,7 @@ You can disable `X-XSS-Protection` with the following Java Configuration:
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers ->
+		.headers(headers -> headers
-			headers
 			.xssProtection(xssProtection -> xssProtection.disable())
 		);
 	return http.build();
@@ -209,10 +197,8 @@ You can enable the CSP header using Java configuration as shown below:
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers ->
+		.headers(headers -> headers
-			headers
+			.contentSecurityPolicy(policy -> policy
-				.contentSecurityPolicy(contentSecurityPolicy ->
-					contentSecurityPolicy
 				.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
 			)
 		);
@@ -231,10 +217,8 @@ To enable the CSP `report-only` header, provide the following Java configuration
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers ->
+		.headers(headers -> headers
-			headers
+			.contentSecurityPolicy(policy -> policy
-				.contentSecurityPolicy(contentSecurityPolicy ->
-					contentSecurityPolicy
 				.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
 				.reportOnly()
 			)
@@ -258,10 +242,8 @@ You can enable the Referrer Policy header using Java configuration as shown belo
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers ->
+		.headers(headers -> headers
-			headers
+			.referrerPolicy(referrer -> referrer
-				.referrerPolicy(referrerPolicy ->
-					referrerPolicy
 				.policy(ReferrerPolicy.SAME_ORIGIN)
 			)
 		);
@@ -295,8 +277,7 @@ can enable the Feature Policy header using Java configuration as shown below:
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers ->
+		.headers(headers -> headers
-			headers
 			.featurePolicy("geolocation 'self'")
 		);
 	return http.build();

docs/manual/src/docs/asciidoc/_includes/reactive/exploits/http.adoc

@@ -38,8 +38,7 @@ For example, if the production environment adds a header named `X-Forwarded-Prot
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.redirectToHttps(redirectToHttps ->
+		.redirectToHttps(redirect -> redirect
-			redirectToHttps
 			.httpsRedirectWhen(e -> e.getRequest().getHeaders().containsKey("X-Forwarded-Proto"))
 		);
 	return http.build();

docs/manual/src/docs/asciidoc/_includes/reactive/method.adoc

@@ -88,8 +88,7 @@ public class SecurityConfig {
 		return http
 			// Demonstrate that method security works
 			// Best practice to use both for defense in depth
-			.authorizeExchange(exchanges ->
+			.authorizeExchange(exchanges -> exchanges
-				exchanges
 				.anyExchange().permitAll()
 			)
 			.httpBasic(withDefaults())

docs/manual/src/docs/asciidoc/_includes/reactive/oauth2/login.adoc

@@ -151,8 +151,7 @@ Additional configuration options can be seen below:
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.oauth2Login(oauth2Login ->
+		.oauth2Login(oauth2 -> oauth2
-			oauth2Login
 			.authenticationConverter(converter)
 			.authenticationManager(manager)
 			.authorizedClientRepository(authorizedClients)

docs/manual/src/docs/asciidoc/_includes/reactive/oauth2/resource-server.adoc

@@ -129,8 +129,7 @@ The first is a `SecurityWebFilterChain` that configures the app as a resource se
 @Bean
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
-		.authorizeExchange(exchanges ->
+		.authorizeExchange(exchanges -> exchanges
-			exchanges
 			.anyExchange().authenticated()
 		)
 		.oauth2ResourceServer(OAuth2ResourceServerSpec::jwt)
@@ -147,13 +146,11 @@ Replacing this is as simple as exposing the bean within the application:
 @Bean
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
-		.authorizeExchange(exchanges ->
+		.authorizeExchange(exchanges -> exchanges
-			exchanges
 			.pathMatchers("/message/**").hasAuthority("SCOPE_message:read")
 			.anyExchange().authenticated()
 		)
-		.oauth2ResourceServer(oauth2ResourceServer ->
+		.oauth2ResourceServer(oauth2 -> oauth2
-			oauth2ResourceServer
 			.jwt(withDefaults())
 		);
 	return http.build();
@@ -190,14 +187,11 @@ An authorization server's JWK Set Uri can be configured <<webflux-oauth2resource
 @Bean
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
-		.authorizeExchange(exchanges ->
+		.authorizeExchange(exchanges -> exchanges
-			exchanges
 			.anyExchange().authenticated()
 		)
-		.oauth2ResourceServer(oauth2ResourceServer ->
+		.oauth2ResourceServer(oauth2 -> oauth2
-			oauth2ResourceServer
+			.jwt(jwt -> jwt
-				.jwt(jwt ->
-					jwt
 				.jwkSetUri("https://idp.example.com/.well-known/jwks.json")
 			)
 		);
@@ -217,14 +211,11 @@ More powerful than `jwkSetUri()` is `decoder()`, which will completely replace a
 @Bean
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
-		.authorizeExchange(exchanges ->
+		.authorizeExchange(exchanges -> exchanges
-			exchanges
 			.anyExchange().authenticated()
 		)
-		.oauth2ResourceServer(oauth2ResourceServer ->
+		.oauth2ResourceServer(oauth2 -> oauth2
-			oauth2ResourceServer
+			.jwt(jwt -> jwt
-				.jwt(jwt ->
-					jwt
 				.decoder(myCustomDecoder())
 			)
 		);
@@ -430,14 +421,11 @@ To this end, the DSL exposes `jwtAuthenticationConverter()`:
 @Bean
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
-		.authorizeExchange(exchanges ->
+		.authorizeExchange(exchanges -> exchanges
-			exchanges
 			.anyExchange().authenticated()
 		)
-		.oauth2ResourceServer(oauth2ResourceServer ->
+		.oauth2ResourceServer(oauth2 -> oauth2
-			oauth2ResourceServer
+			.jwt(jwt -> jwt
-				.jwt(jwt ->
-					jwt
 				.jwtAuthenticationConverter(grantedAuthoritiesExtractor())
 			)
 		);
@@ -678,8 +666,7 @@ When use Opaque Token, this `SecurityWebFilterChain` looks like:
 @Bean
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
-		.authorizeExchange(exchanges ->
+		.authorizeExchange(exchanges -> exchanges
-			exchanges
 			.anyExchange().authenticated()
 		)
 		.oauth2ResourceServer(ServerHttpSecurity.OAuth2ResourceServerSpec::opaqueToken)
@@ -698,15 +685,12 @@ public class MyCustomSecurityConfiguration {
     @Bean
     SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
         http
-            .authorizeExchange(exchanges ->
+            .authorizeExchange(exchanges -> exchanges
-                exchanges
                 .pathMatchers("/messages/**").hasAuthority("SCOPE_message:read")
                 .anyExchange().authenticated()
             )
-            .oauth2ResourceServer(oauth2ResourceServer ->
+            .oauth2ResourceServer(oauth2 -> oauth2
-                oauth2ResourceServer
+                .opaqueToken(opaqueToken -> opaqueToken
-                    .opaqueToken(opaqueToken ->
-                        opaqueToken
                     .introspector(myIntrospector())
                 )
             );
@@ -745,14 +729,11 @@ public class DirectlyConfiguredIntrospectionUri {
     @Bean
     SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
         http
-            .authorizeExchange(exchanges ->
+            .authorizeExchange(exchanges -> exchanges
-                exchanges
                 .anyExchange().authenticated()
             )
-            .oauth2ResourceServer(oauth2ResourceServer ->
+            .oauth2ResourceServer(oauth2 -> oauth2
-                oauth2ResourceServer
+                .opaqueToken(opaqueToken -> opaqueToken
-                    .opaqueToken(opaqueToken ->
-                        opaqueToken
                     .introspectionUri("https://idp.example.com/introspect")
                     .introspectionClientCredentials("client", "secret")
                 )
@@ -776,14 +757,11 @@ public class DirectlyConfiguredIntrospector {
     @Bean
     SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
         http
-            .authorizeExchange(exchanges ->
+            .authorizeExchange(exchanges -> exchanges
-                exchanges
                 .anyExchange().authenticated()
             )
-            .oauth2ResourceServer(oauth2ResourceServer ->
+            .oauth2ResourceServer(oauth2 -> oauth2
-                oauth2ResourceServer
+                .opaqueToken(opaqueToken -> opaqueToken
-                    .opaqueToken(opaqueToken ->
-                        opaqueToken
                     .introspector(myCustomIntrospector())
                 )
             );

docs/manual/src/docs/asciidoc/_includes/reactive/webflux.adoc

@@ -56,8 +56,7 @@ public class HelloWebfluxSecurityConfig {
 	@Bean
 	public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 		http
-			.authorizeExchange(exchanges ->
+			.authorizeExchange(exchanges -> exchanges
-				exchanges
 			    .anyExchange().authenticated()
 			)
 			.httpBasic(withDefaults())

docs/manual/src/docs/asciidoc/_includes/reactive/x509.adoc

@@ -10,8 +10,7 @@ Below is an example of a reactive x509 security configuration:
 public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
 	http
 		.x509(withDefaults())
-		.authorizeExchange(exchanges ->
+		.authorizeExchange(exchanges -> exchanges
-			exchanges
 		    .anyExchange().permitAll()
 		);
 	return http.build();
@@ -37,13 +36,11 @@ public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
 	};
 
 	http
-		.x509(x509 ->
+		.x509(x509 -> x509
-			x509
 		    .principalExtractor(principalExtractor)
 		    .authenticationManager(authenticationManager)
 		)
-		.authorizeExchange(exchanges ->
+		.authorizeExchange(exchanges -> exchanges
-			exchanges
 		    .anyExchange().authenticated()
 		);
 	return http.build();

docs/manual/src/docs/asciidoc/_includes/servlet/authentication/logout.adoc

@@ -18,8 +18,7 @@ Similar to configuring login capabilities, however, you also have various option
 ----
 protected void configure(HttpSecurity http) throws Exception {
     http
-		.logout(logout ->                                                       // <1>
+        .logout(logout -> logout                                                // <1>
-		    logout
             .logoutUrl("/my/logout")                                            // <2>
             .logoutSuccessUrl("/my/index")                                      // <3>
             .logoutSuccessHandler(logoutSuccessHandler)                         // <4>

docs/manual/src/docs/asciidoc/_includes/servlet/authorization/authorize-requests.adoc

@@ -9,8 +9,7 @@ For example:
 ----
 protected void configure(HttpSecurity http) throws Exception {
 	http
-		.authorizeRequests(authorizeRequests ->                                        // <1>
+		.authorizeRequests(authorize -> authorize                                  // <1>
-		    authorizeRequests
 		    .antMatchers("/resources/**", "/signup", "/about").permitAll()         // <2>
 		    .antMatchers("/admin/**").hasRole("ADMIN")                             // <3>
 		    .antMatchers("/db/**").access("hasRole('ADMIN') and hasRole('DBA')")   // <4>

docs/manual/src/docs/asciidoc/_includes/servlet/authorization/expression-based.adoc

@@ -140,8 +140,7 @@ or in Java configuration
 [source,java]
 ----
 http
-    .authorizeRequests(authorizeRequests ->
+    .authorizeRequests(authorize -> authorize
-        authorizeRequests
         .antMatchers("/user/**").access("@webSecurity.check(authentication,request)")
         ...
     )
@@ -181,8 +180,7 @@ or in Java configuration
 [source,java]
 ----
 http
-	.authorizeRequests(authorizeRequests ->
+	.authorizeRequests(authorize -> authorize
-	    authorizeRequests
 		.antMatchers("/user/{userId}/**").access("@webSecurity.checkUserId(authentication,#userId)")
 		...
 	);

docs/manual/src/docs/asciidoc/_includes/servlet/exploits/csrf.adoc

@@ -70,8 +70,7 @@ public class WebSecurityConfig extends
 	@Override
 	protected void configure(HttpSecurity http) {
 		http
-			.csrf(csrf ->
+			.csrf(csrf -> csrf
-				csrf
 				.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
 			);
 	}
@@ -119,9 +118,7 @@ public class WebSecurityConfig extends
 	@Override
 	protected void configure(HttpSecurity http) {
 		http
-			.csrf(csrf ->
+			.csrf(csrf -> csrf.disable());
-				csrf.disable()
-			);
 	}
 }
 ----
@@ -303,8 +300,7 @@ public class WebSecurityConfig extends
 	@Override
 	protected void configure(HttpSecurity http) {
 		http
-			.logout(logout ->
+			.logout(logout -> logout
-				logout
 				.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
 			);
 	}

docs/manual/src/docs/asciidoc/_includes/servlet/exploits/headers.adoc

@@ -27,10 +27,9 @@ public class WebSecurityConfig extends
 	protected void configure(HttpSecurity http) {
 		http
 			// ...
-			.headers(headers ->
+			.headers(headers -> headers
-				headers
+				.frameOptions(frameOptions -> frameOptions
-					.frameOptions(frameOptions ->
+					.sameOrigin()
-						frameOptions.sameOrigin()
 				)
 			);
 	}
@@ -69,8 +68,7 @@ WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers ->
+			.headers(headers -> headers
-				headers
 				// do not use any default headers unless explicitly listed
 				.defaultsDisabled()
 				.cacheControl(withDefaults())
@@ -105,9 +103,7 @@ WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers ->
+			.headers(headers -> headers.disable());
-				headers.disable()
-			);
 	}
 }
 ----
@@ -149,10 +145,8 @@ WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) {
 		http
 			// ...
-			.headers(headers ->
+			.headers(headers -> headers
-				headers.cacheControl(cache ->
+				.cacheControl(cache -> cache.disable())
-					cache.disabled()
-				)
 			);
 	}
 }
@@ -194,10 +188,8 @@ public class WebSecurityConfig extends
 	protected void configure(HttpSecurity http) {
 		http
 			// ...
-			.headers(headers ->
+			.headers(headers -> headers
-				headers.contentTypeOptions(contentType ->
+				.contentTypeOptions(contentTypeOptions -> contentTypeOptions.disable())
-					contentType.disabled()
-				)
 			);
 	}
 }
@@ -239,10 +231,8 @@ WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers ->
+			.headers(headers -> headers
-				headers
+				.httpStrictTransportSecurity(hsts -> hsts
-					.httpStrictTransportSecurity(hsts ->
-						hsts
 					.includeSubDomains(true)
 					.preload(true)
 					.maxAgeInSeconds(31536000)
@@ -291,10 +281,8 @@ WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers ->
+			.headers(headers -> headers
-				headers
+				.httpPublicKeyPinning(hpkp -> hpkp
-					.httpPublicKeyPinning(hpkp ->
-						hpkp
 					.includeSubDomains(true)
 					.reportUri("https://example.net/pkp-report")
 					.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=", "E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=")
@@ -348,10 +336,8 @@ WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers ->
+			.headers(headers -> headers
-				headers
+				.frameOptions(frameOptions -> frameOptions
-					.frameOptions(frameOptions ->
-						frameOptions
 					.sameOrigin()
 				)
 			);
@@ -397,10 +383,8 @@ WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers ->
+			.headers(headers -> headers
-				headers
+				.xssProtection(xss -> xss
-					.xssProtection(xssProtection ->
-						xssProtection
 					.block(false)
 				)
 			);
@@ -456,10 +440,8 @@ WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) {
 		http
 			// ...
-			.headers(headers ->
+			.headers(headers -> headers
-				headers
+				.contentSecurityPolicy(csp -> csp
-					.contentSecurityPolicy(csp ->
-						csp
 					.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
 				)
 			);
@@ -499,10 +481,8 @@ public class WebSecurityConfig extends
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers ->
+			.headers(headers -> headers
-				headers
+				.contentSecurityPolicy(csp -> csp
-					.contentSecurityPolicy(csp ->
-						csp
 					.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
 					.reportOnly()
 				)
@@ -548,10 +528,8 @@ WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) {
 		http
 			// ...
-			.headers(headers ->
+			.headers(headers -> headers
-				headers
+				.referrerPolicy(referrer -> referrer
-					.referrerPolicy(referrerPolicy ->
-						referrerPolicy
 					.policy(ReferrerPolicy.SAME_ORIGIN)
 				)
 			);
@@ -605,8 +583,7 @@ WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers ->
+			.headers(headers -> headers
-				headers
 				.featurePolicy("geolocation 'self'")
 			);
 	}
@@ -694,8 +671,7 @@ WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers ->
+			.headers(headers -> headers
-				headers
 				.addHeaderWriter(new StaticHeadersWriter("X-Custom-Security-Header","header-value"))
 			);
 	}
@@ -739,8 +715,7 @@ WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers ->
+			.headers(headers -> headers
-				headers
 				.addHeaderWriter(new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN))
 			);
 	}
@@ -794,11 +769,8 @@ WebSecurityConfigurerAdapter {
 			new DelegatingRequestMatcherHeaderWriter(matcher,new XFrameOptionsHeaderWriter());
 		http
 			// ...
-			.headers(headers ->
+			.headers(headers -> headers
-				headers
+				.frameOptions(frameOptions -> frameOptions.disable())
-					.frameOptions(frameOptions ->
-						frameOptions.disable()
-					)
 				.addHeaderWriter(headerWriter)
 			);
 	}

docs/manual/src/docs/asciidoc/_includes/servlet/exploits/http.adoc

@@ -25,8 +25,7 @@ public class WebSecurityConfig extends
 	protected void configure(HttpSecurity http) {
 		http
 			// ...
-			.requiresChannel(channel ->
+			.requiresChannel(channel -> channel
-				channel
 				.anyRequest().requiresSecure()
 			);
 	}

docs/manual/src/docs/asciidoc/_includes/servlet/integrations/mvc.adoc

@@ -102,8 +102,7 @@ If we wanted to restrict access to this controller method to admin users, a deve
 ----
 protected configure(HttpSecurity http) throws Exception {
 	http
-		.authorizeRequests(authorizeRequests ->
+		.authorizeRequests(authorize -> authorize
-		    authorizeRequests
 			.antMatchers("/admin").hasRole("ADMIN")
 		);
 }
@@ -133,8 +132,7 @@ The following configuration will protect the same URLs that Spring MVC will matc
 ----
 protected configure(HttpSecurity http) throws Exception {
 	http
-		.authorizeRequests(authorizeRequests ->
+		.authorizeRequests(authorize -> authorize
-		    authorizeRequests
 			.mvcMatchers("/admin").hasRole("ADMIN")
 		);
 }

docs/manual/src/docs/asciidoc/_includes/servlet/integrations/websocket.adoc

@@ -323,10 +323,8 @@ public class WebSecurityConfig extends
     protected void configure(HttpSecurity http) throws Exception {
         http
             // ...
-      .headers(headers ->
+            .headers(headers -> headers
-        headers
+                .frameOptions(frameOptions -> frameOptions
-          .frameOptions(frameOptions ->
-             frameOptions
                      .sameOrigin()
                 )
         );
@@ -361,20 +359,17 @@ public class WebSecurityConfig
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http
-            .csrf(csrf ->
+            .csrf(csrf -> csrf
-                csrf
                 // ignore our stomp endpoints since they are protected using Stomp headers
                 .ignoringAntMatchers("/chat/**")
             )
-            .headers(headers ->
+            .headers(headers -> headers
-                headers
                 // allow same origin to frame our site to support iframe SockJS
-                    .frameOptions(frameOptions ->
+                .frameOptions(frameOptions -> frameOptions
-                        frameOptions
                     .sameOrigin()
                 )
             )
-            .authorizeRequests(authorizeRequests ->
+            .authorizeRequests(authorize -> authorize
                 ...
             )
             ...

docs/manual/src/docs/asciidoc/_includes/servlet/java-configuration/index.adoc

@@ -140,8 +140,7 @@ It has a method called `configure` with the following default implementation:
 ----
 protected void configure(HttpSecurity http) throws Exception {
 	http
-		.authorizeRequests(authorizeRequests ->
+		.authorizeRequests(authorize -> authorize
-		    authorizeRequests
 			.anyRequest().authenticated()
 		)
 		.formLogin(withDefaults())
@@ -192,8 +191,7 @@ public class MultiHttpSecurityConfig {
 		protected void configure(HttpSecurity http) throws Exception {
 			http
 				.antMatcher("/api/**")                               <3>
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests(authorize -> authorize
-				    authorizeRequests
 					.anyRequest().hasRole("ADMIN")
 			    )
 				.httpBasic(withDefaults());
@@ -206,8 +204,7 @@ public class MultiHttpSecurityConfig {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests(authorize -> authorize
-				    authorizeRequests
 					.anyRequest().authenticated()
 				)
 				.formLogin(withDefaults());
@@ -326,8 +323,7 @@ For example, if you wanted to configure the `filterSecurityPublishAuthorizationS
 @Override
 protected void configure(HttpSecurity http) throws Exception {
 	http
-		.authorizeRequests(authorizeRequests ->
+		.authorizeRequests(authorize -> authorize
-			authorizeRequests
 			.anyRequest().authenticated()
 			.withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
 				public <O extends FilterSecurityInterceptor> O postProcess(

docs/manual/src/docs/asciidoc/_includes/servlet/oauth2/oauth2-client.adoc

@@ -27,13 +27,11 @@ public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.oauth2Client(oauth2Client ->
+			.oauth2Client(oauth2 -> oauth2
-			    oauth2Client
 				.clientRegistrationRepository(this.clientRegistrationRepository())
 				.authorizedClientRepository(this.authorizedClientRepository())
 				.authorizedClientService(this.authorizedClientService())
-				    .authorizationCodeGrant(authorizationCodeGrant ->
+				.authorizationCodeGrant(codeGrant -> codeGrant
-					    authorizationCodeGrant
 					.authorizationRequestRepository(this.authorizationRequestRepository())
 					.authorizationRequestResolver(this.authorizationRequestResolver())
 					.accessTokenResponseClient(this.accessTokenResponseClient())
@@ -465,17 +463,15 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests(authorizeRequests ->
+			.authorizeRequests(authorize -> authorize
-			    authorizeRequests
 				.anyRequest().authenticated()
 			)
-			.oauth2Login(oauth2Login ->
+			.oauth2Login(oauth2 -> oauth2
-				oauth2Login
+				.authorizationEndpoint(authorization -> authorization
-					.authorizationEndpoint(authorizationEndpoint ->
-						authorizationEndpoint
 					.authorizationRequestResolver(
 					    new CustomAuthorizationRequestResolver(
-							            this.clientRegistrationRepository))    <1>
+					            this.clientRegistrationRepository)    <1>
+					)
 				)
 			);
 	}
@@ -595,10 +591,8 @@ public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.oauth2Client(oauth2Client ->
+			.oauth2Client(oauth2 -> oauth2
-			    oauth2Client
+				.authorizationCodeGrant(codeGrant -> codeGrant
-				    .authorizationCodeGrant(authorizationCodeGrant ->
-				        authorizationCodeGrant
 					.authorizationRequestRepository(this.authorizationRequestRepository())
 					...
 				)
@@ -659,10 +653,8 @@ public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.oauth2Client(oauth2Client ->
+			.oauth2Client(oauth2 -> oauth2
-			    oauth2Client
+				.authorizationCodeGrant(codeGrant -> codeGrant
-				    .authorizationCodeGrant(authorizationCodeGrant ->
-				        authorizationCodeGrant
 					.accessTokenResponseClient(this.accessTokenResponseClient())
 					...
 				)

docs/manual/src/docs/asciidoc/_includes/servlet/oauth2/oauth2-login.adoc

@@ -291,8 +291,7 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests(authorizeRequests ->
+			.authorizeRequests(authorize -> authorize
-			    authorizeRequests
 				.anyRequest().authenticated()
 			)
 			.oauth2Login(withDefaults());
@@ -317,8 +316,7 @@ public class OAuth2LoginConfig {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests(authorize -> authorize
-				    authorizeRequests
 					.anyRequest().authenticated()
 				)
 				.oauth2Login(withDefaults());
@@ -366,8 +364,7 @@ public class OAuth2LoginConfig {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests(authorize -> authorize
-				    authorizeRequests
 					.anyRequest().authenticated()
 				)
 				.oauth2Login(withDefaults());
@@ -418,22 +415,17 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.oauth2Login(oauth2Login ->
+			.oauth2Login(oauth2 -> oauth2
-			    oauth2Login
+			    .authorizationEndpoint(authorization -> authorization
-			        .authorizationEndpoint(authorizationEndpoint ->
-			            authorizationEndpoint
 			            ...
 			    )
-			        .redirectionEndpoint(redirectionEndpoint ->
+			    .redirectionEndpoint(redirection -> redirection
-			            redirectionEndpoint
 			            ...
 			    )
-			        .tokenEndpoint(tokenEndpoint ->
+			    .tokenEndpoint(token -> token
-			            tokenEndpoint
 			            ...
 			    )
-			        .userInfoEndpoint(userInfoEndpoint ->
+			    .userInfoEndpoint(userInfo -> userInfo
-			            userInfoEndpoint
 			            ...
 			    )
 			);
@@ -470,28 +462,23 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.oauth2Login(oauth2Login ->
+			.oauth2Login(oauth2 -> oauth2
-			    oauth2Login
 			    .clientRegistrationRepository(this.clientRegistrationRepository())
 			    .authorizedClientRepository(this.authorizedClientRepository())
 			    .authorizedClientService(this.authorizedClientService())
 			    .loginPage("/login")
-			        .authorizationEndpoint(authorizationEndpoint ->
+			    .authorizationEndpoint(authorization -> authorization
-			            authorizationEndpoint
 			        .baseUri(this.authorizationRequestBaseUri())
 			        .authorizationRequestRepository(this.authorizationRequestRepository())
 			        .authorizationRequestResolver(this.authorizationRequestResolver())
 			    )
-			        .redirectionEndpoint(redirectionEndpoint ->
+			    .redirectionEndpoint(redirection -> redirection
-			             redirectionEndpoint
 			        .baseUri(this.authorizationResponseBaseUri())
 			    )
-			        .tokenEndpoint(tokenEndpoint ->
+			    .tokenEndpoint(token -> token
-			            tokenEndpoint
 			        .accessTokenResponseClient(this.accessTokenResponseClient())
 			    )
-			        .userInfoEndpoint(userInfoEndpoint ->
+			    .userInfoEndpoint(userInfo -> userInfo
-			            userInfoEndpoint
 			        .userAuthoritiesMapper(this.userAuthoritiesMapper())
 			        .userService(this.oauth2UserService())
 			        .oidcUserService(this.oidcUserService())
@@ -542,12 +529,10 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.oauth2Login(oauth2Login ->
+			.oauth2Login(oauth2 -> oauth2
-			    oauth2Login
 			    .loginPage("/login/oauth2")
 			    ...
-			        .authorizationEndpoint(authorizationEndpoint ->
+			    .authorizationEndpoint(authorization -> authorization
-			            authorizationEndpoint
 			        .baseUri("/login/oauth2/authorization")
 			        ...
 			    )
@@ -594,10 +579,8 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.oauth2Login(oauth2Login ->
+			.oauth2Login(oauth2 -> oauth2
-			    oauth2Login
+			    .redirectionEndpoint(redirection -> redirection
-			        .redirectionEndpoint(redirectionEndpoint ->
-			            redirectionEndpoint
 			        .baseUri("/login/oauth2/callback/*")
 			        ...
 			    )
@@ -661,10 +644,8 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.oauth2Login(oauth2Login ->
+			.oauth2Login(oauth2 -> oauth2
-			    oauth2Login
+			    .userInfoEndpoint(userInfo -> userInfo
-			        .userInfoEndpoint(userInfoEndpoint ->
-			            userInfoEndpoint
 			        .userAuthoritiesMapper(this.userAuthoritiesMapper())
 			        ...
 			    )
@@ -740,10 +721,8 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.oauth2Login(oauth2Login ->
+			.oauth2Login(oauth2 -> oauth2
-			    oauth2Login
+			    .userInfoEndpoint(userInfo -> userInfo
-			        .userInfoEndpoint(userInfoEndpoint ->
-			            userInfoEndpoint
 			        .oidcUserService(this.oidcUserService())
 			        ...
 			    )
@@ -791,10 +770,8 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.oauth2Login(oauth2Login ->
+			.oauth2Login(oauth2 -> oauth2
-			    oauth2Login
+			    .userInfoEndpoint(userInfo -> userInfo
-			        .userInfoEndpoint(userInfoEndpoint ->
-			            userInfoEndpoint
 			        .customUserType(GitHubOAuth2User.class, "github")
 			        ...
 			    )
@@ -909,10 +886,8 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.oauth2Login(oauth2Login ->
+			.oauth2Login(oauth2 -> oauth2
-			    oauth2Login
+			    .userInfoEndpoint(userInfo -> userInfo
-			        .userInfoEndpoint(userInfoEndpoint ->
-			            userInfoEndpoint
 			        .userService(this.oauth2UserService())
 			        ...
 			    )
@@ -945,10 +920,8 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.oauth2Login(oauth2Login ->
+			.oauth2Login(oauth2 -> oauth2
-			    oauth2Login
+				.userInfoEndpoint(userInfo -> userInfo
-				    .userInfoEndpoint(userInfoEndpoint ->
-				        userInfoEndpoint
 				    .oidcUserService(this.oidcUserService())
 				    ...
 			    )
@@ -1031,13 +1004,11 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests(authorizeRequests ->
+			.authorizeRequests(authorize -> authorize
-				authorizeRequests
 				.anyRequest().authenticated()
 			)
 			.oauth2Login(withDefaults())
-			.logout(logout ->
+			.logout(logout -> logout
-				logout
 				.logoutSuccessHandler(oidcLogoutSuccessHandler())
 			);
 	}

docs/manual/src/docs/asciidoc/_includes/servlet/oauth2/oauth2-resourceserver.adoc

@@ -128,8 +128,7 @@ The first is a `WebSecurityConfigurerAdapter` that configures the app as a resou
 ----
 protected void configure(HttpSecurity http) {
     http
-        .authorizeRequests(authorizeRequests ->
+        .authorizeRequests(authorize -> authorize
-            authorizeRequests
             .anyRequest().authenticated()
         )
         .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
@@ -146,15 +145,12 @@ Replacing this is as simple as exposing the bean within the application:
 public class MyCustomSecurityConfiguration extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) {
         http
-            .authorizeRequests(authorizeRequests ->
+            .authorizeRequests(authorize -> authorize
-                authorizeRequests
                 .mvcMatchers("/messages/**").hasAuthority("SCOPE_message:read")
                 .anyRequest().authenticated()
             )
-            .oauth2ResourceServer(oauth2ResourceServer ->
+            .oauth2ResourceServer(oauth2 -> oauth2
-                oauth2ResourceServer
+                .jwt(jwt -> jwt
-                    .jwt(jwt ->
-                        jwt
                     .jwtAuthenticationConverter(myConverter())
                 )
             );
@@ -194,14 +190,11 @@ An authorization server's JWK Set Uri can be configured <<oauth2resourceserver-j
 public class DirectlyConfiguredJwkSetUri extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) {
         http
-            .authorizeRequests(authorizeRequests ->
+            .authorizeRequests(authorize -> authorize
-                authorizeRequests
                 .anyRequest().authenticated()
             )
-            .oauth2ResourceServer(oauth2ResourceServer ->
+            .oauth2ResourceServer(oauth2 -> oauth2
-                oauth2ResourceServer
+                .jwt(jwt -> jwt
-                    .jwt(jwt ->
-                        jwt
                     .jwkSetUri("https://idp.example.com/.well-known/jwks.json")
                 )
             );
@@ -222,14 +215,11 @@ More powerful than `jwkSetUri()` is `decoder()`, which will completely replace a
 public class DirectlyConfiguredJwtDecoder extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) {
         http
-            .authorizeRequests(authorizeRequests ->
+            .authorizeRequests(authorize -> authorize
-                authorizeRequests
                 .anyRequest().authenticated()
             )
-            .oauth2ResourceServer(oauth2ResourceServer ->
+            .oauth2ResourceServer(oauth2 -> oauth2
-                oauth2ResourceServer
+                .jwt(jwt -> jwt
-                    .jwt(jwt ->
-                        jwt
                     .decoder(myCustomDecoder())
                 )
             );
@@ -427,7 +417,7 @@ This means that to protect an endpoint or method with a scope derived from a JWT
 public class DirectlyConfiguredJwkSetUri extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) {
         http
-            .authorizeRequests(authorizeRequests -> authorizeRequests
+            .authorizeRequests(authorize -> authorize
                 .mvcMatchers("/contacts/**").hasAuthority("SCOPE_contacts")
                 .mvcMatchers("/messages/**").hasAuthority("SCOPE_messages")
                 .anyRequest().authenticated()
@@ -460,14 +450,11 @@ To this end, the DSL exposes `jwtAuthenticationConverter()`:
 public class DirectlyConfiguredJwkSetUri extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) {
         http
-            .authorizeRequests(authorizeRequests ->
+            .authorizeRequests(authorize -> authorize
-                authorizeRequests
                 .anyRequest().authenticated()
             )
-            .oauth2ResourceServer(oauth2ResourceServer ->
+            .oauth2ResourceServer(oauth2 -> oauth2
-                oauth2ResourceServer
+                .jwt(jwt -> jwt
-                    .jwt(jwt ->
-                        jwt
                     .jwtAuthenticationConverter(grantedAuthoritiesExtractor())
                 )
             );
@@ -828,8 +815,7 @@ When use Opaque Token, this `WebSecurityConfigurerAdapter` looks like:
 ----
 protected void configure(HttpSecurity http) {
     http
-        .authorizeRequests(authorizeRequests ->
+        .authorizeRequests(authorize -> authorize
-            authorizeRequests
             .anyRequest().authenticated()
         )
         .oauth2ResourceServer(OAuth2ResourceServerConfigurer::opaqueToken);
@@ -846,15 +832,12 @@ Replacing this is as simple as exposing the bean within the application:
 public class MyCustomSecurityConfiguration extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) {
         http
-            .authorizeRequests(authorizeRequests ->
+            .authorizeRequests(authorize -> authorize
-                authorizeRequests
                 .mvcMatchers("/messages/**").hasAuthority("SCOPE_message:read")
                 .anyRequest().authenticated()
             )
-            .oauth2ResourceServer(oauth2ResourceServer ->
+            .oauth2ResourceServer(oauth2 -> oauth2
-                oauth2ResourceServer
+                .opaqueToken(opaqueToken -> opaqueToken
-                    .opaqueToken(opaqueToken ->
-                        opaqueToken
                     .introspector(myIntrospector())
                 )
             );
@@ -891,14 +874,11 @@ An authorization server's Introspection Uri can be configured <<oauth2resourcese
 public class DirectlyConfiguredIntrospectionUri extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) {
         http
-            .authorizeRequests(authorizeRequests ->
+            .authorizeRequests(authorize -> authorize
-                authorizeRequests
                 .anyRequest().authenticated()
             )
-            .oauth2ResourceServer(oauth2ResourceServer ->
+            .oauth2ResourceServer(oauth2 -> oauth2
-                oauth2ResourceServer
+                .opaqueToken(opaqueToken -> opaqueToken
-                    .opaqueToken(opaqueToken ->
-                        opaqueToken
                     .introspectionUri("https://idp.example.com/introspect")
                     .introspectionClientCredentials("client", "secret")
                 )
@@ -920,14 +900,11 @@ More powerful than `introspectionUri()` is `introspector()`, which will complete
 public class DirectlyConfiguredIntrospector extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) {
         http
-            .authorizeRequests(authorizeRequests ->
+            .authorizeRequests(authorize -> authorize
-                authorizeRequests
                 .anyRequest().authenticated()
             )
-            .oauth2ResourceServer(oauth2ResourceServer ->
+            .oauth2ResourceServer(oauth2 -> oauth2
-                oauth2ResourceServer
+                .opaqueToken(opaqueToken -> opaqueToken
-                    .opaqueToken(opaqueToken ->
-                        opaqueToken
                     .introspector(myCustomIntrospector())
                 )
             );
@@ -1220,12 +1197,10 @@ And then specify this `AuthenticationManagerResolver` in the DSL:
 [source,java]
 ----
 http
-    .authorizeRequests(authorizeRequests ->
+    .authorizeRequests(authorize -> authorize
-        authorizeRequests
         .anyRequest().authenticated()
     )
-    .oauth2ResourceServer(oauth2ResourceServer ->
+    .oauth2ResourceServer(oauth2 -> oauth2
-        oauth2ResourceServer
         .authenticationManagerResolver(this.tokenAuthenticationManagerResolver)
     );
 ----
@@ -1253,12 +1228,10 @@ JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIs
     ("https://idp.example.org/issuerOne", "https://idp.example.org/issuerTwo");
 
 http
-    .authorizeRequests(authorizeRequests ->
+    .authorizeRequests(authorize -> authorize
-        authorizeRequests
         .anyRequest().authenticated()
     )
-    .oauth2ResourceServer(oauth2ResourceServer ->
+    .oauth2ResourceServer(oauth2 -> oauth2
-        oauth2ResourceServer
         .authenticationManagerResolver(authenticationManagerResolver)
     );
 ----
@@ -1286,12 +1259,10 @@ JwtIssuerAuthenticationManagerResolver authenticationManagerResolver =
         new JwtIssuerAuthenticationManagerResolver(authenticationManagers::get);
 
 http
-    .authorizeRequests(authorizeRequests ->
+    .authorizeRequests(authorize -> authorize
-        authorizeRequests
         .anyRequest().authenticated()
     )
-    .oauth2ResourceServer(oauth2ResourceServer ->
+    .oauth2ResourceServer(oauth2 -> oauth2
-        oauth2ResourceServer
         .authenticationManagerResolver(authenticationManagerResolver)
     );
 ----
@@ -1443,8 +1414,7 @@ To achieve this, you can wire a `HeaderBearerTokenResolver` instance into the DS
 [source,java]
 ----
 http
-    .oauth2ResourceServer(oauth2ResourceServer ->
+    .oauth2ResourceServer(oauth2 -> oauth2
-        oauth2ResourceServer
         .bearerTokenResolver(new HeaderBearerTokenResolver("x-goog-iap-jwt-assertion"))
     );
 ----
@@ -1458,8 +1428,7 @@ Or, you may wish to read the token from a form parameter, which you can do by co
 DefaultBearerTokenResolver resolver = new DefaultBearerTokenResolver();
 resolver.setAllowFormEncodedBodyParameter(true);
 http
-    .oauth2ResourceServer(oauth2ResourceServer ->
+    .oauth2ResourceServer(oauth2 -> oauth2
-        oauth2ResourceServer
         .bearerTokenResolver(resolver)
     );
 ----

docs/manual/src/docs/asciidoc/_includes/servlet/saml2/saml2-login.adoc

@@ -85,8 +85,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http
-            .authorizeRequests(authorizeRequests ->
+            .authorizeRequests(authorize -> authorize
-                authorizeRequests
                 .anyRequest().authenticated()
             )
             .saml2Login(withDefaults())
@@ -105,12 +104,10 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http
-            .authorizeRequests(authorizeRequests ->
+            .authorizeRequests(authorize -> authorize
-                authorizeRequests
                 .anyRequest().authenticated()
             )
-            .saml2Login(saml2Login ->
+            .saml2Login(saml2 -> saml2
-                saml2Login
                 .relyingPartyRegistrationRepository(...)
             )
         ;
@@ -262,12 +259,10 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
         };
 
         http
-            .authorizeRequests(authorizeRequests ->
+            .authorizeRequests(authorize -> authorize
-                authorizeRequests
                 .anyRequest().authenticated()
             )
-            .saml2Login(saml2Login ->
+            .saml2Login(saml2 -> saml2
-                saml2Login
                .addObjectPostProcessor(processor)
             )
         ;
@@ -291,12 +286,10 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
         authProvider.setAuthoritiesMapper(AUTHORITIES_MAPPER);
         authProvider.setAuthoritiesExtractor(AUTHORITIES_EXTRACTOR);
         http
-            .authorizeRequests(authorizeRequests ->
+            .authorizeRequests(authorize -> authorize
-                authorizeRequests
                 .anyRequest().authenticated()
             )
-            .saml2Login(saml2Login ->
+            .saml2Login(saml2 -> saml2
-                saml2Login
                 .authenticationManager(new ProviderManager(asList(authProvider)))
             )
         ;
@@ -319,12 +312,10 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) throws Exception {
         AuthenticationManager authenticationManager = new MySaml2AuthenticationManager(...);
         http
-            .authorizeRequests(authorizeRequests ->
+            .authorizeRequests(authorize -> authorize
-                authorizeRequests
                 .anyRequest().authenticated()
             )
-            .saml2Login(saml2Login ->
+            .saml2Login(saml2 -> saml2
-                saml2Login
                 .authenticationManager(authenticationManager)
             )
         ;

samples/boot/hellowebflux-method/src/main/java/sample/SecurityConfig.java

@@ -40,8 +40,7 @@ public class SecurityConfig {
 		return http
 			// Demonstrate that method security works
 			// Best practice to use both for defense in depth
-			.authorizeExchange(exchanges ->
+			.authorizeExchange(exchanges -> exchanges
-				exchanges
 				.anyExchange().permitAll()
 			)
 			.httpBasic(withDefaults())

samples/boot/helloworld/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -34,13 +34,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-				.authorizeRequests(authorizeRequests ->
+				.authorizeRequests(authorize -> authorize
-					authorizeRequests
 					.antMatchers("/css/**", "/index").permitAll()
 					.antMatchers("/user/**").hasRole("USER")
 				)
-				.formLogin(formLogin ->
+				.formLogin(formLogin -> formLogin
-					formLogin
 					.loginPage("/login")
 					.failureUrl("/login-error")
 				);